re-add luci app openvpn server and v2ray pro

package/lean/ipset-lists/Makefile

@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2015 Justin Liu
+# Author: Justin Liu <rssnsj@gmail.com>
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ipset-lists
+PKG_VERSION:=20171019
+PKG_RELEASE:=3
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/ipset-lists
+  CATEGORY:=Network
+  TITLE:=Service for IPSET address tables
+  MAINTAINER:=Justin Liu <rssnsj@gmail.com>
+  DEPENDS:=+ipset
+endef
+
+define Package/ipset-lists/conffiles
+/etc/gfwlist/china-banned
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile/Default
+
+endef
+Build/Compile = $(Build/Compile/Default)
+
+define Package/ipset-lists/install
+	$(CP) -a files/* $(1)/
+endef
+
+define Package/ipset-lists/postinst
+#!/bin/sh
+if [ -e /etc/openwrt_release ]; then
+	/etc/init.d/ipset.sh restart
+	/etc/init.d/ipset.sh enable || :
+fi
+endef
+
+$(eval $(call BuildPackage,ipset-lists))

package/lean/ipset-lists/files/etc/gfwlist/unblock-youku

@@ -0,0 +1,95 @@
+v.youku.com
+api.youku.com
+v2.tudou.com
+www.tudou.com
+s.plcloud.music.qq.com
+i.y.qq.com
+hot.vrs.sohu.com
+live.tv.sohu.com
+pad.tv.sohu.com
+my.tv.sohu.com
+hot.vrs.letv.com
+data.video.qiyi.com
+cache.video.qiyi.com
+cache.vip.qiyi.com
+vv.video.qq.com
+tt.video.qq.com
+ice.video.qq.com
+tjsa.video.qq.com
+a10.video.qq.com
+xyy.video.qq.com
+vcq.video.qq.com
+vsh.video.qq.com
+vbj.video.qq.com
+bobo.video.qq.com
+flvs.video.qq.com
+bkvv.video.qq.com
+info.zb.qq.com
+geo.js.kankan.xunlei.com
+web-play.pptv.com
+web-play.pplive.cn
+dyn.ugc.pps.tv
+v.pps.tv
+inner.kandian.com
+ipservice.163.com
+so.open.163.com
+zb.s.qq.com
+ip.kankan.xunlei.com
+vxml.56.com
+music.sina.com.cn
+play.baidu.com
+v.iask.com
+tv.weibo.com
+wtv.v.iask.com
+video.sina.com.cn
+www.yinyuetai.com
+api.letv.com
+live.gslb.letv.com
+static.itv.letv.com
+ip.apps.cntv.cn
+vdn.apps.cntv.cn
+vdn.live.cntv.cn
+vip.sports.cntv.cn
+a.play.api.3g.youku.com
+i.play.api.3g.youku.com
+api.3g.youku.com
+tv.api.3g.youku.com
+play.api.3g.youku.com
+play.api.3g.tudou.com
+tv.api.3g.tudou.com
+api.3g.tudou.com
+api.tv.sohu.com
+access.tv.sohu.com
+iface.iqiyi.com
+iface2.iqiyi.com
+cache.m.iqiyi.com
+dynamic.app.m.letv.com
+dynamic.meizi.app.m.letv.com
+dynamic.search.app.m.letv.com
+dynamic.live.app.m.letv.com
+listso.m.areainfo.ppstream.com
+epg.api.pptv.com
+play.api.pptv.com
+m.letv.com
+interface.bilibili.com
+3g.music.qq.com
+mqqplayer.3g.qq.com
+proxy.music.qq.com
+proxymc.qq.com
+ip2.kugou.com
+ip.kugou.com
+client.api.ttpod.com
+mobi.kuwo.cn
+mobilefeedback.kugou.com
+tingapi.ting.baidu.com
+music.baidu.com
+serviceinfo.sdk.duomi.com
+music.163.com
+www.xiami.com
+spark.api.xiami.com
+iplocation.geo.qiyi.com
+sns.video.qq.com
+v5.pc.duomi.com
+tms.is.ysten.com
+internal.check.duokanbox.com
+openapi.youku.com

package/lean/ipset-lists/files/etc/init.d/ipset.sh

@@ -0,0 +1,29 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2014 Justin Liu <rssnsj@gmail.com>
+
+START=21
+
+start()
+{
+	local file
+	for file in /etc/ipset/*; do
+		[ -f $file ] || continue
+		ipset restore < $file
+	done
+}
+
+stop()
+{
+	local file
+	for file in /etc/ipset/*; do
+		[ -f $file ] || continue
+		ipset destroy `basename $file`
+	done
+}
+
+restart()
+{
+	stop >/dev/null 2>&1
+	start
+}
+

package/lean/ipset-lists/files/etc/ipset/local

@@ -0,0 +1,6 @@
+create local hash:net family inet hashsize 1024 maxelem 65536
+add local 10.0.0.0/8
+add local 127.0.0.0/8
+add local 172.16.0.0/12
+add local 192.168.0.0/16
+add local 224.0.0.0/3

package/lean/ipset-lists/files/usr/lib/lua/luci/controller/gfwlist.lua

@@ -0,0 +1,14 @@
+--[[
+ Customize /etc/gfwlist.list content
+ Copyright (c) 2015 Justin Liu
+ Author: Justin Liu <rssnsj@gmail.com>
+ https://github.com/rssnsj/network-feeds
+]]--
+
+module("luci.controller.gfwlist", package.seeall)
+
+function index()
+	local page
+	page = entry({"admin", "services", "gfwlist"}, cbi("gfwlist"), _("Domain Lists"))
+	page.dependent = true
+end

package/lean/ipset-lists/files/usr/lib/lua/luci/model/cbi/gfwlist.lua

@@ -0,0 +1,33 @@
+--[[
+ Customize firewall-banned domain lists - /etc/gfwlist/
+ Copyright (c) 2015 Justin Liu
+ Author: Justin Liu <rssnsj@gmail.com>
+ https://github.com/rssnsj/network-feeds
+]]--
+
+local fs = require "nixio.fs"
+
+function sync_value_to_file(value, file)
+	value = value:gsub("\r\n?", "\n")
+	local old_value = nixio.fs.readfile(file)
+	if value ~= old_value then
+		nixio.fs.writefile(file, value)
+	end
+end
+
+m = SimpleForm("gfwlist", translate("Domain Lists Settings"))
+
+for e in fs.dir("/etc/gfwlist") do
+	glist = m:field(TextValue, e, e, nil)
+	glist.rmempty = false
+	glist.rows = 12
+
+	function glist.cfgvalue()
+		return nixio.fs.readfile("/etc/gfwlist/" .. e) or ""
+	end
+	function glist.write(self, section, value)
+		sync_value_to_file(value, "/etc/gfwlist/" .. e)
+	end
+end
+
+return m

package/lean/ipset-lists/po/zh_CN/gfwlist.po

@@ -0,0 +1,9 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+msgid "Domain Lists Settings"
+msgstr "域名列表设置"
+
+msgid "Domain Lists"
+msgstr "域名列表"
+

package/lean/ipset-lists/tools/Makefile

@@ -0,0 +1,3 @@
+update:
+	./gen-china-routes.sh > ../files/etc/ipset/china
+	./gen-gfwlist.sh > ../files/etc/gfwlist/china-banned

package/lean/ipset-lists/tools/gen-china-routes.sh

@@ -0,0 +1,85 @@
+#!/bin/bash -e
+
+#
+# Script for generating China IPv4 route table by merging APNIC.net data and IPIP.net data
+#
+
+china_routes_ipip()
+{
+	[ -f ipip.txt ] || wget -4 https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt -O ipip.txt >&2 || exit 1
+	cat ipip.txt | xargs netmask | awk '{print $1}'
+}
+
+china_routes_apnic()
+{
+	[ -f apnic.txt ] || wget -4 http://ftp.apnic.net/stats/apnic/delegated-apnic-latest -O apnic.txt >&2 || exit 1
+
+	cat apnic.txt | awk -F'|' -vc=CN '
+function tobits(c) { for(n=0; c>=2; c/=2) n++; return 32-n; }
+$2==c&&$3=="ipv4" { printf("%s/%d\n", $4, tobits($5)) }' |
+		xargs netmask | awk '{print $1}'
+}
+
+china_routes_merged()
+{
+	[ -x ./ipv4-merger ] || gcc ipv4_merger.c -o ipv4-merger >&2
+
+	china_routes_apnic > china.apnic
+	china_routes_ipip > china.ipip
+
+	# Merge them together
+	cat china.apnic china.ipip | ./ipv4-merger | sed 's/\-/:/g' |
+		xargs netmask | awk '{print $1}' | awk -F/ '$2<=24' > china.merged
+
+	cat china.merged
+}
+
+# $1: ipset name
+convert_routes_to_ipset()
+{
+	local ipset_name="$1"
+	echo "create $ipset_name hash:net family inet hashsize 1024 maxelem 65536"
+	awk -vt="$ipset_name" '{ printf("add %s %s\n", t, $0) }'
+}
+
+
+generate_china_ipset()
+{
+	china_routes_merged | convert_routes_to_ipset china
+}
+
+generate_inverted_china_routes()
+{
+	(
+		china_routes_merged
+		echo 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 172.16.0.0/12 192.168.0.0/16 224.0.0.0/3
+	) |
+	xargs netmask -r | awk '{print $1}' |
+	awk -F- '
+function iptoint(ip) { split(ip,arr,"."); n=0; for(i=1;i<=4;i++) n=n*256+arr[i]; return n; }
+function inttoip(n) { a=int(n/16777216); b=int(n%16777216/65536); c=int(n%65536/256); d=n%256; return a "." b "." c "." d; }
+BEGIN { st=0 }
+{ x=st; y=iptoint($1); st=iptoint($2)+1; if(y>x) { print inttoip(x) ":" inttoip(y-1); } }' |
+	xargs netmask | awk '{print $1}'
+}
+
+
+##
+case "$1" in
+	"")
+		generate_china_ipset
+		;;
+	-c)
+		china_routes_merged
+		;;
+	-r)
+		generate_inverted_china_routes
+		;;
+	*)
+		echo "Usage:"
+		echo " $0                   generate China routes in ipset format"
+		echo " $0 -c                generate China routes in IP/prefix format"
+		echo " $0 -r                generate invert China routes"
+		;;
+	*)
+esac

package/lean/ipset-lists/tools/gen-gfwlist.sh

@@ -0,0 +1,29 @@
+#!/bin/sh -e
+
+generate_china_banned()
+{
+	if [ ! -f gfwlist.txt ]; then
+		wget https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O gfwlist.b64 >&2
+		cat gfwlist.b64 | base64 -d > gfwlist.txt
+		rm -f gfwlist.b64
+	fi
+
+	cat gfwlist.txt base-gfwlist.txt | sort -u |
+		sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' |
+		sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /qq\.com/d' |
+		sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' |
+		grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | rev | sort -u |
+		awk '
+BEGIN { prev = "________"; }  {
+	cur = $0;
+	if (index(cur, prev) == 1 && substr(cur, 1 + length(prev) ,1) == ".") {
+	} else {
+		print cur;
+		prev = cur;
+	}
+}' | rev | sort -u
+
+}
+
+generate_china_banned
+

