Custom VPN gateway (VPN_GW_IP)

ruantiblock/files/usr/bin/ruantiblock

@@ -9,6 +9,7 @@
 
 export NAME="ruantiblock"
 export APP_EXEC="$0"
+export APP_NAME="`basename $0`"
 export LANG="en_US.UTF-8"
 export LANGUAGE="en"
 
@@ -45,6 +46,8 @@ export TOR_TRANS_PORT=9040
 export ONION_DNS_ADDR="127.0.0.1#9053"
 ### VPN интерфейс для правил маршрутизации
 export IF_VPN="tun0"
+### IP адрес шлюза для VPN конфигурации. Если не задан, используется адрес VPN интерфейса (или адрес пира для протоколов PPP)
+export VPN_GW_IP=""
 ### Метка для отбора пакетов в VPN туннель
 export VPN_PKTS_MARK=8
 ### Таблица маршрутизации для отправки пакетов в VPN туннель
@@ -201,7 +204,7 @@ if [ $ENABLE_LOGGING = "1" -a $? -ne 0 ]; then
     echo " Logger doesn't exists" >&2
     ENABLE_LOGGING=0
 fi
-LOGGER_PARAMS="-t `basename $0`"
+LOGGER_PARAMS="-t ${APP_NAME}"
 WGET_CMD=`which wget`
 if [ $? -ne 0 ]; then
     echo " Error! Wget doesn't exists" >&2
@@ -265,7 +268,7 @@ fi
 
 Help() {
 cat << EOF
- Usage: `basename $0` start|force-start|stop|destroy|restart|reload|update|force-update|data-files|status|raw-status|html-info|help
+ Usage: ${APP_NAME} start|force-start|stop|destroy|restart|reload|update|force-update|data-files|status|raw-status|html-info|help
         start : Start
         force-start : Removing the PID-file before running
         stop : Stop
@@ -280,18 +283,18 @@ cat << EOF
         html-info : Return the html-info output
         -h|--help|help : This message
  Examples:
-        `basename $0` start
-        `basename $0` force-start
-        `basename $0` stop
-        `basename $0` destroy
-        `basename $0` restart
-        `basename $0` reload
-        `basename $0` update
-        `basename $0` force-update
-        `basename $0` data-files
-        `basename $0` status
-        `basename $0` raw-status
-        `basename $0` html-info
+        ${APP_NAME} start
+        ${APP_NAME} force-start
+        ${APP_NAME} stop
+        ${APP_NAME} destroy
+        ${APP_NAME} restart
+        ${APP_NAME} reload
+        ${APP_NAME} update
+        ${APP_NAME} force-update
+        ${APP_NAME} data-files
+        ${APP_NAME} status
+        ${APP_NAME} raw-status
+        ${APP_NAME} html-info
 EOF
 }
 

ruantiblock/files/usr/share/ruantiblock/config_script

@@ -1,5 +1,5 @@
 UCI_SECTION="ruantiblock.config"
-UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_mode bypass_entries_dns enable_fproxy fproxy_list enable_bllist_proxy if_vpn vpn_route_check tor_trans_port onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
+UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_mode bypass_entries_dns enable_fproxy fproxy_list enable_bllist_proxy if_vpn vpn_gw_ip vpn_route_check tor_trans_port onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
 UCI_CMD=`which uci`
 if [ $? -ne 0 ]; then
     echo " Error! UCI doesn't exists" >&2

ruantiblock/files/usr/share/ruantiblock/nft_functions

@@ -50,12 +50,17 @@ NftVpnRouteDelete() {
 }
 
 NftVpnRouteAdd() {
-    VPN_IP=`$IP_CMD addr list dev $IF_VPN 2> /dev/null | $AWK_CMD '/inet/{sub("/[0-9]{1,2}$", "", $2); print $2; exit}'`
-    if [ -n "$VPN_IP" ]; then
+    local _vpn_ip
+    if [ -n "$VPN_GW_IP" ]; then
+        _vpn_ip="$VPN_GW_IP"
+    else
+        _vpn_ip=`$IP_CMD addr list dev $IF_VPN 2> /dev/null | $AWK_CMD '/inet/{f=($3 == "peer") ? 4 : 2; sub("/[0-9]{1,2}$", "", $f); print $f; exit}'`
+    fi
+    if [ -n "$_vpn_ip" ]; then
         echo 0 > /proc/sys/net/ipv4/conf/$IF_VPN/rp_filter
         NftVpnRouteDelete 2> /dev/null
         $IP_CMD rule add fwmark $VPN_PKTS_MARK table $VPN_ROUTE_TABLE_ID priority $VPN_RULE_PRIO
-        $IP_CMD route add default via $VPN_IP table $VPN_ROUTE_TABLE_ID
+        $IP_CMD route add default via $_vpn_ip table $VPN_ROUTE_TABLE_ID
     fi
 }