Re-add device config files because why not

.gitignore

@@ -2,5 +2,4 @@ db.sqlite3
 __pycache__
 *.pyc
 static/static_root
-device-config
 imagebuilder

device-config/1/bin/heartbeat

@@ -0,0 +1,59 @@
+ipaddr(){
+ if="${1:-br-VPN360}"
+ result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
+ /usr/bin/printf %s "${result}"
+}
+
+stopwifi(){
+  /sbin/uci set wireless.radio1.disabled=1                                                                                         
+  /sbin/uci commit    
+}
+
+startwifi(){
+  /sbin/uci set wireless.radio1.disabled=0                                                                                                                                       
+  /sbin/uci commit                                                                                                                                                               
+  /sbin/wifi 
+}
+
+restartwifi(){
+  stopwifi
+  startwifi
+}
+
+. /etc/vpnsecret
+
+/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
+
+/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
+/sbin/uci commit
+stopwifi
+
+/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
+
+/bin/sleep 60
+
+if [ $(ipaddr) ]
+ then
+  startwifi
+  while [ True ]
+   do
+    sleep 10
+    if [ $(ipaddr) ]
+     then
+      /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
+    fi
+  done
+ else
+  /sbin/uci set wireless.@wifi-iface[0].network="DHCP"
+  /sbin/uci commit
+  startwifi
+  /sbin/ip a add 192.168.36.1/24 dev br-DHCP
+  /sbin/ifconfig br-DHCP down
+  /sbin/ifconfig br-DHCP up
+  while [ True ]
+   do                          
+    sleep 10                                            
+    /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
+  done   
+fi
+

device-config/1/etc/config/chinadns

@@ -0,0 +1,7 @@
+
+config chinadns
+	option enable '0'
+	option bidirectional '0'
+	option chnroute '/etc/chinadns_chnroute.txt'
+	option port '5353'
+	option server '114.114.114.114,8.8.4.4'

device-config/1/etc/config/dhcp

@@ -0,0 +1,43 @@
+
+config dnsmasq
+	option domainneeded '1'
+	option boguspriv '1'
+	option filterwin2k '0'
+	option localise_queries '1'
+	option rebind_protection '1'
+	option rebind_localhost '1'
+	option local '/lan/'
+	option domain 'lan'
+	option expandhosts '1'
+	option nonegcache '0'
+	option authoritative '1'
+	option readethers '1'
+	option leasefile '/tmp/dhcp.leases'
+	option resolvfile '/tmp/resolv.conf.auto'
+	option nonwildcard '1'
+	option localservice '1'
+
+config dhcp 'lan'
+	option interface 'lan'
+	option start '100'
+	option limit '150'
+	option leasetime '12h'
+	option dhcpv6 'server'
+	option ra 'server'
+
+config dhcp 'wan'
+	option interface 'wan'
+	option ignore '1'
+
+config odhcpd 'odhcpd'
+	option maindhcp '0'
+	option leasefile '/tmp/hosts/odhcpd'
+	option leasetrigger '/usr/sbin/odhcpd-update'
+	option loglevel '4'
+
+config dhcp 'DHCP'
+	option start '100'
+	option leasetime '12h'
+	option limit '150'
+	option interface 'DHCP'
+

device-config/1/etc/config/dns-forwarder

@@ -0,0 +1,6 @@
+
+config dns-forwarder
+	option enable '0'
+	option listen_addr '0.0.0.0'
+	option listen_port '5300'
+	option dns_servers '8.8.8.8'

device-config/1/etc/config/dropbear

@@ -0,0 +1,5 @@
+
+config dropbear
+	option PasswordAuth 'on'
+	option Port '22'
+

device-config/1/etc/config/firewall

@@ -0,0 +1,15 @@
+
+config defaults
+	option syn_flood '1'
+	option input 'ACCEPT'
+	option output 'ACCEPT'
+	option forward 'ACCEPT'
+
+config include
+	option path '/etc/firewall.user'
+
+config include 'mwan3'
+	option type 'script'
+	option path '/var/etc/mwan3.include'
+	option reload '1'
+

device-config/1/etc/config/glconfig

@@ -0,0 +1,32 @@
+
+config service 'general'
+	option model 'ar150'
+	option port '83'
+	option language 'en'
+	option password '0073d12f67d604710231c0b780341795c6a9ae9c4a53364fbe3d9171367d5fb5'
+	option code_needed '0'
+
+config service 'ddns'
+	option enabled '1'
+	option lastip '80.110.109.118'
+	option updatetime 'Thu Nov 15 10:08:14 GMT 2018'
+
+config service 'download'
+
+config service 'adblock'
+	option enable '0'
+
+config service 'autoupdate'
+	option time '04:00'
+	option enable '0'
+
+config service 'samba'
+	option read_only 'yes'
+
+config service 'openvpn'
+	option enable '0'
+	option force '0'
+
+config service 'repeater'
+	option autoconnect '1'
+

device-config/1/etc/config/luci

@@ -0,0 +1,55 @@
+
+config core 'main'
+	option lang 'auto'
+	option mediaurlbase '/luci-static/bootstrap'
+	option resourcebase '/luci-static/resources'
+
+config extern 'flash_keep'
+	option uci '/etc/config/'
+	option dropbear '/etc/dropbear/'
+	option openvpn '/etc/openvpn/'
+	option passwd '/etc/passwd'
+	option opkg '/etc/opkg.conf'
+	option firewall '/etc/firewall.user'
+	option uploads '/lib/uci/upload/'
+
+config internal 'languages'
+	option en 'English'
+	option zh_cn '中文 (Chinese)'
+
+config internal 'sauth'
+	option sessionpath '/tmp/luci-sessions'
+	option sessiontime '3600'
+
+config internal 'ccache'
+	option enable '1'
+
+config internal 'themes'
+	option Bootstrap '/luci-static/bootstrap'
+
+config internal 'apply'
+	option rollback '30'
+	option holdoff '4'
+	option timeout '5'
+	option display '1.5'
+
+config internal 'diag'
+	option dns 'openwrt.org'
+	option ping 'openwrt.org'
+	option route 'openwrt.org'
+
+config ifstate
+	option interface 'lan'
+	option ifname 'eth0 radio0.network1'
+	option bridge 'true'
+
+config ifstate
+	option interface 'VPN360'
+	option ifname 'radio0.network1'
+	option bridge 'true'
+
+config ifstate
+	option interface 'DHCP'
+	option ifname 'tap0 radio1.network1'
+	option bridge 'true'
+

device-config/1/etc/config/mjpg-streamer

@@ -0,0 +1,10 @@
+config mjpg-streamer core
+        option enabled          "1"
+        option input			'uvc'
+        option output 			'http'
+        option device           "/dev/video0"
+        option resolution       "640x480"
+        option fps              "15"
+        option www              "/www/webcam"
+        option port             "8083"
+		option yuv				"0"

device-config/1/etc/config/mwan3

@@ -0,0 +1,82 @@
+config interface 'wan'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config interface 'wwan'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config interface 'tethering'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config interface 'modem'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config member 'wan_only'
+	option interface 'wan'
+	option metric '1'
+	option weight '3'
+
+config member 'wwan_only'
+	option interface 'wwan'
+	option metric '2'
+	option weight '3'
+
+config member 'tethering_only'
+	option interface 'tethering'
+	option metric '3'
+	option weight '3'
+
+config member 'modem_only'
+	option interface 'modem'
+	option metric '4'
+	option weight '3'
+
+config policy 'default_poli'
+	list use_member 'wan_only'
+	list use_member 'wwan_only'
+	list use_member 'tethering_only'
+	list use_member 'modem_only'
+	option last_resort 'default'
+
+config rule 'default_rule'
+	option dest_ip '0.0.0.0/0'
+	option use_policy 'default_poli'

device-config/1/etc/config/network

@@ -0,0 +1,32 @@
+
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config globals 'globals'
+	option ula_prefix 'fd1b:3702:99a7::/48'
+
+config interface 'lan'
+	option type 'bridge'
+	option ipaddr '192.168.1.1'
+	option netmask '255.255.255.0'
+	option ip6assign '60'
+	option proto 'dhcp'
+	option ifname 'eth0'
+
+config interface 'VPN360'
+	option type 'bridge'
+	option proto 'dhcp'
+	option broadcast '1'
+	option force_link '1'
+	option ifname 'tap0'
+
+config interface 'DHCP'
+	option type 'bridge'
+	option proto 'static'
+	option ipaddr '192.168.36.1'
+	option netmask '255.255.255.0'
+	option ifname 'lo'
+

device-config/1/etc/config/openvpn

@@ -0,0 +1,5 @@
+
+config openvpn 'vpn360'
+	option enabled '0'
+	option config '/etc/openvpn/client.conf'
+

