{"id":49740269,"url":"https://github.com/ike-sh/leikwan-toolkit","last_synced_at":"2026-05-16T00:20:50.303Z","repository":{"id":356189179,"uuid":"1230754845","full_name":"ike-sh/leikwan-toolkit","owner":"ike-sh","description":"Role-based Debian toolkit for Leikwan TCP chaining with EasyTier, nftables, IPv4 PBR, MSS clamp, and diagnostics.","archived":false,"fork":false,"pushed_at":"2026-05-11T18:21:09.000Z","size":1131,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-11T20:04:19.929Z","etag":null,"topics":["debian","iptables","leikwan","leikwanhost","network-toolkit","nftables","pbr","proxy-toolkit","shell-script"],"latest_commit_sha":null,"homepage":"https://github.com/ike-sh/leikwan-toolkit/releases","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ike-sh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-06T09:37:29.000Z","updated_at":"2026-05-11T18:21:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ike-sh/leikwan-toolkit","commit_stats":null,"previous_names":["ike-sh/leikwan-wg-toolkit","ike-sh/leikwan-toolkit"],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/ike-sh/leikwan-toolkit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ike-sh%2Fleikwan-toolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ike-sh%2Fleikwan-toolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ike-sh%2Fleikwan-toolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ike-sh%2Fleikwan-toolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ike-sh","download_url":"https://codeload.github.com/ike-sh/leikwan-toolkit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ike-sh%2Fleikwan-toolkit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32956830,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-12T09:19:52.626Z","status":"ssl_error","status_checked_at":"2026-05-12T09:17:33.438Z","response_time":102,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debian","iptables","leikwan","leikwanhost","network-toolkit","nftables","pbr","proxy-toolkit","shell-script"],"created_at":"2026-05-09T18:01:18.485Z","updated_at":"2026-05-16T00:20:50.298Z","avatar_url":"https://github.com/ike-sh.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Leikwan Toolkit\n\nLeikwan Toolkit `1.4.12 LTS` is the Shell LTS line for local TCP/UDP forwarding, EasyTier relay / entry setup, nftables, IPv4 PBR, snapshots, status, doctor, and DDNS domain-resolution refresh.\n\n当前仓库只维护 Shell LTS：\n\n- `leikwan-toolkit.sh`\n- `scripts/bootstrap.sh`\n- `docs/`\n- `tests/`\n\n历史 `panel/` 实现已迁移到 `edge-tunnel-panel`，本仓库不恢复这些文件。\n\n## 快速开始\n\n国内机器优先使用这一组命令，避免 GitHub 大文件直连卡住。bootstrap 后续 GitHub 下载默认继续走 `mirror-first`：\n\n```bash\nexport LEIKWAN_GITHUB_DOWNLOAD_MODE=mirror-first\nexport LEIKWAN_GITHUB_MIRRORS=\"https://gh-proxy.com/,https://gh.llkk.cc/,https://gh.ddlc.top/,https://ghproxy.net/,https://mirror.ghproxy.com/,https://cf.ghproxy.cc/,https://gh.api.99988866.xyz/,https://github.akams.cn/\"\ncurl -fsSL -o /tmp/lq-bootstrap.sh https://gh-proxy.com/https://raw.githubusercontent.com/ike-sh/leikwan-toolkit/main/scripts/bootstrap.sh\nbash /tmp/lq-bootstrap.sh\n```\n\n国内机器建议使用国内推荐命令。bootstrap 内部后续 GitHub 下载默认 `mirror-first`，镜像失败时会 fallback 官方 GitHub；如果某个镜像不可用，可调整 `LEIKWAN_GITHUB_MIRRORS` 顺序。需要改回官方 GitHub 优先时设置 `LEIKWAN_GITHUB_DOWNLOAD_MODE=origin-first`。