diff --git a/.gitignore b/.gitignore index 8d28f89..401f18b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,4 @@ db.sqlite3 __pycache__ *.pyc static/static_root -device-config imagebuilder diff --git a/device-config/1/bin/heartbeat b/device-config/1/bin/heartbeat new file mode 100755 index 0000000..4cc35ab --- /dev/null +++ b/device-config/1/bin/heartbeat @@ -0,0 +1,59 @@ +ipaddr(){ + if="${1:-br-VPN360}" + result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//') + /usr/bin/printf %s "${result}" +} + +stopwifi(){ + /sbin/uci set wireless.radio1.disabled=1 + /sbin/uci commit +} + +startwifi(){ + /sbin/uci set wireless.radio1.disabled=0 + /sbin/uci commit + /sbin/wifi +} + +restartwifi(){ + stopwifi + startwifi +} + +. /etc/vpnsecret + +/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1 + +/sbin/uci set wireless.@wifi-iface[0].network="VPN360" +/sbin/uci commit +stopwifi + +/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn & + +/bin/sleep 60 + +if [ $(ipaddr) ] + then + startwifi + while [ True ] + do + sleep 10 + if [ $(ipaddr) ] + then + /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash + fi + done + else + /sbin/uci set wireless.@wifi-iface[0].network="DHCP" + /sbin/uci commit + startwifi + /sbin/ip a add 192.168.36.1/24 dev br-DHCP + /sbin/ifconfig br-DHCP down + /sbin/ifconfig br-DHCP up + while [ True ] + do + sleep 10 + /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash + done +fi + diff --git a/device-config/1/etc/config/chinadns b/device-config/1/etc/config/chinadns new file mode 100644 index 0000000..bcdaf8a --- /dev/null +++ b/device-config/1/etc/config/chinadns @@ -0,0 +1,7 @@ + +config chinadns + option enable '0' + option bidirectional '0' + option chnroute '/etc/chinadns_chnroute.txt' + option port '5353' + option server '114.114.114.114,8.8.4.4' diff --git a/device-config/1/etc/config/dhcp b/device-config/1/etc/config/dhcp new file mode 100644 index 0000000..dd6a8fd --- /dev/null +++ b/device-config/1/etc/config/dhcp @@ -0,0 +1,43 @@ + +config dnsmasq + option domainneeded '1' + option boguspriv '1' + option filterwin2k '0' + option localise_queries '1' + option rebind_protection '1' + option rebind_localhost '1' + option local '/lan/' + option domain 'lan' + option expandhosts '1' + option nonegcache '0' + option authoritative '1' + option readethers '1' + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + option nonwildcard '1' + option localservice '1' + +config dhcp 'lan' + option interface 'lan' + option start '100' + option limit '150' + option leasetime '12h' + option dhcpv6 'server' + option ra 'server' + +config dhcp 'wan' + option interface 'wan' + option ignore '1' + +config odhcpd 'odhcpd' + option maindhcp '0' + option leasefile '/tmp/hosts/odhcpd' + option leasetrigger '/usr/sbin/odhcpd-update' + option loglevel '4' + +config dhcp 'DHCP' + option start '100' + option leasetime '12h' + option limit '150' + option interface 'DHCP' + diff --git a/device-config/1/etc/config/dns-forwarder b/device-config/1/etc/config/dns-forwarder new file mode 100644 index 0000000..852fec2 --- /dev/null +++ b/device-config/1/etc/config/dns-forwarder @@ -0,0 +1,6 @@ + +config dns-forwarder + option enable '0' + option listen_addr '0.0.0.0' + option listen_port '5300' + option dns_servers '8.8.8.8' diff --git a/device-config/1/etc/config/dropbear b/device-config/1/etc/config/dropbear new file mode 100644 index 0000000..05a0b4c --- /dev/null +++ b/device-config/1/etc/config/dropbear @@ -0,0 +1,5 @@ + +config dropbear + option PasswordAuth 'on' + option Port '22' + diff --git a/device-config/1/etc/config/firewall b/device-config/1/etc/config/firewall new file mode 100644 index 0000000..b8097d6 --- /dev/null +++ b/device-config/1/etc/config/firewall @@ -0,0 +1,15 @@ + +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'ACCEPT' + +config include + option path '/etc/firewall.user' + +config include 'mwan3' + option type 'script' + option path '/var/etc/mwan3.include' + option reload '1' + diff --git a/device-config/1/etc/config/glconfig b/device-config/1/etc/config/glconfig new file mode 100755 index 0000000..bc338ed --- /dev/null +++ b/device-config/1/etc/config/glconfig @@ -0,0 +1,32 @@ + +config service 'general' + option model 'ar150' + option port '83' + option language 'en' + option password '0073d12f67d604710231c0b780341795c6a9ae9c4a53364fbe3d9171367d5fb5' + option code_needed '0' + +config service 'ddns' + option enabled '1' + option lastip '80.110.109.118' + option updatetime 'Thu Nov 15 10:08:14 GMT 2018' + +config service 'download' + +config service 'adblock' + option enable '0' + +config service 'autoupdate' + option time '04:00' + option enable '0' + +config service 'samba' + option read_only 'yes' + +config service 'openvpn' + option enable '0' + option force '0' + +config service 'repeater' + option autoconnect '1' + diff --git a/device-config/1/etc/config/luci b/device-config/1/etc/config/luci new file mode 100644 index 0000000..b385eae --- /dev/null +++ b/device-config/1/etc/config/luci @@ -0,0 +1,55 @@ + +config core 'main' + option lang 'auto' + option mediaurlbase '/luci-static/bootstrap' + option resourcebase '/luci-static/resources' + +config extern 'flash_keep' + option uci '/etc/config/' + option dropbear '/etc/dropbear/' + option openvpn '/etc/openvpn/' + option passwd '/etc/passwd' + option opkg '/etc/opkg.conf' + option firewall '/etc/firewall.user' + option uploads '/lib/uci/upload/' + +config internal 'languages' + option en 'English' + option zh_cn '中文 (Chinese)' + +config internal 'sauth' + option sessionpath '/tmp/luci-sessions' + option sessiontime '3600' + +config internal 'ccache' + option enable '1' + +config internal 'themes' + option Bootstrap '/luci-static/bootstrap' + +config internal 'apply' + option rollback '30' + option holdoff '4' + option timeout '5' + option display '1.5' + +config internal 'diag' + option dns 'openwrt.org' + option ping 'openwrt.org' + option route 'openwrt.org' + +config ifstate + option interface 'lan' + option ifname 'eth0 radio0.network1' + option bridge 'true' + +config ifstate + option interface 'VPN360' + option ifname 'radio0.network1' + option bridge 'true' + +config ifstate + option interface 'DHCP' + option ifname 'tap0 radio1.network1' + option bridge 'true' + diff --git a/device-config/1/etc/config/mjpg-streamer b/device-config/1/etc/config/mjpg-streamer new file mode 100644 index 0000000..9899300 --- /dev/null +++ b/device-config/1/etc/config/mjpg-streamer @@ -0,0 +1,10 @@ +config mjpg-streamer core + option enabled "1" + option input 'uvc' + option output 'http' + option device "/dev/video0" + option resolution "640x480" + option fps "15" + option www "/www/webcam" + option port "8083" + option yuv "0" diff --git a/device-config/1/etc/config/mwan3 b/device-config/1/etc/config/mwan3 new file mode 100644 index 0000000..4917cb7 --- /dev/null +++ b/device-config/1/etc/config/mwan3 @@ -0,0 +1,82 @@ +config interface 'wan' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config interface 'wwan' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config interface 'tethering' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config interface 'modem' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config member 'wan_only' + option interface 'wan' + option metric '1' + option weight '3' + +config member 'wwan_only' + option interface 'wwan' + option metric '2' + option weight '3' + +config member 'tethering_only' + option interface 'tethering' + option metric '3' + option weight '3' + +config member 'modem_only' + option interface 'modem' + option metric '4' + option weight '3' + +config policy 'default_poli' + list use_member 'wan_only' + list use_member 'wwan_only' + list use_member 'tethering_only' + list use_member 'modem_only' + option last_resort 'default' + +config rule 'default_rule' + option dest_ip '0.0.0.0/0' + option use_policy 'default_poli' diff --git a/device-config/1/etc/config/network b/device-config/1/etc/config/network new file mode 100644 index 0000000..f2dbc3f --- /dev/null +++ b/device-config/1/etc/config/network @@ -0,0 +1,32 @@ + +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config globals 'globals' + option ula_prefix 'fd1b:3702:99a7::/48' + +config interface 'lan' + option type 'bridge' + option ipaddr '192.168.1.1' + option netmask '255.255.255.0' + option ip6assign '60' + option proto 'dhcp' + option ifname 'eth0' + +config interface 'VPN360' + option type 'bridge' + option proto 'dhcp' + option broadcast '1' + option force_link '1' + option ifname 'tap0' + +config interface 'DHCP' + option type 'bridge' + option proto 'static' + option ipaddr '192.168.36.1' + option netmask '255.255.255.0' + option ifname 'lo' + diff --git a/device-config/1/etc/config/openvpn b/device-config/1/etc/config/openvpn new file mode 100644 index 0000000..7bd5422 --- /dev/null +++ b/device-config/1/etc/config/openvpn @@ -0,0 +1,5 @@ + +config openvpn 'vpn360' + option enabled '0' + option config '/etc/openvpn/client.conf' + diff --git a/device-config/1/etc/config/openvpn-opkg b/device-config/1/etc/config/openvpn-opkg new file mode 100644 index 0000000..1fd846f --- /dev/null +++ b/device-config/1/etc/config/openvpn-opkg @@ -0,0 +1,407 @@ +package openvpn + +################################################# +# Sample to include a custom config file. # +################################################# + +config openvpn custom_config + + # Set to 1 to enable this instance: + option enabled 0 + + # Include OpenVPN configuration + option config /etc/openvpn/my-vpn.conf + + +################################################# +# Sample OpenVPN 2.0 uci config for # +# multi-client server. # +################################################# + +config openvpn sample_server + + # Set to 1 to enable this instance: + option enabled 0 + + # Which local IP address should OpenVPN + # listen on? (optional) +# option local 0.0.0.0 + + # Which TCP/UDP port should OpenVPN listen on? + # If you want to run multiple OpenVPN instances + # on the same machine, use a different port + # number for each one. You will need to + # open up this port on your firewall. + option port 1194 + + # TCP or UDP server? +# option proto tcp + option proto udp + + # "dev tun" will create a routed IP tunnel, + # "dev tap" will create an ethernet tunnel. + # Use "dev tap0" if you are ethernet bridging + # and have precreated a tap0 virtual interface + # and bridged it with your ethernet interface. + # If you want to control access policies + # over the VPN, you must create firewall + # rules for the the TUN/TAP interface. + # On non-Windows systems, you can give + # an explicit unit number, such as tun0. + # On Windows, use "dev-node" for this. + # On most systems, the VPN will not function + # unless you partially or fully disable + # the firewall for the TUN/TAP interface. +# option dev tap + option dev tun + + # SSL/TLS root certificate (ca), certificate + # (cert), and private key (key). Each client + # and the server must have their own cert and + # key file. The server and all clients will + # use the same ca file. + # + # See the "easy-rsa" directory for a series + # of scripts for generating RSA certificates + # and private keys. Remember to use + # a unique Common Name for the server + # and each of the client certificates. + # + # Any X509 key management system can be used. + # OpenVPN can also use a PKCS #12 formatted key file + # (see "pkcs12" directive in man page). + option ca /etc/openvpn/ca.crt + option cert /etc/openvpn/server.crt + # This file should be kept secret: + option key /etc/openvpn/server.key + + # Diffie hellman parameters. + # Generate your own with: + # openssl dhparam -out dh1024.pem 1024 + # Substitute 2048 for 1024 if you are using + # 2048 bit keys. + option dh /etc/openvpn/dh1024.pem + + # Configure server mode and supply a VPN subnet + # for OpenVPN to draw client addresses from. + # The server will take 10.8.0.1 for itself, + # the rest will be made available to clients. + # Each client will be able to reach the server + # on 10.8.0.1. Comment this line out if you are + # ethernet bridging. See the man page for more info. + option server "10.8.0.0 255.255.255.0" + + # Maintain a record of client <-> virtual IP address + # associations in this file. If OpenVPN goes down or + # is restarted, reconnecting clients can be assigned + # the same virtual IP address from the pool that was + # previously assigned. + option ifconfig_pool_persist /tmp/ipp.txt + + # Configure server mode for ethernet bridging. + # You must first use your OS's bridging capability + # to bridge the TAP interface with the ethernet + # NIC interface. Then