luci-app-ipsec-vpnd: add rule settings

2025-04-19 03:43:29 +00:00 · 2021-07-19 23:20:44 +08:00 · 2021-07-19 23:20:44 +08:00 · 567628d38b
commit 567628d38b
parent f8b4b81ac7
3 changed files with 26 additions and 3 deletions
--- a/package/lean/luci-app-ipsec-vpnd/Makefile
+++ b/package/lean/luci-app-ipsec-vpnd/Makefile
@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for IPSec VPN Server (IKEv1 with PSK and Xauth)
 LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-xauth-generic +strongswan-mod-kernel-libipsec
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=9
+PKG_RELEASE:=10

 include $(TOPDIR)/feeds/luci/luci.mk

--- a/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec
@ -1,9 +1,9 @@

 config service 'ipsec'
-	option clientdns '192.168.0.1'
+	option clientdns '10.10.10.1'
 	option account 'lean'
 	option secret 'myopenwrt'
 	option enabled '0'
 	option password '12345678'
-	option clientip '192.168.0.10/24'
+	option clientip '10.10.10.2/24'

--- a/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
@ -10,6 +10,17 @@ uci -q batch <<-EOF >/dev/null
 EOF

 uci -q batch <<-EOF >/dev/null
+	delete network.VPN
+	set network.VPN=interface
+	set network.VPN.ifname="ipsec0"
+	set network.VPN.proto="static"
+	set network.VPN.ipaddr="10.10.10.1"
+	set network.VPN.netmask="255.255.255.0"
+	
+	commit network
+	
+	set firewall.@defaults[0].forward="ACCEPT"
+	
  delete firewall.ike
  add firewall rule
  rename firewall.@rule[-1]="ike"
@ -18,6 +29,7 @@ uci -q batch <<-EOF >/dev/null
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="udp"
  set firewall.@rule[-1].dest_port="500"
+  
  delete firewall.ipsec
  add firewall rule
  rename firewall.@rule[-1]="ipsec"
@ -26,6 +38,7 @@ uci -q batch <<-EOF >/dev/null
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="udp"
  set firewall.@rule[-1].dest_port="4500"
+  
  delete firewall.ah
  add firewall rule
  rename firewall.@rule[-1]="ah"
@ -33,6 +46,7 @@ uci -q batch <<-EOF >/dev/null
  set firewall.@rule[-1].target="ACCEPT"
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="ah"
+  
  delete firewall.esp
  add firewall rule
  rename firewall.@rule[-1]="esp"
@ -40,6 +54,15 @@ uci -q batch <<-EOF >/dev/null
  set firewall.@rule[-1].target="ACCEPT"
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="esp"
+  
+  delete firewall.VPN
+	set firewall.VPN=zone
+	set firewall.VPN.name="VPN"
+	set firewall.VPN.input="ACCEPT"
+	set firewall.VPN.forward="ACCEPT"
+	set firewall.VPN.output="ACCEPT"
+	set firewall.VPN.network="VPN"
+  
  commit firewall
 EOF