Zapret не устаналивается на последние сборки SNAPSHOT OpenWrt

[Alexey71]

@bol-van Привет. Перестано устаналивать Zapret

root@OpenWrt:~# /opt/zapret/install_easy.sh
* checking system
system is not either systemd, openrc or openwrt based
easy installer can set up config settings but can't configure auto start
you have to do it manually. check readme.txt for manual setup info.
do you want to continue (default : N) (Y/N) ? Y

press enter to continue

В новых версиях они теперь сделали APK package manager, заместо opkg. https://github.com/openwrt/openwrt/commit/40b8fbaa9754c86480eefc3692c9116a51a64718 Поправил пока вручную installer.sh

[bol-van]

Конечно, и очень сильно. Не знал. Придется допиливать

[janeblower]

Поправил пока вручную installer.sh

Поделись посмотреть.

[Alexey71]

Поправил пока вручную installer.sh

Поделись посмотреть.

installer.zip

[janeblower]

Поправил пока вручную installer.sh

Поделись посмотреть.

installer.zip

так оно не должно работать, там сабкомманды другие у apk. Банально apk install ошибку даст, ибо apk add.

[Alexey71]

Поправил пока вручную installer.sh

Поделись посмотреть.

installer.zip

так оно не должно работать, там сабкомманды другие у apk. Банально apk install ошибку даст, ибо apk add.

Мне главное работает /opt/zapret/install_easy.sh комманда, больше ничего не надо. Все зависимости уже стоят в прошивке

[Alexey71]

root@OpenWrt:~# yes "" | /opt/zapret/install_easy.sh
* checking system
system is based on openwrt
openwrt firewall uses fw4. flow offloading requires nftables.
* checking executables
found architecture "aarch64"
* checking privileges
* checking location
running from /opt/zapret
* installing binaries
aarch64 is OK
installing binaries ...
linking : ../binaries/aarch64/ip2net => /opt/zapret/ip2net
linking : ../binaries/aarch64/mdig => /opt/zapret/mdig
linking : ../binaries/aarch64/nfqws => /opt/zapret/nfq
linking : ../binaries/aarch64/tpws => /opt/zapret/tpws
* checking DNS
system DNS is working
* checking virtualization
cannot detect
* stopping current firewall rules/daemons
Clearing nftables

select firewall type :
1 : iptables
2 : nftables
your choice (default : nftables) : selected : nftables

enable ipv6 support (default : N) (Y/N) ? * checking prerequisites
* installing prerequisites
fetch https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/packages/packages.adb
fetch https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/base/packages.adb
fetch https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/luci/packages.adb
fetch https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/packages/packages.adb
fetch https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/routing/packages.adb
fetch https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/telephony/packages.adb
 [https://downloads.openwrt.org/snapshots/targets/mediatek/filogic/packages/packages.adb]
 [https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/base/packages.adb]
 [https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/luci/packages.adb]
 [https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/packages/packages.adb]
 [https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/routing/packages.adb]
 [https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/telephony/packages.adb]
OK: 10532 distinct packages available
OK: 169 MiB in 272 packages

your system uses default busybox gzip. its several times slower than GNU gzip.
ip/host list scripts will run much faster with GNU gzip
installer can install GNU gzip but it requires about 100 Kb space
do you want to install GNU gzip (default : N) (Y/N) ?
your system uses default busybox sort. its much slower and consumes much more RAM than GNU sort
ip/host list scripts will run much faster with GNU sort
installer can install GNU sort but it requires about 100 Kb space
do you want to install GNU sort (default : N) (Y/N) ?
enable tpws socks mode on port 987 ? (default : N) (Y/N) ?
enable tpws transparent mode ? (default : N) (Y/N) ?
enable nfqws ? (default : Y) (Y/N) ?
NFQWS_PORTS_TCP=80,443
NFQWS_PORTS_UDP=443
NFQWS_TCP_PKT_OUT=9
NFQWS_TCP_PKT_IN=3
NFQWS_UDP_PKT_OUT=9
NFQWS_UDP_PKT_IN=0
NFQWS_PORTS_TCP_KEEPALIVE=
NFQWS_PORTS_UDP_KEEPALIVE=
NFQWS_OPT="