package/lean/ipset-lists/tools/ipv4_merger.c

@@ -0,0 +1,339 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+typedef u_int32_t u32;
+typedef int bool;
+#define true  1
+#define false 0
+typedef unsigned gfp_t;
+
+static inline char *ipv4_hltos(u32 u, char *s)
+{
+	static char ss[20];
+	if (!s)
+		s = ss;
+	sprintf(s, "%d.%d.%d.%d",
+		(int)(u >> 24) & 0xff, (int)(u >> 16) & 0xff,
+		(int)(u >> 8) & 0xff, (int)u & 0xff );
+	return s;
+}
+
+static inline u32 ipv4_stohl(const char *s)
+{
+	int u[4];
+	if (sscanf(s, "%d.%d.%d.%d", &u[0], &u[1], &u[2], &u[3]) == 4) {
+		return  (((u32)u[0] & 0xff) << 24) |
+				(((u32)u[1] & 0xff) << 16) |
+				(((u32)u[2] & 0xff) << 8) |
+				(((u32)u[3] & 0xff));
+	} else
+		return 0xffffffff;
+}
+
+static inline bool is_ipv4_addr(const char *s)
+{
+	int u[4];
+	if (sscanf(s, "%d.%d.%d.%d", &u[0], &u[1], &u[2], &u[3]) == 4)
+		return true;
+	else
+		return false;
+}
+
+
+struct ipv4_range {
+	u32 start;
+	u32 end;
+};
+
+struct sa_open_data {
+	struct ipv4_range *tmp_base;
+	size_t tmp_size;
+	size_t tmp_length;
+	int    errors;
+};
+
+static int __touch_tmp_base(struct sa_open_data *od, gfp_t gfp)
+{
+	if (!od->tmp_base) {
+		/**
+		 * Allocate a temporary table with twice the size of the previous
+		 *  table or at least 100, on which new entries can be inserted.
+		 */
+		if (od->tmp_size < 100)
+			od->tmp_size = 100;
+		od->tmp_base = (struct ipv4_range *)malloc(
+			sizeof(struct ipv4_range) * od->tmp_size /*, gfp*/ );
+		if (!od->tmp_base) {
+			fprintf(stderr,
+				"salist: cannot allocate the temporary list for enlarging it.\n");
+			return -ENOMEM;
+		}
+		od->tmp_length = 0;
+	}
+	return 0;
+}
+
+static int ipv4_list_add_range(struct sa_open_data *od, u32 start,
+		u32 end, gfp_t gfp)
+{
+	struct ipv4_range *cur;
+	int ret;
+	
+	/* Ignore a new range if it or a larger range already exists */
+	//if (salist_check_ipv4(od->table, start, end))
+	//	return 0;
+	
+	if ((ret = __touch_tmp_base(od, gfp)) < 0)
+		return ret;
+	
+	/* Check if the size is efficient. Enlarge it if needed. */
+	if (od->tmp_length + 1 >= od->tmp_size) {
+		size_t old_size = od->tmp_size;
+		struct ipv4_range *old_base = od->tmp_base;
+		
+		od->tmp_size *= 2;
+		od->tmp_base = (struct ipv4_range *)realloc(od->tmp_base,
+				sizeof(struct ipv4_range) * od->tmp_size);
+		if (!od->tmp_base) {
+			od->tmp_size = old_size;
+			od->tmp_base = old_base;
+			return -ENOMEM;
+		}
+	}
+	
+	cur = &od->tmp_base[od->tmp_length++];
+	cur->start = start;
+	cur->end = end;
+	
+	return 0;
+}
+
+static inline int ipv4_list_add_netmask(struct sa_open_data *od,
+		u32 net, u32 net_mask, gfp_t gfp)
+{
+	u32 start = net & net_mask;
+	u32 end = net | ~net_mask;
+	
+	return ipv4_list_add_range(od, start, end, gfp);
+}
+
+static int ipv4_list_add_net(struct sa_open_data *od, u32 net,
+		int net_bits, gfp_t gfp)
+{
+	u32 net_mask;
+
+	if(net_bits == 0)
+		net_mask = 0x00000000;
+	else
+		net_mask = ~(((u32)1 << (32 - net_bits)) - 1);
+	//printf("%d: %08x, %08x\n", net_bits, net_mask, net_size);
+
+	return ipv4_list_add_netmask(od, net, net_mask, gfp);
+}
+
+static int salist_cmd_parse(struct sa_open_data *od, char *cmd, gfp_t gfp)
+{
+	char *a1 = NULL, *a2 = NULL;
+	char *sep;
+	char sc;
+	int n = 32;
+
+	/* Case 3: Append an item */
+	
+	/* Check IP description part: network segment or range? */
+	if ((sep = strchr(cmd, '/'))) { }
+	else if ((sep = strchr(cmd, '-'))) { }
+	else if ((sep = strchr(cmd, ':'))) { }
+	
+	if (sep) {
+		/* Describes a subnet or range. */
+		sc = *sep;
+		*sep = '\0';
+
+		a1 = cmd;
+		a2 = sep + 1;
+
+		if (*a2 == '\0') {
+			fprintf(stderr, "Nothing after '%c'.\n", sc);
+			return -EINVAL;
+		}
+	} else {
+		/* Describes a single IP. */
+		sc = '\0';
+		a1 = cmd;
+	}
+	
+	switch (sc) {
+	case '/':
+		/* 10.10.20.0/24 */
+		/* ------------------------------------ */
+		if (is_ipv4_addr(a2)) {
+			ipv4_list_add_netmask(od, ipv4_stohl(a1), ipv4_stohl(a2), gfp);
+		} else {
+			sscanf(a2, "%d", &n);
+			ipv4_list_add_net(od, ipv4_stohl(a1), n, gfp);
+		}
+		/* ------------------------------------ */
+		break;
+	case ':':
+	case '-':
+		/* 10.10.20.0-10.20.0.255 */
+		/* ------------------------------------ */
+		ipv4_list_add_range(od, ipv4_stohl(a1), ipv4_stohl(a2), gfp);
+		/* ------------------------------------ */
+		break;
+	default:
+		if (is_ipv4_addr(a1)) {
+			/* Single IP address. */
+			u32 ip = ipv4_stohl(a1);
+			/* ------------------------------------ */
+			ipv4_list_add_range(od, ip, ip, gfp);
+			/* ------------------------------------ */
+		} else {
+			fprintf(stderr, "Invalid IP address '%s'.\n", a1);
+			return -EINVAL;
+		}
+		break;
+	}
+	return 0;
+}
+
+static int ipv4_range_sort_cmp(const void *a, const void *b)
+{
+	struct ipv4_range *ra = (struct ipv4_range *)a;
+	struct ipv4_range *rb = (struct ipv4_range *)b;
+	
+	if (ra->start > rb->start) {
+		return 1;
+	} else if (ra->start < rb->start) {
+		return -1;
+	} else if (ra->end > rb->end) {
+		return 1;
+	} else if (ra->end < rb->end) {
+		return -1;
+	} else {
+		return 0;
+	}
+}
+
+static void ipv4_range_swap(void *a, void *b, int size)
+{
+	struct ipv4_range *ra = (struct ipv4_range *)a;
+	struct ipv4_range *rb = (struct ipv4_range *)b;
+	struct ipv4_range tmp;
+	tmp = *ra;
+	*ra = *rb;
+	*rb = tmp;
+}
+
+static struct sa_open_data *salist_open(void)
+{
+	struct sa_open_data *od = NULL;
+
+	od = (struct sa_open_data *)malloc(sizeof(*od));
+	if (!od) {
+		fprintf(stderr, "salist: cannot allocate sa_open_data.\n");
+		return NULL;
+	}
+	memset(od, 0, sizeof(*od));
+	od->errors = 0;
+
+	return od;
+}
+
+static int salist_close(struct sa_open_data *od)
+{
+	size_t ri, wi;
+	struct ipv4_range *old_base;
+
+	/* Flush the table if any modification has been done */
+	if (od->tmp_base) {
+		/* Sort the table and merge entries as many as possible. */
+		if (od->tmp_length >= 2) {
+			qsort(od->tmp_base, od->tmp_length, sizeof(struct ipv4_range),
+				ipv4_range_sort_cmp);
+			
+			for (wi = 0, ri = 1; ri < od->tmp_length; ri++) {
+				/* NOTICE: 0xffffffff + 1 ? */
+				if (od->tmp_base[wi].end == (u32)(-1)) {
+					/* Nothing */
+				} else if (od->tmp_base[ri].start <= od->tmp_base[wi].end + 1) {
+					/* The two ranges overlap, so merge the 2nd to the 1st one */
+					if (od->tmp_base[ri].end > od->tmp_base[wi].end)
+						od->tmp_base[wi].end = od->tmp_base[ri].end;
+				} else {
+					wi++;
+					if (wi < ri)
+						od->tmp_base[wi] = od->tmp_base[ri];
+				}
+			}
+			
+			od->tmp_length = wi + 1;
+		}
+		
+		/* Reduce the size */
+		if (od->tmp_length < od->tmp_size) {
+			struct ipv4_range *__tmp = od->tmp_base;
+			od->tmp_base = (struct ipv4_range *)malloc(
+				sizeof(struct ipv4_range) * (od->tmp_length ? od->tmp_length : 1));
+			if (od->tmp_base) {
+				memcpy(od->tmp_base, __tmp,
+					sizeof(struct ipv4_range) * od->tmp_length);
+				free(__tmp);
+			} else {
+				fprintf(stderr, "[%s:%d] Failed to allocate temporary table.\n",
+					__FUNCTION__, __LINE__);
+				/* If failed to allocate new memory, do not reduce it. */
+				od->tmp_base = __tmp;
+			}
+		}
+
+		/* Dump the table instead */
+	}
+	
+	if (od->errors) {
+		fprintf(stderr, "[%s] %d errors detected during table operation.\n",
+				__FUNCTION__, od->errors);
+	}
+
+	return 0;
+}
+
+static void sa_open_data_dump(struct sa_open_data *od)
+{
+	size_t i;
+	char s1[20], s2[20];
+
+	for (i = 0; i < od->tmp_length; i++) {
+		printf("%s-%s\n", ipv4_hltos(od->tmp_base[i].start, s1),
+			ipv4_hltos(od->tmp_base[i].end, s2));
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	struct sa_open_data *od;
+	char lbuf[128];
+
+	od = salist_open();
+
+	while (fgets(lbuf, sizeof(lbuf), stdin)) {
+		size_t llen = strlen(lbuf);
+		if (llen > 0 && lbuf[llen - 1] == '\n')
+			lbuf[--llen] = '\0';
+		if (llen > 0 && lbuf[llen - 1] == '\r')
+			lbuf[--llen] = '\0';
+		if (llen == 0)
+			continue;
+		salist_cmd_parse(od, lbuf, 0);
+	}
+
+	salist_close(od);
+
+	sa_open_data_dump(od);
+
+	return 0;
+}
+

package/lean/luci-app-openvpn-server/Makefile

@@ -0,0 +1,21 @@
+# Copyright (C) 2016 Openwrt.org
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for OpenVPN Server
+LUCI_DEPENDS:=+openvpn-openssl +openvpn-easy-rsa +kmod-tun
+LUCI_PKGARCH:=all
+PKG_NAME:=luci-app-openvpn-server
+PKG_VERSION:=2.0
+PKG_RELEASE:=17
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
+
+
+
+

package/lean/luci-app-openvpn-server/luasrc/controller/openvpn-server.lua

@@ -0,0 +1,14 @@
+
+module("luci.controller.openvpn-server", package.seeall)
+
+function index()
+	if not nixio.fs.access("/etc/config/openvpn") then
+		return
+	end
+	
+	entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false
+	
+	local page
+
+	entry({"admin", "vpn", "openvpn-server"}, cbi("openvpn-server/openvpn-server"), _("OpenVPN Server"), 80).dependent=false
+end

package/lean/luci-app-openvpn-server/luasrc/model/cbi/openvpn-server/openvpn-server.lua

@@ -0,0 +1,131 @@
+
+--require("luci.tools.webadmin")
+
+mp = Map("openvpn", "OpenVPN Server","")
+
+s = mp:section(TypedSection, "openvpn", "", translate("An easy config OpenVPN Server Web-UI"))
+s.anonymous = true
+s.addremove = false
+
+s:tab("basic",  translate("Base Setting"))
+
+o = s:taboption("basic", Flag, "enabled", translate("Enable"))
+
+port = s:taboption("basic", Value, "port", translate("Port"))
+port.datatype = "range(1,65535)"
+
+ddns = s:taboption("basic", Value, "ddns", translate("WAN DDNS or IP"))
+ddns.datatype = "string"
+ddns.default = "exmple.com"
+ddns.rmempty = false
+
+localnet = s:taboption("basic", Value, "server", translate("Client Network"))
+localnet.datatype = "string"
+localnet.description = translate("VPN Client Network IP with subnet")
+
+list = s:taboption("basic", DynamicList, "push")
+list.title = translate("Client Settings")
+list.datatype = "string"
+list.description = translate("Set route 192.168.0.0 255.255.255.0 and dhcp-option DNS 192.168.0.1 base on your router")
+
+
+local o
+o = s:taboption("basic", Button,"certificate",translate("OpenVPN Client config file"))
+o.inputtitle = translate("Download .ovpn file")
+o.description = translate("If you are using IOS client, please download this .ovpn file and send it via QQ or Email to your IOS device")
+o.inputstyle = "reload"
+o.write = function()
+  luci.sys.call("sh /etc/genovpn.sh 2>&1 >/dev/null")
+	Download()
+end
+
+s:tab("code",  translate("Special Code"))
+
+local conf = "/etc/ovpnadd.conf"
+local NXFS = require "nixio.fs"
+o = s:taboption("code", TextValue, "conf")
+o.description = translate("(!)Special Code you know that add in to client .ovpn file")
+o.rows = 13
+o.wrap = "off"
+o.cfgvalue = function(self, section)
+	return NXFS.readfile(conf) or ""
+end
+o.write = function(self, section, value)
+	NXFS.writefile(conf, value:gsub("\r\n", "\n"))
+end
+
+
+local pid = luci.util.exec("/usr/bin/pgrep openvpn")
+
+function openvpn_process_status()
+  local status = "OpenVPN is not running now "
+
+  if pid ~= "" then
+      status = "OpenVPN is running with the PID " .. pid .. ""
+  end
+
+  local status = { status=status }
+  local table = { pid=status }
+  return table
+end
+
+
+
+function Download()
+	local t,e
+	t=nixio.open("/tmp/my.ovpn","r")
+	luci.http.header('Content-Disposition','attachment; filename="my.ovpn"')
+	luci.http.prepare_content("application/octet-stream")
+	while true do
+		e=t:read(nixio.const.buffersize)
+		if(not e)or(#e==0)then
+			break
+		else
+			luci.http.write(e)
+		end
+	end
+	t:close()
+	luci.http.close()
+end
+
+t = mp:section(Table, openvpn_process_status())
+t.anonymous = true
+
+t:option(DummyValue, "status", translate("OpenVPN status"))
+
+if pid == "" then
+  start = t:option(Button, "_start", translate("Start"))
+  start.inputstyle = "apply"
+  function start.write(self, section)
+        luci.util.exec("uci set openvpn.myvpn.enabled=='1' &&  uci commit openvpn")
+        message = luci.util.exec("/etc/init.d/openvpn start 2>&1")
+        luci.util.exec("sleep 2")
+        luci.http.redirect(
+                luci.dispatcher.build_url("admin", "vpn", "openvpn-server") .. "?message=" .. message
+        )
+  end
+else
+  stop = t:option(Button, "_stop", translate("Stop"))
+  stop.inputstyle = "reset"
+  function stop.write(self, section)
+        luci.util.exec("uci set openvpn.myvpn.enabled=='0' &&  uci commit openvpn")
+        luci.util.exec("/etc/init.d/openvpn stop")
+        luci.util.exec("sleep 2")
+        luci.http.redirect(
+                luci.dispatcher.build_url("admin", "vpn", "openvpn-server")
+        )
+  end
+end
+
+function mp.on_after_commit(self)
+  os.execute("uci set firewall.openvpn.dest_port=$(uci get openvpn.myvpn.port) && uci commit firewall &&  /etc/init.d/firewall restart")
+  os.execute("/etc/init.d/openvpn restart")
+end
+
+
+--local apply = luci.http.formvalue("cbi.apply")
+--if apply then
+--	os.execute("/etc/init.d/openvpn restart")
+--end
+
+return mp

package/lean/luci-app-openvpn-server/po/zh-cn/openvpn-server.po

@@ -0,0 +1,50 @@
+msgid "OpenVPN Server"
+msgstr "OpenVPN 服务器"
+
+msgid "An easy config OpenVPN Server Web-UI"
+msgstr "易于使用的 OpenVPN 服务器 Web-UI"
+
+msgid "Base Setting"
+msgstr "基本设置"
+
+msgid "Enable"
+msgstr "启用"
+
+msgid "Port"
+msgstr "端口"
+
+msgid "WAN DDNS or IP"
+msgstr "WAN口的 DDNS域名 或者 IP"
+
+
+msgid "Client Network"
+msgstr "客户端网段"
+
+msgid "VPN Client Network IP with subnet"
+msgstr "客户端分配的网段地址（默认为 10.8.0.0 255.255.255.0）"
+
+
+msgid "Client Settings"
+msgstr "客户端推送配置"
+
+msgid "OpenVPN Client config file"
+msgstr "OpenVPN 客户端配置文件"
+
+
+msgid "Download .ovpn file"
+msgstr "一键下载 .ovpn 文件"
+
+msgid "If you are using IOS client, please download this .ovpn file and send it via QQ or Email to your IOS device"
+msgstr "如果你使用的是 iOS 设备，你可以使用 QQ 或者邮件发送到自己的设备上用 OpenVPN 客户端打开导入"
+
+msgid "Special Code"
+msgstr "特殊代码"
+
+msgid "(!)Special Code you know that add in to client .ovpn file"
+msgstr "(!)特殊代码将自动合并到客户端的 .ovpn 配置文件中"
+
+msgid "Set route 192.168.0.0 255.255.255.0 and dhcp-option DNS 192.168.0.1 base on your router"
+msgstr "根据路由的实际LAN IP 修改 route 192.168.0.0 255.255.255.0 和 dhcp-option DNS 192.168.0.1 这两行"
+
+msgid "OpenVPN status"
+msgstr "OpenVPN 服务器运行状态"

package/lean/luci-app-openvpn-server/root/etc/config/openvpn

@@ -0,0 +1,28 @@
+
+config openvpn 'myvpn'
+	option enabled '0'
+	option proto 'tcp-server'
+	option port '1194'
+	option ddns example.com
+	option dev 'tun'
+	option topology 'subnet'
+	option server '10.8.0.0 255.255.255.0'
+	option comp_lzo 'adaptive'
+	option ca '/etc/openvpn/ca.crt'
+	option dh '/etc/openvpn/dh1024.pem'
+	option cert '/etc/openvpn/server.crt'
+	option key '/etc/openvpn/server.key'
+	option persist_key '1'
+	option persist_tun '1'
+	option user 'nobody'
+	option group 'nogroup'
+	option max_clients '10'
+	option keepalive '10 120'
+	option verb '3'
+	option status '/var/log/openvpn_status.log'
+	option log '/tmp/openvpn.log'
+	list push 'route 192.168.0.0 255.255.255.0'
+	list push 'comp-lzo adaptive'
+	list push 'redirect-gateway def1 bypass-dhcp'
+	list push 'dhcp-option DNS 192.168.0.1'
+