you must manually set the + # IP/netmask on the bridge interface, here we + # assume 10.8.0.4/255.255.255.0. Finally we + # must set aside an IP range in this subnet + # (start=10.8.0.50 end=10.8.0.100) to allocate + # to connecting clients. Leave this line commented + # out unless you are ethernet bridging. +# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" + + # Push routes to the client to allow it + # to reach other private subnets behind + # the server. Remember that these + # private subnets will also need + # to know to route the OpenVPN client + # address pool (10.8.0.0/255.255.255.0) + # back to the OpenVPN server. +# list push "route 192.168.10.0 255.255.255.0" +# list push "route 192.168.20.0 255.255.255.0" + + # To assign specific IP addresses to specific + # clients or if a connecting client has a private + # subnet behind it that should also have VPN access, + # use the subdirectory "ccd" for client-specific + # configuration files (see man page for more info). + + # EXAMPLE: Suppose the client + # having the certificate common name "Thelonious" + # also has a small subnet behind his connecting + # machine, such as 192.168.40.128/255.255.255.248. + # First, uncomment out these lines: +# option client_config_dir /etc/openvpn/ccd +# list route "192.168.40.128 255.255.255.248" + # Then create a file ccd/Thelonious with this line: + # iroute 192.168.40.128 255.255.255.248 + # This will allow Thelonious' private subnet to + # access the VPN. This example will only work + # if you are routing, not bridging, i.e. you are + # using "dev tun" and "server" directives. + + # EXAMPLE: Suppose you want to give + # Thelonious a fixed VPN IP address of 10.9.0.1. + # First uncomment out these lines: +# option client_config_dir /etc/openvpn/ccd +# list route "10.9.0.0 255.255.255.252" +# list route "192.168.100.0 255.255.255.0" + # Then add this line to ccd/Thelonious: + # ifconfig-push "10.9.0.1 10.9.0.2" + + # Suppose that you want to enable different + # firewall access policies for different groups + # of clients. There are two methods: + # (1) Run multiple OpenVPN daemons, one for each + # group, and firewall the TUN/TAP interface + # for each group/daemon appropriately. + # (2) (Advanced) Create a script to dynamically + # modify the firewall in response to access + # from different clients. See man + # page for more info on learn-address script. +# option learn_address /etc/openvpn/script + + # If enabled, this directive will configure + # all clients to redirect their default + # network gateway through the VPN, causing + # all IP traffic such as web browsing and + # and DNS lookups to go through the VPN + # (The OpenVPN server machine may need to NAT + # the TUN/TAP interface to the internet in + # order for this to work properly). + # CAVEAT: May break client's network config if + # client's local DHCP server packets get routed + # through the tunnel. Solution: make sure + # client's local DHCP server is reachable via + # a more specific route than the default route + # of 0.0.0.0/0.0.0.0. +# list push "redirect-gateway" + + # Certain Windows-specific network settings + # can be pushed to clients, such as DNS + # or WINS server addresses. CAVEAT: + # http://openvpn.net/faq.html#dhcpcaveats +# list push "dhcp-option DNS 10.8.0.1" +# list push "dhcp-option WINS 10.8.0.1" + + # Uncomment this directive to allow different + # clients to be able to "see" each other. + # By default, clients will only see the server. + # To force clients to only see the server, you + # will also need to appropriately firewall the + # server's TUN/TAP interface. +# option client_to_client 1 + + # Uncomment this directive if multiple clients + # might connect with the same certificate/key + # files or common names. This is recommended + # only for testing purposes. For production use, + # each client should have its own certificate/key + # pair. + # + # IF YOU HAVE NOT GENERATED INDIVIDUAL + # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, + # EACH HAVING ITS OWN UNIQUE "COMMON NAME", + # UNCOMMENT THIS LINE OUT. +# option duplicate_cn 1 + + # The keepalive directive causes ping-like + # messages to be sent back and forth over + # the link so that each side knows when + # the other side has gone down. + # Ping every 10 seconds, assume that remote + # peer is down if no ping received during + # a 120 second time period. + option keepalive "10 120" + + # For extra security beyond that provided + # by SSL/TLS, create an "HMAC firewall" + # to help block DoS attacks and UDP port flooding. + # + # Generate with: + # openvpn --genkey --secret ta.key + # + # The server and each client must have + # a copy of this key. + # The second parameter should be '0' + # on the server and '1' on the clients. + # This file is secret: +# option tls_auth "/etc/openvpn/ta.key 0" + + # Select a cryptographic cipher. + # This config item must be copied to + # the client config file as well. + # Blowfish (default): +# option cipher BF-CBC + # AES: +# option cipher AES-128-CBC + # Triple-DES: +# option cipher DES-EDE3-CBC + + # Enable compression on the VPN link. + # If you enable it here, you must also + # enable it in the client config file. + # LZ4 requires OpenVPN 2.4+ client and server +# option compress lz4 + # LZO is compatible with most OpenVPN versions + # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients) + option compress lzo + + # The maximum number of concurrently connected + # clients we want to allow. +# option max_clients 100 + + # The persist options will try to avoid + # accessing certain resources on restart + # that may no longer be accessible because + # of the privilege downgrade. + option persist_key 1 + option persist_tun 1 + option user nobody + + # Output a short status file showing + # current connections, truncated + # and rewritten every minute. + option status /tmp/openvpn-status.log + + # By default, log messages will go to the syslog (or + # on Windows, if running as a service, they will go to + # the "\Program Files\OpenVPN\log" directory). + # Use log or log-append to override this default. + # "log" will truncate the log file on OpenVPN startup, + # while "log-append" will append to it. Use one + # or the other (but not both). +# option log /tmp/openvpn.log +# option log_append /tmp/openvpn.log + + # Set the appropriate level of log + # file verbosity. + # + # 0 is silent, except for fatal errors + # 4 is reasonable for general usage + # 5 and 6 can help to debug connection problems + # 9 is extremely verbose + option verb 3 + + # Silence repeating messages. At most 20 + # sequential messages of the same message + # category will be output to the log. +# option mute 20 + + +############################################## +# Sample client-side OpenVPN 2.0 uci config # +# for connecting to multi-client server. # +############################################## + +config openvpn sample_client + + # Set to 1 to enable this instance: + option enabled 0 + + # Specify that we are a client and that we + # will be pulling certain config file directives + # from the server. + option client 1 + + # Use the same setting as you are using on + # the server. + # On most systems, the VPN will not function + # unless you partially or fully disable + # the firewall for the TUN/TAP interface. +# option dev tap + option dev tun + + # Are we connecting to a TCP or + # UDP server? Use the same setting as + # on the server. +# option proto tcp + option proto udp + + # The hostname/IP and port of the server. + # You can have multiple remote entries + # to load balance between the servers. + list remote "my_server_1 1194" +# list remote "my_server_2 1194" + + # Choose a random host from the remote + # list for load_balancing. Otherwise + # try hosts in the order specified. +# option remote_random 1 + + # Keep trying indefinitely to resolve the + # host name of the OpenVPN server. Very useful + # on machines which are not permanently connected + # to the internet such as laptops. + option resolv_retry infinite + + # Most clients don't need to bind to + # a specific local port number. + option nobind 1 + + # Try to preserve some state across restarts. + option persist_key 1 + option persist_tun 1 + option user nobody + + # If you are connecting through an + # HTTP proxy to reach the actual OpenVPN + # server, put the proxy server/IP and + # port number here. See the man page + # if your proxy server requires + # authentication. + # retry on connection failures: +# option http_proxy_retry 1 + # specify http proxy address and port: +# option http_proxy "192.168.1.100 8080" + + # Wireless networks often produce a lot + # of duplicate packets. Set this flag + # to silence duplicate packet warnings. +# option mute_replay_warnings 1 + + # SSL/TLS parms. + # See the server config file for more + # description. It's best to use + # a separate .crt/.key file pair + # for each client. A single ca + # file can be used for all clients. + option ca /etc/openvpn/ca.crt + option cert /etc/openvpn/client.crt + option key /etc/openvpn/client.key + + # Verify server certificate by checking + # that the certicate has the nsCertType + # field set to "server". This is an + # important precaution to protect against + # a potential attack discussed here: + # http://openvpn.net/howto.html#mitm + # + # To use this feature, you will need to generate + # your server certificates with the nsCertType + # field set to "server". The build_key_server + # script in the easy_rsa folder will do this. +# option ns_cert_type server + + # If a tls_auth key is used on the server + # then every client must also have the key. +# option tls_auth "/etc/openvpn/ta.key 1" + + # Select a cryptographic cipher. + # If the cipher option is used on the server + # then you must also specify it here. +# option cipher x + + # Enable compression on the VPN link. + # Don't enable this unless it is also + # enabled in the server config file. + # LZ4 requires OpenVPN 2.4+ on server and client +# option compress lz4 + # LZO is compatible with most OpenVPN versions + option compress lzo + + # Set log file verbosity. + option verb 3 + + # Silence repeating messages +# option mute 20 diff --git a/device-config/1/etc/config/qos b/device-config/1/etc/config/qos new file mode 100644 index 0000000..44e988a --- /dev/null +++ b/device-config/1/etc/config/qos @@ -0,0 +1,68 @@ +# QoS configuration for OpenWrt + +# INTERFACES: +config interface wan + option classgroup "Default" + option enabled 0 + option upload 128 + option download 1024 + +# RULES: +config classify + option target "Priority" + option ports "22,53" + option comment "ssh, dns" +config classify + option target "Normal" + option proto "tcp" + option ports "20,21,25,80,110,443,993,995" + option comment "ftp, smtp, http(s), imap" +config classify + option target "Express" + option ports "5190" + option comment "AOL, iChat, ICQ" +config default + option target "Express" + option proto "udp" + option pktsize "-500" +config reclassify + option target "Priority" + option proto "icmp" +config default + option target "Bulk" + option portrange "1024-65535" + + +# Don't change the stuff below unless you +# really know what it means :) + +config classgroup "Default" + option classes "Priority Express Normal Bulk" + option default "Normal" + + +config class "Priority" + option packetsize 400 + option avgrate 10 + option priority 20 +config class "Priority_down" + option packetsize 1000 + option avgrate 10 + + +config class "Express" + option packetsize 1000 + option avgrate 50 + option priority 10 + +config class "Normal" + option packetsize 1500 + option packetdelay 100 + option avgrate 10 + option priority 5 +config class "Normal_down" + option avgrate 20 + +config class "Bulk" + option avgrate 1 + option packetdelay 200 diff --git a/device-config/1/etc/config/rpcd b/device-config/1/etc/config/rpcd new file mode 100644 index 0000000..499ea27 --- /dev/null +++ b/device-config/1/etc/config/rpcd @@ -0,0 +1,7 @@ + +config login + option username 'root' + option password '$p$root' + list read '*' + list write '*' + diff --git a/device-config/1/etc/config/samba b/device-config/1/etc/config/samba new file mode 100644 index 0000000..6457e43 --- /dev/null +++ b/device-config/1/etc/config/samba @@ -0,0 +1,7 @@ + +config samba + option workgroup 'WORKGROUP' + option homes '1' + option name 'GL-AR300M' + option description 'GL-AR300M-c6b' + diff --git a/device-config/1/etc/config/shadowsocks b/device-config/1/etc/config/shadowsocks new file mode 100644 index 0000000..a8e392d --- /dev/null +++ b/device-config/1/etc/config/shadowsocks @@ -0,0 +1,30 @@ + +config general + option startup_delay '0' + +config transparent_proxy + list main_server 'nil' + option udp_relay_server 'nil' + option local_port '1234' + +config socks5_proxy + list server 'nil' + option local_port '1080' + +config port_forward + list server 'nil' + option local_port '5300' + option destination '8.8.4.4:53' + +config servers + option alias 'sample' + option fast_open '0' + option no_delay '0' + option server '127.0.0.1' + option server_port '8388' + option timeout '60' + option password 'barfoo!' + option encrypt_method 'rc4-md5' + +config access_control + option self_proxy '1' diff --git a/device-config/1/etc/config/system b/device-config/1/etc/config/system new file mode 100644 index 0000000..d2e40fc --- /dev/null +++ b/device-config/1/etc/config/system @@ -0,0 +1,35 @@ + +config system + option ttylogin '0' + option log_size '64' + option urandom_seed '0' + option zonename 'UTC' + option timezone 'GMT0' + option log_proto 'udp' + option conloglevel '8' + option cronloglevel '8' + option hostname 'VPN360' + +config timeserver 'ntp' + option enabled '1' + list server '0.openwrt.pool.ntp.org' + list server '1.openwrt.pool.ntp.org' + list server '2.openwrt.pool.ntp.org' + list server '3.openwrt.pool.ntp.org' + +config led + option trigger 'netdev' + option dev 'br-lan' + option mode 'link' + option name 'WAN' + option sysfs 'gl-ar300m:green:lan' + option default '0' + +config led + option name 'VPN' + option trigger 'netdev' + option dev 'br-VPN360' + option mode 'link' + option sysfs 'gl-ar300m:green:wlan' + option default '0' + diff --git a/device-config/1/etc/config/system1 b/device-config/1/etc/config/system1 new file mode 100755 index 0000000..c68ee1d --- /dev/null +++ b/device-config/1/etc/config/system1 @@ -0,0 +1,13 @@ + +config system + option hostname 'GL-AR150' + option conloglevel '8' + option cronloglevel '8' + option zonename 'Asia/Shanghai' + option timezone 'CST-8' + +config timeserver 'ntp' + list server '0.openwrt.pool.ntp.org' + list server '1.openwrt.pool.ntp.org' + list server '2.openwrt.pool.ntp.org' + list server '3.openwrt.pool.ntp.org' diff --git a/device-config/1/etc/config/ubootenv b/device-config/1/etc/config/ubootenv new file mode 100644 index 0000000..3bef92c --- /dev/null +++ b/device-config/1/etc/config/ubootenv @@ -0,0 +1,7 @@ + +config ubootenv + option dev '/dev/mtd1' + option offset '0x0' + option envsize '0x10000' + option secsize '0x10000' + diff --git a/device-config/1/etc/config/ucitrack b/device-config/1/etc/config/ucitrack new file mode 100644 index 0000000..0387d7b --- /dev/null +++ b/device-config/1/etc/config/ucitrack @@ -0,0 +1,61 @@ + +config network + option init 'network' + list affects 'dhcp' + list affects 'radvd' + +config wireless + list affects 'network' + +config firewall + option init 'firewall' + list affects 'luci-splash' + list affects 'qos' + list affects 'miniupnpd' + +config olsr + option init 'olsrd' + +config dhcp + option init 'dnsmasq' + list affects 'odhcpd' + +config odhcpd + option init 'odhcpd' + +config dropbear + option init 'dropbear' + +config httpd + option init 'httpd' + +config fstab + option exec '/sbin/block mount' + +config qos + option init 'qos' + +config system + option init 'led' + option exec '/etc/init.d/log reload' + list affects 'luci_statistics' + list affects 'dhcp' + +config luci_splash + option init 'luci_splash' + +config upnpd + option init 'miniupnpd' + +config ntpclient + option init 'ntpclient' + +config samba + option init 'samba' + +config tinyproxy + option init 'tinyproxy' + +config mwan3 + option init 'mwan3' + diff --git a/device-config/1/etc/config/uhttpd b/device-config/1/etc/config/uhttpd new file mode 100644 index 0000000..7c6410e --- /dev/null +++ b/device-config/1/etc/config/uhttpd @@ -0,0 +1,30 @@ + +config uhttpd 'main' + list listen_http '0.0.0.0:80' + list listen_http '[::]:80' + list listen_https '0.0.0.0:443' + list listen_https '[::]:443' + option redirect_https '1' + option home '/www' + option rfc1918_filter '1' + option max_requests '3' + option max_connections '100' + option cert '/etc/uhttpd.crt' + option key '/etc/uhttpd.key' + option cgi_prefix '/cgi-bin' + option lua_prefix '/luci' + option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua' + option script_timeout '60' + option network_timeout '30' + option http_keepalive '20' + option tcp_keepalive '1' + option ubus_prefix '/ubus' + +config cert 'defaults' + option days '730' + option bits '2048' + option country 'ZZ' + option state 'Somewhere' + option location 'Unknown' + option commonname 'OpenWrt' + diff --git a/device-config/1/etc/config/unbound b/device-config/1/etc/config/unbound new file mode 100644 index 0000000..2509921 --- /dev/null +++ b/device-config/1/etc/config/unbound @@ -0,0 +1,3 @@ +config unbound + option enable '0' + option manual_conf '1' diff --git a/device-config/1/etc/config/upnpd b/device-config/1/etc/config/upnpd new file mode 100644 index 0000000..35f6b61 --- /dev/null +++ b/device-config/1/etc/config/upnpd @@ -0,0 +1,27 @@ + +config upnpd 'config' + option secure_mode '1' + option log_output '0' + option download '1024' + option upload '512' + option internal_iface 'lan' + option port '5000' + option upnp_lease_file '/var/upnp.leases' + option uuid 'dddee5fa-fc97-466b-809d-491c4b9a8adc' + option enable_upnp '0' + option enable_natpmp '0' + +config perm_rule + option action 'allow' + option ext_ports '1-65535' + option int_addr '0.0.0.0/0' + option int_ports '1-65535' + option comment 'Allow ports' + +config perm_rule + option action 'deny' + option ext_ports '0-65535' + option int_addr '0.0.0.0/0' + option int_ports '0-65535' + option comment 'Default deny' + diff --git a/device-config/1/etc/config/vpn_service b/device-config/1/etc/config/vpn_service new file mode 100755 index 0000000..8cbc68a --- /dev/null +++ b/device-config/1/etc/config/vpn_service @@ -0,0 +1,14 @@ +config general 'global' + option enable '0' + +config service 'vpn' + option auth 'SHA1' + option proto 'udp' + option port '1194' + option dev 'tun-SERVER' + option dev_type 'tun' + option cipher 'BF-CBC' + option comp 'adaptive' + option subnet '10.8.0.0' + option mask '255.255.255.0' + option host '127.0.0.1' diff --git a/device-config/1/etc/config/wireless b/device-config/1/etc/config/wireless new file mode 100644 index 0000000..4fefc2d --- /dev/null +++ b/device-config/1/etc/config/wireless @@ -0,0 +1,30 @@ + +config wifi-device 'radio0' + option type 'mac80211' + option channel '11' + option hwmode '11g' + option path 'platform/soc/20980000.usb/usb1/1-1/1-1.5/1-1.5:1.0' + option htmode 'HT20' + option country '00' + option legacy_rates '1' + option __toggle 'Enable' + +config wifi-device 'radio1' + option type 'mac80211' + option channel '11' + option hwmode '11g' + option path 'platform/qca953x_wmac' + option htmode 'HT20' + option txpower '22' + option country 'US' + option legacy_rates '1' + option enabled '1' + option disabled '0' + +config wifi-iface + option device 'radio1' + option mode 'ap' + option encryption 'none' + option ssid '$SSID' + option network 'VPN360' + diff --git a/device-config/1/etc/dropbear/authorized_keys b/device-config/1/etc/dropbear/authorized_keys new file mode 100644 index 0000000..e69de29 diff --git a/device-config/1/etc/dropbear/dropbear_dss_host_key b/device-config/1/etc/dropbear/dropbear_dss_host_key new file mode 100644 index 0000000..d9fbf2d Binary files /dev/null and b/device-config/1/etc/dropbear/dropbear_dss_host_key differ diff --git a/device-config/1/etc/dropbear/dropbear_rsa_host_key b/device-config/1/etc/dropbear/dropbear_rsa_host_key new file mode 100644 index 0000000..9c96aa9 Binary files /dev/null and b/device-config/1/etc/dropbear/dropbear_rsa_host_key differ diff --git a/device-config/1/etc/firewall.user b/device-config/1/etc/firewall.user new file mode 100644 index 0000000..509687e --- /dev/null +++ b/device-config/1/etc/firewall.user @@ -0,0 +1,11 @@ + +force_dns() { + # lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p') + lanip=$(uci get network.lan.ipaddr) + iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip + iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip +} +force=$(uci get glconfig.general.force_dns) +if [ -n "$force" ]; then + force_dns +fi diff --git a/device-config/1/etc/fw_env.config b/device-config/1/etc/fw_env.config new file mode 100644 index 0000000..244ad98 --- /dev/null +++ b/device-config/1/etc/fw_env.config @@ -0,0 +1 @@ +/dev/mtd1 0x0 0x10000 0x10000 diff --git a/device-config/1/etc/group b/device-config/1/etc/group new file mode 100644 index 0000000..29ede86 --- /dev/null +++ b/device-config/1/etc/group @@ -0,0 +1,13 @@ +root:x:0: +daemon:x:1: +adm:x:4: +tty:x:5: +mail:x:8: +audio:x:29: +www-data:x:33: +ftp:x:55: +users:x:100: +network:x:101: +nogroup:x:65534: +dnsmasq:x:453:dnsmasq +unbound:x:553:unbound diff --git a/device-config/1/etc/inittab b/device-config/1/etc/inittab new file mode 100644 index 0000000..b944a93 --- /dev/null +++ b/device-config/1/etc/inittab @@ -0,0 +1,4 @@ +::sysinit:/etc/init.d/rcS S boot +::shutdown:/etc/init.d/rcS K shutdown +::askconsole:/usr/libexec/login.sh +tty1::askfirst:/usr/libexec/login.sh diff --git a/device-config/1/etc/lighttpd/lighttpd.conf b/device-config/1/etc/lighttpd/lighttpd.conf new file mode 100644 index 0000000..acac638 --- /dev/null +++ b/device-config/1/etc/lighttpd/lighttpd.conf @@ -0,0 +1,30 @@ +server.document-root = "/www" +server.upload-dirs = ( "/tmp" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +server.username = "http" +server.groupname = "www-data" + +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm", + ) + +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +### Options that are useful but not always necessary: +#server.chroot = "/" +server.port = 81 +server.bind = "localhost" +#server.tag = "lighttpd" +#server.errorlog-use-syslog = "enable" +#server.network-backend = "writev" + +### Use IPv6 if available +#include_shell "/usr/share/lighttpd/use-ipv6.pl" + +#dir-listing.encoding = "utf-8" +#server.dir-listing = "enable" + +include "/etc/lighttpd/mime.conf" +include "/etc/lighttpd/conf.d/*.conf" + diff --git a/device-config/1/etc/luci-uploads/.placeholder b/device-config/1/etc/luci-uploads/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/device-config/1/etc/opkg.conf b/device-config/1/etc/opkg.conf new file mode 100644 index 0000000..bd8505f --- /dev/null +++ b/device-config/1/etc/opkg.conf @@ -0,0 +1,4 @@ +dest root / +dest ram /tmp +lists_dir ext /var/opkg-lists +option overlay_root /overlay \ No newline at end of file diff --git a/device-config/1/etc/opkg/customfeeds.conf b/device-config/1/etc/opkg/customfeeds.conf new file mode 100644 index 0000000..0519ecb --- /dev/null +++ b/device-config/1/etc/opkg/customfeeds.conf @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/device-config/1/etc/opkg/keys/1035ac73cc4e59e3 b/device-config/1/etc/opkg/keys/1035ac73cc4e59e3 new file mode 100644 index 0000000..e8ce435 --- /dev/null +++ b/device-config/1/etc/opkg/keys/1035ac73cc4e59e3 @@ -0,0 +1,2 @@ +untrusted comment: OpenWrt 18.06 public key +RWQQNaxzzE5Z41cVmEh2rilAPKLsyfPKm+S4BJWA1Yv+LP1hKebmGtXi diff --git a/device-config/1/etc/opkg/keys/5151f69420c3f508 b/device-config/1/etc/opkg/keys/5151f69420c3f508 new file mode 100644 index 0000000..d4cd777 --- /dev/null +++ b/device-config/1/etc/opkg/keys/5151f69420c3f508 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Hans Dedecker +RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX diff --git a/device-config/1/etc/opkg/keys/53bad1233d4c98c5 b/device-config/1/etc/opkg/keys/53bad1233d4c98c5 new file mode 100644 index 0000000..e49bd7d --- /dev/null +++ b/device-config/1/etc/opkg/keys/53bad1233d4c98c5 @@ -0,0 +1,2 @@ +untrusted comment: openwrt.org 15.05 release key +RWRTutEjPUyYxcuFKuF19hS8WfHi09AkVhK33KMQPri/dFG9PhEzDtMH diff --git a/device-config/1/etc/opkg/keys/6549bc466575035e b/device-config/1/etc/opkg/keys/6549bc466575035e new file mode 100644 index 0000000..2f17e42 --- /dev/null +++ b/device-config/1/etc/opkg/keys/6549bc466575035e @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWRlSbxGZXUDXkGTGW4c1UX2NT71KDIe1xDzkH40PzgMQ9h2Jk0a+KSU diff --git a/device-config/1/etc/opkg/keys/72a57f2191b211e0 b/device-config/1/etc/opkg/keys/72a57f2191b211e0 new file mode 100644 index 0000000..1719816 --- /dev/null +++ b/device-config/1/etc/opkg/keys/72a57f2191b211e0 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Jo-Philipp Wich +RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL diff --git a/device-config/1/etc/opkg/keys/792d9d9b39f180dc b/device-config/1/etc/opkg/keys/792d9d9b39f180dc new file mode 100644 index 0000000..9044a0e --- /dev/null +++ b/device-config/1/etc/opkg/keys/792d9d9b39f180dc @@ -0,0 +1,2 @@ +untrusted comment: LEDE 17.01 "Reboot" public key +RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo diff --git a/device-config/1/etc/opkg/keys/7d75c2e892e71b62 b/device-config/1/etc/opkg/keys/7d75c2e892e71b62 new file mode 100644 index 0000000..76395b7 --- /dev/null +++ b/device-config/1/etc/opkg/keys/7d75c2e892e71b62 @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS diff --git a/device-config/1/etc/opkg/keys/9ef4694208102c43 b/device-config/1/etc/opkg/keys/9ef4694208102c43 new file mode 100644 index 0000000..c4df7b6 --- /dev/null +++ b/device-config/1/etc/opkg/keys/9ef4694208102c43 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Álvaro Fernández Rojas +RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2 diff --git a/device-config/1/etc/opkg/keys/9f9024096bd6e280 b/device-config/1/etc/opkg/keys/9f9024096bd6e280 new file mode 100644 index 0000000..86bb45f --- /dev/null +++ b/device-config/1/etc/opkg/keys/9f9024096bd6e280 @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWSfkCQJa9bigD3Hp7zlN1LFyRXqfjYr4JR9+BNfGWhbz8PfveH7PXzV diff --git a/device-config/1/etc/opkg/keys/b26f36ae0f4106d b/device-config/1/etc/opkg/keys/b26f36ae0f4106d new file mode 100644 index 0000000..8d408eb --- /dev/null +++ b/device-config/1/etc/opkg/keys/b26f36ae0f4106d @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Stijn Tintel +RWQLJvNq4PQQbSGZ05Az9jXSt/xlw/IfWc6USiB2FHEUoWL7QpMibzv6 diff --git a/device-config/1/etc/opkg/keys/b5043e70f9a75cde b/device-config/1/etc/opkg/keys/b5043e70f9a75cde new file mode 100644 index 0000000..bcbd9db --- /dev/null +++ b/device-config/1/etc/opkg/keys/b5043e70f9a75cde @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key for unattended build jobs +RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+ diff --git a/device-config/1/etc/opkg/keys/c10b9afab19ee428 b/device-config/1/etc/opkg/keys/c10b9afab19ee428 new file mode 100644 index 0000000..ee925b4 --- /dev/null +++ b/device-config/1/etc/opkg/keys/c10b9afab19ee428 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Alexander Couzens +RWTBC5r6sZ7kKA/C5VnxUbJw5E0vy3MGo3MP2eXCQlgg65+2si4MKBnf diff --git a/device-config/1/etc/opkg/keys/c6a400ef64d077fc b/device-config/1/etc/opkg/keys/c6a400ef64d077fc new file mode 100644 index 0000000..103edeb --- /dev/null +++ b/device-config/1/etc/opkg/keys/c6a400ef64d077fc @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWTGpADvZNB3/MmWOxQ9IAjQm7wLDoQiY6zyIIfMVs8JaYVkNKt7LQPL diff --git a/device-config/1/etc/opkg/keys/dace9d4df16896bf b/device-config/1/etc/opkg/keys/dace9d4df16896bf new file mode 100644 index 0000000..543d569 --- /dev/null +++ b/device-config/1/etc/opkg/keys/dace9d4df16896bf @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Ted Hess +RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ diff --git a/device-config/1/etc/opkg/keys/dd6de0d06bbd3d85 b/device-config/1/etc/opkg/keys/dd6de0d06bbd3d85 new file mode 100644 index 0000000..3c21dcd --- /dev/null +++ b/device-config/1/etc/opkg/keys/dd6de0d06bbd3d85 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of John Crispin +RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp diff --git a/device-config/1/etc/opkg/keys/de98a2dd1d0f8a07 b/device-config/1/etc/opkg/keys/de98a2dd1d0f8a07 new file mode 100644 index 0000000..5e3088c --- /dev/null +++ b/device-config/1/etc/opkg/keys/de98a2dd1d0f8a07 @@ -0,0 +1,2 @@ +untrusted comment: openwrt.org 15.05 release key +RWTemKLdHQ+KBxOILy8gyk+5PaDVdfyJ32TFnY/jnQOrBAd1wobbLNYz diff --git a/device-config/1/etc/passwd b/device-config/1/etc/passwd new file mode 100644 index 0000000..aa8a0f1 --- /dev/null +++ b/device-config/1/etc/passwd @@ -0,0 +1,8 @@ +root:x:0:0:root:/root:/bin/ash +daemon:*:1:1:daemon:/var:/bin/false +ftp:*:55:55:ftp:/home/ftp:/bin/false +network:*:101:101:network:/var:/bin/false +nobody:*:65534:65534:nobody:/var:/bin/false +dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false +unbound:x:553:553:unbound:/var/run/unbound:/bin/false +http:x:65536:65536:http:/var/run/http:/bin/false diff --git a/device-config/1/etc/profile b/device-config/1/etc/profile new file mode 100644 index 0000000..cfbba05 --- /dev/null +++ b/device-config/1/etc/profile @@ -0,0 +1,55 @@ +#!/bin/sh +[ -e /tmp/.failsafe ] && export FAILSAFE=1 + +[ -f /etc/banner ] && cat /etc/banner +[ -n "$FAILSAFE" ] && cat /etc/banner.failsafe + +fgrep -sq '/ overlay ro,' /proc/mounts && { + echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.' + echo 'Please try to remove files from /overlay/upper/... and reboot!' +} + +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" +export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6) +export HOME=${HOME:-/root} +export PS1='\u@\h:\w\$ ' + +[ "$TERM" = "xterm" ] && export PS1='\[\e]0;\u@\h: \w\a\]'$PS1 + +[ -x /bin/more ] || alias more=less +[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi + +alias ll='ls -alF --color=auto' + +[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc + +[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; } +[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; } + +[ -n "$FAILSAFE" ] || { + for FILE in /etc/profile.d/*.sh; do + [ -e "$FILE" ] && . "$FILE" + done + unset FILE +} + +if ( grep -qs '^root::' /etc/shadow && \ + [ -z "$FAILSAFE" ] ) +then +cat << EOF +=== WARNING! ===================================== +There is no root password defined on this device! +Use the "passwd" command to set up a new password +in order to prevent unauthorized SSH logins. +-------------------------------------------------- +EOF +fi + +service() { + [ -f "/etc/init.d/$1" ] || { + echo "service "'"'"$1"'"'" not found, the following services are available:" + ls "/etc/init.d" + return 1 + } + /etc/init.d/$@ +} diff --git a/device-config/1/etc/rc.button/failsafe b/device-config/1/etc/rc.button/failsafe new file mode 100755 index 0000000..ba958fa --- /dev/null +++ b/device-config/1/etc/rc.button/failsafe @@ -0,0 +1,5 @@ +#!/bin/sh + +[ "${TYPE}" = "switch" ] || echo ${BUTTON} > /tmp/failsafe_button + +return 0 diff --git a/device-config/1/etc/rc.button/power b/device-config/1/etc/rc.button/power new file mode 100755 index 0000000..c245744 --- /dev/null +++ b/device-config/1/etc/rc.button/power @@ -0,0 +1,7 @@ +#!/bin/sh + +[ "${ACTION}" = "released" ] || exit 0 + +exec /sbin/poweroff + +return 0 diff --git a/device-config/1/etc/rc.button/reset b/device-config/1/etc/rc.button/reset new file mode 100755 index 0000000..76e7939 --- /dev/null +++ b/device-config/1/etc/rc.button/reset @@ -0,0 +1,34 @@ +#!/bin/sh + +. /lib/functions.sh + +OVERLAY="$( grep ' /overlay ' /proc/mounts )" + +case "$ACTION" in +pressed) + [ -z "$OVERLAY" ] && return 0 + + return 5 +;; +timeout) + # . /etc/diag.sh + # set_state failsafe + echo "REBOOT" > /dev/console + sync + reboot +;; +released) + if [ "$SEEN" -lt 1 ] + then + echo "PING" > /dev/console + ping -c4 10.8.0.1 + elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ] + then + echo "REBOOT" > /dev/console + sync + reboot + fi +;; +esac + +return 0 diff --git a/device-config/1/etc/rc.button/rfkill b/device-config/1/etc/rc.button/rfkill new file mode 100755 index 0000000..fbdda40 --- /dev/null +++ b/device-config/1/etc/rc.button/rfkill @@ -0,0 +1,32 @@ +#!/bin/sh + +[ "${ACTION}" = "released" -o -n "${TYPE}" ] || exit 0 + +. /lib/functions.sh + +rfkill_state=0 + +wifi_rfkill_set() { + uci set wireless.$1.disabled=$rfkill_state +} + +wifi_rfkill_check() { + local disabled + config_get disabled $1 disabled + [ "$disabled" = "1" ] || rfkill_state=1 +} + +config_load wireless +case "${TYPE}" in +"switch") + [ "${ACTION}" = "released" ] && rfkill_state=1 + ;; +*) + config_foreach wifi_rfkill_check wifi-device + ;; +esac +config_foreach wifi_rfkill_set wifi-device +uci commit wireless +wifi up + +return 0 diff --git a/device-config/1/etc/rc.local b/device-config/1/etc/rc.local new file mode 100644 index 0000000..9004078 --- /dev/null +++ b/device-config/1/etc/rc.local @@ -0,0 +1,6 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +/bin/heartbeat & + +exit 0 diff --git a/device-config/1/etc/services b/device-config/1/etc/services new file mode 100644 index 0000000..a12853e --- /dev/null +++ b/device-config/1/etc/services @@ -0,0 +1,171 @@ +echo 7/tcp +echo 7/udp +discard 9/tcp +discard 9/udp +daytime 13/tcp +daytime 13/udp +netstat 15/tcp +chargen 19/tcp +chargen 19/udp +ftp-data 20/tcp +ftp 21/tcp +ssh 22/tcp +ssh 22/udp +telnet 23/tcp +smtp 25/tcp +time 37/tcp +time 37/udp +whois 43/tcp +domain 53/tcp +domain 53/udp +bootps 67/tcp +bootps 67/udp +bootpc 68/tcp +bootpc 68/udp +tftp 69/udp +finger 79/tcp +www 80/tcp http +kerberos 88/tcp kerberos5 krb5 kerberos-sec +kerberos 88/udp kerberos5 krb5 kerberos-sec +pop3 110/tcp +pop3 110/udp +sunrpc 111/tcp +sunrpc 111/udp +auth 113/tcp ident +sftp 115/tcp +nntp 119/tcp +ntp 123/tcp +ntp 123/udp +netbios-ns 137/tcp +netbios-ns 137/udp +netbios-dgm 138/tcp +netbios-dgm 138/udp +netbios-ssn 139/tcp +netbios-ssn 139/udp +imap2 143/tcp imap +imap2 143/udp imap +snmp 161/tcp +snmp 161/udp +snmp-trap 162/tcp snmptrap +snmp-trap 162/udp snmptrap +xdmcp 177/tcp +xdmcp 177/udp +bgp 179/tcp +bgp 179/udp +imap3 220/tcp +imap3 220/udp +ldap 389/tcp +ldap 389/udp +https 443/tcp +https 443/udp +microsoft-ds 445/tcp +microsoft-ds 445/udp +isakmp 500/tcp +isakmp 500/udp +rtsp 554/tcp +rtsp 554/udp +ipp 631/tcp +ipp 631/udp +syslog 514/udp +printer 515/tcp spooler +dhcpv6-client 546/tcp +dhcpv6-client 546/udp +dhcpv6-server 547/tcp +dhcpv6-server 547/udp +afpovertcp 548/tcp +afpovertcp 548/udp +nntps 563/tcp snntp +nntps 563/udp snntp +ldaps 636/tcp +ldaps 636/udp +tinc 655/tcp +tinc 655/udp +rsync 873/tcp +rsync 873/udp +ftps-data 989/tcp +ftps 990/tcp +imaps 993/tcp +imaps 993/udp +ircs 994/tcp +ircs 994/udp +pop3s 995/tcp +pop3s 995/udp +socks 1080/tcp +socks 1080/udp +openvpn 1194/tcp +openvpn 1194/udp +l2f 1701/tcp l2tp +l2f 1701/udp l2tp +radius 1812/tcp +radius 1812/udp +radius-acct 1813/tcp radacct +radius-acct 1813/udp radacct +nfs 2049/tcp +nfs 2049/udp +dict 2628/tcp +dict 2628/udp +gpsd 2947/tcp +gpsd 2947/udp +icpv2 3130/tcp icp +icpv2 3130/udp icp +mysql 3306/tcp +mysql 3306/udp +nut 3493/tcp +nut 3493/udp +distcc 3632/tcp +distcc 3632/udp +daap 3689/tcp +daap 3689/udp +svn 3690/tcp subversion +svn 3690/udp subversion +epmd 4369/tcp +epmd 4369/udp +iax 4569/tcp +iax 4569/udp +mtn 4691/tcp +mtn 4691/udp +munin 4949/tcp +sip 5060/tcp +sip 5060/udp +sip-tls 5061/tcp +sip-tls 5061/udp +xmpp-client 5222/tcp jabber-client +xmpp-client 5222/udp jabber-client +xmpp-server 5269/tcp jabber-server +xmpp-server 5269/udp jabber-server +mdns 5353/tcp +mdns 5353/udp +postgresql 5432/tcp postgres +postgresql 5432/udp postgres +x11 6000/tcp +x11 6000/udp +mysql-proxy 6446/tcp +mysql-proxy 6446/udp +bacula-dir 9101/tcp +bacula-dir 9101/udp +bacula-fd 9102/tcp +bacula-fd 9102/udp +bacula-sd 9103/tcp +bacula-sd 9103/udp +nbd 10809/tcp +zabbix-agent 10050/tcp +zabbix-agent 10050/udp +zabbix-trapper 10051/tcp +zabbix-trapper 10051/udp +hkp 11371/tcp +hkp 11371/udp +ssmtp 465/tcp smtps +spamd 783/tcp +zebrasrv 2600/tcp +zebra 2601/tcp +ripd 2602/tcp +ripngd 2603/tcp +ospfd 2604/tcp +bgpd 2605/tcp +ospf6d 2606/tcp +ospfapi 2607/tcp +isisd 2608/tcp +sane-port 6566/tcp sane saned +ircd 6667/tcp +git 9418/tcp + diff --git a/device-config/1/etc/shadow b/device-config/1/etc/shadow new file mode 100644 index 0000000..e60c86a --- /dev/null +++ b/device-config/1/etc/shadow @@ -0,0 +1,8 @@ +root:$PASSWORD:17851:0:99999:7::: +daemon:*:0:0:99999:7::: +ftp:*:0:0:99999:7::: +network:*:0:0:99999:7::: +nobody:*:0:0:99999:7::: +dnsmasq:x:0:0:99999:7::: +unbound:x:0:0:99999:7::: +http:x:0:0:99999:7::: diff --git a/device-config/1/etc/shells b/device-config/1/etc/shells new file mode 100644 index 0000000..006aa38 --- /dev/null +++ b/device-config/1/etc/shells @@ -0,0 +1 @@ +/bin/ash diff --git a/device-config/1/etc/sysctl.conf b/device-config/1/etc/sysctl.conf new file mode 100644 index 0000000..ae04212 --- /dev/null +++ b/device-config/1/etc/sysctl.conf @@ -0,0 +1 @@ +# Defaults are configured in /etc/sysctl.d/* and can be customized in this file diff --git a/device-config/1/etc/sysupgrade.conf b/device-config/1/etc/sysupgrade.conf new file mode 100644 index 0000000..42f882b --- /dev/null +++ b/device-config/1/etc/sysupgrade.conf @@ -0,0 +1,9 @@ +## This file contains files and directories that should +## be preserved during an upgrade. + +# /etc/example.conf +# /etc/openvpn/ + +/etc/openvpn/ +/etc/rc.button/ +/bin/heartbeat \ No newline at end of file diff --git a/device-config/2/bin/heartbeat b/device-config/2/bin/heartbeat new file mode 100755 index 0000000..4df0141 --- /dev/null +++ b/device-config/2/bin/heartbeat @@ -0,0 +1,59 @@ +ipaddr(){ + if="${1:-br-VPN360}" + result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//') + /usr/bin/printf %s "${result}" +} + +stopwifi(){ + /sbin/uci set wireless.radio0.disabled=1 + /sbin/uci commit +} + +startwifi(){ + /sbin/uci set wireless.radio0.disabled=0 + /sbin/uci commit + /sbin/wifi +} + +restartwifi(){ + stopwifi + startwifi +} + +. /etc/vpnsecret + +/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1 + +/sbin/uci set wireless.