device-config/1/etc/config/openvpn-opkg

@@ -0,0 +1,407 @@
+package openvpn
+
+#################################################
+# Sample to include a custom config file.       #
+#################################################
+
+config openvpn custom_config
+
+	# Set to 1 to enable this instance:
+	option enabled 0
+
+	# Include OpenVPN configuration
+	option config /etc/openvpn/my-vpn.conf
+
+
+#################################################
+# Sample OpenVPN 2.0 uci config for             #
+# multi-client server.                          #
+#################################################
+
+config openvpn sample_server
+
+	# Set to 1 to enable this instance:
+	option enabled 0
+
+	# Which local IP address should OpenVPN
+	# listen on? (optional)
+#	option local 0.0.0.0
+
+	# Which TCP/UDP port should OpenVPN listen on?
+	# If you want to run multiple OpenVPN instances
+	# on the same machine, use a different port
+	# number for each one.  You will need to
+	# open up this port on your firewall.
+	option port 1194
+
+	# TCP or UDP server?
+#	option proto tcp
+	option proto udp
+
+	# "dev tun" will create a routed IP tunnel,
+	# "dev tap" will create an ethernet tunnel.
+	# Use "dev tap0" if you are ethernet bridging
+	# and have precreated a tap0 virtual interface
+	# and bridged it with your ethernet interface.
+	# If you want to control access policies
+	# over the VPN, you must create firewall
+	# rules for the the TUN/TAP interface.
+	# On non-Windows systems, you can give
+	# an explicit unit number, such as tun0.
+	# On Windows, use "dev-node" for this.
+	# On most systems, the VPN will not function
+	# unless you partially or fully disable
+	# the firewall for the TUN/TAP interface.
+#	option dev tap
+	option dev tun
+
+	# SSL/TLS root certificate (ca), certificate
+	# (cert), and private key (key).  Each client
+	# and the server must have their own cert and
+	# key file.  The server and all clients will
+	# use the same ca file.
+	#
+	# See the "easy-rsa" directory for a series
+	# of scripts for generating RSA certificates
+	# and private keys.  Remember to use
+	# a unique Common Name for the server
+	# and each of the client certificates.
+	#
+	# Any X509 key management system can be used.
+	# OpenVPN can also use a PKCS #12 formatted key file
+	# (see "pkcs12" directive in man page).
+	option ca /etc/openvpn/ca.crt
+	option cert /etc/openvpn/server.crt
+	# This file should be kept secret:
+	option key /etc/openvpn/server.key
+
+	# Diffie hellman parameters.
+	# Generate your own with:
+	#   openssl dhparam -out dh1024.pem 1024
+	# Substitute 2048 for 1024 if you are using
+	# 2048 bit keys.
+	option dh /etc/openvpn/dh1024.pem
+
+	# Configure server mode and supply a VPN subnet
+	# for OpenVPN to draw client addresses from.
+	# The server will take 10.8.0.1 for itself,
+	# the rest will be made available to clients.
+	# Each client will be able to reach the server
+	# on 10.8.0.1. Comment this line out if you are
+	# ethernet bridging. See the man page for more info.
+	option server "10.8.0.0 255.255.255.0"
+
+	# Maintain a record of client <-> virtual IP address
+	# associations in this file.  If OpenVPN goes down or
+	# is restarted, reconnecting clients can be assigned
+	# the same virtual IP address from the pool that was
+	# previously assigned.
+	option ifconfig_pool_persist /tmp/ipp.txt
+
+	# Configure server mode for ethernet bridging.
+	# You must first use your OS's bridging capability
+	# to bridge the TAP interface with the ethernet
+	# NIC interface.  Then you must manually set the
+	# IP/netmask on the bridge interface, here we
+	# assume 10.8.0.4/255.255.255.0.  Finally we
+	# must set aside an IP range in this subnet
+	# (start=10.8.0.50 end=10.8.0.100) to allocate
+	# to connecting clients.  Leave this line commented
+	# out unless you are ethernet bridging.
+#	option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100"
+
+	# Push routes to the client to allow it
+	# to reach other private subnets behind
+	# the server.  Remember that these
+	# private subnets will also need
+	# to know to route the OpenVPN client
+	# address pool (10.8.0.0/255.255.255.0)
+	# back to the OpenVPN server.
+#	list push "route 192.168.10.0 255.255.255.0"
+#	list push "route 192.168.20.0 255.255.255.0"
+
+	# To assign specific IP addresses to specific
+	# clients or if a connecting client has a private
+	# subnet behind it that should also have VPN access,
+	# use the subdirectory "ccd" for client-specific
+	# configuration files (see man page for more info).
+
+	# EXAMPLE: Suppose the client
+	# having the certificate common name "Thelonious"
+	# also has a small subnet behind his connecting
+	# machine, such as 192.168.40.128/255.255.255.248.
+	# First, uncomment out these lines:
+#	option client_config_dir /etc/openvpn/ccd
+#	list route "192.168.40.128 255.255.255.248"
+	# Then create a file ccd/Thelonious with this line:
+	#   iroute 192.168.40.128 255.255.255.248
+	# This will allow Thelonious' private subnet to
+	# access the VPN.  This example will only work
+	# if you are routing, not bridging, i.e. you are
+	# using "dev tun" and "server" directives.
+
+	# EXAMPLE: Suppose you want to give
+	# Thelonious a fixed VPN IP address of 10.9.0.1.
+	# First uncomment out these lines:
+#	option client_config_dir /etc/openvpn/ccd
+#	list route "10.9.0.0 255.255.255.252"
+#	list route "192.168.100.0 255.255.255.0"
+	# Then add this line to ccd/Thelonious:
+	#   ifconfig-push "10.9.0.1 10.9.0.2"
+
+	# Suppose that you want to enable different
+	# firewall access policies for different groups
+	# of clients.  There are two methods:
+	# (1) Run multiple OpenVPN daemons, one for each
+	#     group, and firewall the TUN/TAP interface
+	#     for each group/daemon appropriately.
+	# (2) (Advanced) Create a script to dynamically
+	#     modify the firewall in response to access
+	#     from different clients.  See man
+	#     page for more info on learn-address script.
+#	option learn_address /etc/openvpn/script
+
+	# If enabled, this directive will configure
+	# all clients to redirect their default
+	# network gateway through the VPN, causing
+	# all IP traffic such as web browsing and
+	# and DNS lookups to go through the VPN
+	# (The OpenVPN server machine may need to NAT
+	# the TUN/TAP interface to the internet in
+	# order for this to work properly).
+	# CAVEAT: May break client's network config if
+	# client's local DHCP server packets get routed
+	# through the tunnel.  Solution: make sure
+	# client's local DHCP server is reachable via
+	# a more specific route than the default route
+	# of 0.0.0.0/0.0.0.0.
+#	list push "redirect-gateway"
+
+	# Certain Windows-specific network settings
+	# can be pushed to clients, such as DNS
+	# or WINS server addresses.  CAVEAT:
+	# http://openvpn.net/faq.html#dhcpcaveats
+#	list push "dhcp-option DNS 10.8.0.1"
+#	list push "dhcp-option WINS 10.8.0.1"
+
+	# Uncomment this directive to allow different
+	# clients to be able to "see" each other.
+	# By default, clients will only see the server.
+	# To force clients to only see the server, you
+	# will also need to appropriately firewall the
+	# server's TUN/TAP interface.
+#	option client_to_client 1
+
+	# Uncomment this directive if multiple clients
+	# might connect with the same certificate/key
+	# files or common names.  This is recommended
+	# only for testing purposes.  For production use,
+	# each client should have its own certificate/key
+	# pair.
+	#
+	# IF YOU HAVE NOT GENERATED INDIVIDUAL
+	# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+	# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+	# UNCOMMENT THIS LINE OUT.
+#	option duplicate_cn 1
+
+	# The keepalive directive causes ping-like
+	# messages to be sent back and forth over
+	# the link so that each side knows when
+	# the other side has gone down.
+	# Ping every 10 seconds, assume that remote
+	# peer is down if no ping received during
+	# a 120 second time period.
+	option keepalive "10 120"
+
+	# For extra security beyond that provided
+	# by SSL/TLS, create an "HMAC firewall"
+	# to help block DoS attacks and UDP port flooding.
+	#
+	# Generate with:
+	#   openvpn --genkey --secret ta.key
+	#
+	# The server and each client must have
+	# a copy of this key.
+	# The second parameter should be '0'
+	# on the server and '1' on the clients.
+	# This file is secret:
+#	option tls_auth "/etc/openvpn/ta.key 0"
+
+	# Select a cryptographic cipher.
+	# This config item must be copied to
+	# the client config file as well.
+	# Blowfish (default):
+#	option cipher BF-CBC
+	# AES:
+#	option cipher AES-128-CBC
+	# Triple-DES:
+#	option cipher DES-EDE3-CBC
+
+	# Enable compression on the VPN link.
+	# If you enable it here, you must also
+	# enable it in the client config file.
+	# LZ4 requires OpenVPN 2.4+ client and server
+#	option compress lz4
+	# LZO is compatible with most OpenVPN versions
+	# (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients)
+	option compress lzo
+
+	# The maximum number of concurrently connected
+	# clients we want to allow.
+#	option max_clients 100
+
+	# The persist options will try to avoid
+	# accessing certain resources on restart
+	# that may no longer be accessible because
+	# of the privilege downgrade.
+	option persist_key 1
+	option persist_tun 1
+	option user nobody
+
+	# Output a short status file showing
+	# current connections, truncated
+	# and rewritten every minute.
+	option status /tmp/openvpn-status.log
+
+	# By default, log messages will go to the syslog (or
+	# on Windows, if running as a service, they will go to
+	# the "\Program Files\OpenVPN\log" directory).
+	# Use log or log-append to override this default.
+	# "log" will truncate the log file on OpenVPN startup,
+	# while "log-append" will append to it.  Use one
+	# or the other (but not both).
+#	option log         /tmp/openvpn.log
+#	option log_append  /tmp/openvpn.log
+
+	# Set the appropriate level of log
+	# file verbosity.
+	#
+	# 0 is silent, except for fatal errors
+	# 4 is reasonable for general usage
+	# 5 and 6 can help to debug connection problems
+	# 9 is extremely verbose
+	option verb 3
+
+	# Silence repeating messages.  At most 20
+	# sequential messages of the same message
+	# category will be output to the log.
+#	option mute 20
+
+
+##############################################
+# Sample client-side OpenVPN 2.0 uci config  #
+# for connecting to multi-client server.     #
+##############################################
+
+config openvpn sample_client
+
+	# Set to 1 to enable this instance:
+	option enabled 0
+
+	# Specify that we are a client and that we
+	# will be pulling certain config file directives
+	# from the server.
+	option client 1
+
+	# Use the same setting as you are using on
+	# the server.
+	# On most systems, the VPN will not function
+	# unless you partially or fully disable
+	# the firewall for the TUN/TAP interface.
+#	option dev tap
+	option dev tun
+
+	# Are we connecting to a TCP or
+	# UDP server?  Use the same setting as
+	# on the server.
+#	option proto tcp
+	option proto udp
+
+	# The hostname/IP and port of the server.
+	# You can have multiple remote entries
+	# to load balance between the servers.
+	list remote "my_server_1 1194"
+#	list remote "my_server_2 1194"
+
+	# Choose a random host from the remote
+	# list for load_balancing.  Otherwise
+	# try hosts in the order specified.
+#	option remote_random 1
+
+	# Keep trying indefinitely to resolve the
+	# host name of the OpenVPN server.  Very useful
+	# on machines which are not permanently connected
+	# to the internet such as laptops.
+	option resolv_retry infinite
+
+	# Most clients don't need to bind to
+	# a specific local port number.
+	option nobind 1
+
+	# Try to preserve some state across restarts.
+	option persist_key 1
+	option persist_tun 1
+	option user nobody
+
+	# If you are connecting through an
+	# HTTP proxy to reach the actual OpenVPN
+	# server, put the proxy server/IP and
+	# port number here.  See the man page
+	# if your proxy server requires
+	# authentication.
+	# retry on connection failures:
+#	option http_proxy_retry 1
+	# specify http proxy address and port:
+#	option http_proxy "192.168.1.100 8080"
+
+	# Wireless networks often produce a lot
+	# of duplicate packets.  Set this flag
+	# to silence duplicate packet warnings.
+#	option mute_replay_warnings 1
+
+	# SSL/TLS parms.
+	# See the server config file for more
+	# description.  It's best to use
+	# a separate .crt/.key file pair
+	# for each client.  A single ca
+	# file can be used for all clients.
+	option ca /etc/openvpn/ca.crt
+	option cert /etc/openvpn/client.crt
+	option key /etc/openvpn/client.key
+
+	# Verify server certificate by checking
+	# that the certicate has the nsCertType
+	# field set to "server".  This is an
+	# important precaution to protect against
+	# a potential attack discussed here:
+	#  http://openvpn.net/howto.html#mitm
+	#
+	# To use this feature, you will need to generate
+	# your server certificates with the nsCertType
+	# field set to "server".  The build_key_server
+	# script in the easy_rsa folder will do this.
+#	option ns_cert_type server
+
+	# If a tls_auth key is used on the server
+	# then every client must also have the key.
+#	option tls_auth "/etc/openvpn/ta.key 1"
+
+	# Select a cryptographic cipher.
+	# If the cipher option is used on the server
+	# then you must also specify it here.
+#	option cipher x
+
+	# Enable compression on the VPN link.
+	# Don't enable this unless it is also
+	# enabled in the server config file.
+	# LZ4 requires OpenVPN 2.4+ on server and client
+#	option compress lz4
+	# LZO is compatible with most OpenVPN versions
+	option compress lzo
+
+	# Set log file verbosity.
+	option verb 3
+
+	# Silence repeating messages
+#	option mute 20