\n\n官方安装命令：\n\n```bash\ncurl -fsSL -o /tmp/lq-bootstrap.sh https://raw.githubusercontent.com/ike-sh/leikwan-toolkit/main/scripts/bootstrap.sh\nbash /tmp/lq-bootstrap.sh\n```\n\n```bash\nlq init\nlq status\nlq status --verbose\nlq --doctor\nlq ddns run\nlq ddns status\nlq forward apply-relay --auto-fix-route\n```\n\n查看版本：\n\n```bash\nlq --version\n# leikwan-toolkit 1.4.12 LTS\n```\n\n## 快速组网系统网络预处理\n\n快速组网在 B 利群主机初始化和 A 公网入口部署前，会自动执行系统网络预处理：\n\n- 开启 IPv4 优先，托管 `/etc/gai.conf` 中的 Leikwan managed block。\n- 设置系统 DNS 为国外 DNS：`8.8.8.8`、`1.1.1.1`。\n\n这些系统级修改会先备份，再写入可恢复配置。手动入口在：\n\n```text\n高级维护 -\u003e 系统网络优化\n```\n\n也可以使用 CLI：\n\n```bash\nlq system network status\nlq system network prepare\nlq system ipv4-prefer enable\nlq system dns set 8.8.8.8,1.1.1.1\nlq system dns restore\nlq system ipv6 disable\nlq system ipv6 restore\nlq system ipv6 lockdown\nlq system bbr enable\n```\n\n系统 DNS 影响整机解析；DDNS 多 DNS 解析器只影响 Toolkit 对域名解析变化的检测，两者不是同一套配置。如果不希望脚本继续管理系统 DNS，可在“系统网络优化”中恢复。\n\nIPv6 禁用是 sysctl 级别的禁用 / 恢复；“IPv6 入站收口 nftables”只是用 nftables 限制 IPv6 入站访问，不是禁用 IPv6。\n\n## 域名解析变化自动刷新\n\nLeikwan Toolkit 默认不修改 DNS 服务商记录，也不要求配置 DNS provider token。公网入口域名 / IP 可以由路由器、服务商客户端、Cloudflare、外部 DDNS 客户端或外部脚本维护。\n\nToolkit 在 B 利群主机侧定时解析这些域名，并根据解析结果相对本地缓存是否变化来刷新本地配置：\n\n- `entries.tsv` 中 enabled 公网入口的 `public_host`。\n- `forwards.tsv` 中 enabled 转发目标的 `target_host`。\n- `pbr/domain-routes.tsv` 中 enabled 域名规则。\n- `DDNS_GLOBAL_DOMAINS` 中额外配置的域名。\n\n本机公网 IP 检测只作为辅助状态展示，不参与 entries / forwards / PBR 的变化判断。\n\n1.4.5 起，DDNS 域名检测继续支持多 DNS 解析器，避免只依赖系统 DNS 时漏掉国内外 DNS 传播不一致：\n\n```text\nDNS_RESOLVE_SERVERS=1.1.1.1,8.8.8.8,223.5.5.5,119.29.29.29\nDNS_RESOLVE_STRATEGY=first-success\nDNS_RESOLVE_WARN_ON_SPLIT=true\n```\n\n默认优先使用 `1.1.1.1` / `8.8.8.8`，再使用国内 DNS。用户可以调整 `DNS_RESOLVE_SERVERS` 顺序，也可以把 `DNS_RESOLVE_STRATEGY` 设置为 `system-first` 或 `majority`。如果解析器返回不同 IP，会记录 WARN，并在状态中显示最近 DNS 分歧。\n\n没有 `dig` 时，`lq ddns run`、`lq ddns status`、`lq doctor`、`lq doctor --auto-fix` 和 DDNS timer 会在 root + apt-get 环境下自动安装 `dnsutils`。安装失败不会中断检测，会继续使用 `nslookup`、`host` 和系统 resolver fallback；如果只能使用系统 resolver，状态会显示 `DNS 传播状态: 未完整检测`。\n\n发现采用结果与本地缓存不同时，Toolkit 会更新 resolved 缓存并自动刷新本地转发 / PBR。公网入口 `public_host` 变化时会标记 `relay restart needed`；默认不会自动重启 relay。需要自动重启时再显式设置：\n\n启用或禁用公网入口后，如果该入口使用域名，Toolkit 会自动轻量刷新 `resolved-entries.tsv` 和 DDNS 状态缓存；刷新失败只 WARN，不阻塞入口启停。\n\n```text\nDDNS_AUTO_RESTART_RELAY=true\nDDNS_RESTART_RELAY_COOLDOWN=300\n```\n\n关键默认值：\n\n```text\nDDNS_UPDATE_DNS_RECORD=false\nDDNS_AUTO_APPLY=true\nDDNS_AUTO_SYNC_PBR=true\nDDNS_AUTO_RESTART_RELAY=false\nDDNS_RESTART_RELAY_COOLDOWN=300\nPUBLIC_IP_CHECK_URLS=\n```\n\n## Release 打包\n\n```bash\nbash scripts/build-release.sh\n# 或指定版本\nVERSION=1.4.12 bash scripts/build-release.sh\n```\n\n产物写入 `dist/leikwan-toolkit-1.4.12.tar.gz` 和对应 `.sha256`，只包含 Shell LTS 需要的 VERSION、README、主脚本、scripts、docs、tests 和可选 LICENSE。`.sha256` 文件使用 `hash  leikwan-toolkit-1.4.12.tar.gz` 的 basename 格式。`VERSION` 用于 `lq update check` 轻量检查最新版本，发布时必须与 `TOOL_VERSION` 保持一致。\n\n## 文档\n\n- [DDNS / 域名解析变化](docs/ddns-refresh.md)\n- [CLI](docs/cli.md)\n- [状态输出](docs/status.md)\n- [Doctor](docs/doctor.md)\n- [PBR](docs/pbr.md)\n- [nftables 转发](docs/nftables-forwarding.md)\n- [Workflow](docs/workflow.md)\n- [Testing](docs/testing.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fike-sh%2Fleikwan-toolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fike-sh%2Fleikwan-toolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fike-sh%2Fleikwan-toolkit/lists"}