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/01.pem

@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Validity
+            Not Before: Aug 23 14:26:42 2017 GMT
+            Not After : Aug 21 14:26:42 2027 GMT
+        Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e0:67:2e:33:ab:4f:4f:a1:78:c6:32:ba:d3:1d:
+                    71:73:34:ba:45:40:88:87:76:03:fb:87:d8:4e:4e:
+                    7c:7d:95:22:7d:8e:70:dc:68:10:27:fe:7d:f0:79:
+                    93:86:83:ef:a9:16:78:ae:86:5e:ea:42:74:38:4d:
+                    37:0d:c9:34:a6:84:5e:64:ad:dd:91:dd:df:02:bf:
+                    53:f8:fb:c0:9b:cb:bd:93:7c:26:ab:bd:0a:c6:c3:
+                    5d:da:5d:b3:c0:ff:72:a1:2f:1e:0b:f6:a6:71:77:
+                    f9:00:38:8a:ae:ab:c0:86:11:ab:12:de:1e:82:13:
+                    e8:c3:d5:bb:6f:2e:bf:6e:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                1C:06:47:33:61:0E:15:84:D5:08:5A:40:E6:C9:23:EF:87:F3:EE:F9
+            X509v3 Authority Key Identifier: 
+                keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09
+                DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+                serial:AE:18:A1:E1:3D:52:4D:F0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha256WithRSAEncryption
+         aa:b5:0d:7a:b3:09:7a:d4:e6:df:46:0d:54:39:e2:34:da:4f:
+         9b:92:d6:41:db:10:b9:ed:66:34:7f:9d:a9:fa:af:6a:80:b4:
+         1f:13:d3:39:a6:72:93:5a:6b:e8:4f:ba:95:f9:83:10:58:b3:
+         fe:12:3f:a9:e8:31:04:e0:8e:d8:4c:c1:f7:7e:fc:7a:ba:17:
+         d8:2e:76:ab:7c:17:ca:a4:1d:3d:c5:bc:df:02:e5:2e:91:c4:
+         b2:6c:40:a1:e2:3d:64:15:da:a6:b0:e4:1d:66:11:54:c0:49:
+         05:91:c4:69:68:2d:bc:d5:f6:32:43:3c:18:c4:97:54:45:52:
+         28:36
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL
+MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC
+WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN
+AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjQyWhcNMjcwODIxMTQyNjQyWjB+
+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK
+EwJaSjELMAkGA1UECxMCWkoxDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHRWFz
+eVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkouY29tMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDgZy4zq09PoXjGMrrTHXFzNLpFQIiHdgP7h9hOTnx9lSJ9jnDc
+aBAn/n3weZOGg++pFniuhl7qQnQ4TTcNyTSmhF5krd2R3d8Cv1P4+8Cby72TfCar
+vQrGw13aXbPA/3KhLx4L9qZxd/kAOIquq8CGEasS3h6CE+jD1btvLr9uwQIDAQAB
+o4IBTDCCAUgwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
+QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFBwGRzNhDhWE1QhaQObJI++H8+75MIGwBgNVHSMEgagwgaWAFI3VBHkQ
+BU8bEmMRrADU/MwxALgJoYGBpH8wfTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpK
+MQswCQYDVQQHEwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ4wDAYDVQQD
+EwVaSiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkou
+Y29tggkArhih4T1STfAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWg
+MA0GCSqGSIb3DQEBCwUAA4GBAKq1DXqzCXrU5t9GDVQ54jTaT5uS1kHbELntZjR/
+nan6r2qAtB8T0zmmcpNaa+hPupX5gxBYs/4SP6noMQTgjthMwfd+/Hq6F9gudqt8
+F8qkHT3FvN8C5S6RxLJsQKHiPWQV2qaw5B1mEVTASQWRxGloLbzV9jJDPBjEl1RF
+Uig2
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/02.pem

@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Validity
+            Not Before: Aug 23 14:26:58 2017 GMT
+            Not After : Aug 21 14:26:58 2027 GMT
+        Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b7:6b:40:0b:c1:ef:a7:c3:fa:54:32:c2:d7:87:
+                    fa:ac:85:18:ae:af:44:ba:dd:57:0f:43:73:eb:df:
+                    37:5e:5e:8f:ad:43:7a:87:dd:a6:bd:6a:0b:68:8d:
+                    75:0c:fe:49:39:e1:54:11:53:0f:b5:63:10:5b:21:
+                    98:7f:53:32:b3:d6:b0:3d:23:fc:1d:ad:06:b0:f0:
+                    fb:10:27:83:e1:5e:5a:b4:f6:7c:02:87:4c:73:86:
+                    7b:79:07:ca:a7:1c:18:2c:70:e3:9d:e6:f0:89:06:
+                    4b:25:2c:09:39:51:c3:d4:44:ef:81:5e:aa:e0:63:
+                    d8:11:c6:9c:e0:6f:d8:66:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E8:15:F9:71:C4:A7:C2:41:A3:AF:F5:C5:93:51:8E:5D:67:9B:12:E2
+            X509v3 Authority Key Identifier: 
+                keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09
+                DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+                serial:AE:18:A1:E1:3D:52:4D:F0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+         5b:63:c2:e5:e4:04:ad:f4:b6:76:24:df:94:a5:b0:a2:99:38:
+         f9:e7:b4:2f:79:91:51:1b:06:4b:33:fc:4c:74:ce:47:3e:54:
+         1b:da:ea:43:e3:6d:6e:ec:b4:cd:77:86:ea:ea:48:a1:79:70:
+         5c:ff:99:0e:fb:bd:fc:0d:89:a6:2e:13:fe:86:82:69:33:4c:
+         28:21:0d:a8:ba:1a:3e:c7:2e:2d:97:0c:5a:ed:e3:af:73:fc:
+         bb:c9:58:05:c5:26:56:13:1c:3e:8f:90:c7:e8:d9:e5:0b:1f:
+         40:9a:fa:15:49:b9:d8:8e:6a:fd:71:f4:3c:df:a1:11:af:fb:
+         ea:a8
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAw+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL
+MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC
+WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN
+AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjU4WhcNMjcwODIxMTQyNjU4WjB/
+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK
+EwJaSjELMAkGA1UECxMCWkoxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB0Vh
+c3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAt2tAC8Hvp8P6VDLC14f6rIUYrq9Eut1XD0Nz6983Xl6PrUN6
+h92mvWoLaI11DP5JOeFUEVMPtWMQWyGYf1Mys9awPSP8Ha0GsPD7ECeD4V5atPZ8
+AodMc4Z7eQfKpxwYLHDjnebwiQZLJSwJOVHD1ETvgV6q4GPYEcac4G/YZhECAwEA
+AaOCATIwggEuMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6BX5ccSnwkGjr/XFk1GOXWeb
+EuIwgbAGA1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQsw
+CQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJa
+SjELMAkGA1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNB
+MRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DATBgNVHSUEDDAK
+BggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAW2PC5eQE
+rfS2diTflKWwopk4+ee0L3mRURsGSzP8THTORz5UG9rqQ+Ntbuy0zXeG6upIoXlw
+XP+ZDvu9/A2Jpi4T/oaCaTNMKCENqLoaPscuLZcMWu3jr3P8u8lYBcUmVhMcPo+Q
+x+jZ5QsfQJr6FUm52I5q/XH0PN+hEa/76qg=
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgIJAK4YoeE9Uk3wMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkoxCzAJBgNVBAoTAlpKMQsw
+CQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExGDAW
+BgkqhkiG9w0BCQEWCVpKQFpKLmNvbTAeFw0xNzA4MjMxNDE4MDVaFw0yNzA4MjEx
+NDE4MDVaMH0xCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkox
+CzAJBgNVBAoTAlpKMQswCQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNV
+BCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAsLBNLkjfNUK4Rb3xgJD0EEgzp6b+5zkiibT3wdS9
+SKZqkqJRcM/z7Ifc79LKXDDHrVnajkyc8QSaXOKVW8pTx75fYnoHjNbeU9JZHoTg
+9GgRWq5HHUJlxhsdbcGeTxOHrMRz2d+VzvNvs5KOLJaqGkRmm/KMb7nTRnwjhx4A
+pWsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUjdUEeRAFTxsSYxGsANT8zDEAuAkwgbAG
+A1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQswCQYDVQQG
+EwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkG
+A1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJ
+KoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4GBAAAN0aRmQGNsF23CxShEnj3ohgpYA20F2FwEWYmCCWXe
+CKxuPGtPZAeLmToIMgn75QlyuvVG+Uoe7I6ylbEK3XoeNStcS61wAXL8hIPfMcUX
+fDsImBvc+Bo+LxQMWMSz0r88+B8784KELyaQKOnvPlTrnTuyP9RftjUWpjy23Kjd
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/ca.key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALCwTS5I3zVCuEW9
+8YCQ9BBIM6em/uc5Iom098HUvUimapKiUXDP8+yH3O/Sylwwx61Z2o5MnPEEmlzi
+lVvKU8e+X2J6B4zW3lPSWR6E4PRoEVquRx1CZcYbHW3Bnk8Th6zEc9nflc7zb7OS
+jiyWqhpEZpvyjG+500Z8I4ceAKVrAgMBAAECgYBfiTRyTlzCg6z3qNioV7hgBWpI
+wHcbtz0BkKRWXh1q5vDBEJtQkGCoCF5iHmvkpUuSY/9U6gACIicFCk8QLrpVZGzY
+1SgOQS796La2gYR0clCvtsf8Kg4BYCKkF40jGDGZTGKtWa9mPuOZXZFhSMZJiCQi
+UIfTN3D9Ngt/nLFMwQJBANwavdYXnPxGr/0rL1ct0RUjsZLyd9kmr1gD4Nq+/uwC
+FQrNHl/ieXOsSeD0eVNtuTFzmt8sTz963SXmbPv01dMCQQDNgPioq4M/1sluGUdI
+yK5bantPAD7A7wTb+uryP7lNMuDSGTXgLsh+RrhBuDlUdi+OPc0dIJV1fTjEiLbI
+fLsJAkEAoSSe6Zh+IaDrBfJRBYWQtuZcApasMfqFk227eMsuvcFEgJTt8QtRGeQA
+bsbt8Ku7Uz4tG8lH99TPBglurwRwawJAALVrJhnBUB0LgMexiTy37TTGzBTyInQw
+jhmlacRyfSOpxs+zcdx3cIgJ5qAeAn6N1227IViVa1xNL9BQ4QwdEQJBAJjLcCYS
+twmgoyOj4K5+8+aAuuXWj7lpxEakOZbghrBmy0GytiRKN9wb/x8QF6EtrJAmYltL
+wMMDUDE0zd+hc2Q=
+-----END PRIVATE KEY-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.crt

@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Validity
+            Not Before: Aug 23 14:26:58 2017 GMT
+            Not After : Aug 21 14:26:58 2027 GMT
+        Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b7:6b:40:0b:c1:ef:a7:c3:fa:54:32:c2:d7:87:
+                    fa:ac:85:18:ae:af:44:ba:dd:57:0f:43:73:eb:df:
+                    37:5e:5e:8f:ad:43:7a:87:dd:a6:bd:6a:0b:68:8d:
+                    75:0c:fe:49:39:e1:54:11:53:0f:b5:63:10:5b:21:
+                    98:7f:53:32:b3:d6:b0:3d:23:fc:1d:ad:06:b0:f0:
+                    fb:10:27:83:e1:5e:5a:b4:f6:7c:02:87:4c:73:86:
+                    7b:79:07:ca:a7:1c:18:2c:70:e3:9d:e6:f0:89:06:
+                    4b:25:2c:09:39:51:c3:d4:44:ef:81:5e:aa:e0:63:
+                    d8:11:c6:9c:e0:6f:d8:66:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E8:15:F9:71:C4:A7:C2:41:A3:AF:F5:C5:93:51:8E:5D:67:9B:12:E2
+            X509v3 Authority Key Identifier: 
+                keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09
+                DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+                serial:AE:18:A1:E1:3D:52:4D:F0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+         5b:63:c2:e5:e4:04:ad:f4:b6:76:24:df:94:a5:b0:a2:99:38:
+         f9:e7:b4:2f:79:91:51:1b:06:4b:33:fc:4c:74:ce:47:3e:54:
+         1b:da:ea:43:e3:6d:6e:ec:b4:cd:77:86:ea:ea:48:a1:79:70:
+         5c:ff:99:0e:fb:bd:fc:0d:89:a6:2e:13:fe:86:82:69:33:4c:
+         28:21:0d:a8:ba:1a:3e:c7:2e:2d:97:0c:5a:ed:e3:af:73:fc:
+         bb:c9:58:05:c5:26:56:13:1c:3e:8f:90:c7:e8:d9:e5:0b:1f:
+         40:9a:fa:15:49:b9:d8:8e:6a:fd:71:f4:3c:df:a1:11:af:fb:
+         ea:a8
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAw+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL
+MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC
+WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN
+AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjU4WhcNMjcwODIxMTQyNjU4WjB/
+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK
+EwJaSjELMAkGA1UECxMCWkoxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB0Vh
+c3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAt2tAC8Hvp8P6VDLC14f6rIUYrq9Eut1XD0Nz6983Xl6PrUN6
+h92mvWoLaI11DP5JOeFUEVMPtWMQWyGYf1Mys9awPSP8Ha0GsPD7ECeD4V5atPZ8
+AodMc4Z7eQfKpxwYLHDjnebwiQZLJSwJOVHD1ETvgV6q4GPYEcac4G/YZhECAwEA
+AaOCATIwggEuMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6BX5ccSnwkGjr/XFk1GOXWeb
+EuIwgbAGA1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQsw
+CQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJa
+SjELMAkGA1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNB
+MRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DATBgNVHSUEDDAK
+BggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAW2PC5eQE
+rfS2diTflKWwopk4+ee0L3mRURsGSzP8THTORz5UG9rqQ+Ntbuy0zXeG6upIoXlw
+XP+ZDvu9/A2Jpi4T/oaCaTNMKCENqLoaPscuLZcMWu3jr3P8u8lYBcUmVhMcPo+Q
+x+jZ5QsfQJr6FUm52I5q/XH0PN+hEa/76qg=
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.csr

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBvzCCASgCAQAwfzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpKMQswCQYDVQQH
+EwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMRAwDgYDVQQDEwdjbGllbnQx
+MRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb20wgZ8w
+DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALdrQAvB76fD+lQywteH+qyFGK6vRLrd
+Vw9Dc+vfN15ej61Deofdpr1qC2iNdQz+STnhVBFTD7VjEFshmH9TMrPWsD0j/B2t
+BrDw+xAng+FeWrT2fAKHTHOGe3kHyqccGCxw453m8IkGSyUsCTlRw9RE74FequBj
+2BHGnOBv2GYRAgMBAAGgADANBgkqhkiG9w0BAQsFAAOBgQBfvn2fP2Tj8FTZH+Xk
+9u04rYaQdspSyL61F4QIEiP5UOUzbnSSU/B72KF5gm8b0irXGnTbHlXeMv6WXaAS
+VF1fEeM+gsGJIDOvomT5PKfudezr6DpGrUammQnRY3tho078Ao0Mkq8PAWpiVWGV
+Z7rsqHhI3mWYLNyne9n8K224pg==
+-----END CERTIFICATE REQUEST-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/client1.key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALdrQAvB76fD+lQy
+wteH+qyFGK6vRLrdVw9Dc+vfN15ej61Deofdpr1qC2iNdQz+STnhVBFTD7VjEFsh
+mH9TMrPWsD0j/B2tBrDw+xAng+FeWrT2fAKHTHOGe3kHyqccGCxw453m8IkGSyUs
+CTlRw9RE74FequBj2BHGnOBv2GYRAgMBAAECgYBhWatEkkqA4KOczNRdUO7bYkkX
+bi8sfw4WK9b6+h6JF+dqLsZ6FkrJfd9QPsRBgTWcYtwb1dogi9PCirJF4gKmSsv1
+h/BISW4lrXJPf08aJAuBF0ym8XZUgVLLptn8KdXX3xc6YF6K336AnNNLZ80X4El8
+m7X4d8Y3F4k3Dj04AQJBAN9NkHYwevaZ8jfv5rZSTKECmdk1DZITd756+sObFAs1
+vX9VfunwVw6xWmaUyMt8oPFqb0wKES9zqrViaMhU9YkCQQDSRqV3ldHcaZJ6sTgm
+T8ZKm+UpbC4zat4rGSBYKaoeLRPh5nxP892rOfBAevkoIQzW7LfVfoMImM/i1J6T
+lNJJAkAHSOZ/lJFOXjNSs9bY99JcJlOSjHKG42+ynRx1KSf8PaKS9t0PELImXo7O
+begnC0fM2GYNGv74h1N4W1+DuZHRAkEAlNov3jSvh+EwMSxs/Cnyy/QJyEXteraH
+KWkzDVYJOC1e6sZXb93JKKHuIicrY63pwed2x2o0ZgyO9RrgWsa6CQJBAMogPcRO
+jUGjYs3IYXW6Suf1bRJN2aS81gx7lqyLQE3ignH6e9kMxcrzG4AzzePCLouY3waL
+HS1KW8V9I5c4qTs=
+-----END PRIVATE KEY-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/dh1024.pem