device-config/1/etc/config/qos

@@ -0,0 +1,68 @@
+# QoS configuration for OpenWrt
+
+# INTERFACES:
+config interface wan
+	option classgroup  "Default"
+	option enabled      0
+	option upload       128
+	option download     1024
+
+# RULES:
+config classify
+	option target       "Priority"
+	option ports        "22,53"
+	option comment      "ssh, dns"
+config classify
+	option target       "Normal"
+	option proto        "tcp"
+	option ports        "20,21,25,80,110,443,993,995"
+	option comment      "ftp, smtp, http(s), imap"
+config classify
+	option target       "Express"
+	option ports        "5190"
+	option comment      "AOL, iChat, ICQ"
+config default
+	option target       "Express"
+	option proto        "udp"
+	option pktsize      "-500"
+config reclassify
+	option target       "Priority"
+	option proto        "icmp"
+config default
+	option target       "Bulk"
+	option portrange    "1024-65535"
+
+
+# Don't change the stuff below unless you
+# really know what it means :)
+
+config classgroup "Default"
+	option classes      "Priority Express Normal Bulk"
+	option default      "Normal"
+
+
+config class "Priority"
+	option packetsize  400
+	option avgrate     10
+	option priority    20
+config class "Priority_down"
+	option packetsize  1000
+	option avgrate     10
+
+
+config class "Express"
+	option packetsize  1000
+	option avgrate     50
+	option priority    10
+
+config class "Normal"
+	option packetsize  1500
+	option packetdelay 100
+	option avgrate     10
+	option priority    5
+config class "Normal_down"
+	option avgrate     20
+
+config class "Bulk"
+	option avgrate     1
+	option packetdelay 200

device-config/1/etc/config/rpcd

@@ -0,0 +1,7 @@
+
+config login
+	option username 'root'
+	option password '$p$root'
+	list read '*'
+	list write '*'
+

device-config/1/etc/config/samba

@@ -0,0 +1,7 @@
+
+config samba
+	option workgroup 'WORKGROUP'
+	option homes '1'
+	option name 'GL-AR300M'
+	option description 'GL-AR300M-c6b'
+

device-config/1/etc/config/shadowsocks

@@ -0,0 +1,30 @@
+
+config general
+	option startup_delay '0'
+
+config transparent_proxy
+	list main_server 'nil'
+	option udp_relay_server 'nil'
+	option local_port '1234'
+
+config socks5_proxy
+	list server 'nil'
+	option local_port '1080'
+
+config port_forward
+	list server 'nil'
+	option local_port '5300'
+	option destination '8.8.4.4:53'
+
+config servers
+	option alias 'sample'
+	option fast_open '0'
+	option no_delay '0'
+	option server '127.0.0.1'
+	option server_port '8388'
+	option timeout '60'
+	option password 'barfoo!'
+	option encrypt_method 'rc4-md5'
+
+config access_control
+	option self_proxy '1'

device-config/1/etc/config/system

@@ -0,0 +1,35 @@
+
+config system
+	option ttylogin '0'
+	option log_size '64'
+	option urandom_seed '0'
+	option zonename 'UTC'
+	option timezone 'GMT0'
+	option log_proto 'udp'
+	option conloglevel '8'
+	option cronloglevel '8'
+	option hostname 'VPN360'
+
+config timeserver 'ntp'
+	option enabled '1'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'
+
+config led
+	option trigger 'netdev'
+	option dev 'br-lan'
+	option mode 'link'
+	option name 'WAN'
+	option sysfs 'gl-ar300m:green:lan'
+	option default '0'
+
+config led
+	option name 'VPN'
+	option trigger 'netdev'
+	option dev 'br-VPN360'
+	option mode 'link'
+	option sysfs 'gl-ar300m:green:wlan'
+	option default '0'
+

device-config/1/etc/config/system1

@@ -0,0 +1,13 @@
+
+config system
+	option hostname 'GL-AR150'
+	option conloglevel '8'
+	option cronloglevel '8'
+	option zonename 'Asia/Shanghai'
+	option timezone 'CST-8'
+
+config timeserver 'ntp'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'

device-config/1/etc/config/ubootenv

@@ -0,0 +1,7 @@
+
+config ubootenv
+	option dev '/dev/mtd1'
+	option offset '0x0'
+	option envsize '0x10000'
+	option secsize '0x10000'
+