@wifi-iface[0].network="VPN360" +/sbin/uci commit +stopwifi + +/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn & + +/bin/sleep 60 + +if [ $(ipaddr) ] + then + startwifi + while [ True ] + do + sleep 10 + if [ $(ipaddr) ] + then + /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash + fi + done + else + /sbin/uci set wireless.@wifi-iface[0].network="DHCP" + /sbin/uci commit + startwifi + /sbin/ip a add 192.168.36.1/24 dev br-DHCP + /sbin/ifconfig br-DHCP down + /sbin/ifconfig br-DHCP up + while [ True ] + do + sleep 10 + /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash + done +fi + diff --git a/device-config/2/etc/config/chinadns b/device-config/2/etc/config/chinadns new file mode 100644 index 0000000..bcdaf8a --- /dev/null +++ b/device-config/2/etc/config/chinadns @@ -0,0 +1,7 @@ + +config chinadns + option enable '0' + option bidirectional '0' + option chnroute '/etc/chinadns_chnroute.txt' + option port '5353' + option server '114.114.114.114,8.8.4.4' diff --git a/device-config/2/etc/config/dhcp b/device-config/2/etc/config/dhcp new file mode 100644 index 0000000..dd6a8fd --- /dev/null +++ b/device-config/2/etc/config/dhcp @@ -0,0 +1,43 @@ + +config dnsmasq + option domainneeded '1' + option boguspriv '1' + option filterwin2k '0' + option localise_queries '1' + option rebind_protection '1' + option rebind_localhost '1' + option local '/lan/' + option domain 'lan' + option expandhosts '1' + option nonegcache '0' + option authoritative '1' + option readethers '1' + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + option nonwildcard '1' + option localservice '1' + +config dhcp 'lan' + option interface 'lan' + option start '100' + option limit '150' + option leasetime '12h' + option dhcpv6 'server' + option ra 'server' + +config dhcp 'wan' + option interface 'wan' + option ignore '1' + +config odhcpd 'odhcpd' + option maindhcp '0' + option leasefile '/tmp/hosts/odhcpd' + option leasetrigger '/usr/sbin/odhcpd-update' + option loglevel '4' + +config dhcp 'DHCP' + option start '100' + option leasetime '12h' + option limit '150' + option interface 'DHCP' + diff --git a/device-config/2/etc/config/dns-forwarder b/device-config/2/etc/config/dns-forwarder new file mode 100644 index 0000000..852fec2 --- /dev/null +++ b/device-config/2/etc/config/dns-forwarder @@ -0,0 +1,6 @@ + +config dns-forwarder + option enable '0' + option listen_addr '0.0.0.0' + option listen_port '5300' + option dns_servers '8.8.8.8' diff --git a/device-config/2/etc/config/dropbear b/device-config/2/etc/config/dropbear new file mode 100644 index 0000000..05a0b4c --- /dev/null +++ b/device-config/2/etc/config/dropbear @@ -0,0 +1,5 @@ + +config dropbear + option PasswordAuth 'on' + option Port '22' + diff --git a/device-config/2/etc/config/firewall b/device-config/2/etc/config/firewall new file mode 100644 index 0000000..b8097d6 --- /dev/null +++ b/device-config/2/etc/config/firewall @@ -0,0 +1,15 @@ + +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'ACCEPT' + +config include + option path '/etc/firewall.user' + +config include 'mwan3' + option type 'script' + option path '/var/etc/mwan3.include' + option reload '1' + diff --git a/device-config/2/etc/config/glconfig b/device-config/2/etc/config/glconfig new file mode 100755 index 0000000..bc338ed --- /dev/null +++ b/device-config/2/etc/config/glconfig @@ -0,0 +1,32 @@ + +config service 'general' + option model 'ar150' + option port '83' + option language 'en' + option password '0073d12f67d604710231c0b780341795c6a9ae9c4a53364fbe3d9171367d5fb5' + option code_needed '0' + +config service 'ddns' + option enabled '1' + option lastip '80.110.109.118' + option updatetime 'Thu Nov 15 10:08:14 GMT 2018' + +config service 'download' + +config service 'adblock' + option enable '0' + +config service 'autoupdate' + option time '04:00' + option enable '0' + +config service 'samba' + option read_only 'yes' + +config service 'openvpn' + option enable '0' + option force '0' + +config service 'repeater' + option autoconnect '1' + diff --git a/device-config/2/etc/config/luci b/device-config/2/etc/config/luci new file mode 100644 index 0000000..b385eae --- /dev/null +++ b/device-config/2/etc/config/luci @@ -0,0 +1,55 @@ + +config core 'main' + option lang 'auto' + option mediaurlbase '/luci-static/bootstrap' + option resourcebase '/luci-static/resources' + +config extern 'flash_keep' + option uci '/etc/config/' + option dropbear '/etc/dropbear/' + option openvpn '/etc/openvpn/' + option passwd '/etc/passwd' + option opkg '/etc/opkg.conf' + option firewall '/etc/firewall.user' + option uploads '/lib/uci/upload/' + +config internal 'languages' + option en 'English' + option zh_cn '中文 (Chinese)' + +config internal 'sauth' + option sessionpath '/tmp/luci-sessions' + option sessiontime '3600' + +config internal 'ccache' + option enable '1' + +config internal 'themes' + option Bootstrap '/luci-static/bootstrap' + +config internal 'apply' + option rollback '30' + option holdoff '4' + option timeout '5' + option display '1.5' + +config internal 'diag' + option dns 'openwrt.org' + option ping 'openwrt.org' + option route 'openwrt.org' + +config ifstate + option interface 'lan' + option ifname 'eth0 radio0.network1' + option bridge 'true' + +config ifstate + option interface 'VPN360' + option ifname 'radio0.network1' + option bridge 'true' + +config ifstate + option interface 'DHCP' + option ifname 'tap0 radio1.network1' + option bridge 'true' + diff --git a/device-config/2/etc/config/mjpg-streamer b/device-config/2/etc/config/mjpg-streamer new file mode 100644 index 0000000..9899300 --- /dev/null +++ b/device-config/2/etc/config/mjpg-streamer @@ -0,0 +1,10 @@ +config mjpg-streamer core + option enabled "1" + option input 'uvc' + option output 'http' + option device "/dev/video0" + option resolution "640x480" + option fps "15" + option www "/www/webcam" + option port "8083" + option yuv "0" diff --git a/device-config/2/etc/config/mwan3 b/device-config/2/etc/config/mwan3 new file mode 100644 index 0000000..4917cb7 --- /dev/null +++ b/device-config/2/etc/config/mwan3 @@ -0,0 +1,82 @@ +config interface 'wan' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config interface 'wwan' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config interface 'tethering' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config interface 'modem' + option enabled '1' + list track_ip '208.67.222.222' + list track_ip '208.67.220.220' + list track_ip '8.8.4.4' + list track_ip '8.8.8.8' + option reliability '1' + option count '1' + option timeout '2' + option interval '5' + option down '5' + option up '3' + +config member 'wan_only' + option interface 'wan' + option metric '1' + option weight '3' + +config member 'wwan_only' + option interface 'wwan' + option metric '2' + option weight '3' + +config member 'tethering_only' + option interface 'tethering' + option metric '3' + option weight '3' + +config member 'modem_only' + option interface 'modem' + option metric '4' + option weight '3' + +config policy 'default_poli' + list use_member 'wan_only' + list use_member 'wwan_only' + list use_member 'tethering_only' + list use_member 'modem_only' + option last_resort 'default' + +config rule 'default_rule' + option dest_ip '0.0.0.0/0' + option use_policy 'default_poli' diff --git a/device-config/2/etc/config/network b/device-config/2/etc/config/network new file mode 100644 index 0000000..f2dbc3f --- /dev/null +++ b/device-config/2/etc/config/network @@ -0,0 +1,32 @@ + +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config globals 'globals' + option ula_prefix 'fd1b:3702:99a7::/48' + +config interface 'lan' + option type 'bridge' + option ipaddr '192.168.1.1' + option netmask '255.255.255.0' + option ip6assign '60' + option proto 'dhcp' + option ifname 'eth0' + +config interface 'VPN360' + option type 'bridge' + option proto 'dhcp' + option broadcast '1' + option force_link '1' + option ifname 'tap0' + +config interface 'DHCP' + option type 'bridge' + option proto 'static' + option ipaddr '192.168.36.1' + option netmask '255.255.255.0' + option ifname 'lo' + diff --git a/device-config/2/etc/config/openvpn b/device-config/2/etc/config/openvpn new file mode 100644 index 0000000..7bd5422 --- /dev/null +++ b/device-config/2/etc/config/openvpn @@ -0,0 +1,5 @@ + +config openvpn 'vpn360' + option enabled '0' + option config '/etc/openvpn/client.conf' + diff --git a/device-config/2/etc/config/openvpn-opkg b/device-config/2/etc/config/openvpn-opkg new file mode 100644 index 0000000..1fd846f --- /dev/null +++ b/device-config/2/etc/config/openvpn-opkg @@ -0,0 +1,407 @@ +package openvpn + +################################################# +# Sample to include a custom config file. # +################################################# + +config openvpn custom_config + + # Set to 1 to enable this instance: + option enabled 0 + + # Include OpenVPN configuration + option config /etc/openvpn/my-vpn.conf + + +################################################# +# Sample OpenVPN 2.0 uci config for # +# multi-client server. # +################################################# + +config openvpn sample_server + + # Set to 1 to enable this instance: + option enabled 0 + + # Which local IP address should OpenVPN + # listen on? (optional) +# option local 0.0.0.0 + + # Which TCP/UDP port should OpenVPN listen on? + # If you want to run multiple OpenVPN instances + # on the same machine, use a different port + # number for each one. You will need to + # open up this port on your firewall. + option port 1194 + + # TCP or UDP server? +# option proto tcp + option proto udp + + # "dev tun" will create a routed IP tunnel, + # "dev tap" will create an ethernet tunnel. + # Use "dev tap0" if you are ethernet bridging + # and have precreated a tap0 virtual interface + # and bridged it with your ethernet interface. + # If you want to control access policies + # over the VPN, you must create firewall + # rules for the the TUN/TAP interface. + # On non-Windows systems, you can give + # an explicit unit number, such as tun0. + # On Windows, use "dev-node" for this. + # On most systems, the VPN will not function + # unless you partially or fully disable + # the firewall for the TUN/TAP interface. +# option dev tap + option dev tun + + # SSL/TLS root certificate (ca), certificate + # (cert), and private key (key). Each client + # and the server must have their own cert and + # key file. The server and all clients will + # use the same ca file. + # + # See the "easy-rsa" directory for a series + # of scripts for generating RSA certificates + # and private keys. Remember to use + # a unique Common Name for the server + # and each of the client certificates. + # + # Any X509 key management system can be used. + # OpenVPN can also use a PKCS #12 formatted key file + # (see "pkcs12" directive in man page). + option ca /etc/openvpn/ca.crt + option cert /etc/openvpn/server.crt + # This file should be kept secret: + option key /etc/openvpn/server.key + + # Diffie hellman parameters. + # Generate your own with: + # openssl dhparam -out dh1024.pem 1024 + # Substitute 2048 for 1024 if you are using + # 2048 bit keys. + option dh /etc/openvpn/dh1024.pem + + # Configure server mode and supply a VPN subnet + # for OpenVPN to draw client addresses from. + # The server will take 10.8.0.1 for itself, + # the rest will be made available to clients. + # Each client will be able to reach the server + # on 10.8.0.1. Comment this line out if you are + # ethernet bridging. See the man page for more info. + option server "10.8.0.0 255.255.255.0" + + # Maintain a record of client <-> virtual IP address + # associations in this file. If OpenVPN goes down or + # is restarted, reconnecting clients can be assigned + # the same virtual IP address from the pool that was + # previously assigned. + option ifconfig_pool_persist /tmp/ipp.txt + + # Configure server mode for ethernet bridging. + # You must first use your OS's bridging capability + # to bridge the TAP interface with the ethernet + # NIC interface. Then you must manually set the + # IP/netmask on the bridge interface, here we + # assume 10.8.0.4/255.255.255.0. Finally