From a99dd1e02ae898a780be384cb9ed564e57bce08f Mon Sep 17 00:00:00 2001 From: kenzok8 Date: Thu, 22 Jan 2026 10:02:31 +0800 Subject: [PATCH] update 2026-01-22 10:02:31 --- .../luasrc/model/cbi/easytier.lua | 24 +++++-- .../po/templates/easytier.pot | 2 +- .../luci-app-easytier/po/zh_Hans/easytier.po | 4 +- .../root/etc/config/easytier | 3 + .../root/etc/init.d/easytier | 67 ++++++++++++------- 5 files changed, 69 insertions(+), 31 deletions(-) diff --git a/luci-app-easytier/luci-app-easytier/luasrc/model/cbi/easytier.lua b/luci-app-easytier/luci-app-easytier/luasrc/model/cbi/easytier.lua index 970ee2c89..b2b83da4b 100644 --- a/luci-app-easytier/luci-app-easytier/luasrc/model/cbi/easytier.lua +++ b/luci-app-easytier/luci-app-easytier/luasrc/model/cbi/easytier.lua @@ -261,15 +261,15 @@ disable_encryption = s:taboption("privacy", Flag, "disable_encryption", translat disable_encryption:depends("etcmd", "etcmd") encryption_algorithm = s:taboption("privacy", ListValue, "encryption_algorithm", translate("Encryption Algorithm"), - translate("encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)")) + translate("encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)")) encryption_algorithm.default = "aes-gcm" encryption_algorithm:value("xor",translate("xor")) encryption_algorithm:value("chacha20",translate("chacha20")) encryption_algorithm:value("aes-gcm",translate("aes-gcm")) -encryption_algorithm:value("aes-gcm-256",translate("aes-gcm-256")) -encryption_algorithm:value("openssl-aes128-gcm",translate("openssl-aes128-gcm")) -encryption_algorithm:value("openssl-aes256-gcm",translate("openssl-aes256-gcm")) +encryption_algorithm:value("aes-256-gcm",translate("aes-256-gcm")) +encryption_algorithm:value("openssl-aes-gcm",translate("openssl-aes-gcm")) encryption_algorithm:value("openssl-chacha20",translate("openssl-chacha20")) +encryption_algorithm:value("openssl-aes-256-gcm",translate("openssl-aes-256-gcm")) encryption_algorithm:depends("etcmd", "etcmd") multi_thread = s:taboption("privacy", Flag, "multi_thread", translate("Enable Multithreading"), @@ -449,6 +449,22 @@ log:value("info", translate("Info")) log:value("debug", translate("Debug")) log:value("trace", translate("Trace")) +-- Network Configuration Options +auto_config_interface = s:taboption("privacy", Flag, "auto_config_interface", translate("Auto Configure Interface"), + translate("Automatically create and configure the EasyTier network interface")) +auto_config_interface.default = "1" + +interface_netmask = s:taboption("privacy", Value, "interface_netmask", translate("Interface Netmask"), + translate("Subnet mask for the EasyTier interface (default: 255.0.0.0)")) +interface_netmask.placeholder = "255.0.0.0" +interface_netmask.default = "255.0.0.0" +interface_netmask.datatype = "ip4addr" +interface_netmask:depends("auto_config_interface", "1") + +auto_config_firewall = s:taboption("privacy", Flag, "auto_config_firewall", translate("Auto Configure Firewall"), + translate("Automatically add and manage firewall rules")) +auto_config_firewall.default = "1" + et_forward = s:taboption("privacy", MultiValue, "et_forward", translate("Access Control"), translate("Set traffic permission rules between different network zones")) et_forward:value("etfwlan", translate("Allow traffic from EasyTier virtual network to LAN")) diff --git a/luci-app-easytier/luci-app-easytier/po/templates/easytier.pot b/luci-app-easytier/luci-app-easytier/po/templates/easytier.pot index 491ecf524..664ef8ef0 100644 --- a/luci-app-easytier/luci-app-easytier/po/templates/easytier.pot +++ b/luci-app-easytier/luci-app-easytier/po/templates/easytier.pot @@ -1027,7 +1027,7 @@ msgstr "" msgid "Encryption Algorithm" msgstr "" -msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)" +msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)" msgstr "" msgid "Stats" diff --git a/luci-app-easytier/luci-app-easytier/po/zh_Hans/easytier.po b/luci-app-easytier/luci-app-easytier/po/zh_Hans/easytier.po index 50033d7ee..279aec294 100644 --- a/luci-app-easytier/luci-app-easytier/po/zh_Hans/easytier.po +++ b/luci-app-easytier/luci-app-easytier/po/zh_Hans/easytier.po @@ -1061,8 +1061,8 @@ msgstr "点击按钮刷新,查看管理映射的监听器" msgid "Encryption Algorithm" msgstr "加密算法" -msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)" -msgstr "使用的加密算法,支持:xor、chacha20、aes-gcm、aes-gcm-256、openssl-aes128-gcm、openssl-aes256-gcm、openssl-chacha20。默认(aes-gcm)(--encryption-algorithm 参数)" +msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)" +msgstr "使用的加密算法,支持:xor、chacha20、aes-gcm、aes-256-gcm、openssl-aes-gcm、openssl-chacha20、openssl-aes-256-gcm。