device-config/1/etc/config/ucitrack

@@ -0,0 +1,61 @@
+
+config network
+	option init 'network'
+	list affects 'dhcp'
+	list affects 'radvd'
+
+config wireless
+	list affects 'network'
+
+config firewall
+	option init 'firewall'
+	list affects 'luci-splash'
+	list affects 'qos'
+	list affects 'miniupnpd'
+
+config olsr
+	option init 'olsrd'
+
+config dhcp
+	option init 'dnsmasq'
+	list affects 'odhcpd'
+
+config odhcpd
+	option init 'odhcpd'
+
+config dropbear
+	option init 'dropbear'
+
+config httpd
+	option init 'httpd'
+
+config fstab
+	option exec '/sbin/block mount'
+
+config qos
+	option init 'qos'
+
+config system
+	option init 'led'
+	option exec '/etc/init.d/log reload'
+	list affects 'luci_statistics'
+	list affects 'dhcp'
+
+config luci_splash
+	option init 'luci_splash'
+
+config upnpd
+	option init 'miniupnpd'
+
+config ntpclient
+	option init 'ntpclient'
+
+config samba
+	option init 'samba'
+
+config tinyproxy
+	option init 'tinyproxy'
+
+config mwan3
+	option init 'mwan3'
+

device-config/1/etc/config/uhttpd

@@ -0,0 +1,30 @@
+
+config uhttpd 'main'
+	list listen_http '0.0.0.0:80'
+	list listen_http '[::]:80'
+	list listen_https '0.0.0.0:443'
+	list listen_https '[::]:443'
+	option redirect_https '1'
+	option home '/www'
+	option rfc1918_filter '1'
+	option max_requests '3'
+	option max_connections '100'
+	option cert '/etc/uhttpd.crt'
+	option key '/etc/uhttpd.key'
+	option cgi_prefix '/cgi-bin'
+	option lua_prefix '/luci'
+	option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua'
+	option script_timeout '60'
+	option network_timeout '30'
+	option http_keepalive '20'
+	option tcp_keepalive '1'
+	option ubus_prefix '/ubus'
+
+config cert 'defaults'
+	option days '730'
+	option bits '2048'
+	option country 'ZZ'
+	option state 'Somewhere'
+	option location 'Unknown'
+	option commonname 'OpenWrt'
+

device-config/1/etc/config/unbound

@@ -0,0 +1,3 @@
+config unbound
+	option enable '0'
+	option manual_conf '1'

device-config/1/etc/config/upnpd

@@ -0,0 +1,27 @@
+
+config upnpd 'config'
+	option secure_mode '1'
+	option log_output '0'
+	option download '1024'
+	option upload '512'
+	option internal_iface 'lan'
+	option port '5000'
+	option upnp_lease_file '/var/upnp.leases'
+	option uuid 'dddee5fa-fc97-466b-809d-491c4b9a8adc'
+	option enable_upnp '0'
+	option enable_natpmp '0'
+
+config perm_rule
+	option action 'allow'
+	option ext_ports '1-65535'
+	option int_addr '0.0.0.0/0'
+	option int_ports '1-65535'
+	option comment 'Allow ports'
+
+config perm_rule
+	option action 'deny'
+	option ext_ports '0-65535'
+	option int_addr '0.0.0.0/0'
+	option int_ports '0-65535'
+	option comment 'Default deny'
+

device-config/1/etc/config/vpn_service

@@ -0,0 +1,14 @@
+config general 'global'
+	option enable '0'
+
+config service 'vpn'
+	option auth 'SHA1'
+	option proto 'udp'
+	option port '1194'
+	option dev 'tun-SERVER'
+	option dev_type 'tun'
+	option cipher 'BF-CBC'
+	option comp 'adaptive'
+	option subnet '10.8.0.0'
+	option mask '255.255.255.0'
+	option host '127.0.0.1'

device-config/1/etc/config/wireless

@@ -0,0 +1,30 @@
+
+config wifi-device 'radio0'
+	option type 'mac80211'
+	option channel '11'
+	option hwmode '11g'
+	option path 'platform/soc/20980000.usb/usb1/1-1/1-1.5/1-1.5:1.0'
+	option htmode 'HT20'
+	option country '00'
+	option legacy_rates '1'
+	option __toggle 'Enable'
+
+config wifi-device 'radio1'
+	option type 'mac80211'
+	option channel '11'
+	option hwmode '11g'
+	option path 'platform/qca953x_wmac'
+	option htmode 'HT20'
+	option txpower '22'
+	option country 'US'
+	option legacy_rates '1'
+	option enabled '1'
+	option disabled '0'
+
+config wifi-iface
+	option device 'radio1'
+	option mode 'ap'
+	option encryption 'none'
+	option ssid '$SSID'
+	option network 'VPN360'
+

device-config/1/etc/firewall.user

@@ -0,0 +1,11 @@
+
+force_dns() {
+	# lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p')
+	lanip=$(uci get network.lan.ipaddr)
+    iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
+    iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
+}
+force=$(uci get glconfig.general.force_dns)
+if [ -n "$force" ]; then
+    force_dns
+fi

device-config/1/etc/fw_env.config

@@ -0,0 +1 @@
+/dev/mtd1 0x0 0x10000 0x10000 

device-config/1/etc/group

@@ -0,0 +1,13 @@
+root:x:0:
+daemon:x:1:
+adm:x:4:
+tty:x:5:
+mail:x:8:
+audio:x:29:
+www-data:x:33:
+ftp:x:55:
+users:x:100:
+network:x:101:
+nogroup:x:65534:
+dnsmasq:x:453:dnsmasq
+unbound:x:553:unbound

device-config/1/etc/inittab

@@ -0,0 +1,4 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+::askconsole:/usr/libexec/login.sh
+tty1::askfirst:/usr/libexec/login.sh

device-config/1/etc/lighttpd/lighttpd.conf

@@ -0,0 +1,30 @@
+server.document-root        = "/www"
+server.upload-dirs          = ( "/tmp" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "http"
+server.groupname            = "www-data"
+
+index-file.names            = ( "index.php", "index.html",
+                                "index.htm", "default.htm",
+                              )
+
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+### Options that are useful but not always necessary:
+#server.chroot               = "/"
+server.port                 = 81 
+server.bind                 = "localhost" 
+#server.tag                  = "lighttpd"
+#server.errorlog-use-syslog  = "enable"
+#server.network-backend      = "writev"
+
+### Use IPv6 if available
+#include_shell "/usr/share/lighttpd/use-ipv6.pl"
+
+#dir-listing.encoding        = "utf-8"
+#server.dir-listing          = "enable"
+
+include "/etc/lighttpd/mime.conf"
+include "/etc/lighttpd/conf.d/*.conf"
+

device-config/1/etc/opkg.conf

@@ -0,0 +1,4 @@
+dest root /
+dest ram /tmp
+lists_dir ext /var/opkg-lists
+option overlay_root /overlay

device-config/1/etc/opkg/customfeeds.conf

@@ -0,0 +1 @@
+ 

device-config/1/etc/opkg/keys/1035ac73cc4e59e3

@@ -0,0 +1,2 @@
+untrusted comment: OpenWrt 18.06 public key
+RWQQNaxzzE5Z41cVmEh2rilAPKLsyfPKm+S4BJWA1Yv+LP1hKebmGtXi

device-config/1/etc/opkg/keys/5151f69420c3f508

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of Hans Dedecker
+RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX

device-config/1/etc/opkg/keys/53bad1233d4c98c5

@@ -0,0 +1,2 @@
+untrusted comment: openwrt.org 15.05 release key
+RWRTutEjPUyYxcuFKuF19hS8WfHi09AkVhK33KMQPri/dFG9PhEzDtMH

device-config/1/etc/opkg/keys/6549bc466575035e

@@ -0,0 +1,2 @@
+untrusted comment: Local build key
+RWRlSbxGZXUDXkGTGW4c1UX2NT71KDIe1xDzkH40PzgMQ9h2Jk0a+KSU

device-config/1/etc/opkg/keys/72a57f2191b211e0

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of Jo-Philipp Wich
+RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL

device-config/1/etc/opkg/keys/792d9d9b39f180dc

@@ -0,0 +1,2 @@
+untrusted comment: LEDE 17.01 "Reboot" public key
+RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo

device-config/1/etc/opkg/keys/7d75c2e892e71b62

@@ -0,0 +1,2 @@
+untrusted comment: Local build key
+RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS

device-config/1/etc/opkg/keys/9ef4694208102c43

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of Álvaro Fernández Rojas
+RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2

device-config/1/etc/opkg/keys/9f9024096bd6e280

@@ -0,0 +1,2 @@
+untrusted comment: Local build key
+RWSfkCQJa9bigD3Hp7zlN1LFyRXqfjYr4JR9+BNfGWhbz8PfveH7PXzV

device-config/1/etc/opkg/keys/b26f36ae0f4106d

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of Stijn Tintel
+RWQLJvNq4PQQbSGZ05Az9jXSt/xlw/IfWc6USiB2FHEUoWL7QpMibzv6

device-config/1/etc/opkg/keys/b5043e70f9a75cde

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key for unattended build jobs
+RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+

device-config/1/etc/opkg/keys/c10b9afab19ee428

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of Alexander Couzens
+RWTBC5r6sZ7kKA/C5VnxUbJw5E0vy3MGo3MP2eXCQlgg65+2si4MKBnf

