update 2026-01-22 10:02:31

luci-app-easytier/luci-app-easytier/luasrc/model/cbi/easytier.lua

@@ -261,15 +261,15 @@ disable_encryption = s:taboption("privacy", Flag, "disable_encryption", translat
 disable_encryption:depends("etcmd", "etcmd")
 
 encryption_algorithm = s:taboption("privacy", ListValue, "encryption_algorithm", translate("Encryption Algorithm"),
-        translate("encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)"))
+        translate("encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)"))
 encryption_algorithm.default = "aes-gcm"
 encryption_algorithm:value("xor",translate("xor"))
 encryption_algorithm:value("chacha20",translate("chacha20"))
 encryption_algorithm:value("aes-gcm",translate("aes-gcm"))
-encryption_algorithm:value("aes-gcm-256",translate("aes-gcm-256"))
+encryption_algorithm:value("aes-256-gcm",translate("aes-256-gcm"))
-encryption_algorithm:value("openssl-aes128-gcm",translate("openssl-aes128-gcm"))
+encryption_algorithm:value("openssl-aes-gcm",translate("openssl-aes-gcm"))
-encryption_algorithm:value("openssl-aes256-gcm",translate("openssl-aes256-gcm"))
 encryption_algorithm:value("openssl-chacha20",translate("openssl-chacha20"))
+encryption_algorithm:value("openssl-aes-256-gcm",translate("openssl-aes-256-gcm"))
 encryption_algorithm:depends("etcmd", "etcmd")
 
 multi_thread = s:taboption("privacy", Flag, "multi_thread", translate("Enable Multithreading"),
@@ -449,6 +449,22 @@ log:value("info", translate("Info"))
 log:value("debug", translate("Debug"))
 log:value("trace", translate("Trace"))
 
+-- Network Configuration Options
+auto_config_interface = s:taboption("privacy", Flag, "auto_config_interface", translate("Auto Configure Interface"),
+        translate("Automatically create and configure the EasyTier network interface"))
+auto_config_interface.default = "1"
+
+interface_netmask = s:taboption("privacy", Value, "interface_netmask", translate("Interface Netmask"),
+        translate("Subnet mask for the EasyTier interface (default: 255.0.0.0)"))
+interface_netmask.placeholder = "255.0.0.0"
+interface_netmask.default = "255.0.0.0"
+interface_netmask.datatype = "ip4addr"
+interface_netmask:depends("auto_config_interface", "1")
+
+auto_config_firewall = s:taboption("privacy", Flag, "auto_config_firewall", translate("Auto Configure Firewall"),
+        translate("Automatically add and manage firewall rules"))
+auto_config_firewall.default = "1"
+
 et_forward = s:taboption("privacy", MultiValue, "et_forward", translate("Access Control"),
         translate("Set traffic permission rules between different network zones"))
 et_forward:value("etfwlan", translate("Allow traffic from EasyTier virtual network to LAN"))

luci-app-easytier/luci-app-easytier/po/templates/easytier.pot

@@ -1027,7 +1027,7 @@ msgstr ""
 msgid "Encryption Algorithm"
 msgstr ""
 
-msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)"
+msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)"
 msgstr ""
 
 msgid "Stats"

luci-app-easytier/luci-app-easytier/po/zh_Hans/easytier.po

@@ -1061,8 +1061,8 @@ msgstr "点击按钮刷新，查看管理映射的监听器"
 msgid "Encryption Algorithm"
 msgstr "加密算法"
 
-msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-gcm-256, openssl-aes128-gcm, openssl-aes256-gcm, openssl-chacha20. default (aes-gcm) (--encryption-algorithm parameter)"
+msgid "encryption algorithm to use, supported: xor, chacha20, aes-gcm, aes-256-gcm, openssl-aes-gcm, openssl-chacha20, openssl-aes-256-gcm. default (aes-gcm) (--encryption-algorithm parameter)"
-msgstr "使用的加密算法，支持：xor、chacha20、aes-gcm、aes-gcm-256、openssl-aes128-gcm、openssl-aes256-gcm、openssl-chacha20。默认（aes-gcm）(--encryption-algorithm 参数)"
+msgstr "使用的加密算法，支持：xor、chacha20、aes-gcm、aes-256-gcm、openssl-aes-gcm、openssl-chacha20、openssl-aes-256-gcm。默认（aes-gcm）(--encryption-algorithm 参数)"
 
 msgid "Stats"
 msgstr "Stats统计信息"

luci-app-easytier/luci-app-easytier/root/etc/config/easytier

@@ -2,3 +2,6 @@
 config easytier
 	option enabled '0'
 	option easytierbin '/usr/bin/easytier-core'
+	option auto_config_interface '1'
+	option auto_config_firewall '1'
+	option interface_netmask '255.0.0.0'

luci-app-easytier/luci-app-easytier/root/etc/init.d/easytier

@@ -238,10 +238,18 @@ get_etconfig() {
 		tcp_white_port="$(uci -q get easytier.@easytier[0].tcp_white_port)"
 		disable_relay_kcp="$(uci -q get easytier.@easytier[0].disable_relay_kcp || echo 0)"
 		relay_kcp="$(uci -q get easytier.@easytier[0].relay_kcp || echo 0)"
+		auto_config_interface="$(uci -q get easytier.@easytier[0].auto_config_interface || echo 1)"
+		interface_netmask="$(uci -q get easytier.@easytier[0].interface_netmask)"
+		auto_config_firewall="$(uci -q get easytier.@easytier[0].auto_config_firewall || echo 1)"
 		