@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAMzJWsEtMQ76G81O8RzEweDaPrio4NihRBo0fmNuh3IjJtFJ++URPW4y
+HHtnGOkPoMwQjGQ3GQV+lfcR7QGWojET4NskXOk6mdFU+/nYB9s5YY7RR4qyln9b
+dNMp3KnMLtILNH1rJRoqYbSNoz3Z2cS59Ejp1dgXqN8kSP8wiqDjAgEC
+-----END DH PARAMETERS-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt

@@ -0,0 +1,2 @@
+V	270821142642Z		01	unknown	/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com
+V	270821142658Z		02	unknown	/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = yes

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/index.txt.old

@@ -0,0 +1 @@
+V	270821142642Z		01	unknown	/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial

@@ -0,0 +1 @@
+03

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/serial.old

@@ -0,0 +1 @@
+02

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.crt

@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Validity
+            Not Before: Aug 23 14:26:42 2017 GMT
+            Not After : Aug 21 14:26:42 2027 GMT
+        Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e0:67:2e:33:ab:4f:4f:a1:78:c6:32:ba:d3:1d:
+                    71:73:34:ba:45:40:88:87:76:03:fb:87:d8:4e:4e:
+                    7c:7d:95:22:7d:8e:70:dc:68:10:27:fe:7d:f0:79:
+                    93:86:83:ef:a9:16:78:ae:86:5e:ea:42:74:38:4d:
+                    37:0d:c9:34:a6:84:5e:64:ad:dd:91:dd:df:02:bf:
+                    53:f8:fb:c0:9b:cb:bd:93:7c:26:ab:bd:0a:c6:c3:
+                    5d:da:5d:b3:c0:ff:72:a1:2f:1e:0b:f6:a6:71:77:
+                    f9:00:38:8a:ae:ab:c0:86:11:ab:12:de:1e:82:13:
+                    e8:c3:d5:bb:6f:2e:bf:6e:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                1C:06:47:33:61:0E:15:84:D5:08:5A:40:E6:C9:23:EF:87:F3:EE:F9
+            X509v3 Authority Key Identifier: 
+                keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09
+                DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+                serial:AE:18:A1:E1:3D:52:4D:F0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha256WithRSAEncryption
+         aa:b5:0d:7a:b3:09:7a:d4:e6:df:46:0d:54:39:e2:34:da:4f:
+         9b:92:d6:41:db:10:b9:ed:66:34:7f:9d:a9:fa:af:6a:80:b4:
+         1f:13:d3:39:a6:72:93:5a:6b:e8:4f:ba:95:f9:83:10:58:b3:
+         fe:12:3f:a9:e8:31:04:e0:8e:d8:4c:c1:f7:7e:fc:7a:ba:17:
+         d8:2e:76:ab:7c:17:ca:a4:1d:3d:c5:bc:df:02:e5:2e:91:c4:
+         b2:6c:40:a1:e2:3d:64:15:da:a6:b0:e4:1d:66:11:54:c0:49:
+         05:91:c4:69:68:2d:bc:d5:f6:32:43:3c:18:c4:97:54:45:52:
+         28:36
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL
+MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC
+WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN
+AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjQyWhcNMjcwODIxMTQyNjQyWjB+
+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK
+EwJaSjELMAkGA1UECxMCWkoxDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHRWFz
+eVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkouY29tMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDgZy4zq09PoXjGMrrTHXFzNLpFQIiHdgP7h9hOTnx9lSJ9jnDc
+aBAn/n3weZOGg++pFniuhl7qQnQ4TTcNyTSmhF5krd2R3d8Cv1P4+8Cby72TfCar
+vQrGw13aXbPA/3KhLx4L9qZxd/kAOIquq8CGEasS3h6CE+jD1btvLr9uwQIDAQAB
+o4IBTDCCAUgwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
+QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFBwGRzNhDhWE1QhaQObJI++H8+75MIGwBgNVHSMEgagwgaWAFI3VBHkQ
+BU8bEmMRrADU/MwxALgJoYGBpH8wfTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpK
+MQswCQYDVQQHEwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ4wDAYDVQQD
+EwVaSiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkou
+Y29tggkArhih4T1STfAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWg
+MA0GCSqGSIb3DQEBCwUAA4GBAKq1DXqzCXrU5t9GDVQ54jTaT5uS1kHbELntZjR/
+nan6r2qAtB8T0zmmcpNaa+hPupX5gxBYs/4SP6noMQTgjthMwfd+/Hq6F9gudqt8
+F8qkHT3FvN8C5S6RxLJsQKHiPWQV2qaw5B1mEVTASQWRxGloLbzV9jJDPBjEl1RF
+Uig2
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.csr

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBvjCCAScCAQAwfjELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpKMQswCQYDVQQH
+EwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ8wDQYDVQQDEwZzZXJ2ZXIx
+EDAOBgNVBCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4GcuM6tPT6F4xjK60x1xczS6RUCIh3YD
++4fYTk58fZUifY5w3GgQJ/598HmThoPvqRZ4roZe6kJ0OE03Dck0poReZK3dkd3f
+Ar9T+PvAm8u9k3wmq70KxsNd2l2zwP9yoS8eC/amcXf5ADiKrqvAhhGrEt4eghPo
+w9W7by6/bsECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4GBAMrytQrG3MGVTD2vsZkw
+hJn9U4MYmikqFxEcSJ+JEeDJ0w3NTn95XJmFtmuT/CwsrnP9g+1neSpCXsZewozd
+QRisYBF9Rl9qw9fH2o1S/GIVpTDIiTtWjegZA6FPkhQQyY387LU9Lp4vG9hdNbuz
+QNDs6cI9T0U53PZiq7R65rGV
+-----END CERTIFICATE REQUEST-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/keys/server.key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOBnLjOrT0+heMYy
+utMdcXM0ukVAiId2A/uH2E5OfH2VIn2OcNxoECf+ffB5k4aD76kWeK6GXupCdDhN
+Nw3JNKaEXmSt3ZHd3wK/U/j7wJvLvZN8Jqu9CsbDXdpds8D/cqEvHgv2pnF3+QA4
+iq6rwIYRqxLeHoIT6MPVu28uv27BAgMBAAECgYEAqno4g1BVxG0rT4cin1fy5E7e
+Y9YO4ropdGFTVsoRkWZG+ZPI8eisvXV9P79c8AgzfgVwUUYLvXQWzt76QCLnN11x
+pBURloJbEReEEzIF6z3LiT9CKgVWY4vtC6f5OW4Kd+EZxXMftFz8kMzRuRQLvOzR
+WeU+3GD42mIwYjsXBrECQQD2P6azeZJ1ZIEf+9Ys19tSQ6uxbXyvghlTfhmZfBW3
+bshNRH4+L4lnnbm75pFkWqR0gYSAD3toRymccctN2K9jAkEA6UoRwURTjIER8yZO
+6gLTFtzb841jv6TPErOY7CzNZ/TYBUdUBmM/NB4+RgBpBNFXB3uqweNVPO6mhyQP
+zB88iwJBAOeH6YGOqTpfiVk9PJ9lRf4PSnvE6htLQ+zQ/9jkZrbWHtcns1tc7uDR
+2DToEYQ+BarVrHOMGwhtAJ7sD6/eMOkCQFjn8XxGHdEeH0kbAFgOW4QLB4f6Clmu
+5XurFkxrhpxnoyvf0xXcHOov3GuxHFTJsvEXICxkBsgB61T1WU/hV6ECQGzk5Eqo
+uik2OAYMOb7NPGYMWS68DpmP11QDuvoj5zm2vdzohXHyBM7mO12MLSrTpxfgjWhQ
+pqwEbErchuKkzN4=
+-----END PRIVATE KEY-----

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/openssl-1.0.0.cnf

@@ -0,0 +1,286 @@
+# For use with easy-rsa version 2.0 and OpenSSL 1.0.0*
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+openssl_conf		= openssl_init
+
+[ openssl_init ]
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+engines			= engine_section
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= $ENV::KEY_DIR		# Where everything is kept
+certs		= $dir			# Where the issued certs are kept
+crl_dir		= $dir			# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+new_certs_dir	= $dir			# default place for new certs.
+
+certificate	= $dir/ca.crt	 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/ca.key		# The private key
+RANDFILE	= $dir/.rand		# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 3650			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= sha256		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_anything
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+name			= optional
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= $ENV::KEY_SIZE
+default_keyfile 	= privkey.pem
+default_md		= sha256
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation after 2004).
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= $ENV::KEY_COUNTRY
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= $ENV::KEY_PROVINCE
+
+localityName			= Locality Name (eg, city)
+localityName_default		= $ENV::KEY_CITY
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= $ENV::KEY_ORG
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, your name or your server\'s hostname)
+commonName_max			= 64
+
+name				= Name
+name_max			= 64
+
+emailAddress			= Email Address
+emailAddress_default		= $ENV::KEY_EMAIL
+emailAddress_max		= 40
+
+# JY -- added for batch mode
+organizationalUnitName_default = $ENV::KEY_OU
+commonName_default = $ENV::KEY_CN
+name_default = $ENV::KEY_NAME
+
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "Easy-RSA Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=clientAuth
+keyUsage = digitalSignature
+
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ server ]
+
+# JY ADDED -- Make a cert with nsCertType set to "server"
+basicConstraints=CA:FALSE
+nsCertType                     = server
+nsComment                      = "Easy-RSA Generated Server Certificate"
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+extendedKeyUsage=serverAuth
+keyUsage = digitalSignature, keyEncipherment
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ engine_section ]
+#
+# If you are using PKCS#11
+# Install engine_pkcs11 of opensc (www.opensc.org)
+# And uncomment the following
+# verify that dynamic_path points to the correct location
+#
+#pkcs11 = pkcs11_section
+
+[ pkcs11_section ]
+engine_id = pkcs11
+dynamic_path = /usr/lib/engines/engine_pkcs11.so
+MODULE_PATH = $ENV::PKCS11_MODULE_PATH
+PIN = $ENV::PKCS11_PIN
+init = 0

package/lean/luci-app-openvpn-server/root/etc/easy-rsa/vars

@@ -0,0 +1,19 @@
+export EASY_RSA="/etc/easy-rsa"
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
+export KEY_DIR="$EASY_RSA/keys"
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+export KEY_SIZE=1024
+export CA_EXPIRE=3650
+export KEY_EXPIRE=3650
+export KEY_COUNTRY="CN"
+export KEY_PROVINCE="ZJ"
+export KEY_CITY="ZJ"
+export KEY_ORG="ZJ"
+export KEY_EMAIL="ZJ@ZJ.com"
+export KEY_OU="ZJ"
+export KEY_NAME="EasyRSA"

package/lean/luci-app-openvpn-server/root/etc/genovpn.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+ddns=`uci get openvpn.myvpn.ddns`
+port=`uci get openvpn.myvpn.port`
+
+cat > /tmp/my.ovpn  <<EOF
+client
+dev tun
+proto tcp-client
+remote $ddns $port
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+verb 3"
+EOF
+echo '<ca>' >> /tmp/my.ovpn
+cat /etc/openvpn/ca.crt >> /tmp/my.ovpn
+echo '</ca>' >> /tmp/my.ovpn
+echo '<cert>' >> /tmp/my.ovpn
+cat /etc/openvpn/client1.crt >> /tmp/my.ovpn
+echo '</cert>' >> /tmp/my.ovpn
+echo '<key>' >> /tmp/my.ovpn
+cat /etc/openvpn/client1.key >> /tmp/my.ovpn
+echo '</key>' >> /tmp/my.ovpn
+[ -f /etc/ovpnadd.conf ] && cat /etc/ovpnadd.conf >> /tmp/my.ovpn

package/lean/luci-app-openvpn-server/root/etc/openvpn/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDXDCCAsWgAwIBAgIJAK4YoeE9Uk3wMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
+BAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkoxCzAJBgNVBAoTAlpKMQsw
+CQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExGDAW
+BgkqhkiG9w0BCQEWCVpKQFpKLmNvbTAeFw0xNzA4MjMxNDE4MDVaFw0yNzA4MjEx
+NDE4MDVaMH0xCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJaSjELMAkGA1UEBxMCWkox
+CzAJBgNVBAoTAlpKMQswCQYDVQQLEwJaSjEOMAwGA1UEAxMFWkogQ0ExEDAOBgNV
+BCkTB0Vhc3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAsLBNLkjfNUK4Rb3xgJD0EEgzp6b+5zkiibT3wdS9
+SKZqkqJRcM/z7Ifc79LKXDDHrVnajkyc8QSaXOKVW8pTx75fYnoHjNbeU9JZHoTg
+9GgRWq5HHUJlxhsdbcGeTxOHrMRz2d+VzvNvs5KOLJaqGkRmm/KMb7nTRnwjhx4A
+pWsCAwEAAaOB4zCB4DAdBgNVHQ4EFgQUjdUEeRAFTxsSYxGsANT8zDEAuAkwgbAG
+A1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQswCQYDVQQG
+EwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkG
+A1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJ
+KoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4GBAAAN0aRmQGNsF23CxShEnj3ohgpYA20F2FwEWYmCCWXe
+CKxuPGtPZAeLmToIMgn75QlyuvVG+Uoe7I6ylbEK3XoeNStcS61wAXL8hIPfMcUX
+fDsImBvc+Bo+LxQMWMSz0r88+B8784KELyaQKOnvPlTrnTuyP9RftjUWpjy23Kjd
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.crt