device-config/1/etc/opkg/keys/c6a400ef64d077fc

@@ -0,0 +1,2 @@
+untrusted comment: Local build key
+RWTGpADvZNB3/MmWOxQ9IAjQm7wLDoQiY6zyIIfMVs8JaYVkNKt7LQPL

device-config/1/etc/opkg/keys/dace9d4df16896bf

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of Ted Hess
+RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ

device-config/1/etc/opkg/keys/dd6de0d06bbd3d85

@@ -0,0 +1,2 @@
+untrusted comment: LEDE usign key of John Crispin
+RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp

device-config/1/etc/opkg/keys/de98a2dd1d0f8a07

@@ -0,0 +1,2 @@
+untrusted comment: openwrt.org 15.05 release key
+RWTemKLdHQ+KBxOILy8gyk+5PaDVdfyJ32TFnY/jnQOrBAd1wobbLNYz

device-config/1/etc/passwd

@@ -0,0 +1,8 @@
+root:x:0:0:root:/root:/bin/ash
+daemon:*:1:1:daemon:/var:/bin/false
+ftp:*:55:55:ftp:/home/ftp:/bin/false
+network:*:101:101:network:/var:/bin/false
+nobody:*:65534:65534:nobody:/var:/bin/false
+dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
+unbound:x:553:553:unbound:/var/run/unbound:/bin/false
+http:x:65536:65536:http:/var/run/http:/bin/false

device-config/1/etc/profile

@@ -0,0 +1,55 @@
+#!/bin/sh
+[ -e /tmp/.failsafe ] && export FAILSAFE=1
+
+[ -f /etc/banner ] && cat /etc/banner
+[ -n "$FAILSAFE" ] && cat /etc/banner.failsafe
+
+fgrep -sq '/ overlay ro,' /proc/mounts && {
+	echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.'
+	echo 'Please try to remove files from /overlay/upper/... and reboot!'
+}
+
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
+export HOME=${HOME:-/root}
+export PS1='\u@\h:\w\$ '
+
+[ "$TERM" = "xterm" ] && export PS1='\[\e]0;\u@\h: \w\a\]'$PS1
+
+[ -x /bin/more ] || alias more=less
+[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
+
+alias ll='ls -alF --color=auto'
+
+[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
+
+[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; }
+[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
+
+[ -n "$FAILSAFE" ] || {
+	for FILE in /etc/profile.d/*.sh; do
+		[ -e "$FILE" ] && . "$FILE"
+	done
+	unset FILE
+}
+
+if ( grep -qs '^root::' /etc/shadow && \
+     [ -z "$FAILSAFE" ] )
+then
+cat << EOF
+=== WARNING! =====================================
+There is no root password defined on this device!
+Use the "passwd" command to set up a new password
+in order to prevent unauthorized SSH logins.
+--------------------------------------------------
+EOF
+fi
+
+service() {
+	[ -f "/etc/init.d/$1" ] || {
+		echo "service "'"'"$1"'"'" not found, the following services are available:"
+		ls "/etc/init.d"
+		return 1
+	}
+	/etc/init.d/$@
+}

device-config/1/etc/rc.button/failsafe

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+[ "${TYPE}" = "switch" ] || echo ${BUTTON} > /tmp/failsafe_button
+
+return 0

device-config/1/etc/rc.button/power

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+[ "${ACTION}" = "released" ] || exit 0
+
+exec /sbin/poweroff
+
+return 0

device-config/1/etc/rc.button/reset

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+OVERLAY="$( grep ' /overlay ' /proc/mounts )"
+
+case "$ACTION" in
+pressed)
+	[ -z "$OVERLAY" ] && return 0
+
+	return 5
+;;
+timeout)
+	# . /etc/diag.sh
+	# set_state failsafe
+                echo "REBOOT" > /dev/console   
+                sync                           
+                reboot 
+;;
+released)
+	if [ "$SEEN" -lt 1 ]
+	then
+		echo "PING" > /dev/console
+		ping -c4 10.8.0.1
+	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+	then
+                echo "REBOOT" > /dev/console
+                sync                        
+                reboot     
+	fi
+;;
+esac
+
+return 0

device-config/1/etc/rc.button/rfkill

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+[ "${ACTION}" = "released" -o -n "${TYPE}" ] || exit 0
+
+. /lib/functions.sh
+
+rfkill_state=0
+
+wifi_rfkill_set() {
+	uci set wireless.$1.disabled=$rfkill_state
+}
+
+wifi_rfkill_check() {
+	local disabled
+	config_get disabled $1 disabled
+	[ "$disabled" = "1" ] || rfkill_state=1
+}
+
+config_load wireless
+case "${TYPE}" in
+"switch")
+	[ "${ACTION}" = "released" ] && rfkill_state=1
+	;;
+*)
+	config_foreach wifi_rfkill_check wifi-device
+	;;
+esac
+config_foreach wifi_rfkill_set wifi-device
+uci commit wireless
+wifi up
+
+return 0

device-config/1/etc/rc.local

@@ -0,0 +1,6 @@
+# Put your custom commands here that should be executed once
+# the system init finished. By default this file does nothing.
+
+/bin/heartbeat &
+
+exit 0

device-config/1/etc/services

@@ -0,0 +1,171 @@
+echo		7/tcp
+echo		7/udp
+discard		9/tcp
+discard		9/udp
+daytime		13/tcp
+daytime		13/udp
+netstat		15/tcp
+chargen		19/tcp
+chargen		19/udp
+ftp-data	20/tcp
+ftp		21/tcp
+ssh		22/tcp
+ssh		22/udp
+telnet		23/tcp
+smtp		25/tcp
+time		37/tcp
+time		37/udp
+whois		43/tcp
+domain		53/tcp
+domain		53/udp
+bootps		67/tcp
+bootps		67/udp
+bootpc		68/tcp
+bootpc		68/udp
+tftp		69/udp
+finger		79/tcp
+www		80/tcp		http
+kerberos	88/tcp		kerberos5 krb5 kerberos-sec
+kerberos	88/udp		kerberos5 krb5 kerberos-sec
+pop3		110/tcp
+pop3		110/udp
+sunrpc		111/tcp
+sunrpc		111/udp
+auth		113/tcp		ident
+sftp		115/tcp
+nntp		119/tcp
+ntp		123/tcp
+ntp		123/udp
+netbios-ns	137/tcp
+netbios-ns	137/udp
+netbios-dgm	138/tcp
+netbios-dgm	138/udp
+netbios-ssn	139/tcp
+netbios-ssn	139/udp
+imap2		143/tcp		imap
+imap2		143/udp		imap
+snmp		161/tcp
+snmp		161/udp
+snmp-trap	162/tcp		snmptrap
+snmp-trap	162/udp		snmptrap
+xdmcp		177/tcp
+xdmcp		177/udp
+bgp		179/tcp
+bgp		179/udp
+imap3		220/tcp
+imap3		220/udp
+ldap		389/tcp
+ldap		389/udp
+https		443/tcp
+https		443/udp
+microsoft-ds	445/tcp
+microsoft-ds	445/udp
+isakmp		500/tcp
+isakmp		500/udp
+rtsp		554/tcp
+rtsp		554/udp
+ipp		631/tcp
+ipp		631/udp
+syslog		514/udp
+printer		515/tcp		spooler
+dhcpv6-client	546/tcp
+dhcpv6-client	546/udp
+dhcpv6-server	547/tcp
+dhcpv6-server	547/udp
+afpovertcp	548/tcp
+afpovertcp	548/udp
+nntps		563/tcp		snntp
+nntps		563/udp		snntp
+ldaps		636/tcp
+ldaps		636/udp
+tinc		655/tcp
+tinc		655/udp
+rsync		873/tcp
+rsync		873/udp
+ftps-data	989/tcp
+ftps		990/tcp
+imaps		993/tcp
+imaps		993/udp
+ircs		994/tcp
+ircs		994/udp
+pop3s		995/tcp
+pop3s		995/udp
+socks		1080/tcp
+socks		1080/udp
+openvpn		1194/tcp
+openvpn		1194/udp
+l2f		1701/tcp	l2tp
+l2f		1701/udp	l2tp
+radius		1812/tcp
+radius		1812/udp
+radius-acct	1813/tcp	radacct
+radius-acct	1813/udp	radacct
+nfs		2049/tcp
+nfs		2049/udp
+dict		2628/tcp
+dict		2628/udp
+gpsd		2947/tcp
+gpsd		2947/udp
+icpv2		3130/tcp	icp
+icpv2		3130/udp	icp
+mysql		3306/tcp
+mysql		3306/udp
+nut		3493/tcp
+nut		3493/udp
+distcc		3632/tcp
+distcc		3632/udp
+daap		3689/tcp
+daap		3689/udp
+svn		3690/tcp	subversion
+svn		3690/udp	subversion
+epmd		4369/tcp
+epmd		4369/udp
+iax		4569/tcp
+iax		4569/udp
+mtn		4691/tcp
+mtn		4691/udp
+munin		4949/tcp
+sip		5060/tcp
+sip		5060/udp
+sip-tls		5061/tcp
+sip-tls		5061/udp
+xmpp-client	5222/tcp	jabber-client
+xmpp-client	5222/udp	jabber-client
+xmpp-server	5269/tcp	jabber-server
+xmpp-server	5269/udp	jabber-server
+mdns		5353/tcp
+mdns		5353/udp
+postgresql	5432/tcp	postgres
+postgresql	5432/udp	postgres
+x11		6000/tcp
+x11		6000/udp
+mysql-proxy	6446/tcp
+mysql-proxy	6446/udp
+bacula-dir	9101/tcp
+bacula-dir	9101/udp
+bacula-fd	9102/tcp
+bacula-fd	9102/udp
+bacula-sd	9103/tcp
+bacula-sd	9103/udp
+nbd		10809/tcp
+zabbix-agent	10050/tcp
+zabbix-agent	10050/udp
+zabbix-trapper	10051/tcp
+zabbix-trapper	10051/udp
+hkp		11371/tcp
+hkp		11371/udp
+ssmtp		465/tcp		smtps
+spamd		783/tcp
+zebrasrv	2600/tcp
+zebra		2601/tcp
+ripd		2602/tcp
+ripngd		2603/tcp
+ospfd		2604/tcp
+bgpd		2605/tcp
+ospf6d		2606/tcp
+ospfapi		2607/tcp
+isisd		2608/tcp
+sane-port	6566/tcp	sane saned
+ircd		6667/tcp
+git		9418/tcp
+