默认(aes-gcm)(--encryption-algorithm 参数)" msgid "Stats" msgstr "Stats统计信息" diff --git a/luci-app-easytier/luci-app-easytier/root/etc/config/easytier b/luci-app-easytier/luci-app-easytier/root/etc/config/easytier index 3444bf788..3c8fc4a29 100644 --- a/luci-app-easytier/luci-app-easytier/root/etc/config/easytier +++ b/luci-app-easytier/luci-app-easytier/root/etc/config/easytier @@ -2,3 +2,6 @@ config easytier option enabled '0' option easytierbin '/usr/bin/easytier-core' + option auto_config_interface '1' + option auto_config_firewall '1' + option interface_netmask '255.0.0.0' diff --git a/luci-app-easytier/luci-app-easytier/root/etc/init.d/easytier b/luci-app-easytier/luci-app-easytier/root/etc/init.d/easytier index 201adc0e6..bc612e8d0 100644 --- a/luci-app-easytier/luci-app-easytier/root/etc/init.d/easytier +++ b/luci-app-easytier/luci-app-easytier/root/etc/init.d/easytier @@ -238,10 +238,18 @@ get_etconfig() { tcp_white_port="$(uci -q get easytier.@easytier[0].tcp_white_port)" disable_relay_kcp="$(uci -q get easytier.@easytier[0].disable_relay_kcp || echo 0)" relay_kcp="$(uci -q get easytier.@easytier[0].relay_kcp || echo 0)" + auto_config_interface="$(uci -q get easytier.@easytier[0].auto_config_interface || echo 1)" + interface_netmask="$(uci -q get easytier.@easytier[0].interface_netmask)" + auto_config_firewall="$(uci -q get easytier.@easytier[0].auto_config_firewall || echo 1)" } set_firewall() { + # Check if auto_config_firewall is enabled + if [ "$auto_config_firewall" != "1" ]; then + echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动防火墙配置已禁用,跳过配置" >>/tmp/easytier.log + return + fi if [ ! -z "$tcp_port" ] ; then echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则 easytier_tcp_udp 放行端口 ${tcp_port} " >>/tmp/easytier.log @@ -311,31 +319,42 @@ set_firewall() { fi [ -z "$tunname" ] && tunname="tun0" - uci -q delete network.EasyTier >/dev/null 2>&1 - if [ -z "$(uci -q get network.EasyTier)" ]; then - uci set network.EasyTier='interface' - if [ -z "$ipaddr" ]; then - uci set network.EasyTier.proto='none' - else - uci set network.EasyTier.proto='static' - uci set network.EasyTier.ipaddr=$ipaddr - uci set network.EasyTier.netmask='255.0.0.0' - fi - echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加网络接口 EasyTier 绑定虚拟接口 ${tunname}" >>/tmp/easytier.log - uci set network.EasyTier.device="$tunname" - uci set network.EasyTier.ifname="$tunname" - fi - if [ -z "$(uci -q get firewall.easytierzone)" ]; then - echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则,放行网络接口 EasyTier 允许出入转发,开启IP动态伪装 MSS钳制" >>/tmp/easytier.log - uci set firewall.easytierzone='zone' - uci set firewall.easytierzone.input='ACCEPT' - uci set firewall.easytierzone.output='ACCEPT' - uci set firewall.easytierzone.forward='ACCEPT' - uci set firewall.easytierzone.masq='1' - uci set firewall.easytierzone.mtu_fix='1' - uci set firewall.easytierzone.name='EasyTier' - uci set firewall.easytierzone.network='EasyTier' + + # Check if auto_config_interface is enabled + if [ "$auto_config_interface" = "1" ]; then + echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动网络接口配置已启用" >>/tmp/easytier.log + uci -q delete network.EasyTier >/dev/null 2>&1 + if [ -z "$(uci -q get network.EasyTier)" ]; then + uci set network.EasyTier='interface' + if [ -z "$ipaddr" ]; then + uci set network.EasyTier.proto='none' + else + uci set network.EasyTier.proto='static' + uci set network.EasyTier.ipaddr=$ipaddr + [ -z "$interface_netmask" ] && interface_netmask="255.0.0.0" + uci set network.EasyTier.netmask="$interface_netmask" + fi + echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加网络接口 EasyTier 绑定虚拟接口 ${tunname},子网掩码: ${interface_netmask:-255.0.0.0}" >>/tmp/easytier.log + uci set network.EasyTier.device="$tunname" + uci set network.EasyTier.ifname="$tunname" + fi + if [ -z "$(uci -q get firewall.easytierzone)" ]; then + echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则,放行网络接口 EasyTier 允许出入转发,开启IP动态伪装 MSS钳制" >>/tmp/easytier.log + uci set firewall.easytierzone='zone' + uci set firewall.easytierzone.input='ACCEPT' + uci set firewall.easytierzone.output='ACCEPT' + uci set firewall.easytierzone.forward='ACCEPT' + uci set firewall.easytierzone.masq='1' + uci set firewall.easytierzone.mtu_fix='1' + uci set firewall.easytierzone.name='EasyTier' + uci set firewall.easytierzone.network='EasyTier' + fi + else + echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动网络接口配置已禁用,不创建网络接口" >>/tmp/easytier.log + uci -q delete network.EasyTier >/dev/null 2>&1 + uci -q delete firewall.easytierzone >/dev/null 2>&1 fi + et_forward="$(uci -q get easytier.@easytier[0].et_forward)" if [ "${et_forward//etfwlan/}" != "$et_forward" ]; then echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 允许从虚拟网络 EasyTier 到局域网 lan 的流量" >>/tmp/easytier.log