we + # must set aside an IP range in this subnet + # (start=10.8.0.50 end=10.8.0.100) to allocate + # to connecting clients. Leave this line commented + # out unless you are ethernet bridging. +# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" + + # Push routes to the client to allow it + # to reach other private subnets behind + # the server. Remember that these + # private subnets will also need + # to know to route the OpenVPN client + # address pool (10.8.0.0/255.255.255.0) + # back to the OpenVPN server. +# list push "route 192.168.10.0 255.255.255.0" +# list push "route 192.168.20.0 255.255.255.0" + + # To assign specific IP addresses to specific + # clients or if a connecting client has a private + # subnet behind it that should also have VPN access, + # use the subdirectory "ccd" for client-specific + # configuration files (see man page for more info). + + # EXAMPLE: Suppose the client + # having the certificate common name "Thelonious" + # also has a small subnet behind his connecting + # machine, such as 192.168.40.128/255.255.255.248. + # First, uncomment out these lines: +# option client_config_dir /etc/openvpn/ccd +# list route "192.168.40.128 255.255.255.248" + # Then create a file ccd/Thelonious with this line: + # iroute 192.168.40.128 255.255.255.248 + # This will allow Thelonious' private subnet to + # access the VPN. This example will only work + # if you are routing, not bridging, i.e. you are + # using "dev tun" and "server" directives. + + # EXAMPLE: Suppose you want to give + # Thelonious a fixed VPN IP address of 10.9.0.1. + # First uncomment out these lines: +# option client_config_dir /etc/openvpn/ccd +# list route "10.9.0.0 255.255.255.252" +# list route "192.168.100.0 255.255.255.0" + # Then add this line to ccd/Thelonious: + # ifconfig-push "10.9.0.1 10.9.0.2" + + # Suppose that you want to enable different + # firewall access policies for different groups + # of clients. There are two methods: + # (1) Run multiple OpenVPN daemons, one for each + # group, and firewall the TUN/TAP interface + # for each group/daemon appropriately. + # (2) (Advanced) Create a script to dynamically + # modify the firewall in response to access + # from different clients. See man + # page for more info on learn-address script. +# option learn_address /etc/openvpn/script + + # If enabled, this directive will configure + # all clients to redirect their default + # network gateway through the VPN, causing + # all IP traffic such as web browsing and + # and DNS lookups to go through the VPN + # (The OpenVPN server machine may need to NAT + # the TUN/TAP interface to the internet in + # order for this to work properly). + # CAVEAT: May break client's network config if + # client's local DHCP server packets get routed + # through the tunnel. Solution: make sure + # client's local DHCP server is reachable via + # a more specific route than the default route + # of 0.0.0.0/0.0.0.0. +# list push "redirect-gateway" + + # Certain Windows-specific network settings + # can be pushed to clients, such as DNS + # or WINS server addresses. CAVEAT: + # http://openvpn.net/faq.html#dhcpcaveats +# list push "dhcp-option DNS 10.8.0.1" +# list push "dhcp-option WINS 10.8.0.1" + + # Uncomment this directive to allow different + # clients to be able to "see" each other. + # By default, clients will only see the server. + # To force clients to only see the server, you + # will also need to appropriately firewall the + # server's TUN/TAP interface. +# option client_to_client 1 + + # Uncomment this directive if multiple clients + # might connect with the same certificate/key + # files or common names. This is recommended + # only for testing purposes. For production use, + # each client should have its own certificate/key + # pair. + # + # IF YOU HAVE NOT GENERATED INDIVIDUAL + # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, + # EACH HAVING ITS OWN UNIQUE "COMMON NAME", + # UNCOMMENT THIS LINE OUT. +# option duplicate_cn 1 + + # The keepalive directive causes ping-like + # messages to be sent back and forth over + # the link so that each side knows when + # the other side has gone down. + # Ping every 10 seconds, assume that remote + # peer is down if no ping received during + # a 120 second time period. + option keepalive "10 120" + + # For extra security beyond that provided + # by SSL/TLS, create an "HMAC firewall" + # to help block DoS attacks and UDP port flooding. + # + # Generate with: + # openvpn --genkey --secret ta.key + # + # The server and each client must have + # a copy of this key. + # The second parameter should be '0' + # on the server and '1' on the clients. + # This file is secret: +# option tls_auth "/etc/openvpn/ta.key 0" + + # Select a cryptographic cipher. + # This config item must be copied to + # the client config file as well. + # Blowfish (default): +# option cipher BF-CBC + # AES: +# option cipher AES-128-CBC + # Triple-DES: +# option cipher DES-EDE3-CBC + + # Enable compression on the VPN link. + # If you enable it here, you must also + # enable it in the client config file. + # LZ4 requires OpenVPN 2.4+ client and server +# option compress lz4 + # LZO is compatible with most OpenVPN versions + # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients) + option compress lzo + + # The maximum number of concurrently connected + # clients we want to allow. +# option max_clients 100 + + # The persist options will try to avoid + # accessing certain resources on restart + # that may no longer be accessible because + # of the privilege downgrade. + option persist_key 1 + option persist_tun 1 + option user nobody + + # Output a short status file showing + # current connections, truncated + # and rewritten every minute. + option status /tmp/openvpn-status.log + + # By default, log messages will go to the syslog (or + # on Windows, if running as a service, they will go to + # the "\Program Files\OpenVPN\log" directory). + # Use log or log-append to override this default. + # "log" will truncate the log file on OpenVPN startup, + # while "log-append" will append to it. Use one + # or the other (but not both). +# option log /tmp/openvpn.log +# option log_append /tmp/openvpn.log + + # Set the appropriate level of log + # file verbosity. + # + # 0 is silent, except for fatal errors + # 4 is reasonable for general usage + # 5 and 6 can help to debug connection problems + # 9 is extremely verbose + option verb 3 + + # Silence repeating messages. At most 20 + # sequential messages of the same message + # category will be output to the log. +# option mute 20 + + +############################################## +# Sample client-side OpenVPN 2.0 uci config # +# for connecting to multi-client server. # +############################################## + +config openvpn sample_client + + # Set to 1 to enable this instance: + option enabled 0 + + # Specify that we are a client and that we + # will be pulling certain config file directives + # from the server. + option client 1 + + # Use the same setting as you are using on + # the server. + # On most systems, the VPN will not function + # unless you partially or fully disable + # the firewall for the TUN/TAP interface. +# option dev tap + option dev tun + + # Are we connecting to a TCP or + # UDP server? Use the same setting as + # on the server. +# option proto tcp + option proto udp + + # The hostname/IP and port of the server. + # You can have multiple remote entries + # to load balance between the servers. + list remote "my_server_1 1194" +# list remote "my_server_2 1194" + + # Choose a random host from the remote + # list for load_balancing. Otherwise + # try hosts in the order specified. +# option remote_random 1 + + # Keep trying indefinitely to resolve the + # host name of the OpenVPN server. Very useful + # on machines which are not permanently connected + # to the internet such as laptops. + option resolv_retry infinite + + # Most clients don't need to bind to + # a specific local port number. + option nobind 1 + + # Try to preserve some state across restarts. + option persist_key 1 + option persist_tun 1 + option user nobody + + # If you are connecting through an + # HTTP proxy to reach the actual OpenVPN + # server, put the proxy server/IP and + # port number here. See the man page + # if your proxy server requires + # authentication. + # retry on connection failures: +# option http_proxy_retry 1 + # specify http proxy address and port: +# option http_proxy "192.168.1.100 8080" + + # Wireless networks often produce a lot + # of duplicate packets. Set this flag + # to silence duplicate packet warnings. +# option mute_replay_warnings 1 + + # SSL/TLS parms. + # See the server config file for more + # description. It's best to use + # a separate .crt/.key file pair + # for each client. A single ca + # file can be used for all clients. + option ca /etc/openvpn/ca.crt + option cert /etc/openvpn/client.crt + option key /etc/openvpn/client.key + + # Verify server certificate by checking + # that the certicate has the nsCertType + # field set to "server". This is an + # important precaution to protect against + # a potential attack discussed here: + # http://openvpn.net/howto.html#mitm + # + # To use this feature, you will need to generate + # your server certificates with the nsCertType + # field set to "server". The build_key_server + # script in the easy_rsa folder will do this. +# option ns_cert_type server + + # If a tls_auth key is used on the server + # then every client must also have the key. +# option tls_auth "/etc/openvpn/ta.key 1" + + # Select a cryptographic cipher. + # If the cipher option is used on the server + # then you must also specify it here. +# option cipher x + + # Enable compression on the VPN link. + # Don't enable this unless it is also + # enabled in the server config file. + # LZ4 requires OpenVPN 2.4+ on server and client +# option compress lz4 + # LZO is compatible with most OpenVPN versions + option compress lzo + + # Set log file verbosity. + option verb 3 + + # Silence repeating messages +# option mute 20 diff --git a/device-config/2/etc/config/qos b/device-config/2/etc/config/qos new file mode 100644 index 0000000..44e988a --- /dev/null +++ b/device-config/2/etc/config/qos @@ -0,0 +1,68 @@ +# QoS configuration for OpenWrt + +# INTERFACES: +config interface wan + option classgroup "Default" + option enabled 0 + option upload 128 + option download 1024 + +# RULES: +config classify + option target "Priority" + option ports "22,53" + option comment "ssh, dns" +config classify + option target "Normal" + option proto "tcp" + option ports "20,21,25,80,110,443,993,995" + option comment "ftp, smtp, http(s), imap" +config classify + option target "Express" + option ports "5190" + option comment "AOL, iChat, ICQ" +config default + option target "Express" + option proto "udp" + option pktsize "-500" +config reclassify + option target "Priority" + option proto "icmp" +config default + option target "Bulk" + option portrange "1024-65535" + + +# Don't change the stuff below unless you +# really know what it means :) + +config classgroup "Default" + option classes "Priority Express Normal Bulk" + option default "Normal" + + +config class "Priority" + option packetsize 400 + option avgrate 10 + option priority 20 +config class "Priority_down" + option packetsize 1000 + option avgrate 10 + + +config class "Express" + option packetsize 1000 + option avgrate 50 + option priority 10 + +config class "Normal" + option packetsize 1500 + option packetdelay 100 + option avgrate 10 + option priority 5 +config class "Normal_down" + option avgrate 20 + +config class "Bulk" + option avgrate 1 + option packetdelay 200 diff --git a/device-config/2/etc/config/rpcd b/device-config/2/etc/config/rpcd new file mode 100644 index 0000000..499ea27 --- /dev/null +++ b/device-config/2/etc/config/rpcd @@ -0,0 +1,7 @@ + +config login + option username 'root' + option password '$p$root' + list read '*' + list write '*' + diff --git a/device-config/2/etc/config/samba b/device-config/2/etc/config/samba new file mode 100644 index 0000000..6457e43 --- /dev/null +++ b/device-config/2/etc/config/samba @@ -0,0 +1,7 @@ + +config samba + option workgroup 'WORKGROUP' + option homes '1' + option name 'GL-AR300M' + option description 'GL-AR300M-c6b' + diff --git a/device-config/2/etc/config/shadowsocks b/device-config/2/etc/config/shadowsocks new file mode 100644 index 0000000..a8e392d --- /dev/null +++ b/device-config/2/etc/config/shadowsocks @@ -0,0 +1,30 @@ + +config general + option startup_delay '0' + +config transparent_proxy + list main_server 'nil' + option udp_relay_server 'nil' + option local_port '1234' + +config