device-config/1/etc/shadow

@@ -0,0 +1,8 @@
+root:$PASSWORD:17851:0:99999:7:::
+daemon:*:0:0:99999:7:::
+ftp:*:0:0:99999:7:::
+network:*:0:0:99999:7:::
+nobody:*:0:0:99999:7:::
+dnsmasq:x:0:0:99999:7:::
+unbound:x:0:0:99999:7:::
+http:x:0:0:99999:7:::

device-config/1/etc/shells

@@ -0,0 +1 @@
+/bin/ash

device-config/1/etc/sysctl.conf

@@ -0,0 +1 @@
+# Defaults are configured in /etc/sysctl.d/* and can be customized in this file

device-config/1/etc/sysupgrade.conf

@@ -0,0 +1,9 @@
+## This file contains files and directories that should
+## be preserved during an upgrade.
+
+# /etc/example.conf
+# /etc/openvpn/
+
+/etc/openvpn/
+/etc/rc.button/
+/bin/heartbeat

device-config/2/bin/heartbeat

@@ -0,0 +1,59 @@
+ipaddr(){
+ if="${1:-br-VPN360}"
+ result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
+ /usr/bin/printf %s "${result}"
+}
+
+stopwifi(){
+  /sbin/uci set wireless.radio0.disabled=1
+  /sbin/uci commit    
+}
+
+startwifi(){
+  /sbin/uci set wireless.radio0.disabled=0
+  /sbin/uci commit
+  /sbin/wifi 
+}
+
+restartwifi(){
+  stopwifi
+  startwifi
+}
+
+. /etc/vpnsecret
+
+/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
+
+/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
+/sbin/uci commit
+stopwifi
+
+/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
+
+/bin/sleep 60
+
+if [ $(ipaddr) ]
+ then
+  startwifi
+  while [ True ]
+   do
+    sleep 10
+    if [ $(ipaddr) ]
+     then
+      /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
+    fi
+  done
+ else
+  /sbin/uci set wireless.@wifi-iface[0].network="DHCP"
+  /sbin/uci commit
+  startwifi
+  /sbin/ip a add 192.168.36.1/24 dev br-DHCP
+  /sbin/ifconfig br-DHCP down
+  /sbin/ifconfig br-DHCP up
+  while [ True ]
+   do                          
+    sleep 10                                            
+    /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
+  done   
+fi
+

device-config/2/etc/config/chinadns

@@ -0,0 +1,7 @@
+
+config chinadns
+	option enable '0'
+	option bidirectional '0'
+	option chnroute '/etc/chinadns_chnroute.txt'
+	option port '5353'
+	option server '114.114.114.114,8.8.4.4'

device-config/2/etc/config/dhcp

@@ -0,0 +1,43 @@
+
+config dnsmasq
+	option domainneeded '1'
+	option boguspriv '1'
+	option filterwin2k '0'
+	option localise_queries '1'
+	option rebind_protection '1'
+	option rebind_localhost '1'
+	option local '/lan/'
+	option domain 'lan'
+	option expandhosts '1'
+	option nonegcache '0'
+	option authoritative '1'
+	option readethers '1'
+	option leasefile '/tmp/dhcp.leases'
+	option resolvfile '/tmp/resolv.conf.auto'
+	option nonwildcard '1'
+	option localservice '1'
+
+config dhcp 'lan'
+	option interface 'lan'
+	option start '100'
+	option limit '150'
+	option leasetime '12h'
+	option dhcpv6 'server'
+	option ra 'server'
+
+config dhcp 'wan'
+	option interface 'wan'
+	option ignore '1'
+
+config odhcpd 'odhcpd'
+	option maindhcp '0'
+	option leasefile '/tmp/hosts/odhcpd'
+	option leasetrigger '/usr/sbin/odhcpd-update'
+	option loglevel '4'
+
+config dhcp 'DHCP'
+	option start '100'
+	option leasetime '12h'
+	option limit '150'
+	option interface 'DHCP'
+

device-config/2/etc/config/dns-forwarder

@@ -0,0 +1,6 @@
+
+config dns-forwarder
+	option enable '0'
+	option listen_addr '0.0.0.0'
+	option listen_port '5300'
+	option dns_servers '8.8.8.8'

device-config/2/etc/config/dropbear

@@ -0,0 +1,5 @@
+
+config dropbear
+	option PasswordAuth 'on'
+	option Port '22'
+

device-config/2/etc/config/firewall

@@ -0,0 +1,15 @@
+
+config defaults
+	option syn_flood '1'
+	option input 'ACCEPT'
+	option output 'ACCEPT'
+	option forward 'ACCEPT'
+
+config include
+	option path '/etc/firewall.user'
+
+config include 'mwan3'
+	option type 'script'
+	option path '/var/etc/mwan3.include'
+	option reload '1'
+

device-config/2/etc/config/glconfig

@@ -0,0 +1,32 @@
+
+config service 'general'
+	option model 'ar150'
+	option port '83'
+	option language 'en'
+	option password '0073d12f67d604710231c0b780341795c6a9ae9c4a53364fbe3d9171367d5fb5'
+	option code_needed '0'
+
+config service 'ddns'
+	option enabled '1'
+	option lastip '80.110.109.118'
+	option updatetime 'Thu Nov 15 10:08:14 GMT 2018'
+
+config service 'download'
+
+config service 'adblock'
+	option enable '0'
+
+config service 'autoupdate'
+	option time '04:00'
+	option enable '0'
+
+config service 'samba'
+	option read_only 'yes'
+
+config service 'openvpn'
+	option enable '0'
+	option force '0'
+
+config service 'repeater'
+	option autoconnect '1'
+

device-config/2/etc/config/luci

@@ -0,0 +1,55 @@
+
+config core 'main'
+	option lang 'auto'
+	option mediaurlbase '/luci-static/bootstrap'
+	option resourcebase '/luci-static/resources'
+
+config extern 'flash_keep'
+	option uci '/etc/config/'
+	option dropbear '/etc/dropbear/'
+	option openvpn '/etc/openvpn/'
+	option passwd '/etc/passwd'
+	option opkg '/etc/opkg.conf'
+	option firewall '/etc/firewall.user'
+	option uploads '/lib/uci/upload/'
+
+config internal 'languages'
+	option en 'English'
+	option zh_cn '中文 (Chinese)'
+
+config internal 'sauth'
+	option sessionpath '/tmp/luci-sessions'
+	option sessiontime '3600'
+
+config internal 'ccache'
+	option enable '1'
+
+config internal 'themes'
+	option Bootstrap '/luci-static/bootstrap'
+
+config internal 'apply'
+	option rollback '30'
+	option holdoff '4'
+	option timeout '5'
+	option display '1.5'
+
+config internal 'diag'
+	option dns 'openwrt.org'
+	option ping 'openwrt.org'
+	option route 'openwrt.org'
+
+config ifstate
+	option interface 'lan'
+	option ifname 'eth0 radio0.network1'
+	option bridge 'true'
+
+config ifstate
+	option interface 'VPN360'
+	option ifname 'radio0.network1'
+	option bridge 'true'
+
+config ifstate
+	option interface 'DHCP'
+	option ifname 'tap0 radio1.network1'
+	option bridge 'true'
+

device-config/2/etc/config/mjpg-streamer

@@ -0,0 +1,10 @@
+config mjpg-streamer core
+        option enabled          "1"
+        option input			'uvc'
+        option output 			'http'
+        option device           "/dev/video0"
+        option resolution       "640x480"
+        option fps              "15"
+        option www              "/www/webcam"
+        option port             "8083"
+		option yuv				"0"