@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Validity
+            Not Before: Aug 23 14:26:58 2017 GMT
+            Not After : Aug 21 14:26:58 2027 GMT
+        Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=client1/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:b7:6b:40:0b:c1:ef:a7:c3:fa:54:32:c2:d7:87:
+                    fa:ac:85:18:ae:af:44:ba:dd:57:0f:43:73:eb:df:
+                    37:5e:5e:8f:ad:43:7a:87:dd:a6:bd:6a:0b:68:8d:
+                    75:0c:fe:49:39:e1:54:11:53:0f:b5:63:10:5b:21:
+                    98:7f:53:32:b3:d6:b0:3d:23:fc:1d:ad:06:b0:f0:
+                    fb:10:27:83:e1:5e:5a:b4:f6:7c:02:87:4c:73:86:
+                    7b:79:07:ca:a7:1c:18:2c:70:e3:9d:e6:f0:89:06:
+                    4b:25:2c:09:39:51:c3:d4:44:ef:81:5e:aa:e0:63:
+                    d8:11:c6:9c:e0:6f:d8:66:11
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                Easy-RSA Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E8:15:F9:71:C4:A7:C2:41:A3:AF:F5:C5:93:51:8E:5D:67:9B:12:E2
+            X509v3 Authority Key Identifier: 
+                keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09
+                DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+                serial:AE:18:A1:E1:3D:52:4D:F0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+         5b:63:c2:e5:e4:04:ad:f4:b6:76:24:df:94:a5:b0:a2:99:38:
+         f9:e7:b4:2f:79:91:51:1b:06:4b:33:fc:4c:74:ce:47:3e:54:
+         1b:da:ea:43:e3:6d:6e:ec:b4:cd:77:86:ea:ea:48:a1:79:70:
+         5c:ff:99:0e:fb:bd:fc:0d:89:a6:2e:13:fe:86:82:69:33:4c:
+         28:21:0d:a8:ba:1a:3e:c7:2e:2d:97:0c:5a:ed:e3:af:73:fc:
+         bb:c9:58:05:c5:26:56:13:1c:3e:8f:90:c7:e8:d9:e5:0b:1f:
+         40:9a:fa:15:49:b9:d8:8e:6a:fd:71:f4:3c:df:a1:11:af:fb:
+         ea:a8
+-----BEGIN CERTIFICATE-----
+MIIDpjCCAw+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL
+MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC
+WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN
+AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjU4WhcNMjcwODIxMTQyNjU4WjB/
+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK
+EwJaSjELMAkGA1UECxMCWkoxEDAOBgNVBAMTB2NsaWVudDExEDAOBgNVBCkTB0Vh
+c3lSU0ExGDAWBgkqhkiG9w0BCQEWCVpKQFpKLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAt2tAC8Hvp8P6VDLC14f6rIUYrq9Eut1XD0Nz6983Xl6PrUN6
+h92mvWoLaI11DP5JOeFUEVMPtWMQWyGYf1Mys9awPSP8Ha0GsPD7ECeD4V5atPZ8
+AodMc4Z7eQfKpxwYLHDjnebwiQZLJSwJOVHD1ETvgV6q4GPYEcac4G/YZhECAwEA
+AaOCATIwggEuMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6BX5ccSnwkGjr/XFk1GOXWeb
+EuIwgbAGA1UdIwSBqDCBpYAUjdUEeRAFTxsSYxGsANT8zDEAuAmhgYGkfzB9MQsw
+CQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJa
+SjELMAkGA1UECxMCWkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNB
+MRgwFgYJKoZIhvcNAQkBFglaSkBaSi5jb22CCQCuGKHhPVJN8DATBgNVHSUEDDAK
+BggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADgYEAW2PC5eQE
+rfS2diTflKWwopk4+ee0L3mRURsGSzP8THTORz5UG9rqQ+Ntbuy0zXeG6upIoXlw
+XP+ZDvu9/A2Jpi4T/oaCaTNMKCENqLoaPscuLZcMWu3jr3P8u8lYBcUmVhMcPo+Q
+x+jZ5QsfQJr6FUm52I5q/XH0PN+hEa/76qg=
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/openvpn/client1.key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALdrQAvB76fD+lQy
+wteH+qyFGK6vRLrdVw9Dc+vfN15ej61Deofdpr1qC2iNdQz+STnhVBFTD7VjEFsh
+mH9TMrPWsD0j/B2tBrDw+xAng+FeWrT2fAKHTHOGe3kHyqccGCxw453m8IkGSyUs
+CTlRw9RE74FequBj2BHGnOBv2GYRAgMBAAECgYBhWatEkkqA4KOczNRdUO7bYkkX
+bi8sfw4WK9b6+h6JF+dqLsZ6FkrJfd9QPsRBgTWcYtwb1dogi9PCirJF4gKmSsv1
+h/BISW4lrXJPf08aJAuBF0ym8XZUgVLLptn8KdXX3xc6YF6K336AnNNLZ80X4El8
+m7X4d8Y3F4k3Dj04AQJBAN9NkHYwevaZ8jfv5rZSTKECmdk1DZITd756+sObFAs1
+vX9VfunwVw6xWmaUyMt8oPFqb0wKES9zqrViaMhU9YkCQQDSRqV3ldHcaZJ6sTgm
+T8ZKm+UpbC4zat4rGSBYKaoeLRPh5nxP892rOfBAevkoIQzW7LfVfoMImM/i1J6T
+lNJJAkAHSOZ/lJFOXjNSs9bY99JcJlOSjHKG42+ynRx1KSf8PaKS9t0PELImXo7O
+begnC0fM2GYNGv74h1N4W1+DuZHRAkEAlNov3jSvh+EwMSxs/Cnyy/QJyEXteraH
+KWkzDVYJOC1e6sZXb93JKKHuIicrY63pwed2x2o0ZgyO9RrgWsa6CQJBAMogPcRO
+jUGjYs3IYXW6Suf1bRJN2aS81gx7lqyLQE3ignH6e9kMxcrzG4AzzePCLouY3waL
+HS1KW8V9I5c4qTs=
+-----END PRIVATE KEY-----

package/lean/luci-app-openvpn-server/root/etc/openvpn/dh1024.pem

@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAMzJWsEtMQ76G81O8RzEweDaPrio4NihRBo0fmNuh3IjJtFJ++URPW4y
+HHtnGOkPoMwQjGQ3GQV+lfcR7QGWojET4NskXOk6mdFU+/nYB9s5YY7RR4qyln9b
+dNMp3KnMLtILNH1rJRoqYbSNoz3Z2cS59Ejp1dgXqN8kSP8wiqDjAgEC
+-----END DH PARAMETERS-----

package/lean/luci-app-openvpn-server/root/etc/openvpn/server.crt

@@ -0,0 +1,74 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Validity
+            Not Before: Aug 23 14:26:42 2017 GMT
+            Not After : Aug 21 14:26:42 2027 GMT
+        Subject: C=CN, ST=ZJ, L=ZJ, O=ZJ, OU=ZJ, CN=server/name=EasyRSA/emailAddress=ZJ@ZJ.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:e0:67:2e:33:ab:4f:4f:a1:78:c6:32:ba:d3:1d:
+                    71:73:34:ba:45:40:88:87:76:03:fb:87:d8:4e:4e:
+                    7c:7d:95:22:7d:8e:70:dc:68:10:27:fe:7d:f0:79:
+                    93:86:83:ef:a9:16:78:ae:86:5e:ea:42:74:38:4d:
+                    37:0d:c9:34:a6:84:5e:64:ad:dd:91:dd:df:02:bf:
+                    53:f8:fb:c0:9b:cb:bd:93:7c:26:ab:bd:0a:c6:c3:
+                    5d:da:5d:b3:c0:ff:72:a1:2f:1e:0b:f6:a6:71:77:
+                    f9:00:38:8a:ae:ab:c0:86:11:ab:12:de:1e:82:13:
+                    e8:c3:d5:bb:6f:2e:bf:6e:c1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Cert Type: 
+                SSL Server
+            Netscape Comment: 
+                Easy-RSA Generated Server Certificate
+            X509v3 Subject Key Identifier: 
+                1C:06:47:33:61:0E:15:84:D5:08:5A:40:E6:C9:23:EF:87:F3:EE:F9
+            X509v3 Authority Key Identifier: 
+                keyid:8D:D5:04:79:10:05:4F:1B:12:63:11:AC:00:D4:FC:CC:31:00:B8:09
+                DirName:/C=CN/ST=ZJ/L=ZJ/O=ZJ/OU=ZJ/CN=ZJ CA/name=EasyRSA/emailAddress=ZJ@ZJ.com
+                serial:AE:18:A1:E1:3D:52:4D:F0
+
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha256WithRSAEncryption
+         aa:b5:0d:7a:b3:09:7a:d4:e6:df:46:0d:54:39:e2:34:da:4f:
+         9b:92:d6:41:db:10:b9:ed:66:34:7f:9d:a9:fa:af:6a:80:b4:
+         1f:13:d3:39:a6:72:93:5a:6b:e8:4f:ba:95:f9:83:10:58:b3:
+         fe:12:3f:a9:e8:31:04:e0:8e:d8:4c:c1:f7:7e:fc:7a:ba:17:
+         d8:2e:76:ab:7c:17:ca:a4:1d:3d:c5:bc:df:02:e5:2e:91:c4:
+         b2:6c:40:a1:e2:3d:64:15:da:a6:b0:e4:1d:66:11:54:c0:49:
+         05:91:c4:69:68:2d:bc:d5:f6:32:43:3c:18:c4:97:54:45:52:
+         28:36
+-----BEGIN CERTIFICATE-----
+MIIDvzCCAyigAwIBAgIBATANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJDTjEL
+MAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQKEwJaSjELMAkGA1UECxMC
+WkoxDjAMBgNVBAMTBVpKIENBMRAwDgYDVQQpEwdFYXN5UlNBMRgwFgYJKoZIhvcN
+AQkBFglaSkBaSi5jb20wHhcNMTcwODIzMTQyNjQyWhcNMjcwODIxMTQyNjQyWjB+
+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCWkoxCzAJBgNVBAcTAlpKMQswCQYDVQQK
+EwJaSjELMAkGA1UECxMCWkoxDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHRWFz
+eVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkouY29tMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDgZy4zq09PoXjGMrrTHXFzNLpFQIiHdgP7h9hOTnx9lSJ9jnDc
+aBAn/n3weZOGg++pFniuhl7qQnQ4TTcNyTSmhF5krd2R3d8Cv1P4+8Cby72TfCar
+vQrGw13aXbPA/3KhLx4L9qZxd/kAOIquq8CGEasS3h6CE+jD1btvLr9uwQIDAQAB
+o4IBTDCCAUgwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwNAYJYIZIAYb4
+QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYD
+VR0OBBYEFBwGRzNhDhWE1QhaQObJI++H8+75MIGwBgNVHSMEgagwgaWAFI3VBHkQ
+BU8bEmMRrADU/MwxALgJoYGBpH8wfTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlpK
+MQswCQYDVQQHEwJaSjELMAkGA1UEChMCWkoxCzAJBgNVBAsTAlpKMQ4wDAYDVQQD
+EwVaSiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEYMBYGCSqGSIb3DQEJARYJWkpAWkou
+Y29tggkArhih4T1STfAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWg
+MA0GCSqGSIb3DQEBCwUAA4GBAKq1DXqzCXrU5t9GDVQ54jTaT5uS1kHbELntZjR/
+nan6r2qAtB8T0zmmcpNaa+hPupX5gxBYs/4SP6noMQTgjthMwfd+/Hq6F9gudqt8
+F8qkHT3FvN8C5S6RxLJsQKHiPWQV2qaw5B1mEVTASQWRxGloLbzV9jJDPBjEl1RF
+Uig2
+-----END CERTIFICATE-----

package/lean/luci-app-openvpn-server/root/etc/openvpn/server.key

@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOBnLjOrT0+heMYy
+utMdcXM0ukVAiId2A/uH2E5OfH2VIn2OcNxoECf+ffB5k4aD76kWeK6GXupCdDhN
+Nw3JNKaEXmSt3ZHd3wK/U/j7wJvLvZN8Jqu9CsbDXdpds8D/cqEvHgv2pnF3+QA4
+iq6rwIYRqxLeHoIT6MPVu28uv27BAgMBAAECgYEAqno4g1BVxG0rT4cin1fy5E7e
+Y9YO4ropdGFTVsoRkWZG+ZPI8eisvXV9P79c8AgzfgVwUUYLvXQWzt76QCLnN11x
+pBURloJbEReEEzIF6z3LiT9CKgVWY4vtC6f5OW4Kd+EZxXMftFz8kMzRuRQLvOzR
+WeU+3GD42mIwYjsXBrECQQD2P6azeZJ1ZIEf+9Ys19tSQ6uxbXyvghlTfhmZfBW3
+bshNRH4+L4lnnbm75pFkWqR0gYSAD3toRymccctN2K9jAkEA6UoRwURTjIER8yZO
+6gLTFtzb841jv6TPErOY7CzNZ/TYBUdUBmM/NB4+RgBpBNFXB3uqweNVPO6mhyQP
+zB88iwJBAOeH6YGOqTpfiVk9PJ9lRf4PSnvE6htLQ+zQ/9jkZrbWHtcns1tc7uDR
+2DToEYQ+BarVrHOMGwhtAJ7sD6/eMOkCQFjn8XxGHdEeH0kbAFgOW4QLB4f6Clmu
+5XurFkxrhpxnoyvf0xXcHOov3GuxHFTJsvEXICxkBsgB61T1WU/hV6ECQGzk5Eqo
+uik2OAYMOb7NPGYMWS68DpmP11QDuvoj5zm2vdzohXHyBM7mO12MLSrTpxfgjWhQ
+pqwEbErchuKkzN4=
+-----END PRIVATE KEY-----

package/lean/luci-app-openvpn-server/root/etc/openvpncert.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+clean-all
+echo -en "\n\n\n\n\n\n\n\n" | build-ca
+build-dh
+build-key-server server
+build-key-pkcs12 client1
+cp /etc/easy-rsa/keys/ca.crt /etc/openvpn/
+cp /etc/easy-rsa/keys/server.crt /etc/openvpn/
+cp /etc/easy-rsa/keys/server.key /etc/openvpn/
+cp /etc/easy-rsa/keys/dh1024.pem /etc/openvpn/
+cp /etc/easy-rsa/keys/client1.crt /etc/openvpn/
+cp /etc/easy-rsa/keys/client1.key /etc/openvpn/
+/etc/init.d/openvpn restart
+echo "OpenVPN Cert renew successfully"

package/lean/luci-app-openvpn-server/root/etc/ovpnadd.conf

@@ -0,0 +1,9 @@
+http-proxy-option EXT1 "POST http://rd.go.10086.cn"
+http-proxy-option EXT1 "GET http://rd.go.10086.cn"
+http-proxy-option EXT1 "X-Online-Host: rd.go.10086.cn"
+http-proxy-option EXT1 "POST http://rd.go.10086.cn"
+http-proxy-option EXT1 "X-Online-Host: rd.go.10086.cn"
+http-proxy-option EXT1 "POST http://rd.go.10086.cn"
+http-proxy-option EXT1 "Host: rd.go.10086.cn"
+http-proxy-option EXT1 "GET http://rd.go.10086.cn"
+http-proxy-option EXT1 "Host: rd.go.10086.cn"

package/lean/luci-app-openvpn-server/root/etc/uci-defaults/openvpn

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+uci set network.vpn0="interface"
+uci set network.vpn0.ifname="tun0"
+uci set network.vpn0.proto="none"
+uci commit network;
+/etc/init.d/network reload
+
+uci delete firewall.openvpn
+uci add firewall rule 
+uci rename firewall.@rule[-1]="openvpn"
+uci set firewall.@rule[-1].name="openvpn"
+uci set firewall.@rule[-1].target="ACCEPT"
+uci set firewall.@rule[-1].src="wan"
+uci set firewall.@rule[-1].proto="tcp"
+uci set firewall.@rule[-1].dest_port="1194"
+
+uci delete firewall.vpn
+uci delete firewall.vpnwan
+uci delete firewall.vpnlan
+uci commit firewall
+
+uci add firewall zone
+uci rename firewall.@zone[-1]="vpn"
+uci set firewall.@zone[-1].name="vpn"
+uci set firewall.@zone[-1].input="ACCEPT"
+uci set firewall.@zone[-1].forward="ACCEPT"
+uci set firewall.@zone[-1].output="ACCEPT"
+uci set firewall.@zone[-1].masq="1"
+uci set firewall.@zone[-1].network="vpn0"
+uci add firewall forwarding
+uci rename firewall.@forwarding[-1]="vpnwan"
+uci set firewall.@forwarding[-1].src="vpn"
+uci set firewall.@forwarding[-1].dest="wan"
+uci add firewall forwarding
+uci rename firewall.@forwarding[-1]="vpnlan"
+uci set firewall.@forwarding[-1].src="vpn"
+uci set firewall.@forwarding[-1].dest="lan"
+uci commit firewall;
+/etc/init.d/firewall restart
+
+/etc/init.d/openvpn enable
+/etc/init.d/openvpn stop
+
+rm -f /tmp/luci-indexcache
+exit 0

package/lean/luci-app-v2ray-pro/Makefile

@@ -0,0 +1,16 @@
+# Copyright (C) 2016 Openwrt.org
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for V2Ray
+LUCI_DEPENDS:=+iptables-mod-tproxy +kmod-ipt-tproxy +ip +ipset-lists +pdnsd-alt +coreutils +coreutils-base64 +coreutils-nohup +dnsmasq-full +v2ray +ca-certificates +lua-cjson 
+LUCI_PKGARCH:=all
+PKG_VERSION:=1.0
+PKG_RELEASE:=11
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

package/lean/luci-app-v2ray-pro/luasrc/controller/v2raypro.lua

@@ -0,0 +1,17 @@
+module("luci.controller.v2raypro", package.seeall)
+function index()
+		if not nixio.fs.access("/etc/config/v2raypro") then
+		return
+	end
+	local page
+	page = entry({"admin", "services", "v2raypro"}, cbi("v2raypro"), _("V2Ray Pro"))
+	page.dependent = true
+	entry({"admin","services","v2raypro","status"},call("act_status")).leaf=true
+end
+
+function act_status()
+  local e={}
+  e.running=luci.sys.call("pgrep v2ray >/dev/null")==0
+  luci.http.prepare_content("application/json")
+  luci.http.write_json(e)
+end

