Add n2n supernode ports and rules (#6577)

* 自动开放 supernode 的防火墙端口，这样 openwrtr的edge和supernode都可以用了。增加edge的第二supernode节点。但当两个supernode都设了后，貌似只有第二个supernode起作用，如果把第二个supernode关掉，就都连不上了为n2n的防火墙规则添加描述 * Update n2n_v2.init 修复 n2n 的 supernode 添加防火墙规则的错误端口 Co-authored-by: dwj0 <dwj-ubuntu@example.com>
2025-04-16 04:13:31 +00:00 · 2021-03-31 12:31:52 +08:00 · 2021-03-31 12:31:52 +08:00 · 3c3ea0d4fe
commit 3c3ea0d4fe
parent 8fd95efe58
5 changed files with 36 additions and 14 deletions
--- a/package/lean/luci-app-n2n_v2/Makefile
+++ b/package/lean/luci-app-n2n_v2/Makefile
@ -10,7 +10,7 @@ LUCI_TITLE:=n2n_v2 VPN Configuration module
 LUCI_DEPENDS:=+n2n-edge +n2n-supernode
 LUCI_PKGARCH:=all
 PKG_VERSION:=2.8.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 include $(TOPDIR)/feeds/luci/luci.mk

--- a/package/lean/luci-app-n2n_v2/luasrc/model/cbi/n2n_v2.lua
+++ b/package/lean/luci-app-n2n_v2/luasrc/model/cbi/n2n_v2.lua
@ -60,10 +60,20 @@ mtu.optional = false
 supernode = s:option(Value, "supernode", translate("Supernode Host"))
 supernode.datatype = "host"
 supernode.optional = false
+supernode.rmempty = false

 port = s:option(Value, "port", translate("Supernode Port"))
 port.datatype = "port"
 port.optional = false
+port.rmempty = false
+
+second_supernode = s:option(Value, "second_supernode", translate("Second Supernode Host"))
+second_supernode.datatype = "host"
+second_supernode.optional = false
+
+second_port = s:option(Value, "second_port", translate("Second Supernode Port"))
+second_port.datatype = "port"
+second_port.optional = false

 community = s:option(Value, "community", translate("N2N Community name"))
 community.optional = false
--- a/package/lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po
+++ b/package/lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po
@ -35,6 +35,9 @@ msgstr "接口子网掩码"
 msgid "Supernode Host"
 msgstr "Supernode节点地址"

+msgid "Second Supernode Host"
+msgstr "第二Supernode节点地址"
+
 msgid "N2N Community name"
 msgstr "N2N网络组名称"

@ -50,6 +53,9 @@ msgstr "端口"
 msgid "Supernode Port"
 msgstr "Supernode节点端口"

+msgid "Second Supernode Port"
+msgstr "第二Supernode节点端口"
+
 msgid "Encryption key"
 msgstr "加密密钥"

--- a/package/lean/n2n_v2/Makefile
+++ b/package/lean/n2n_v2/Makefile
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=n2n
 PKG_SOURCE_URL:=https://github.com/ntop/n2n.git
 PKG_SOURCE_VERSION:=99e56e9f3c34c49eeb297971d41150b433489120
-PKG_VERSION:=2.8.0_git-$(PKG_SOURCE_VERSION)
-PKG_RELEASE:=3
+PKG_VERSION:=2.8.1_git-$(PKG_SOURCE_VERSION)
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
--- a/package/lean/n2n_v2/files/n2n_v2.init
+++ b/package/lean/n2n_v2/files/n2n_v2.init
@ -19,26 +19,30 @@ start_instance() {
        config_get mtu "$cfg" 'mtu'
        config_get supernode "$cfg" 'supernode'
        config_get port "$cfg" 'port'
+        config_get second_supernode "$cfg" 'second_supernode'
+        config_get second_port "$cfg" 'second_port'
        config_get community "$cfg" 'community'
        config_get key "$cfg" 'key'
        config_get_bool route "$cfg" 'route' '0'
        address="$ipaddr"
+        supernode_bak=""
+        [ "$second_supernode" -a "$second_port" ] && supernode_bak=" -l ${second_supernode}:${second_port}"
        [ "$route" = "1" ] && args='-r'
        [ "$mode" = 'dhcp' ] && address='0.0.0.0'
        [ "-$mtu" != "-" ] && mtu="-M $mtu"
        eval "$(ipcalc.sh "$ipaddr/$prefix")"
        netmask="$NETMASK"
-        /usr/bin/edge -u 0 -g 0 -d $tunname -a ${mode}:${address} -s $netmask -c $community $([ -n "$key" ] && echo -k $key) -l ${supernode}:${port} $args $mtu
-        sleep 1
-        iptables -I FORWARD -i "$tunname" -j ACCEPT
-        iptables -I FORWARD -o "$tunname" -j ACCEPT
-        iptables -t nat -I POSTROUTING -o "$tunname" -j MASQUERADE
+        /usr/bin/edge -u 0 -g 0 -d $tunname -a ${mode}:${address} -s $netmask -c $community $([ -n "$key" ] && echo -k $key) -l ${supernode}:${port}$supernode_bak $args $mtu
+        iptables -I FORWARD -i "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth'
+        iptables -I FORWARD -o "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth'
+        iptables -t nat -I POSTROUTING -o "$tunname" -j MASQUERADE -m comment --comment 'n2n edge net'
      ;;
      supernode)
        config_get_bool enabled "$cfg" 'enabled' '0'
        [ "$enabled" = "0" ] && return 1
-        config_get port "$cfg" port
+        config_get port "$cfg" 'port'
        /usr/bin/supernode -l $port &
+        iptables -I INPUT -p udp --dport $port -j ACCEPT -m comment --comment 'n2n supernode port'
      ;;
      route)
        config_get_bool enabled "$cfg" 'enabled' '0'
@ -59,13 +63,15 @@ stop_instance() {
    case "$type" in
      edge)
        config_get tunname "$cfg" 'tunname'
-        iptables -D FORWARD -i "$tunname" -j ACCEPT 2>/dev/null
-        iptables -D FORWARD -o "$tunname" -j ACCEPT 2>/dev/null
-        iptables -t nat -D POSTROUTING -o "$tunname" -j MASQUERADE 2>/dev/null
+        iptables -D FORWARD -i "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth' 2>/dev/null
+        iptables -D FORWARD -o "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth' 2>/dev/null
+        iptables -t nat -D POSTROUTING -o "$tunname" -j MASQUERADE -m comment --comment 'n2n edge net' 2>/dev/null
        killall -9 edge
      ;;
      supernode)
-        killall -9 supernode
+        config_get port "$cfg" 'port'
+        iptables -D INPUT -p udp --dport $port -j ACCEPT -m comment --comment 'n2n supernode port' 2>/dev/null
+        ps | grep supernode | grep -v grep 2>&1 >/dev/null && killall -9 supernode
      ;;
    esac
 }
@ -81,5 +87,5 @@ start() {
 stop() {
    config_load 'n2n_v2'
    config_foreach stop_instance 'edge'
-    ps | grep supernode | grep -v grep 2>&1 >/dev/null && killall -9 supernode
+    config_foreach stop_instance 'supernode'
 }