device-config/2/etc/config/mwan3

@@ -0,0 +1,82 @@
+config interface 'wan'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config interface 'wwan'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config interface 'tethering'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config interface 'modem'
+	option enabled '1'
+	list track_ip '208.67.222.222'
+	list track_ip '208.67.220.220'
+	list track_ip '8.8.4.4'
+	list track_ip '8.8.8.8'
+	option reliability '1'
+	option count '1'
+	option timeout '2'
+	option interval '5'
+	option down '5'
+	option up '3'
+
+config member 'wan_only'
+	option interface 'wan'
+	option metric '1'
+	option weight '3'
+
+config member 'wwan_only'
+	option interface 'wwan'
+	option metric '2'
+	option weight '3'
+
+config member 'tethering_only'
+	option interface 'tethering'
+	option metric '3'
+	option weight '3'
+
+config member 'modem_only'
+	option interface 'modem'
+	option metric '4'
+	option weight '3'
+
+config policy 'default_poli'
+	list use_member 'wan_only'
+	list use_member 'wwan_only'
+	list use_member 'tethering_only'
+	list use_member 'modem_only'
+	option last_resort 'default'
+
+config rule 'default_rule'
+	option dest_ip '0.0.0.0/0'
+	option use_policy 'default_poli'

device-config/2/etc/config/network

@@ -0,0 +1,32 @@
+
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config globals 'globals'
+	option ula_prefix 'fd1b:3702:99a7::/48'
+
+config interface 'lan'
+	option type 'bridge'
+	option ipaddr '192.168.1.1'
+	option netmask '255.255.255.0'
+	option ip6assign '60'
+	option proto 'dhcp'
+	option ifname 'eth0'
+
+config interface 'VPN360'
+	option type 'bridge'
+	option proto 'dhcp'
+	option broadcast '1'
+	option force_link '1'
+	option ifname 'tap0'
+
+config interface 'DHCP'
+	option type 'bridge'
+	option proto 'static'
+	option ipaddr '192.168.36.1'
+	option netmask '255.255.255.0'
+	option ifname 'lo'
+

device-config/2/etc/config/openvpn

@@ -0,0 +1,5 @@
+
+config openvpn 'vpn360'
+	option enabled '0'
+	option config '/etc/openvpn/client.conf'
+