 }
 
 set_firewall() {
+		# Check if auto_config_firewall is enabled
+		if [ "$auto_config_firewall" != "1" ]; then
+			echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动防火墙配置已禁用，跳过配置" >>/tmp/easytier.log
+			return
+		fi
 		
 			if [ ! -z "$tcp_port" ] ; then
 		    		echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则 easytier_tcp_udp 放行端口 ${tcp_port} " >>/tmp/easytier.log
@@ -311,31 +319,42 @@ set_firewall() {
 		   	fi
                 
 		[ -z "$tunname" ] && tunname="tun0"
-                uci -q delete network.EasyTier >/dev/null 2>&1
+		
-	        if [ -z "$(uci -q get network.EasyTier)" ];  then				
+		# Check if auto_config_interface is enabled
-		       uci set network.EasyTier='interface'
+		if [ "$auto_config_interface" = "1" ]; then
-                       if [ -z "$ipaddr" ]; then
+			echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动网络接口配置已启用" >>/tmp/easytier.log
-				uci set network.EasyTier.proto='none'
+                	uci -q delete network.EasyTier >/dev/null 2>&1
-			else
+		        if [ -z "$(uci -q get network.EasyTier)" ];  then				
-				uci set network.EasyTier.proto='static'
+			       uci set network.EasyTier='interface'
-				uci set network.EasyTier.ipaddr=$ipaddr
+                       		if [ -z "$ipaddr" ]; then
-				uci set network.EasyTier.netmask='255.0.0.0'
+						uci set network.EasyTier.proto='none'
-		       fi
+					else
-		       echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加网络接口 EasyTier 绑定虚拟接口 ${tunname}" >>/tmp/easytier.log
+						uci set network.EasyTier.proto='static'
-                       uci set network.EasyTier.device="$tunname"
+						uci set network.EasyTier.ipaddr=$ipaddr
-                       uci set network.EasyTier.ifname="$tunname"
+						[ -z "$interface_netmask" ] && interface_netmask="255.0.0.0"
-		fi
+						uci set network.EasyTier.netmask="$interface_netmask"
-		if [ -z "$(uci -q get firewall.easytierzone)" ];  then
+			       		fi
-				echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则，放行网络接口 EasyTier 允许出入转发，开启IP动态伪装 MSS钳制" >>/tmp/easytier.log
+			       		echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加网络接口 EasyTier 绑定虚拟接口 ${tunname}，子网掩码: ${interface_netmask:-255.0.0.0}" >>/tmp/easytier.log
-				uci set firewall.easytierzone='zone'
+                       		uci set network.EasyTier.device="$tunname"
-				uci set firewall.easytierzone.input='ACCEPT'
+                       		uci set network.EasyTier.ifname="$tunname"
-				uci set firewall.easytierzone.output='ACCEPT'
+			fi
-				uci set firewall.easytierzone.forward='ACCEPT'
+			if [ -z "$(uci -q get firewall.easytierzone)" ];  then
-				uci set firewall.easytierzone.masq='1'
+					echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 添加防火墙规则，放行网络接口 EasyTier 允许出入转发，开启IP动态伪装 MSS钳制" >>/tmp/easytier.log
-                                uci set firewall.easytierzone.mtu_fix='1'
+					uci set firewall.easytierzone='zone'
-				uci set firewall.easytierzone.name='EasyTier'
+					uci set firewall.easytierzone.input='ACCEPT'
-				uci set firewall.easytierzone.network='EasyTier'
+					uci set firewall.easytierzone.output='ACCEPT'
+					uci set firewall.easytierzone.forward='ACCEPT'
+					uci set firewall.easytierzone.masq='1'
+                                	uci set firewall.easytierzone.mtu_fix='1'
+					uci set firewall.easytierzone.name='EasyTier'
+					uci set firewall.easytierzone.network='EasyTier'
+			fi
+		else
+			echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 自动网络接口配置已禁用，不创建网络接口" >>/tmp/easytier.log
+			uci -q delete network.EasyTier >/dev/null 2>&1
+			uci -q delete firewall.easytierzone >/dev/null 2>&1
 		fi
+		
 		et_forward="$(uci -q get easytier.@easytier[0].et_forward)"
 		if [ "${et_forward//etfwlan/}" != "$et_forward" ]; then
 			echo "$(date '+%Y-%m-%d %H:%M:%S') easytier : 允许从虚拟网络 EasyTier 到局域网 lan 的流量" >>/tmp/easytier.log