Page MenuHomeVyOS Platform
Create Task
Maniphest T6928

Support for custom interface type or custom config node
Open, WishlistPublicFEATURE REQUEST
Actions

Description

Similar to T5623, but my case is Clash, a VPN alternative, tun mode, wiki here but need a translator https://wiki.metacubex.one/config/inbound/tun/

On UBNT, I created a deb package, installing cfg mode nodes and other config templates and scripts under /config.
I use config tree to store:

  • interface name so that PBR and firewall can be configured
  • disable status
  • subscription url and other config.

Wiki here: https://github.com/sskaje/ubnt-clash/wiki/02.-%E9%85%8D%E7%BD%AE%E8%AF%B4%E6%98%8E
(I turned the repo to private mode for around 1 year because of possible law issues, I'll update some config I used in comments)

The most important part is the interface name and making the interface be part of the PBR destination.

During my recent works on WireGuard, I see VyOS uses XML for cfg/op nodes, to add a new node I have to add/edit current XMLs and rebuild whole vyos-1x, the cache update script doesn't work without xml and It's hard to edit the cached nodes.

Here is my question or feature request:

  1. Is there any way I can add custom node using a plugin liked deb instead of submit code to vyos-1x?
  2. Can I just add a type of interfaces, maybe set interfaces utunnel utunX with only address, description, disable but do nothing? (The external program will create interfaces by itself, maybe add a control-mode = external to declare such behaviors)

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Related Objects

Event Timeline

sskaje created this task.Dec 1 2024, 3:19 PM
sskaje updated the task description. (Show Details)Dec 1 2024, 3:23 PM
sskaje added a comment.EditedDec 1 2024, 3:26 PM

Here are some config commands I used with my ubnt plugin

root@ER3# set interfaces clash utun0 
Possible completions:
  check-interval
  		Connection check interval, used in cron
  config-url	URL containing the Clash config (e.g., https://xxxx)
  description	Description for the interface
  disable	Interface to be disabled
  executable	Clash executable
  outbound-interface
  		Outbound interface, not used for now
  update-interval
  		Config update interval, used in cron

create interface

set interfaces clash utun0 config-url https://........

pbr

# 创建路由表
set protocols static table 10 interface-route 0.0.0.0/0 next-hop-interface utun0

# pbr 规则
set firewall group address-group SRC_CLASH address 192.168.2.10-192.168.2.250
set firewall modify MCLASH rule 101 action modify
set firewall modify MCLASH rule 101 modify table 10
set firewall modify MCLASH rule 101 source group address-group SRC_CLASH

# 在 eth1 上应用 pbr 规则
set interfaces ethernet eth1 firewall in modify MCLASH

# 如果只想把 Fake IP 的目的地址转入utun0,可以按这个配置,实际使用中不推荐,可以参考这个配置自己的 pbr 规则
set firewall group network-group DST_CLASH_FAKEIP network 198.18.0.0/16
set firewall modify MCLASH rule 101 destination group network-group DST_CLASH_FAKEIP

dns hijack

set service nat rule 4050 destination group address-group ADDRv4_eth1
set service nat rule 4050 destination port 53
set service nat rule 4050 inbound-interface eth1
set service nat rule 4050 inside-address address 192.168.2.1
set service nat rule 4050 inside-address port 7874
set service nat rule 4050 protocol udp
set service nat rule 4050 source group address-group SRC_CLASH
set service nat rule 4050 type destination

node.tag for interface so I can start app using config tree.

tag:
priority: 460
type: txt
help: Clash TUN Mode tunnel interface name, only clashX accepted
val_help: <clashX>; Clash tunnel interface name
syntax:expression: pattern $VAR(@) "^clash"
        ; "Clash tunnel interface must be named \"clash+\""


create:
	ifname=clash$VAR(@)
	logfile=/var/log/vyatta/clash_${ifname}.log
	sudo touch $logfile
	sudo chgrp adm $logfile
	sudo chmod 664 $logfile
	echo "`date`: Clash interface $ifname created" >> $logfile

	sudo rm -rf /run/clash/$VAR(@)
	sudo mkdir -p /run/clash/$VAR(@) 


delete:
    ifname=clash$VAR(@)
    logfile=/var/log/vyatta/clash_${ifname}.log
	echo "`date`: Clash interface $ifname deleted" >> $logfile
	sudo /usr/bin/clashctl.sh delete $VAR(@)


end:	
	ifname=clash$VAR(@)
	logfile=/var/log/vyatta/clash_${ifname}.log
	echo "`date`: Stopping Clash daemon for $ifname" >> $logfile


    if [ -n "$VAR(./disable)" ]; then
        exit 0
    fi

	if [ -e /run/clash/$VAR(@) ] && [ -x /usr/sbin/clashd ] ; then
		echo "`date`: Starting Clash daemon for $ifname" >> $logfile
		# delay start
		sudo /usr/bin/clashctl.sh delaystart $VAR(@) &
	fi
sskaje added a comment.Dec 1 2024, 3:46 PM

I came up with a possible solution:

  1. interfaces utunnel utunX as I describe above, but with a type
  2. somewhere like /config/tun-types/clash.yaml for type=clash, defines start/stop commands, maybe also somewhere for configurations
  3. execute start/stop commands on commit, but delayed like post-config.d or vyos-domain-resolver (I'm 99% sure clash requires a working DNS, but not sure if socks proxy requires)
pasik subscribed.Dec 1 2024, 4:07 PM
Viacheslav triaged this task as Wishlist priority.Dec 2 2024, 9:49 AM
sskaje added a comment.EditedDec 6 2024, 3:34 AM

I create drafted PR https://github.com/vyos/vyos-1x/pull/4224

Also a project using this changes https://github.com/sskaje/vyos-clash