feat: VPS WireGuard gateway auto-configuration (ph4)
- uci-defaults: WG keygen, vps_gateway interface+zone+forwarding - heartbeat: sends wg_public_key, parses VPS config, calls vps-setup - parahub-vps-setup: new script for auto-configuring VPS tunnel with OTA bootstrap support and idempotent state tracking - parahub-mullvad: setup disables vps_gateway, remove re-enables it (fixes bug referencing non-existent vpn_tunnel interface) - parahub-gw-check: works with both vps_gateway and mullvad_local - sysupgrade.conf: preserves WG VPS keys across upgrades - build.sh: bump PARAHUB_BUILD to 4 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -3,7 +3,7 @@
|
||||
#
|
||||
# Allows the node owner to run Mullvad directly on the router.
|
||||
# Guest traffic routes through the local WireGuard tunnel instead of
|
||||
# the default GRE6→VPS path, giving lower latency and using the
|
||||
# the default VPS gateway path, giving lower latency and using the
|
||||
# nearest Mullvad server.
|
||||
#
|
||||
# Usage:
|
||||
@@ -150,8 +150,8 @@ set network.@wireguard_mullvad_local[-1].route_allowed_ips='1'
|
||||
set network.@wireguard_mullvad_local[-1].persistent_keepalive='25'
|
||||
WG_EOF
|
||||
|
||||
# Disable GRE6 tunnel (WG replaces it in table 100)
|
||||
uci set network.vpn_tunnel.auto='0'
|
||||
# Disable VPS gateway (Mullvad replaces it in table 100)
|
||||
uci -q set network.vps_gateway.auto='0' 2>/dev/null || true
|
||||
uci commit network
|
||||
|
||||
# --- Step 6: Firewall zone for mullvad_local ---
|
||||
@@ -213,8 +213,10 @@ cmd_status() {
|
||||
echo ""
|
||||
wg show mullvad_local 2>/dev/null || echo "WireGuard interface: not up"
|
||||
else
|
||||
echo "Mode: VPS GATEWAY (GRE6 tunnel)"
|
||||
echo "VPS: 91.98.123.238 -> Mullvad Portugal"
|
||||
echo "Mode: VPS GATEWAY (WireGuard)"
|
||||
echo "VPS: 185.47.131.84 -> Mullvad"
|
||||
echo ""
|
||||
wg show vps_gateway 2>/dev/null || echo "VPS gateway: not active"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
@@ -222,6 +224,8 @@ cmd_status() {
|
||||
local fwd_idx
|
||||
if fwd_idx=$(find_guest_forwarding); then
|
||||
echo " guest -> $(uci -q get "firewall.@forwarding[$fwd_idx].dest")"
|
||||
else
|
||||
echo " (none)"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -241,8 +245,8 @@ cmd_remove() {
|
||||
uci -q delete network.mullvad_local 2>/dev/null || true
|
||||
while uci -q delete network.@wireguard_mullvad_local[0] 2>/dev/null; do :; done
|
||||
|
||||
# Re-enable GRE6 tunnel
|
||||
uci -q delete network.vpn_tunnel.auto 2>/dev/null || true
|
||||
# Re-enable VPS gateway
|
||||
uci -q delete network.vps_gateway.auto 2>/dev/null || true
|
||||
uci commit network
|
||||
|
||||
# Remove firewall zone
|
||||
@@ -251,10 +255,10 @@ cmd_remove() {
|
||||
uci delete "firewall.@zone[$zone_idx]"
|
||||
fi
|
||||
|
||||
# Switch guest forwarding back to vpn_tunnel
|
||||
# Switch guest forwarding back to vps_gateway
|
||||
local fwd_idx
|
||||
if fwd_idx=$(find_guest_forwarding); then
|
||||
uci set "firewall.@forwarding[$fwd_idx].dest=vpn_tunnel"
|
||||
uci set "firewall.@forwarding[$fwd_idx].dest=vps_gateway"
|
||||
fi
|
||||
uci commit firewall
|
||||
|
||||
|
||||
Reference in New Issue
Block a user