socks5_proxy + list server 'nil' + option local_port '1080' + +config port_forward + list server 'nil' + option local_port '5300' + option destination '8.8.4.4:53' + +config servers + option alias 'sample' + option fast_open '0' + option no_delay '0' + option server '127.0.0.1' + option server_port '8388' + option timeout '60' + option password 'barfoo!' + option encrypt_method 'rc4-md5' + +config access_control + option self_proxy '1' diff --git a/device-config/2/etc/config/system b/device-config/2/etc/config/system new file mode 100644 index 0000000..d2e40fc --- /dev/null +++ b/device-config/2/etc/config/system @@ -0,0 +1,35 @@ + +config system + option ttylogin '0' + option log_size '64' + option urandom_seed '0' + option zonename 'UTC' + option timezone 'GMT0' + option log_proto 'udp' + option conloglevel '8' + option cronloglevel '8' + option hostname 'VPN360' + +config timeserver 'ntp' + option enabled '1' + list server '0.openwrt.pool.ntp.org' + list server '1.openwrt.pool.ntp.org' + list server '2.openwrt.pool.ntp.org' + list server '3.openwrt.pool.ntp.org' + +config led + option trigger 'netdev' + option dev 'br-lan' + option mode 'link' + option name 'WAN' + option sysfs 'gl-ar300m:green:lan' + option default '0' + +config led + option name 'VPN' + option trigger 'netdev' + option dev 'br-VPN360' + option mode 'link' + option sysfs 'gl-ar300m:green:wlan' + option default '0' + diff --git a/device-config/2/etc/config/system1 b/device-config/2/etc/config/system1 new file mode 100755 index 0000000..c68ee1d --- /dev/null +++ b/device-config/2/etc/config/system1 @@ -0,0 +1,13 @@ + +config system + option hostname 'GL-AR150' + option conloglevel '8' + option cronloglevel '8' + option zonename 'Asia/Shanghai' + option timezone 'CST-8' + +config timeserver 'ntp' + list server '0.openwrt.pool.ntp.org' + list server '1.openwrt.pool.ntp.org' + list server '2.openwrt.pool.ntp.org' + list server '3.openwrt.pool.ntp.org' diff --git a/device-config/2/etc/config/ubootenv b/device-config/2/etc/config/ubootenv new file mode 100644 index 0000000..3bef92c --- /dev/null +++ b/device-config/2/etc/config/ubootenv @@ -0,0 +1,7 @@ + +config ubootenv + option dev '/dev/mtd1' + option offset '0x0' + option envsize '0x10000' + option secsize '0x10000' + diff --git a/device-config/2/etc/config/ucitrack b/device-config/2/etc/config/ucitrack new file mode 100644 index 0000000..0387d7b --- /dev/null +++ b/device-config/2/etc/config/ucitrack @@ -0,0 +1,61 @@ + +config network + option init 'network' + list affects 'dhcp' + list affects 'radvd' + +config wireless + list affects 'network' + +config firewall + option init 'firewall' + list affects 'luci-splash' + list affects 'qos' + list affects 'miniupnpd' + +config olsr + option init 'olsrd' + +config dhcp + option init 'dnsmasq' + list affects 'odhcpd' + +config odhcpd + option init 'odhcpd' + +config dropbear + option init 'dropbear' + +config httpd + option init 'httpd' + +config fstab + option exec '/sbin/block mount' + +config qos + option init 'qos' + +config system + option init 'led' + option exec '/etc/init.d/log reload' + list affects 'luci_statistics' + list affects 'dhcp' + +config luci_splash + option init 'luci_splash' + +config upnpd + option init 'miniupnpd' + +config ntpclient + option init 'ntpclient' + +config samba + option init 'samba' + +config tinyproxy + option init 'tinyproxy' + +config mwan3 + option init 'mwan3' + diff --git a/device-config/2/etc/config/uhttpd b/device-config/2/etc/config/uhttpd new file mode 100644 index 0000000..7c6410e --- /dev/null +++ b/device-config/2/etc/config/uhttpd @@ -0,0 +1,30 @@ + +config uhttpd 'main' + list listen_http '0.0.0.0:80' + list listen_http '[::]:80' + list listen_https '0.0.0.0:443' + list listen_https '[::]:443' + option redirect_https '1' + option home '/www' + option rfc1918_filter '1' + option max_requests '3' + option max_connections '100' + option cert '/etc/uhttpd.crt' + option key '/etc/uhttpd.key' + option cgi_prefix '/cgi-bin' + option lua_prefix '/luci' + option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua' + option script_timeout '60' + option network_timeout '30' + option http_keepalive '20' + option tcp_keepalive '1' + option ubus_prefix '/ubus' + +config cert 'defaults' + option days '730' + option bits '2048' + option country 'ZZ' + option state 'Somewhere' + option location 'Unknown' + option commonname 'OpenWrt' + diff --git a/device-config/2/etc/config/unbound b/device-config/2/etc/config/unbound new file mode 100644 index 0000000..2509921 --- /dev/null +++ b/device-config/2/etc/config/unbound @@ -0,0 +1,3 @@ +config unbound + option enable '0' + option manual_conf '1' diff --git a/device-config/2/etc/config/upnpd b/device-config/2/etc/config/upnpd new file mode 100644 index 0000000..35f6b61 --- /dev/null +++ b/device-config/2/etc/config/upnpd @@ -0,0 +1,27 @@ + +config upnpd 'config' + option secure_mode '1' + option log_output '0' + option download '1024' + option upload '512' + option internal_iface 'lan' + option port '5000' + option upnp_lease_file '/var/upnp.leases' + option uuid 'dddee5fa-fc97-466b-809d-491c4b9a8adc' + option enable_upnp '0' + option enable_natpmp '0' + +config perm_rule + option action 'allow' + option ext_ports '1-65535' + option int_addr '0.0.0.0/0' + option int_ports '1-65535' + option comment 'Allow ports' + +config perm_rule + option action 'deny' + option ext_ports '0-65535' + option int_addr '0.0.0.0/0' + option int_ports '0-65535' + option comment 'Default deny' + diff --git a/device-config/2/etc/config/vpn_service b/device-config/2/etc/config/vpn_service new file mode 100755 index 0000000..8cbc68a --- /dev/null +++ b/device-config/2/etc/config/vpn_service @@ -0,0 +1,14 @@ +config general 'global' + option enable '0' + +config service 'vpn' + option auth 'SHA1' + option proto 'udp' + option port '1194' + option dev 'tun-SERVER' + option dev_type 'tun' + option cipher 'BF-CBC' + option comp 'adaptive' + option subnet '10.8.0.0' + option mask '255.255.255.0' + option host '127.0.0.1' diff --git a/device-config/2/etc/config/wireless b/device-config/2/etc/config/wireless new file mode 100644 index 0000000..1037b50 --- /dev/null +++ b/device-config/2/etc/config/wireless @@ -0,0 +1,39 @@ +config wifi-device 'radio0' + option type 'mac80211' + option channel '36' + option hwmode '11a' + option path 'pci0000:00/0000:00:00.0' + option htmode 'VHT80' + option doth '0' + option txpower '20' + option band '5G' + option disabled '0' + option country 'US' + +config wifi-iface 'default_radio0' + option device 'radio0' + option network 'VPN360' + option mode 'ap' + option encryption 'none' + option ifname 'wlan0' + option ssid '$SSID' + +config wifi-device 'radio1' + option type 'mac80211' + option path 'platform/qca953x_wmac' + option hwmode '11ng' + option channel '6' + option htmode 'HT40+' + option noscan '1' + option txpower '20' + +config wifi-iface 'default_radio1' + option device 'radio1' + option network 'VPN360' + option mode 'ap' + option ssid '$SSID-2.4' + option encryption 'none' + option wds '1' + option ifname 'wlan1' + option disabled '1' + diff --git a/device-config/2/etc/dropbear/authorized_keys b/device-config/2/etc/dropbear/authorized_keys new file mode 100644 index 0000000..e69de29 diff --git a/device-config/2/etc/dropbear/dropbear_dss_host_key b/device-config/2/etc/dropbear/dropbear_dss_host_key new file mode 100644 index 0000000..d9fbf2d Binary files /dev/null and b/device-config/2/etc/dropbear/dropbear_dss_host_key differ diff --git a/device-config/2/etc/dropbear/dropbear_rsa_host_key b/device-config/2/etc/dropbear/dropbear_rsa_host_key new file mode 100644 index 0000000..9c96aa9 Binary files /dev/null and b/device-config/2/etc/dropbear/dropbear_rsa_host_key differ diff --git a/device-config/2/etc/firewall.user b/device-config/2/etc/firewall.user new file mode 100644 index 0000000..509687e --- /dev/null +++ b/device-config/2/etc/firewall.user @@ -0,0 +1,11 @@ + +force_dns() { + # lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p') + lanip=$(uci get network.lan.ipaddr) + iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip + iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip +} +force=$(uci get glconfig.general.force_dns) +if [ -n "$force" ]; then + force_dns +fi diff --git a/device-config/2/etc/fw_env.config b/device-config/2/etc/fw_env.config new file mode 100644 index 0000000..244ad98 --- /dev/null +++ b/device-config/2/etc/fw_env.config @@ -0,0 +1 @@ +/dev/mtd1 0x0 0x10000 0x10000 diff --git a/device-config/2/etc/group b/device-config/2/etc/group new file mode 100644 index 0000000..29ede86 --- /dev/null +++ b/device-config/2/etc/group @@ -0,0 +1,13 @@ +root:x:0: +daemon:x:1: +adm:x:4: +tty:x:5: +mail:x:8: +audio:x:29: +www-data:x:33: +ftp:x:55: +users:x:100: +network:x:101: +nogroup:x:65534: +dnsmasq:x:453:dnsmasq +unbound:x:553:unbound diff --git a/device-config/2/etc/inittab b/device-config/2/etc/inittab new file mode 100644 index 0000000..b944a93 --- /dev/null +++ b/device-config/2/etc/inittab @@ -0,0 +1,4 @@ +::sysinit:/etc/init.d/rcS S boot +::shutdown:/etc/init.d/rcS K shutdown +::askconsole:/usr/libexec/login.sh +tty1::askfirst:/usr/libexec/login.sh diff --git a/device-config/2/etc/lighttpd/lighttpd.conf b/device-config/2/etc/lighttpd/lighttpd.conf new file mode 100644 index 0000000..acac638 --- /dev/null +++ b/device-config/2/etc/lighttpd/lighttpd.conf @@ -0,0 +1,30 @@ +server.document-root = "/www" +server.upload-dirs = ( "/tmp" ) +server.errorlog = "/var/log/lighttpd/error.log" +server.pid-file = "/var/run/lighttpd.pid" +server.username = "http" +server.groupname = "www-data" + +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm", + ) + +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +### Options that are useful but not always necessary: +#server.chroot = "/" +server.port = 81 +server.bind = "localhost" +#server.tag = "lighttpd" +#server.errorlog-use-syslog = "enable" +#server.network-backend = "writev" + +### Use IPv6 if available +#include_shell "/usr/share/lighttpd/use-ipv6.pl" + +#dir-listing.encoding = "utf-8" +#server.dir-listing = "enable" + +include "/etc/lighttpd/mime.conf" +include "/etc/lighttpd/conf.d/*.conf" + diff --git a/device-config/2/etc/luci-uploads/.placeholder b/device-config/2/etc/luci-uploads/.placeholder new file mode 100644 index 0000000..e69de29 diff --git a/device-config/2/etc/opkg.conf b/device-config/2/etc/opkg.conf new file mode 100644 index 0000000..bd8505f --- /dev/null +++ b/device-config/2/etc/opkg.conf @@ -0,0 +1,4 @@ +dest root / +dest ram /tmp +lists_dir ext /var/opkg-lists +option overlay_root /overlay \ No newline at end of file diff --git a/device-config/2/etc/opkg/customfeeds.conf b/device-config/2/etc/opkg/customfeeds.conf new file mode 100644 index 0000000..0519ecb --- /dev/null +++ b/device-config/2/etc/opkg/customfeeds.conf @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/device-config/2/etc/opkg/keys/1035ac73cc4e59e3 b/device-config/2/etc/opkg/keys/1035ac73cc4e59e3 new file mode 100644 index 0000000..e8ce435 --- /dev/null +++ b/device-config/2/etc/opkg/keys/1035ac73cc4e59e3 @@ -0,0 +1,2 @@ +untrusted comment: OpenWrt 18.06 public key +RWQQNaxzzE5Z41cVmEh2rilAPKLsyfPKm+S4BJWA1Yv+LP1hKebmGtXi diff --git a/device-config/2/etc/opkg/keys/5151f69420c3f508 b/device-config/2/etc/opkg/keys/5151f69420c3f508 new file mode 100644 index 0000000..d4cd777 --- /dev/null +++ b/device-config/2/etc/opkg/keys/5151f69420c3f508 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Hans Dedecker +RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX diff --git a/device-config/2/etc/opkg/keys/53bad1233d4c98c5 b/device-config/2/etc/opkg/keys/53bad1233d4c98c5 new file mode 100644 index 0000000..e49bd7d --- /dev/null +++ b/device-config/2/etc/opkg/keys/53bad1233d4c98c5 @@ -0,0 +1,2 @@ +untrusted comment: openwrt.org 15.05 release key +RWRTutEjPUyYxcuFKuF19hS8WfHi09AkVhK33KMQPri/dFG9PhEzDtMH diff --git a/device-config/2/etc/opkg/keys/6549bc466575035e b/device-config/2/etc/opkg/keys/6549bc466575035e new file mode 100644 index 0000000..2f17e42 --- /dev/null +++ b/device-config/2/etc/opkg/keys/6549bc466575035e @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWRlSbxGZXUDXkGTGW4c1UX2NT71KDIe1xDzkH40PzgMQ9h2Jk0a+KSU diff --git a/device-config/2/etc/opkg/keys/72a57f2191b211e0 b/device-config/2/etc/opkg/keys/72a57f2191b211e0 new file mode 100644 index 0000000..1719816 --- /dev/null +++ b/device-config/2/etc/opkg/keys/72a57f2191b211e0 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Jo-Philipp Wich +RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL diff --git a/device-config/2/etc/opkg/keys/792d9d9b39f180dc