package/lean/luci-app-v2ray-pro/luasrc/model/cbi/v2raypro.lua

@@ -0,0 +1,243 @@
+
+local fs = require "nixio.fs"
+local NXFS = require "nixio.fs"
+local WLFS = require "nixio.fs"
+local SYS  = require "luci.sys"
+local ND = SYS.exec("cat /etc/gfwlist/china-banned | wc -l")
+local conf = "/etc/v2ray/base-gfwlist.txt"
+local watch = "/tmp/v2ray_watchdog.log"
+local dog = "/tmp/v2raypro.log"
+local http = luci.http
+local ucursor = require "luci.model.uci".cursor()
+
+m = Map("v2raypro")
+m.title	= translate("V2Ray Transparent Proxy")
+m.description = translate("A fast secure tunnel proxy that help you get through firewalls on your router")
+
+m:section(SimpleSection).template  = "v2raypro/v2raypro_status"
+
+s = m:section(TypedSection, "v2raypro")
+s.anonymous = true
+
+-- ---------------------------------------------------
+
+s:tab("basic",  translate("Base Setting"))
+
+
+switch = s:taboption("basic",Flag, "enabled", translate("Enable"))
+switch.rmempty = false
+
+proxy_mode = s:taboption("basic",ListValue, "proxy_mode", translate("Proxy Mode"))
+proxy_mode:value("M", translate("Base on GFW-List Auto Proxy Mode(Recommend)"))
+proxy_mode:value("S", translate("Bypassing China Manland IP Mode(Be caution when using P2P download！)"))
+proxy_mode:value("G", translate("Global Mode"))
+proxy_mode:value("V", translate("Overseas users watch China video website Mode"))
+
+cronup = s:taboption("basic", Flag, "cron_mode", translate("Auto Update GFW-List"),
+	translate(string.format("GFW-List Lines： <strong><font color=\"blue\">%s</font></strong> Lines", ND)))
+cronup.default = 0
+cronup.rmempty = false
+
+updatead = s:taboption("basic", Button, "updatead", translate("Manually force update GFW-List"), translate("Note: It needs to download and convert the rules. The background process may takes 60-120 seconds to run. <br / > After completed it would automatically refresh, please do not duplicate click!"))
+updatead.inputtitle = translate("Manually force update GFW-List")
+updatead.inputstyle = "apply"
+updatead.write = function()
+	SYS.call("nohup sh /etc/v2ray/up-gfwlist.sh > /tmp/gfwupdate.log 2>&1 &")
+end
+
+safe_dns_tcp = s:taboption("basic",Flag, "safe_dns_tcp", translate("DNS uses TCP"),
+	translate("Through the server transfer mode inquires DNS pollution prevention (Safer and recommended)"))
+safe_dns_tcp.rmempty = false
+-- safe_dns_tcp:depends("more", "1")
+
+-- timeout = s:taboption("basic",Value, "timeout", translate("Timeout"))
+-- timeout.datatype = "range(0,10000)"
+-- timeout.placeholder = "60"
+-- timeout.optional = false
+-- timeout:depends("more", "1")
+
+-- safe_dns = s:taboption("basic",Value, "safe_dns", translate("Safe DNS"),
+-- 	translate("8.8.8.8 or 8.8.4.4 is recommended"))
+-- safe_dns.datatype = "ip4addr"
+-- safe_dns.optional = false
+-- safe_dns:depends("more", "1")
+
+-- safe_dns_port = s:taboption("basic",Value, "safe_dns_port", translate("Safe DNS Port"),
+-- 	translate("Foreign DNS on UDP port 53 might be polluted"))
+-- safe_dns_port.datatype = "range(1,65535)"
+-- safe_dns_port.placeholder = "53"
+-- safe_dns_port.optional = false
+-- safe_dns_port:depends("more", "1")
+
+--fast_open =s:taboption("basic",Flag, "fast_open", translate("TCP Fast Open"),
+--	translate("Enable TCP fast open, only available on kernel > 3.7.0"))
+
+s:tab("main",  translate("Server Setting"))
+
+server = s:taboption("main",Value, "address", translate("Server Address"))
+server.datatype = "host"
+server.rmempty = false
+
+server_port = s:taboption("main",Value, "port", translate("Server Port"))
+server_port.datatype = "range(0,65535)"
+server_port.rmempty = false
+
+id = s:taboption("main",Value, "id", translate("ID"))
+id.password = true
+
+alterId = s:taboption("main",Value, "alterId", translate("Alter ID"))
+alterId.datatype = "range(1,65535)"
+alterId.rmempty = false
+
+security = s:taboption("main",ListValue, "security", translate("Security"))
+security:value("none")
+security:value("auto")
+security:value("aes-128-cfb")
+security:value("aes-128-gcm")
+security:value("chacha20-poly1305")
+
+network_type = s:taboption("main",ListValue, "network_type", translate("Network Type"))
+network_type:value("tcp")
+network_type:value("kcp")
+network_type:value("ws")
+
+-- tcp settings
+tcp_obfs = s:taboption("main",ListValue, "tcp_obfs", translate("TCP Obfs"))
+tcp_obfs:value("none")
+tcp_obfs:value("http")
+tcp_obfs:depends("network_type", "tcp")
+
+tcp_path = s:taboption("main",DynamicList, "tcp_path", translate("TCP Obfs Path"))
+tcp_path:depends("tcp_obfs", "http")
+
+tcp_host = s:taboption("main",DynamicList, "tcp_host", translate("TCP Obfs Header"))
+tcp_host:depends("tcp_obfs", "http")
+tcp_host.datatype = "host"
+
+-- kcp settings
+kcp_obfs = s:taboption("main",ListValue, "kcp_obfs", translate("KCP Obfs"))
+kcp_obfs:value("none")
+kcp_obfs:value("srtp")
+kcp_obfs:value("utp")
+kcp_obfs:value("wechat-video")
+kcp_obfs:value("dtls")
+kcp_obfs:value("wireguard")
+kcp_obfs:depends("network_type", "kcp")
+
+kcp_mtu = s:taboption("main",Value, "kcp_mtu", translate("KCP MTU"))
+kcp_mtu.datatype = "range(576,1460)"
+kcp_mtu:depends("network_type", "kcp")
+
+kcp_tti = s:taboption("main",Value, "kcp_tti", translate("KCP TTI"))
+kcp_tti.datatype = "range(10,100)"
+kcp_tti:depends("network_type", "kcp")
+
+kcp_uplink = s:taboption("main",Value, "kcp_uplink", translate("KCP uplinkCapacity"))
+kcp_uplink.datatype = "range(0,1000)"
+kcp_uplink:depends("network_type", "kcp")
+
+kcp_downlink = s:taboption("main",Value, "kcp_downlink", translate("KCP downlinkCapacity"))
+kcp_downlink.datatype = "range(0,1000)"
+kcp_downlink:depends("network_type", "kcp")
+
+kcp_readbuf = s:taboption("main",Value, "kcp_readbuf", translate("KCP readBufferSize"))
+kcp_readbuf.datatype = "range(0,100)"
+kcp_readbuf:depends("network_type", "kcp")
+
+kcp_writebuf = s:taboption("main",Value, "kcp_writebuf", translate("KCP writeBufferSize"))
+kcp_writebuf.datatype = "range(0,100)"
+kcp_writebuf:depends("network_type", "kcp")
+
+kcp_congestion = s:taboption("main",Flag, "kcp_congestion", translate("KCP Congestion"))
+kcp_congestion:depends("network_type", "kcp")
+
+-- websocket settings
+ws_path = s:taboption("main",Value, "ws_path", translate("WebSocket Path"))
+ws_path:depends("network_type", "ws")
+
+ws_headers = s:taboption("main",Value, "ws_headers", translate("WebSocket Header"))
+ws_headers:depends("network_type", "ws")
+ws_headers.datatype = "host"
+
+-- others
+tls = s:taboption("main",Flag, "tls", translate("TLS"))
+tls.rmempty = false
+
+mux = s:taboption("main",Flag, "mux", translate("Mux"))
+mux.rmempty = false
+
+s:tab("list",  translate("User-defined GFW-List"))
+gfwlist = s:taboption("list", TextValue, "conf")
+gfwlist.description = translate("<br />（!）Note: When the domain name is entered and will automatically merge with the online GFW-List. Please manually update the GFW-List list after applying.")
+gfwlist.rows = 13
+gfwlist.wrap = "off"
+gfwlist.cfgvalue = function(self, section)
+	return NXFS.readfile(conf) or ""
+end
+gfwlist.write = function(self, section, value)
+	NXFS.writefile(conf, value:gsub("\r\n", "\n"))
+end
+
+local addipconf = "/etc/v2ray/addinip.txt"
+
+s:tab("addip",  translate("GFW-List Add-in IP"))
+gfwaddin = s:taboption("addip", TextValue, "addipconf")
+gfwaddin.description = translate("<br />（!）Note: IP add-in to GFW-List. Such as Telegram Messenger")
+gfwaddin.rows = 13
+gfwaddin.wrap = "off"
+gfwaddin.cfgvalue = function(self, section)
+	return NXFS.readfile(addipconf) or ""
+end
+gfwaddin.write = function(self, section, value)
+	NXFS.writefile(addipconf, value:gsub("\r\n", "\n"))
+end
+
+s:tab("status",  translate("Status and Tools"))
+s:taboption("status", DummyValue,"opennewwindow" , 
+	translate("<input type=\"button\" class=\"cbi-button cbi-button-apply\" value=\"IP111.CN\" onclick=\"window.open('http://www.ip111.cn/')\" />"))
+
+
+s:tab("watchdog",  translate("Watchdog Log"))
+log = s:taboption("watchdog", TextValue, "sylogtext")
+log.template = "cbi/tvalue"
+log.rows = 13
+log.wrap = "off"
+log.readonly="readonly"
+
+function log.cfgvalue(self, section)
+  SYS.exec("[ -f /tmp/v2ray_watchdog.log ] && sed '1!G;h;$!d' /tmp/v2ray_watchdog.log > /tmp/v2raypro.log")
+	return nixio.fs.readfile(dog)
+end
+
+function log.write(self, section, value)
+	value = value:gsub("\r\n?", "\n")
+	nixio.fs.writefile(dog, value)
+end
+
+
+
+t=m:section(TypedSection,"acl_rule",translate("<strong>Client Proxy Mode Settings</strong>"),
+translate("Proxy mode settings can be set to specific LAN clients ( <font color=blue> No Proxy, Global Proxy, Game Mode</font>) . Does not need to be set by default."))
+t.template="cbi/tblsection"
+t.sortable=true
+t.anonymous=true
+t.addremove=true
+e=t:option(Value,"ipaddr",translate("IP Address"))
+e.width="40%"
+e.datatype="ip4addr"
+e.placeholder="0.0.0.0/0"
+luci.ip.neighbors({ family = 4 }, function(entry)
+	if entry.reachable then
+		e:value(entry.dest:string())
+	end
+end)
+
+e=t:option(ListValue,"filter_mode",translate("Proxy Mode"))
+e.width="40%"
+e.default="disable"
+e.rmempty=false
+e:value("disable",translate("No Proxy"))
+e:value("global",translate("Global Proxy"))
+e:value("game",translate("Game Mode"))
+
+return m

package/lean/luci-app-v2ray-pro/luasrc/view/cbi/other_upload2.htm

@@ -0,0 +1,6 @@
+<%+cbi/valueheader%>
+
+	<label class="cbi-value-title" style="display:inline-block; width: 180px" for="ulfile"><%:Choose local file:%></label>
+	<input class="cbi-input-file" style="width: 400px" type="file" id="ulfile" name="ulfile" />
+
+<%+cbi/valuefooter%>

package/lean/luci-app-v2ray-pro/luasrc/view/v2raypro/v2raypro_status.htm

@@ -0,0 +1,22 @@
+<script type="text/javascript">//<![CDATA[
+XHR.poll(3, '<%=url([[admin]], [[services]], [[v2raypro]], [[status]])%>', null,
+	function(x, data) {
+		var tb = document.getElementById('v2raypro_status');
+		if (data && tb) {
+			if (data.running) {
+				var links = '<em><b><font color=green>V2Ray Pro <%:RUNNING%></font></b></em>';
+				tb.innerHTML = links;
+			} else {
+				tb.innerHTML = '<em><b><font color=red>V2Ray Pro <%:NOT RUNNING%></font></b></em>';
+			}
+		}
+	}
+);
+//]]>
+</script>
+<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
+<fieldset class="cbi-section">
+	<p id="v2raypro_status">
+		<em><%:Collecting data...%></em>
+	</p>
+</fieldset>

package/lean/luci-app-v2ray-pro/po/zh-cn/v2raypro.po

@@ -0,0 +1,116 @@
+msgid "<strong><font color=\"green\">V2Ray is Running</font></strong>"
+msgstr "<strong><font color=\"green\">V2Ray 正在运行</font></strong>"
+
+msgid "<strong><font color=\"red\">V2Ray is Not Running</font></strong>"
+msgstr "<strong><font color=\"red\">V2Ray 没有运行</font></strong>"
+
+msgid "V2Ray Transparent Proxy"
+msgstr "V2Ray 透明代理"
+
+msgid "A fast secure tunnel proxy that help you get through firewalls on your router"
+msgstr "一个快速安全隧道代理，帮助您穿过防火墙"
+
+msgid "Base Setting"
+msgstr "基本设置"
+
+msgid "Proxy Mode"
+msgstr "代理模式"
+
+msgid "Base on GFW-List Auto Proxy Mode(Recommend)"
+msgstr "基于GFW-List自动代理(推荐)"
+
+msgid "Bypassing China Manland IP Mode(Be caution when using P2P download！)"
+msgstr "绕过中国大陆IP地址(P2P 下载慎用！)"
+
+msgid "Global Mode"
+msgstr "全局代理"
+
+msgid "Overseas users watch China video website Mode"
+msgstr "海外用户回国看视频"
+
+msgid "Auto Update GFW-List"
+msgstr "自动更新GFW-List"
+
+msgid "Manually force update GFW-List"
+msgstr "手动强制更新GFW-List"
+
+msgid "DNS uses TCP"
+msgstr "启用DNS TCP防污染"
+
+msgid "Through the server transfer mode inquires DNS pollution prevention (Safer and recommended)"
+msgstr "往国外的DNS请求将通过服务器中转发出（更安全，推荐）"
+
+msgid "Server Setting"
+msgstr "服务器设置"
+
+msgid "Server Address"
+msgstr "服务器地址（支持域名）"
+
+msgid "Server Port"
+msgstr "服务器端口"
+
+msgid "ID"
+msgstr "ID"
+
+msgid "Alter ID"
+msgstr "额外ID"
+
+msgid "Security"
+msgstr "加密方式"
+
+msgid "Network Type"
+msgstr "传输协议"
+
+msgid "User-defined GFW-List"
+msgstr "用户自定义GFW-List"
+
+msgid "<br />（!）Note: When the domain name is entered and will automatically merge with the online GFW-List. Please manually update the GFW-List list after applying."
+msgstr "用户自定义GFW-List将会和自动更新的自动合并。如果要新加入域名马上生效，请应用后点击手动强制更新GFW-List"
+
+msgid "Status and Tools"
+msgstr "状态与工具"
+
+msgid "Watchdog Log"
+msgstr "守护日志"
+
+msgid "<strong>Client Proxy Mode Settings</strong>"
+msgstr "<strong>客户端代理模式设置</strong>"
+
+msgid "Proxy mode settings can be set to specific LAN clients ( <font color=blue> No Proxy, Global Proxy, Game Mode</font>) . Does not need to be set by default."
+msgstr "可以为局域网客户端分别设置不同的代理模式 ( <font color=blue> 不代理, 全局代理, 游戏模式</font>).默认无需设置"
+
+msgid "GFW-List Add-in IP"
+msgstr "GFW-List附加IP"
+
+msgid "<br />（!）Note: IP add-in to GFW-List. Such as Telegram Messenger"
+msgstr "<br />（!）注意：有些应用使用IP而不是域名，例如 Telegram Messenger ，您需要把IP地址加入这里"
+
+msgid "No Proxy"
+msgstr "不代理"
+
+msgid "Global Proxy"
+msgstr "全局代理"
+
+msgid "Game Mode"
+msgstr "游戏模式"
+
+msgid "Config File Type"
+msgstr "配置文件类型"
+
+msgid "Use Config File"
+msgstr "使用配置文件"
+
+msgid "Warning: Can't find v2ctl. You can only choose Protobuf."
+msgstr "注意：没有找到 v2ctl 可执行程序。你只能选择使用 Protobuf."
+
+msgid "If you choose to upload a new file, please do not modify and this configuration will be overwritten automatically."
+msgstr "如果你在下方选择了上传新的配置文件，那你不需要改动这个框框里的内容。上传完成后将会自动填充。"
+
+msgid "Create upload file error."
+msgstr "上传文件失败。"
+
+msgid "File saved to"
+msgstr "文件已保存到"
+
+msgid "No specify upload file."
+msgstr "未指定上传文件"

