From 567628d38ba19c3c66bda59eee635b8c565a4b89 Mon Sep 17 00:00:00 2001
From: coolsnowwolf <coolsnowwolf@gmail.com>
Date: Mon, 19 Jul 2021 23:20:44 +0800
Subject: [PATCH]  luci-app-ipsec-vpnd: add rule settings

---
 package/lean/luci-app-ipsec-vpnd/Makefile     |  2 +-
 .../luci-app-ipsec-vpnd/root/etc/config/ipsec |  4 ++--
 .../root/etc/uci-defaults/luci-ipsec          | 23 +++++++++++++++++++
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/package/lean/luci-app-ipsec-vpnd/Makefile b/package/lean/luci-app-ipsec-vpnd/Makefile
index 46bef920f..457d8eeeb 100644
--- a/package/lean/luci-app-ipsec-vpnd/Makefile
+++ b/package/lean/luci-app-ipsec-vpnd/Makefile
@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for IPSec VPN Server (IKEv1 with PSK and Xauth)
 LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-xauth-generic +strongswan-mod-kernel-libipsec
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=9
+PKG_RELEASE:=10
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec b/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec
index 93c21f278..4cd3f6422 100644
--- a/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/config/ipsec
@@ -1,9 +1,9 @@
 
 config service 'ipsec'
-	option clientdns '192.168.0.1'
+	option clientdns '10.10.10.1'
 	option account 'lean'
 	option secret 'myopenwrt'
 	option enabled '0'
 	option password '12345678'
-	option clientip '192.168.0.10/24'
+	option clientip '10.10.10.2/24'
 
diff --git a/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec b/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
index b9eb66fb8..dfc89e01d 100755
--- a/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
+++ b/package/lean/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
@@ -10,6 +10,17 @@ uci -q batch <<-EOF >/dev/null
 EOF
 
 uci -q batch <<-EOF >/dev/null
+	delete network.VPN
+	set network.VPN=interface
+	set network.VPN.ifname="ipsec0"
+	set network.VPN.proto="static"
+	set network.VPN.ipaddr="10.10.10.1"
+	set network.VPN.netmask="255.255.255.0"
+	
+	commit network
+	
+	set firewall.@defaults[0].forward="ACCEPT"
+	
   delete firewall.ike
   add firewall rule
   rename firewall.@rule[-1]="ike"
@@ -18,6 +29,7 @@ uci -q batch <<-EOF >/dev/null
   set firewall.@rule[-1].src="wan"
   set firewall.@rule[-1].proto="udp"
   set firewall.@rule[-1].dest_port="500"
+  
   delete firewall.ipsec
   add firewall rule
   rename firewall.@rule[-1]="ipsec"
@@ -26,6 +38,7 @@ uci -q batch <<-EOF >/dev/null
   set firewall.@rule[-1].src="wan"
   set firewall.@rule[-1].proto="udp"
   set firewall.@rule[-1].dest_port="4500"
+  
   delete firewall.ah
   add firewall rule
   rename firewall.@rule[-1]="ah"
@@ -33,6 +46,7 @@ uci -q batch <<-EOF >/dev/null
   set firewall.@rule[-1].target="ACCEPT"
   set firewall.@rule[-1].src="wan"
   set firewall.@rule[-1].proto="ah"
+  
   delete firewall.esp
   add firewall rule
   rename firewall.@rule[-1]="esp"
@@ -40,6 +54,15 @@ uci -q batch <<-EOF >/dev/null
   set firewall.@rule[-1].target="ACCEPT"
   set firewall.@rule[-1].src="wan"
   set firewall.@rule[-1].proto="esp"
+  
+  delete firewall.VPN
+	set firewall.VPN=zone
+	set firewall.VPN.name="VPN"
+	set firewall.VPN.input="ACCEPT"
+	set firewall.VPN.forward="ACCEPT"
+	set firewall.VPN.output="ACCEPT"
+	set firewall.VPN.network="VPN"
+  
   commit firewall
 EOF