b/device-config/2/etc/opkg/keys/792d9d9b39f180dc new file mode 100644 index 0000000..9044a0e --- /dev/null +++ b/device-config/2/etc/opkg/keys/792d9d9b39f180dc @@ -0,0 +1,2 @@ +untrusted comment: LEDE 17.01 "Reboot" public key +RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo diff --git a/device-config/2/etc/opkg/keys/7d75c2e892e71b62 b/device-config/2/etc/opkg/keys/7d75c2e892e71b62 new file mode 100644 index 0000000..76395b7 --- /dev/null +++ b/device-config/2/etc/opkg/keys/7d75c2e892e71b62 @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS diff --git a/device-config/2/etc/opkg/keys/9ef4694208102c43 b/device-config/2/etc/opkg/keys/9ef4694208102c43 new file mode 100644 index 0000000..c4df7b6 --- /dev/null +++ b/device-config/2/etc/opkg/keys/9ef4694208102c43 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Álvaro Fernández Rojas +RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2 diff --git a/device-config/2/etc/opkg/keys/9f9024096bd6e280 b/device-config/2/etc/opkg/keys/9f9024096bd6e280 new file mode 100644 index 0000000..86bb45f --- /dev/null +++ b/device-config/2/etc/opkg/keys/9f9024096bd6e280 @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWSfkCQJa9bigD3Hp7zlN1LFyRXqfjYr4JR9+BNfGWhbz8PfveH7PXzV diff --git a/device-config/2/etc/opkg/keys/b26f36ae0f4106d b/device-config/2/etc/opkg/keys/b26f36ae0f4106d new file mode 100644 index 0000000..8d408eb --- /dev/null +++ b/device-config/2/etc/opkg/keys/b26f36ae0f4106d @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Stijn Tintel +RWQLJvNq4PQQbSGZ05Az9jXSt/xlw/IfWc6USiB2FHEUoWL7QpMibzv6 diff --git a/device-config/2/etc/opkg/keys/b5043e70f9a75cde b/device-config/2/etc/opkg/keys/b5043e70f9a75cde new file mode 100644 index 0000000..bcbd9db --- /dev/null +++ b/device-config/2/etc/opkg/keys/b5043e70f9a75cde @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key for unattended build jobs +RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+ diff --git a/device-config/2/etc/opkg/keys/c10b9afab19ee428 b/device-config/2/etc/opkg/keys/c10b9afab19ee428 new file mode 100644 index 0000000..ee925b4 --- /dev/null +++ b/device-config/2/etc/opkg/keys/c10b9afab19ee428 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Alexander Couzens +RWTBC5r6sZ7kKA/C5VnxUbJw5E0vy3MGo3MP2eXCQlgg65+2si4MKBnf diff --git a/device-config/2/etc/opkg/keys/c6a400ef64d077fc b/device-config/2/etc/opkg/keys/c6a400ef64d077fc new file mode 100644 index 0000000..103edeb --- /dev/null +++ b/device-config/2/etc/opkg/keys/c6a400ef64d077fc @@ -0,0 +1,2 @@ +untrusted comment: Local build key +RWTGpADvZNB3/MmWOxQ9IAjQm7wLDoQiY6zyIIfMVs8JaYVkNKt7LQPL diff --git a/device-config/2/etc/opkg/keys/dace9d4df16896bf b/device-config/2/etc/opkg/keys/dace9d4df16896bf new file mode 100644 index 0000000..543d569 --- /dev/null +++ b/device-config/2/etc/opkg/keys/dace9d4df16896bf @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of Ted Hess +RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ diff --git a/device-config/2/etc/opkg/keys/dd6de0d06bbd3d85 b/device-config/2/etc/opkg/keys/dd6de0d06bbd3d85 new file mode 100644 index 0000000..3c21dcd --- /dev/null +++ b/device-config/2/etc/opkg/keys/dd6de0d06bbd3d85 @@ -0,0 +1,2 @@ +untrusted comment: LEDE usign key of John Crispin +RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp diff --git a/device-config/2/etc/opkg/keys/de98a2dd1d0f8a07 b/device-config/2/etc/opkg/keys/de98a2dd1d0f8a07 new file mode 100644 index 0000000..5e3088c --- /dev/null +++ b/device-config/2/etc/opkg/keys/de98a2dd1d0f8a07 @@ -0,0 +1,2 @@ +untrusted comment: openwrt.org 15.05 release key +RWTemKLdHQ+KBxOILy8gyk+5PaDVdfyJ32TFnY/jnQOrBAd1wobbLNYz diff --git a/device-config/2/etc/passwd b/device-config/2/etc/passwd new file mode 100644 index 0000000..aa8a0f1 --- /dev/null +++ b/device-config/2/etc/passwd @@ -0,0 +1,8 @@ +root:x:0:0:root:/root:/bin/ash +daemon:*:1:1:daemon:/var:/bin/false +ftp:*:55:55:ftp:/home/ftp:/bin/false +network:*:101:101:network:/var:/bin/false +nobody:*:65534:65534:nobody:/var:/bin/false +dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false +unbound:x:553:553:unbound:/var/run/unbound:/bin/false +http:x:65536:65536:http:/var/run/http:/bin/false diff --git a/device-config/2/etc/profile b/device-config/2/etc/profile new file mode 100644 index 0000000..cfbba05 --- /dev/null +++ b/device-config/2/etc/profile @@ -0,0 +1,55 @@ +#!/bin/sh +[ -e /tmp/.failsafe ] && export FAILSAFE=1 + +[ -f /etc/banner ] && cat /etc/banner +[ -n "$FAILSAFE" ] && cat /etc/banner.failsafe + +fgrep -sq '/ overlay ro,' /proc/mounts && { + echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.' + echo 'Please try to remove files from /overlay/upper/... and reboot!' +} + +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" +export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6) +export HOME=${HOME:-/root} +export PS1='\u@\h:\w\$ ' + +[ "$TERM" = "xterm" ] && export PS1='\[\e]0;\u@\h: \w\a\]'$PS1 + +[ -x /bin/more ] || alias more=less +[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi + +alias ll='ls -alF --color=auto' + +[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc + +[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; } +[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; } + +[ -n "$FAILSAFE" ] || { + for FILE in /etc/profile.d/*.sh; do + [ -e "$FILE" ] && . "$FILE" + done + unset FILE +} + +if ( grep -qs '^root::' /etc/shadow && \ + [ -z "$FAILSAFE" ] ) +then +cat << EOF +=== WARNING! ===================================== +There is no root password defined on this device! +Use the "passwd" command to set up a new password +in order to prevent unauthorized SSH logins. +-------------------------------------------------- +EOF +fi + +service() { + [ -f "/etc/init.d/$1" ] || { + echo "service "'"'"$1"'"'" not found, the following services are available:" + ls "/etc/init.d" + return 1 + } + /etc/init.d/$@ +} diff --git a/device-config/2/etc/rc.button/failsafe b/device-config/2/etc/rc.button/failsafe new file mode 100755 index 0000000..ba958fa --- /dev/null +++ b/device-config/2/etc/rc.button/failsafe @@ -0,0 +1,5 @@ +#!/bin/sh + +[ "${TYPE}" = "switch" ] || echo ${BUTTON} > /tmp/failsafe_button + +return 0 diff --git a/device-config/2/etc/rc.button/power b/device-config/2/etc/rc.button/power new file mode 100755 index 0000000..c245744 --- /dev/null +++ b/device-config/2/etc/rc.button/power @@ -0,0 +1,7 @@ +#!/bin/sh + +[ "${ACTION}" = "released" ] || exit 0 + +exec /sbin/poweroff + +return 0 diff --git a/device-config/2/etc/rc.button/reset b/device-config/2/etc/rc.button/reset new file mode 100755 index 0000000..76e7939 --- /dev/null +++ b/device-config/2/etc/rc.button/reset @@ -0,0 +1,34 @@ +#!/bin/sh + +. /lib/functions.sh + +OVERLAY="$( grep ' /overlay ' /proc/mounts )" + +case "$ACTION" in +pressed) + [ -z "$OVERLAY" ] && return 0 + + return 5 +;; +timeout) + # . /etc/diag.sh + # set_state failsafe + echo "REBOOT" > /dev/console + sync + reboot +;; +released) + if [ "$SEEN" -lt 1 ] + then + echo "PING" > /dev/console + ping -c4 10.8.0.1 + elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ] + then + echo "REBOOT" > /dev/console + sync + reboot + fi +;; +esac + +return 0 diff --git a/device-config/2/etc/rc.button/rfkill b/device-config/2/etc/rc.button/rfkill new file mode 100755 index 0000000..fbdda40 --- /dev/null +++ b/device-config/2/etc/rc.button/rfkill @@ -0,0 +1,32 @@ +#!/bin/sh + +[ "${ACTION}" = "released" -o -n "${TYPE}" ] || exit 0 + +. /lib/functions.sh + +rfkill_state=0 + +wifi_rfkill_set() { + uci set wireless.$1.disabled=$rfkill_state +} + +wifi_rfkill_check() { + local disabled + config_get disabled $1 disabled + [ "$disabled" = "1" ] || rfkill_state=1 +} + +config_load wireless +case "${TYPE}" in +"switch") + [ "${ACTION}" = "released" ] && rfkill_state=1 + ;; +*) + config_foreach wifi_rfkill_check wifi-device + ;; +esac +config_foreach wifi_rfkill_set wifi-device +uci commit wireless +wifi up + +return 0 diff --git a/device-config/2/etc/rc.local b/device-config/2/etc/rc.local new file mode 100644 index 0000000..9004078 --- /dev/null +++ b/device-config/2/etc/rc.local @@ -0,0 +1,6 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +/bin/heartbeat & + +exit 0 diff --git a/device-config/2/etc/services b/device-config/2/etc/services new file mode 100644 index 0000000..a12853e --- /dev/null +++ b/device-config/2/etc/services @@ -0,0 +1,171 @@ +echo 7/tcp +echo 7/udp +discard 9/tcp +discard 9/udp +daytime 13/tcp +daytime 13/udp +netstat 15/tcp +chargen 19/tcp +chargen 19/udp +ftp-data 20/tcp +ftp 21/tcp +ssh 22/tcp +ssh 22/udp +telnet 23/tcp +smtp 25/tcp +time 37/tcp +time 37/udp +whois 43/tcp +domain 53/tcp +domain 53/udp +bootps 67/tcp +bootps 67/udp +bootpc 68/tcp +bootpc 68/udp +tftp 69/udp +finger 79/tcp +www 80/tcp http +kerberos 88/tcp kerberos5 krb5 kerberos-sec +kerberos 88/udp kerberos5 krb5 kerberos-sec +pop3 110/tcp +pop3 110/udp +sunrpc 111/tcp +sunrpc 111/udp +auth 113/tcp ident +sftp 115/tcp +nntp 119/tcp +ntp 123/tcp +ntp 123/udp +netbios-ns 137/tcp +netbios-ns 137/udp +netbios-dgm 138/tcp +netbios-dgm 138/udp +netbios-ssn 139/tcp +netbios-ssn 139/udp +imap2 143/tcp imap +imap2 143/udp imap +snmp 161/tcp +snmp 161/udp +snmp-trap 162/tcp snmptrap +snmp-trap 162/udp snmptrap +xdmcp 177/tcp +xdmcp 177/udp +bgp 179/tcp +bgp 179/udp +imap3 220/tcp +imap3 220/udp +ldap 389/tcp +ldap 389/udp +https 443/tcp +https 443/udp +microsoft-ds 445/tcp +microsoft-ds 445/udp +isakmp 500/tcp +isakmp 500/udp +rtsp 554/tcp +rtsp 554/udp +ipp 631/tcp +ipp 631/udp +syslog 514/udp +printer 515/tcp spooler +dhcpv6-client 546/tcp +dhcpv6-client 546/udp +dhcpv6-server 547/tcp +dhcpv6-server 547/udp +afpovertcp 548/tcp +afpovertcp 548/udp +nntps 563/tcp snntp +nntps 563/udp snntp +ldaps 636/tcp +ldaps 636/udp +tinc 655/tcp +tinc 655/udp +rsync 873/tcp +rsync 873/udp +ftps-data 989/tcp +ftps 990/tcp +imaps 993/tcp +imaps 993/udp +ircs 994/tcp +ircs 994/udp +pop3s 995/tcp +pop3s 995/udp +socks 1080/tcp +socks 1080/udp +openvpn 1194/tcp +openvpn 1194/udp +l2f 1701/tcp l2tp +l2f 1701/udp l2tp +radius 1812/tcp +radius 1812/udp +radius-acct 1813/tcp radacct +radius-acct 1813/udp radacct +nfs 2049/tcp +nfs 2049/udp +dict 2628/tcp +dict 2628/udp +gpsd 2947/tcp +gpsd 2947/udp +icpv2 3130/tcp icp +icpv2 3130/udp icp +mysql 3306/tcp +mysql 3306/udp +nut 3493/tcp +nut 3493/udp +distcc 3632/tcp +distcc 3632/udp +daap 3689/tcp +daap 3689/udp +svn 3690/tcp subversion +svn 3690/udp subversion +epmd 4369/tcp +epmd 4369/udp +iax 4569/tcp +iax 4569/udp +mtn 4691/tcp +mtn 4691/udp +munin 4949/tcp +sip 5060/tcp +sip 5060/udp +sip-tls 5061/tcp +sip-tls 5061/udp +xmpp-client 5222/tcp jabber-client +xmpp-client 5222/udp jabber-client +xmpp-server 5269/tcp jabber-server +xmpp-server 5269/udp jabber-server +mdns 5353/tcp +mdns 5353/udp +postgresql 5432/tcp postgres +postgresql 5432/udp postgres +x11 6000/tcp +x11 6000/udp +mysql-proxy 6446/tcp +mysql-proxy 6446/udp +bacula-dir 9101/tcp +bacula-dir 9101/udp +bacula-fd 9102/tcp +bacula-fd 9102/udp +bacula-sd 9103/tcp +bacula-sd 9103/udp +nbd 10809/tcp +zabbix-agent 10050/tcp +zabbix-agent 10050/udp +zabbix-trapper 10051/tcp +zabbix-trapper 10051/udp +hkp 11371/tcp +hkp 11371/udp +ssmtp 465/tcp smtps +spamd 783/tcp +zebrasrv 2600/tcp +zebra 2601/tcp +ripd 2602/tcp +ripngd 2603/tcp +ospfd 2604/tcp +bgpd 2605/tcp +ospf6d 2606/tcp +ospfapi 2607/tcp +isisd 2608/tcp +sane-port 6566/tcp sane saned +ircd 6667/tcp +git 9418/tcp + diff --git a/device-config/2/etc/shadow b/device-config/2/etc/shadow new file mode 100644 index 0000000..e60c86a --- /dev/null +++ b/device-config/2/etc/shadow @@ -0,0 +1,8 @@ +root:$PASSWORD:17851:0:99999:7::: +daemon:*:0:0:99999:7::: +ftp:*:0:0:99999:7::: +network:*:0:0:99999:7::: +nobody:*:0:0:99999:7::: +dnsmasq:x:0:0:99999:7::: +unbound:x:0:0:99999:7::: +http:x:0:0:99999:7::: diff --git a/device-config/2/etc/shells b/device-config/2/etc/shells new file mode 100644 index 0000000..006aa38 --- /dev/null +++ b/device-config/2/etc/shells @@ -0,0 +1 @@ +/bin/ash diff --git a/device-config/2/etc/sysctl.conf b/device-config/2/etc/sysctl.conf new file mode 100644 index 0000000..ae04212 --- /dev/null +++ b/device-config/2/etc/sysctl.conf @@ -0,0 +1 @@ +# Defaults are configured in /etc/sysctl.d/* and can be customized in this file diff --git a/device-config/2/etc/sysupgrade.conf b/device-config/2/etc/sysupgrade.conf new file mode 100644 index 0000000..42f882b --- /dev/null +++ b/device-config/2/etc/sysupgrade.conf @@ -0,0 +1,9 @@ +## This file contains files and directories that should +## be preserved during an upgrade. + +# /etc/example.conf +# /etc/openvpn/ + +/etc/openvpn/ +/etc/rc.button/ +/bin/heartbeat \ No newline at end of file