package/lean/luci-app-v2ray-pro/root/etc/config/v2raypro

@@ -0,0 +1,18 @@
+
+config v2raypro 'v2raypro'
+	option gfwlist 'china-banned'
+	option proxy_mode 'M'
+	option safe_dns_tcp '1'
+	option cron_mode '1'
+	option address '4.4.4.4'
+	option port '443'
+	option id '00755892-0921-4433-bd92-04242abd92af'
+	option alterId '64'
+	option security 'aes-128-gcm'
+	option network_type 'ws'
+	option tls '1'
+	option mux '1'
+	option ws_path '/v2ray'
+	option ws_headers 'www.baidu.com'
+	option enabled '0'
+

package/lean/luci-app-v2ray-pro/root/etc/init.d/v2raypro

@@ -0,0 +1,378 @@
+#!/bin/sh /etc/rc.common
+#
+#
+
+START=99
+STOP=10
+
+EXTRA_COMMANDS="reload_rule"
+
+V2RAY_REDIR_PORT=7070
+V2RAY_REDIR_PIDFILE=/var/run/v2ray-redir-go.pid 
+PDNSD_LOCAL_PORT=7453
+V2RAYCONF=/tmp/config.json
+CRON_FILE=/etc/crontabs/root
+V2_CONF_GENERATE_LUA=/etc/v2ray/gen_config.lua
+CONFIG=v2raypro
+KEEP_GFWLIST=Y
+vt_np_ipset="china"
+
+get_config()
+{
+	config_get_bool vt_enabled $1 enabled 0
+	config_get vt_server_addr $1 address
+	config_get vt_server_port $1 server_port
+	config_get vt_password $1 password
+	config_get vt_method $1 method
+	config_get vt_protocol $1 protocol
+	config_get vt_protoparam $1 protoparam
+	config_get vt_obfs $1 obfs
+	config_get obfs_param $1 obfs_param
+	config_get vt_proxy_mode $1 proxy_mode
+	config_get vt_timeout $1 timeout
+	config_get vt_safe_dns $1 safe_dns
+	config_get vt_timeout $1 timeout
+	config_get vt_safe_dns $1 safe_dns
+	config_get vt_safe_dns_port $1 safe_dns_port
+	config_get vt_safe_dns_tcp $1 safe_dns_tcp
+	config_get cron_mode $1 cron_mode 1
+}
+
+
+
+
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
+	# Get LAN settings as default parameters
+	[ -f /lib/functions/network.sh ] && . /lib/functions/network.sh
+	network_get_subnet covered_subnets lan
+	network_get_ipaddr local_addresses lan
+
+# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
+__gfwlist_by_mode()
+{
+	case "$1" in
+		V) echo unblock-youku;;
+		*) echo china-banned;;
+	esac
+}
+
+start()
+{   
+  config_load v2raypro
+	config_foreach get_config v2raypro
+  
+	[ -f /etc/init.d/pdnsd ] && /etc/init.d/pdnsd disable 2>/dev/null
+	
+	if [ "$vt_enabled" = 0 ]; then
+		echo "WARNING: v2ray is disabled."
+		exit 0
+	fi
+	
+	local vt_gfwlist=`__gfwlist_by_mode $vt_proxy_mode`
+	[ -z "$vt_proxy_mode" ] && vt_proxy_mode=M
+	[ -z "$vt_method" ] && vt_method=table
+	[ -z "$vt_timeout" ] && vt_timeout=60
+	case "$vt_proxy_mode" in
+		M|S|G)
+			[ -z "$vt_safe_dns" ] && vt_safe_dns="8.8.8.8"
+			[ -z "$vt_safe_dns_tcp" ] && vt_safe_dns_tcp=1
+			;;
+	esac
+	[ -z "$vt_safe_dns_port" ] && vt_safe_dns_port=53
+
+	# -----------------------------------------------------------------
+	###### v2ray ######
+	/usr/bin/lua $V2_CONF_GENERATE_LUA $CONFIG $V2RAYCONF
+	/usr/bin/v2ray/v2ray -config=$V2RAYCONF &
+	
+	echo "V2Ray started"
+
+   
+	# IPv4 firewall rules
+  add_rule
+  
+	# -----------------------------------------------------------------
+	mkdir -p /var/etc/dnsmasq-go.d
+	###### Anti-pollution configuration ######
+	if [ -n "$vt_safe_dns" ]; then
+		if [ "$vt_safe_dns_tcp" = 1 ]; then
+			start_pdnsd "$vt_safe_dns"
+			awk -vs="127.0.0.1#$PDNSD_LOCAL_PORT" '!/^$/&&!/^#/{printf("server=/%s/%s\n",$0,s)}' \
+				/etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/01-pollution.conf
+		else
+			awk -vs="$vt_safe_dns#$vt_safe_dns_port" '!/^$/&&!/^#/{printf("server=/%s/%s\n",$0,s)}' \
+				/etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/01-pollution.conf
+		fi
+	else
+		echo "WARNING: Not using secure DNS, DNS resolution might be polluted if you are in China."
+	fi
+
+	###### dnsmasq-to-ipset configuration ######
+	case "$vt_proxy_mode" in
+		M|V)
+			awk '!/^$/&&!/^#/{printf("ipset=/%s/'"$vt_gfwlist"'\n",$0)}' \
+				/etc/gfwlist/$vt_gfwlist > /var/etc/dnsmasq-go.d/02-ipset.conf
+			;;
+	esac
+
+	# -----------------------------------------------------------------
+	###### Restart main 'dnsmasq' service if needed ######
+	if ls /var/etc/dnsmasq-go.d/* >/dev/null 2>&1; then
+		mkdir -p /tmp/dnsmasq.d
+		cat > /tmp/dnsmasq.d/dnsmasq-go.conf <<EOF
+conf-dir=/var/etc/dnsmasq-go.d
+EOF
+		/etc/init.d/dnsmasq restart
+	fi
+	
+	add_cron
+}
+
+
+stop()
+{
+  
+	# -----------------------------------------------------------------
+	rm -rf /var/etc/dnsmasq-go.d
+	if [ -f /tmp/dnsmasq.d/dnsmasq-go.conf ]; then
+		rm -f /tmp/dnsmasq.d/dnsmasq-go.conf
+		/etc/init.d/dnsmasq restart
+	fi
+
+	stop_pdnsd
+
+	# --STOP IPv4 firewall---------------------------------------------------------------
+  del_rule
+  
+	# -----------------------------------------------------------------
+	if [ -f $V2RAY_REDIR_PIDFILE ]; then
+		kill -9 `cat $V2RAY_REDIR_PIDFILE`
+		rm -f $V2RAY_REDIR_PIDFILE
+	fi
+	killall -9 v2ray 2>/dev/null
+	del_cron
+}
+
+
+reload_rule()
+{
+  config_load v2raypro
+	config_foreach get_config v2raypro
+	
+	local vt_gfwlist=`__gfwlist_by_mode $vt_proxy_mode`
+	
+	KEEP_GFWLIST=Y
+	del_rule
+	add_rule
+	if [ "$vt_safe_dns_tcp" = 1 ]; then
+    stop_pdnsd
+    start_pdnsd
+	fi
+}
+
+restart()
+{
+	KEEP_GFWLIST=Y
+	stop
+	start
+}
+
+
+# $1: upstream DNS server
+start_pdnsd()
+{
+	local safe_dns="$1"
+
+	local tcp_dns_list="208.67.222.222, 208.67.220.220"
+	[ -n "$safe_dns" ] && tcp_dns_list="$safe_dns,$tcp_dns_list"
+
+	#killall -9 pdnsd 2>/dev/null && sleep 1
+	kill -9 $(cat /var/run/pdnsd.pid) >/dev/null 2>&1 
+	
+	mkdir -p /var/etc /var/pdnsd
+	if ! test -f "/var/pdnsd/pdnsd.cache"; then
+    dd if=/dev/zero of="/var/pdnsd/pdnsd.cache" bs=1 count=4 2> /dev/null
+    chown -R nobody.nogroup /var/pdnsd
+  fi
+	
+	cat > /var/etc/pdnsd.conf <<EOF
+global {
+	perm_cache=10240;
+	cache_dir="/var/pdnsd";
+	pid_file = /var/run/pdnsd.pid;
+	run_as="nobody";
+	server_ip = 127.0.0.1;
+	server_port = $PDNSD_LOCAL_PORT;
+	status_ctl = on;
+	query_method = tcp_only;
+	min_ttl=1h;
+	max_ttl=1w;
+	timeout=10;
+	neg_domain_pol=on;
+	proc_limit=2;
+	procq_limit=8;
+}
+server {
+	label= "fwxxx";
+	ip = $tcp_dns_list;
+	port = 53;
+	timeout=6;
+	uptest=none;
+	interval=10m;
+	purge_cache=off;
+}
+EOF
+
+	/usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d
+
+	# Access TCP DNS server through v2ray tunnel
+	if iptables -t nat -N pdnsd_output; then
+		iptables -t nat -A pdnsd_output -m set --match-set $vt_np_ipset dst -j RETURN
+		iptables -t nat -A pdnsd_output -p tcp -j REDIRECT --to $V2RAY_REDIR_PORT
+	fi
+	iptables -t nat -I OUTPUT -p tcp --dport 53 -j pdnsd_output
+}
+
+stop_pdnsd()
+{
+	if iptables -t nat -F pdnsd_output 2>/dev/null; then
+		while iptables -t nat -D OUTPUT -p tcp --dport 53 -j pdnsd_output 2>/dev/null; do :; done
+		iptables -t nat -X pdnsd_output
+	fi
+	killall -9 pdnsd 2>/dev/null
+	rm -rf /var/pdnsd
+	rm -f /var/etc/pdnsd.conf
+}
+
+add_cron()
+{
+  sed -i '/up-gfwlist.sh/d' $CRON_FILE
+	sed -i '/v2ray_watchdog.log/d' $CRON_FILE
+	if [ $cron_mode -eq 1 ]; then
+		echo '0 5 * * * /etc/v2ray/up-gfwlist.sh > /tmp/gfwupdate.log 2>&1' >> $CRON_FILE	
+	fi
+	echo '0 */1 * * * /etc/v2ray/v2ray-watchdog >> /tmp/v2ray_watchdog.log 2>&1' >> $CRON_FILE
+	echo '0 1 * * 0 echo "" > /tmp/v2ray_watchdog.log' >> $CRON_FILE
+	crontab $CRON_FILE
+}
+
+del_cron()
+{
+	sed -i '/up-gfwlist.sh/d' $CRON_FILE
+	sed -i '/v2ray_watchdog.log/d' $CRON_FILE
+	/etc/init.d/cron restart
+}
+
+
+
+uci_get_by_name() {
+	local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+uci_get_by_type() {
+	local index=0
+	if [ -n $4 ]; then
+		index=$4
+	fi
+	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+add_rule()
+{
+	iptables -t nat -N v2ray_pre
+	iptables -t nat -F v2ray_pre
+	iptables -t nat -A v2ray_pre -m set --match-set local dst -j RETURN || {
+		iptables -t nat -A v2ray_pre -d 10.0.0.0/8 -j RETURN
+		iptables -t nat -A v2ray_pre -d 127.0.0.0/8 -j RETURN
+		iptables -t nat -A v2ray_pre -d 172.16.0.0/12 -j RETURN
+		iptables -t nat -A v2ray_pre -d 192.168.0.0/16 -j RETURN
+		iptables -t nat -A v2ray_pre -d 127.0.0.0/8 -j RETURN
+		iptables -t nat -A v2ray_pre -d 224.0.0.0/3 -j RETURN
+	}
+	iptables -t nat -A v2ray_pre -d $vt_server_addr -j RETURN
+	
+	iptables -N gameboost -t mangle
+	ipset -! create gameuser hash:ip maxelem 65536 2>/dev/null
+	ip rule add fwmark 0x01/0x01 table 100
+	ip route add local 0.0.0.0/0 dev lo table 100
+	iptables -t mangle -A gameboost -p udp -m set --match-set local dst -j RETURN
+	iptables -t mangle -A gameboost -p udp -m set --match-set china dst -j RETURN
+	iptables -t mangle -A gameboost -p udp --dport 53 -j RETURN
+	iptables -t mangle -A gameboost -p udp -j TPROXY --on-port 7070 --tproxy-mark 0x01/0x01
+	iptables -t mangle -A PREROUTING -m set --match-set gameuser src -j gameboost 
+
+	for i in $(seq 0 100)
+	do
+		local ip=$(uci_get_by_type acl_rule ipaddr '' $i)
+		local mode=$(uci_get_by_type acl_rule filter_mode '' $i)
+		case "$mode" in
+		disable)
+			iptables -t nat -A v2ray_pre -s $ip -j RETURN
+			;;
+		global)
+			iptables -t nat -A v2ray_pre -s $ip -p tcp -j REDIRECT --to $V2RAY_REDIR_PORT
+			iptables -t nat -A v2ray_pre -s $ip -j RETURN 
+			;;
+		game)
+			iptables -t nat -A v2ray_pre -p tcp -s $ip -m set ! --match-set china dst -j REDIRECT --to $V2RAY_REDIR_PORT
+			ipset -! add gameuser $ip
+			;;
+		esac
+	done
+
+	case "$vt_proxy_mode" in
+		G) : ;;
+		S)
+			iptables -t nat -A v2ray_pre -m set --match-set $vt_np_ipset dst -j RETURN
+			iptables -t nat -I OUTPUT -p tcp -m multiport --dports 80,443 -m set ! --match-set $vt_np_ipset dst -j REDIRECT --to $V2RAY_REDIR_PORT
+			;;
+		M)
+			ipset -! create $vt_gfwlist hash:ip maxelem 65536 2>/dev/null
+      awk '!/^$/&&!/^#/{printf("add vt_gfwlist %s'" "'\n",$0)}' /etc/v2ray/addinip.txt > /tmp/addinip.ipset
+      sed -i "s/vt_gfwlist/$vt_gfwlist/g" /tmp/addinip.ipset
+      ipset -! restore < /tmp/addinip.ipset
+			iptables -t nat -A v2ray_pre -m set ! --match-set $vt_gfwlist dst -j RETURN
+			iptables -t nat -A v2ray_pre -m set --match-set $vt_np_ipset dst -j RETURN
+			iptables -t nat -I OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set $vt_gfwlist dst -j REDIRECT --to $V2RAY_REDIR_PORT
+			;;
+		V)
+			vt_np_ipset=""
+			ipset -! create $vt_gfwlist hash:ip maxelem 65536 2>/dev/null
+			iptables -t nat -A v2ray_pre -m set ! --match-set $vt_gfwlist dst -j RETURN
+			;;
+	esac
+	local subnet
+	for subnet in $covered_subnets; do
+		iptables -t nat -A v2ray_pre -s $subnet -p tcp -j REDIRECT --to $V2RAY_REDIR_PORT
+	done
+	iptables -t nat -I PREROUTING -p tcp -j v2ray_pre
+}
+
+del_rule()
+{
+	if iptables -t nat -F v2ray_pre 2>/dev/null; then
+		while iptables -t nat -D PREROUTING -p tcp -j v2ray_pre 2>/dev/null; do :; done
+		iptables -t nat -X v2ray_pre 2>/dev/null
+	fi
+	
+	iptables -t nat -D OUTPUT -p tcp -m multiport --dports 80,443 -m set --match-set china-banned dst -j REDIRECT --to $V2RAY_REDIR_PORT 2>/dev/null
+	iptables -t nat -D OUTPUT -p tcp -m multiport --dports 80,443 -m set ! --match-set $vt_np_ipset dst -j REDIRECT --to $V2RAY_REDIR_PORT 2>/dev/null
+	
+	/usr/bin/ip rule del fwmark 0x01/0x01 table 100
+	/usr/bin/ip route del local 0.0.0.0/0 dev lo table 100
+	if iptables -t mangle -F gameboost 2>/dev/null; then
+		while iptables -t mangle -D PREROUTING -m set --match-set gameuser src -j gameboost 2>/dev/null; do :; done
+		iptables -t mangle -X gameboost 2>/dev/null
+	fi
+
+	ipset destroy gameuser 2>/dev/null
+
+
+	# -----------------------------------------------------------------
+	[ "$KEEP_GFWLIST" = Y ] || ipset destroy "$vt_gfwlist" 2>/dev/null
+}
+