--filter-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=20 --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin <HOSTLIST> --new
--filter-udp=443 --dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=20--dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin <HOSTLIST_NOAUTO>
"
do you want to edit the options (default : N) (Y/N) ?
current custom scripts in /opt/zapret/init.d/openwrt/custom.d:
Make sure this is ok

select filtering :
1 : none
2 : ipset
3 : hostlist
4 : autohostlist
your choice (default : hostlist) : selected : hostlist

do you want to auto download ip/host list (default : N) (Y/N) ?
flow offloading can greatly increase speed on slow devices and high speed links (usually 150+ mbits)
unfortuantely its not compatible with most nfqws options. nfqws traffic must be exempted from flow offloading.
donttouch = disable system flow offloading setting if nfqws mode was selected, dont touch it otherwise and dont configure selective flow offloading
none = always disable system flow offloading setting and dont configure selective flow offloading
software = always disable system flow offloading setting and configure selective software flow offloading
hardware = always disable system flow offloading setting and configure selective hardware flow offloading
offloading breaks traffic shaper
select flow offloading :
1 : donttouch
2 : none
3 : software
4 : hardware
your choice (default : donttouch) : selected : donttouch
* installing init script
Clearing nftables
Command failed: Not found
* clearing ipset(s)
setting high oom kill priority
reloading nftables set backend (clear)
* downloading blocked ip/host list
setting high oom kill priority
clearing all known DNS caches
DNS is working
digging 8 ipv4 domains : /opt/zapret/ipset/zapret-hosts-user-exclude.txt
mdig stats : 00:00:00 : domains=8 success=8 error=0
digging 0 ipv4 domains : /opt/zapret/ipset/zapret-hosts-user-ipban.txt
mdig stats : 00:00:00 : domains=0 success=0 error=0
setting high oom kill priority
reloading nftables set backend (forced-update)
Adding to nfset zapret : /opt/zapret/ipset/zapret-ip.txt /opt/zapret/ipset/zapret-ip-user.txt
Adding to nfset ipban : /opt/zapret/ipset/zapret-ip-ipban.txt /opt/zapret/ipset/zapret-ip-user-ipban.txt
Adding to nfset nozapret : /opt/zapret/ipset/zapret-ip-exclude.txt
* adding crontab entry
* installing ifup hook
* starting zapret service
Starting daemon 3: /opt/zapret/nfq/nfqws --qnum=200 --user=daemon --dpi-desync-fwmark=0x40000000
--filter-tcp=80,443 --dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=20 --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt --new
--filter-udp=443 --dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=20--dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin --hostlist=/opt/zapret/ipset/zapret-hosts-user.txt --hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
Applying nftables
Creating ip list table (firewall type nftables)
setting high oom kill priority
reloading nftables set backend (no-update)
Inserting nftables ipv4 rule for nfqws postrouting (qnum 200) : tcp dport {80,443} ct original packets 1-9
Inserting nftables ipv4 rule for nfqws prerouting (qnum 200) : tcp sport {80,443} ct reply packets 1-3
Inserting nftables ipv4 rule for nfqws postrouting (qnum 200) : udp dport {443} ct original packets 1-9
* checking flow offloading
system wide software flow offloading disabled. ok
* restarting firewall

press enter to continue
root@OpenWrt:~#

[bol-van]

Будет в след релизе поддержка. От этого никуда не уйти

[Betonmischer86]

К слову про OpenWrt, вот бы еще добавить Zapret в официальный репозиторий. Или есть причины, почему это проблематично?

[bol-van]

Поддержка apk сделана. В официальный репозиторий не стоит. Тогда придется переделывать конкретно под openwrt со всей его классикой. Управление через UCI, например. Слишком много мороки с этим