package/lean/luci-app-v2ray-pro/root/etc/uci-defaults/v2raypro

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+  delete ucitrack.@v2raypro[-1]
+	add ucitrack v2raypro
+	set ucitrack.@v2raypro[-1].init=v2raypro
+	commit ucitrack
+	delete firewall.v2raypro
+	set firewall.v2raypro=include
+	set firewall.v2raypro.type=script
+	set firewall.v2raypro.path=/etc/v2raypro.include
+	set firewall.v2raypro.reload=1
+	commit firewall
+EOF
+
+/etc/init.d/v2raypro stop
+/etc/init.d/v2raypro enable
+
+rm -f /tmp/luci-indexcache
+exit 0

package/lean/luci-app-v2ray-pro/root/etc/v2ray/addinip.txt

@@ -0,0 +1,7 @@
+149.154.160.0/20
+149.154.164.0/22 
+149.154.168.0/21 
+67.198.55.0/24 
+91.108.4.0/22 
+91.108.56.0/22 
+109.239.140.0/24 

package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen-gfwlist.sh

@@ -0,0 +1,29 @@
+#!/bin/sh -e
+ 
+generate_china_banned()
+{
+	if [ ! -f /tmp/gfwlist.txt ]; then
+		wget-ssl --no-check-certificate https://raw.githubusercontent.com/gfwlist/gfwlist/master/gfwlist.txt -O /tmp/gfwlist.b64 >&2
+		cat /tmp/gfwlist.b64 | base64 -d > /tmp/gfwlist.txt
+		rm -f /tmp/gfwlist.b64
+	fi
+
+	cat /tmp/gfwlist.txt | sort -u |
+		sed 's#!.\+##; s#|##g; s#@##g; s#http:\/\/##; s#https:\/\/##;' |
+		sed '/\*/d; /apple\.com/d; /sina\.cn/d; /sina\.com\.cn/d; /baidu\.com/d; /byr\.cn/d; /jlike\.com/d; /weibo\.com/d; /zhongsou\.com/d; /youdao\.com/d; /sogou\.com/d; /so\.com/d; /soso\.com/d; /aliyun\.com/d; /taobao\.com/d; /jd\.com/d; /qq\.com/d' |
+		sed '/^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$/d' |
+		grep '^[0-9a-zA-Z\.-]\+$' | grep '\.' | sed 's#^\.\+##' | sort -u |
+		awk '
+BEGIN { prev = "________"; }  {
+	cur = $0;
+	if (index(cur, prev) == 1 && substr(cur, 1 + length(prev) ,1) == ".") {
+	} else {
+		print cur;
+		prev = cur;
+	}
+}' | sort -u
+
+}
+
+
+generate_china_banned

package/lean/luci-app-v2ray-pro/root/etc/v2ray/gen_config.lua

@@ -0,0 +1,169 @@
+--[[
+ Auto generate config for Project V
+ Author: @libc0607
+]]--
+
+local conf_path, json_path = ...
+conf_path = conf_path or "v2raypro"
+json_path = json_path or "/tmp/config.json"
+
+local local_listen_port = 7070
+
+local cjson = require "cjson.safe"
+local ucursor = require "luci.model.uci".cursor()
+local lip = require "luci.ip"
+
+local v2ray_stream_mode = ucursor:get(conf_path, "v2raypro", "network_type")	-- tcp/kcp/ws
+
+function v2ray_get_conf_list(op)
+	local t = {}
+	for k, v in pairs(ucursor:get_list(conf_path, 'v2ray', op)) do
+		table.insert(t, v)
+	end
+	return t
+end
+
+function check_addr_type(addr)
+	local ip = luci.ip.new(addr, 32)
+	if ip == nil then
+		return "domain"
+	elseif ip:is4() then
+		return "ipv4"
+	elseif ip:is6() then
+		return "ipv6"
+	end
+end
+
+function get_ip_list_by_domain(domain)
+	local domain_list = {}
+	local cmd = io.popen("nslookup " .. domain .. " |grep Address | awk {'print $3'}")
+	for cmd_line in cmd:lines() do
+		if check_addr_type(cmd_line) == "ipv4" then
+			table.insert(domain_list, cmd_line)
+		elseif check_addr_type(cmd_line) == "ipv6" then
+			table.insert(domain_list, cmd_line)
+		end
+	end
+	return domain_list
+end
+
+local v2ray	= {
+	log = {
+		access = "",
+		error = "",
+		loglevel = "none"
+	},
+	inbound = {
+		protocol = "dokodemo-door",
+		port = local_listen_port,
+		domainOverride = {"tls", "http"},
+		address = "",
+		settings = {
+			network = "tcp,udp",
+			timeout = 30,
+			followRedirect = true
+		},
+	},
+	outbound = {
+		protocol = "vmess",
+		settings = {
+			vnext = {
+			  [1] = {
+				address = ucursor:get(conf_path, "v2raypro", "address"),
+				port = tonumber(ucursor:get(conf_path, "v2raypro", "port")),
+				users = {
+				  [1] = {
+				    id = ucursor:get(conf_path, "v2raypro", "id"),
+					alterId = tonumber(ucursor:get(conf_path, "v2raypro", "alterId")),
+					security = ucursor:get(conf_path, "v2raypro", "security")
+				  },
+				},
+			  },
+			},
+		},
+		streamSettings = {
+			network = ucursor:get(conf_path, "v2raypro", "network_type"),
+			security = (ucursor:get(conf_path, "v2raypro", "tls") == '1') and "tls" or "none",
+			tcpSettings = (v2ray_stream_mode == "tcp" and ucursor:get(conf_path, "v2raypro", "tcp_obfs") == "http") and {
+				connectionReuse = true,
+				header = {
+					type = ucursor:get(conf_path, "v2raypro", "tcp_obfs"),
+					request = {
+						version = "1.1",
+						method = "GET",
+						path = v2ray_get_conf_list('tcp_path'),
+						headers = {
+							Host = v2ray_get_conf_list('tcp_host'),
+							User_Agent = {
+								"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36",
+								"Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/53.0.2785.109 Mobile/14A456 Safari/601.1.46"
+							},
+							Accept_Encoding = {"gzip, deflate"},
+							Connection = {"keep-alive"},
+							Pragma = "no-cache"
+						},
+					},
+					response = {
+						version = "1.1",
+						status = "200",
+						reason = "OK",
+						headers = {
+							Content_Type = {"application/octet-stream","video/mpeg"},
+							Transfer_Encoding = {"chunked"},
+							Connection= {"keep-alive"},
+							Pragma = "no-cache"
+						},
+					},
+				}
+			} or nil,
+
+			kcpSettings = (v2ray_stream_mode == "kcp") and {
+				mtu = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_mtu")),
+				tti = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_tti")),
+				uplinkCapacity = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_uplink")),
+				downlinkCapacity = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_downlink")),
+				congestion = (ucursor:get(conf_path, "v2raypro", "kcp_congestion") == "1") and true or false,
+				readBufferSize = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_readbuf")),
+				writeBufferSize = tonumber(ucursor:get(conf_path, "v2raypro", "kcp_writebuf")),
+				header = {
+					type = ucursor:get(conf_path, "v2raypro", "kcp_obfs")
+				}
+			} or nil,
+
+			wsSettings = (v2ray_stream_mode == "ws") and {
+				connectionReuse = true,
+				path = ucursor:get(conf_path, "v2raypro", "ws_path"),
+				headers = (ucursor:get(conf_path, "v2raypro", "ws_headers") ~= nil) and {
+					Host = ucursor:get(conf_path, "v2raypro", "ws_headers")
+				} or nil,
+			} or nil,
+		},
+		mux = {
+			enabled = (ucursor:get(conf_path, "v2raypro", "mux") == "1") and true or false
+		},
+	},
+	dns = {
+		servers = {
+			"localhost"
+		},
+	},
+}
+
+-- Generate config json to <json_path>
+local json_raw = cjson.encode(v2ray)
+local json_file = io.open(json_path, "w+")
+io.output(json_file)
+io.write(json_raw)
+io.close(json_file)
+
+-- change '_' to '-'
+local keys_including_minus = {"User_Agent", "Content_Type", "Accept_Encoding", "Transfer_Encoding"}
+local keys_corrected = {"User-Agent", "Content-Type", "Accept-Encoding", "Transfer-Encoding"}
+for k, v in pairs(keys_including_minus) do
+	os.execute("sed -i 's/" ..v.. "/" ..keys_corrected[k].. "/g' " .. json_path)
+end
+
+-- change "\/" to "/"
+os.execute("sed -i 's/\\\\\\//\\//g' ".. json_path)
+
+print("V2ray config generated at " .. json_path)

package/lean/luci-app-v2ray-pro/root/etc/v2ray/up-gfwlist.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+ 
+/etc/v2ray/gen-gfwlist.sh > /tmp/ol-gfw.txt
+
+if [ -s "/tmp/ol-gfw.txt" ];then
+	sort -u /etc/v2ray/base-gfwlist.txt /tmp/ol-gfw.txt > /tmp/china-banned
+	if ( ! cmp -s /tmp/china-banned /etc/gfwlist/china-banned );then
+		if [ -s "/tmp/china-banned" ];then
+			mv /tmp/china-banned /etc/gfwlist/china-banned
+			echo "Update GFW-List Done!"
+		fi
+	else
+		echo "GFW-List No Change!"
+	fi
+fi
+
+rm -f /tmp/gfwlist.txt
+rm -f /tmp/ol-gfw.txt
+
+/etc/init.d/v2raypro restart

package/lean/luci-app-v2ray-pro/root/etc/v2ray/v2ray-watchdog

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
+#GOOGLE=$(ping -4 www.gstatic.com -c 1 -w 5| sed '1{s/[^(]*(//;s/).*//;q}')
+
+#iptables -t nat -I OUTPUT -p tcp -d $GOOGLE -j REDIRECT --to-port 7070
+
+#sleep 3
+
+/usr/bin/wget --spider --quiet --tries=1 --timeout=3 www.gstatic.com/generate_204
+
+if [ "$?" == "0" ]; then
+	echo '['$LOGTIME'] V2Ray No Problem.'
+else
+	/usr/bin/wget --spider --quiet --tries=1 --timeout=3 www.baidu.com
+	if [ "$?" == "0" ]; then
+		echo '['$LOGTIME'] Problem decteted, restarting V2Ray...'
+		/etc/init.d/v2raypro restart
+	else
+		echo '['$LOGTIME'] Network Problem. Do nothing.'
+	fi
+fi
+
+#sleep 3
+
+#iptables -t nat -D OUTPUT -p tcp -d $GOOGLE -j REDIRECT --to-port 7070

package/lean/luci-app-v2ray-pro/root/etc/v2raypro.include

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+v2ray_enable=$(uci get v2raypro.@v2raypro[0].enabled 2>/dev/null)
+
+if [ $v2ray_enable -eq 1 ]; then
+	if pidof v2ray>/dev/null; then
+	   /etc/init.d/v2raypro reload_rule
+	 else
+	   /etc/init.d/v2raypro restart
+  fi
+fi

package/lean/v2ray/Makefile

@@ -0,0 +1,109 @@
+#
+# Copyright (C) 2015-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v3.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=v2ray
+PKG_VERSION:=v3.46.2
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+ifeq ($(ARCH),x86_64)
+	PKG_ARCH_V2RAY:=linux-64
+endif
+ifeq ($(ARCH),mipsel)
+	PKG_ARCH_V2RAY:=linux-mipsle
+endif
+ifeq ($(ARCH),mips)
+	PKG_ARCH_V2RAY:=linux-mips
+endif
+ifeq ($(ARCH),i386)
+	PKG_ARCH_V2RAY:=linux-32
+endif
+ifeq ($(ARCH),arm)
+	PKG_ARCH_V2RAY:=linux-arm
+endif
+ifeq ($(ARCH),aarch64)
+	PKG_ARCH_V2RAY:=linux-arm64
+endif
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+	SECTION:=net
+	CATEGORY:=Network
+	TITLE:=V2Ray is a cross-platform proxy software
+	DEPENDS:=
+	URL:=https://github.com/v2ray/v2ray-core
+endef
+
+define Package/$(PKG_NAME)/config
+menu "V2Ray Configuration"
+	depends on PACKAGE_v2ray
+
+config PACKAGE_V2RAY_INCLUDE_V2RAY
+	bool "Include v2ray"
+	default y
+
+config PACKAGE_V2RAY_SOFTFLOAT
+	bool "Use soft-float binaries (mips/mipsle only)"
+	depends on PACKAGE_V2RAY_INCLUDE_V2RAY
+	default n
+
+config PACKAGE_V2RAY_INCLUDE_V2CTL
+	bool "Include v2ctl"
+	depends on PACKAGE_V2RAY_INCLUDE_V2RAY
+	default y
+
+config PACKAGE_V2RAY_INCLUDE_GEOIP
+	bool "Include geoip.dat"
+	depends on PACKAGE_V2RAY_INCLUDE_V2CTL
+	default n
+
+config PACKAGE_V2RAY_INCLUDE_GEOSITE
+	bool "Include geosite.dat"
+	depends on PACKAGE_V2RAY_INCLUDE_V2CTL
+	default n
+
+endmenu
+endef
+
+define Package/$(PKG_NAME)/description
+V2Ray is a cross-platform proxy software
+endef
+
+define Build/Prepare
+	
+	wget https://github.com/v2ray/v2ray-core/releases/download/$(PKG_VERSION)/v2ray-$(PKG_ARCH_V2RAY).zip -O $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY).zip
+	unzip -o $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY).zip -d $(PKG_BUILD_DIR)
+ifdef CONFIG_PACKAGE_V2RAY_SOFTFLOAT
+	[ -f $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY)/v2ray_softfloat ] && mv $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY)/v2ray_softfloat $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY)/v2ray || echo "Can't find soft-float binary."
+	[ -f $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY)/v2ctl_softfloat ] && mv $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY)/v2ctl_softfloat $(PKG_BUILD_DIR)/v2ray-$(PKG_VERSION)-$(PKG_ARCH_V2RAY)/v2ctl || echo "Can't find soft-float binary."
+endif
+endef
+
+define Build/Configure
+endef
+
+define Build/Compile
+endef
+
+define Package/$(PKG_NAME)/install
+	$(INSTALL_DIR) $(1)/usr/bin/v2ray
+ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_V2RAY
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/v2ray $(1)/usr/bin/v2ray/
+endif
+ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_V2CTL
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/v2ctl $(1)/usr/bin/v2ray/
+endif
+ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_GEOIP
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/geoip.dat $(1)/usr/bin/v2ray/
+endif
+ifdef CONFIG_PACKAGE_V2RAY_INCLUDE_GEOSITE
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/geosite.dat $(1)/usr/bin/v2ray/
+endif
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))