device-config/2/etc/config/openvpn-opkg

@@ -0,0 +1,407 @@
+package openvpn
+
+#################################################
+# Sample to include a custom config file.       #
+#################################################
+
+config openvpn custom_config
+
+	# Set to 1 to enable this instance:
+	option enabled 0
+
+	# Include OpenVPN configuration
+	option config /etc/openvpn/my-vpn.conf
+
+
+#################################################
+# Sample OpenVPN 2.0 uci config for             #
+# multi-client server.                          #
+#################################################
+
+config openvpn sample_server
+
+	# Set to 1 to enable this instance:
+	option enabled 0
+
+	# Which local IP address should OpenVPN
+	# listen on? (optional)
+#	option local 0.0.0.0
+
+	# Which TCP/UDP port should OpenVPN listen on?
+	# If you want to run multiple OpenVPN instances
+	# on the same machine, use a different port
+	# number for each one.  You will need to
+	# open up this port on your firewall.
+	option port 1194
+
+	# TCP or UDP server?
+#	option proto tcp
+	option proto udp
+
+	# "dev tun" will create a routed IP tunnel,
+	# "dev tap" will create an ethernet tunnel.
+	# Use "dev tap0" if you are ethernet bridging
+	# and have precreated a tap0 virtual interface
+	# and bridged it with your ethernet interface.
+	# If you want to control access policies
+	# over the VPN, you must create firewall
+	# rules for the the TUN/TAP interface.
+	# On non-Windows systems, you can give
+	# an explicit unit number, such as tun0.
+	# On Windows, use "dev-node" for this.
+	# On most systems, the VPN will not function
+	# unless you partially or fully disable
+	# the firewall for the TUN/TAP interface.
+#	option dev tap
+	option dev tun
+
+	# SSL/TLS root certificate (ca), certificate
+	# (cert), and private key (key).  Each client
+	# and the server must have their own cert and
+	# key file.  The server and all clients will
+	# use the same ca file.
+	#
+	# See the "easy-rsa" directory for a series
+	# of scripts for generating RSA certificates
+	# and private keys.  Remember to use
+	# a unique Common Name for the server
+	# and each of the client certificates.
+	#
+	# Any X509 key management system can be used.
+	# OpenVPN can also use a PKCS #12 formatted key file
+	# (see "pkcs12" directive in man page).
+	option ca /etc/openvpn/ca.crt
+	option cert /etc/openvpn/server.crt
+	# This file should be kept secret:
+	option key /etc/openvpn/server.key
+
+	# Diffie hellman parameters.
+	# Generate your own with:
+	#   openssl dhparam -out dh1024.pem 1024
+	# Substitute 2048 for 1024 if you are using
+	# 2048 bit keys.
+	option dh /etc/openvpn/dh1024.pem
+
+	# Configure server mode and supply a VPN subnet
+	# for OpenVPN to draw client addresses from.
+	# The server will take 10.8.0.1 for itself,
+	# the rest will be made available to clients.
+	# Each client will be able to reach the server
+	# on 10.8.0.1. Comment this line out if you are
+	# ethernet bridging. See the man page for more info.
+	option server "10.8.0.0 255.255.255.0"
+
+	# Maintain a record of client <-> virtual IP address
+	# associations in this file.  If OpenVPN goes down or
+	# is restarted, reconnecting clients can be assigned
+	# the same virtual IP address from the pool that was
+	# previously assigned.
+	option ifconfig_pool_persist /tmp/ipp.txt
+
+	# Configure server mode for ethernet bridging.
+	# You must first use your OS's bridging capability
+	# to bridge the TAP interface with the ethernet
+	# NIC interface.  Then you must manually set the
+	# IP/netmask on the bridge interface, here we
+	# assume 10.8.0.4/255.255.255.0.  Finally we
+	# must set aside an IP range in this subnet
+	# (start=10.8.0.50 end=10.8.0.100) to allocate
+	# to connecting clients.  Leave this line commented
+	# out unless you are ethernet bridging.
+#	option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100"
+
+	# Push routes to the client to allow it
+	# to reach other private subnets behind
+	# the server.  Remember that these
+	# private subnets will also need
+	# to know to route the OpenVPN client
+	# address pool (10.8.0.0/255.255.255.0)
+	# back to the OpenVPN server.
+#	list push "route 192.168.10.0 255.255.255.0"
+#	list push "route 192.168.20.0 255.255.255.0"
+
+	# To assign specific IP addresses to specific
+	# clients or if a connecting client has a private
+	# subnet behind it that should also have VPN access,
+	# use the subdirectory "ccd" for client-specific
+	# configuration files (see man page for more info).
+
+	# EXAMPLE: Suppose the client
+	# having the certificate common name "Thelonious"
+	# also has a small subnet behind his connecting
+	# machine, such as 192.168.40.128/255.255.255.248.
+	# First, uncomment out these lines:
+#	option client_config_dir /etc/openvpn/ccd
+#	list route "192.168.40.128 255.255.255.248"
+	# Then create a file ccd/Thelonious with this line:
+	#   iroute 192.168.40.128 255.255.255.248
+	# This will allow Thelonious' private subnet to
+	# access the VPN.  This example will only work
+	# if you are routing, not bridging, i.e. you are
+	# using "dev tun" and "server" directives.
+
+	# EXAMPLE: Suppose you want to give
+	# Thelonious a fixed VPN IP address of 10.9.0.1.
+	# First uncomment out these lines:
+#	option client_config_dir /etc/openvpn/ccd
+#	list route "10.9.0.0 255.255.255.252"
+#	list route "192.168.100.0 255.255.255.0"
+	# Then add this line to ccd/Thelonious:
+	#   ifconfig-push "10.9.0.1 10.9.0.2"
+
+	# Suppose that you want to enable different
+	# firewall access policies for different groups
+	# of clients.  There are two methods:
+	# (1) Run multiple OpenVPN daemons, one for each
+	#     group, and firewall the TUN/TAP interface
+	#     for each group/daemon appropriately.
+	# (2) (Advanced) Create a script to dynamically
+	#     modify the firewall in response to access
+	#     from different clients.  See man
+	#     page for more info on learn-address script.
+#	option learn_address /etc/openvpn/script
+
+	# If enabled, this directive will configure
+	# all clients to redirect their default
+	# network gateway through the VPN, causing
+	# all IP traffic such as web browsing and
+	# and DNS lookups to go through the VPN
+	# (The OpenVPN server machine may need to NAT
+	# the TUN/TAP interface to the internet in
+	# order for this to work properly).
+	# CAVEAT: May break client's network config if
+	# client's local DHCP server packets get routed
+	# through the tunnel.  Solution: make sure
+	# client's local DHCP server is reachable via
+	# a more specific route than the default route
+	# of 0.0.0.0/0.0.0.0.
+#	list push "redirect-gateway"
+
+	# Certain Windows-specific network settings
+	# can be pushed to clients, such as DNS
+	# or WINS server addresses.  CAVEAT:
+	# http://openvpn.net/faq.html#dhcpcaveats
+#	list push "dhcp-option DNS 10.8.0.1"
+#	list push "dhcp-option WINS 10.8.0.1"
+
+	# Uncomment this directive to allow different
+	# clients to be able to "see" each other.
+	# By default, clients will only see the server.
+	# To force clients to only see the server, you
+	# will also need to appropriately firewall the
+	# server's TUN/TAP interface.
+#	option client_to_client 1
+
+	# Uncomment this directive if multiple clients
+	# might connect with the same certificate/key
+	# files or common names.  This is recommended
+	# only for testing purposes.  For production use,
+	# each client should have its own certificate/key
+	# pair.
+	#
+	# IF YOU HAVE NOT GENERATED INDIVIDUAL
+	# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
+	# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
+	# UNCOMMENT THIS LINE OUT.
+#	option duplicate_cn 1
+
+	# The keepalive directive causes ping-like
+	# messages to be sent back and forth over
+	# the link so that each side knows when
+	# the other side has gone down.
+	# Ping every 10 seconds, assume that remote
+	# peer is down if no ping received during
+	# a 120 second time period.
+	option keepalive "10 120"
+
+	# For extra security beyond that provided
+	# by SSL/TLS, create an "HMAC firewall"
+	# to help block DoS attacks and UDP port flooding.
+	#
+	# Generate with:
+	#   openvpn --genkey --secret ta.key
+	#
+	# The server and each client must have
+	# a copy of this key.
+	# The second parameter should be '0'
+	# on the server and '1' on the clients.
+	# This file is secret:
+#	option tls_auth "/etc/openvpn/ta.key 0"
+
+	# Select a cryptographic cipher.
+	# This config item must be copied to
+	# the client config file as well.
+	# Blowfish (default):
+#	option cipher BF-CBC
+	# AES:
+#	option cipher AES-128-CBC
+	# Triple-DES:
+#	option cipher DES-EDE3-CBC
+
+	# Enable compression on the VPN link.
+	# If you enable it here, you must also
+	# enable it in the client config file.
+	# LZ4 requires OpenVPN 2.4+ client and server
+#	option compress lz4
+	# LZO is compatible with most OpenVPN versions
+	# (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients)
+	option compress lzo
+
+	# The maximum number of concurrently connected
+	# clients we want to allow.
+#	option max_clients 100
+
+	# The persist options will try to avoid
+	# accessing certain resources on restart
+	# that may no longer be accessible because
+	# of the privilege downgrade.
+	option persist_key 1
+	option persist_tun 1
+	option user nobody
+
+	# Output a short status file showing
+	# current connections, truncated
+	# and rewritten every minute.
+	option status /tmp/openvpn-status.log
+
+	# By default, log messages will go to the syslog (or
+	# on Windows, if running as a service, they will go to
+	# the "\Program Files\OpenVPN\log" directory).
+	# Use log or log-append to override this default.
+	# "log" will truncate the log file on OpenVPN startup,
+	# while "log-append" will append to it.  Use one
+	# or the other (but not both).
+#	option log         /tmp/openvpn.log
+#	option log_append  /tmp/openvpn.log
+
+	# Set the appropriate level of log
+	# file verbosity.
+	#
+	# 0 is silent, except for fatal errors
+	# 4 is reasonable for general usage
+	# 5 and 6 can help to debug connection problems
+	# 9 is extremely verbose
+	option verb 3
+
+	# Silence repeating messages.  At most 20
+	# sequential messages of the same message
+	# category will be output to the log.
+#	option mute 20
+
+
+##############################################
+# Sample client-side OpenVPN 2.0 uci config  #
+# for connecting to multi-client server.     #
+##############################################
+
+config openvpn sample_client
+
+	# Set to 1 to enable this instance:
+	option enabled 0
+
+	# Specify that we are a client and that we
+	# will be pulling certain config file directives
+	# from the server.
+	option client 1
+
+	# Use the same setting as you are using on
+	# the server.
+	# On most systems, the VPN will not function
+	# unless you partially or fully disable
+	# the firewall for the TUN/TAP interface.
+#	option dev tap
+	option dev tun
+
+	# Are we connecting to a TCP or
+	# UDP server?  Use the same setting as
+	# on the server.
+#	option proto tcp
+	option proto udp
+
+	# The hostname/IP and port of the server.
+	# You can have multiple remote entries
+	# to load balance between the servers.
+	list remote "my_server_1 1194"
+#	list remote "my_server_2 1194"
+
+	# Choose a random host from the remote
+	# list for load_balancing.  Otherwise
+	# try hosts in the order specified.
+#	option remote_random 1
+
+	# Keep trying indefinitely to resolve the
+	# host name of the OpenVPN server.  Very useful
+	# on machines which are not permanently connected
+	# to the internet such as laptops.
+	option resolv_retry infinite
+
+	# Most clients don't need to bind to
+	# a specific local port number.
+	option nobind 1
+
+	# Try to preserve some state across restarts.
+	option persist_key 1
+	option persist_tun 1
+	option user nobody
+
+	# If you are connecting through an
+	# HTTP proxy to reach the actual OpenVPN
+	# server, put the proxy server/IP and
+	# port number here.  See the man page
+	# if your proxy server requires
+	# authentication.
+	# retry on connection failures:
+#	option http_proxy_retry 1
+	# specify http proxy address and port:
+#	option http_proxy "192.168.1.100 8080"
+
+	# Wireless networks often produce a lot
+	# of duplicate packets.  Set this flag
+	# to silence duplicate packet warnings.
+#	option mute_replay_warnings 1
+
+	# SSL/TLS parms.
+	# See the server config file for more
+	# description.  It's best to use
+	# a separate .crt/.key file pair
+	# for each client.  A single ca
+	# file can be used for all clients.
+	option ca /etc/openvpn/ca.crt
+	option cert /etc/openvpn/client.crt
+	option key /etc/openvpn/client.key
+
+	# Verify server certificate by checking
+	# that the certicate has the nsCertType
+	# field set to "server".  This is an
+	# important precaution to protect against
+	# a potential attack discussed here:
+	#  http://openvpn.net/howto.html#mitm
+	#
+	# To use this feature, you will need to generate
+	# your server certificates with the nsCertType
+	# field set to "server".  The build_key_server
+	# script in the easy_rsa folder will do this.
+#	option ns_cert_type server
+
+	# If a tls_auth key is used on the server
+	# then every client must also have the key.
+#	option tls_auth "/etc/openvpn/ta.key 1"
+
+	# Select a cryptographic cipher.
+	# If the cipher option is used on the server
+	# then you must also specify it here.
+#	option cipher x
+
+	# Enable compression on the VPN link.
+	# Don't enable this unless it is also
+	# enabled in the server config file.
+	# LZ4 requires OpenVPN 2.4+ on server and client
+#	option compress lz4
+	# LZO is compatible with most OpenVPN versions
+	option compress lzo
+
+	# Set log file verbosity.
+	option verb 3
+
+	# Silence repeating messages
+#	option mute 20

device-config/2/etc/config/qos

@@ -0,0 +1,68 @@
+# QoS configuration for OpenWrt
+
+# INTERFACES:
+config interface wan
+	option classgroup  "Default"
+	option enabled      0
+	option upload       128
+	option download     1024
+
+# RULES:
+config classify
+	option target       "Priority"
+	option ports        "22,53"
+	option comment      "ssh, dns"
+config classify
+	option target       "Normal"
+	option proto        "tcp"
+	option ports        "20,21,25,80,110,443,993,995"
+	option comment      "ftp, smtp, http(s), imap"
+config classify
+	option target       "Express"
+	option ports        "5190"
+	option comment      "AOL, iChat, ICQ"
+config default
+	option target       "Express"
+	option proto        "udp"
+	option pktsize      "-500"
+config reclassify
+	option target       "Priority"
+	option proto        "icmp"
+config default
+	option target       "Bulk"
+	option portrange    "1024-65535"
+
+
+# Don't change the stuff below unless you
+# really know what it means :)
+
+config classgroup "Default"
+	option classes      "Priority Express Normal Bulk"
+	option default      "Normal"
+
+
+config class "Priority"
+	option packetsize  400
+	option avgrate     10
+	option priority    20
+config class "Priority_down"
+	option packetsize  1000
+	option avgrate     10
+
+
+config class "Express"
+	option packetsize  1000
+	option avgrate     50
+	option priority    10
+
+config class "Normal"
+	option packetsize  1500
+	option packetdelay 100
+	option avgrate     10
+	option priority    5
+config class "Normal_down"
+	option avgrate     20
+
+config class "Bulk"
+	option avgrate     1
+	option packetdelay 200

device-config/2/etc/config/rpcd

@@ -0,0 +1,7 @@
+
+config login
+	option username 'root'
+	option password '$p$root'
+	list read '*'
+	list write '*'
+

device-config/2/etc/config/samba

@@ -0,0 +1,7 @@
+
+config samba
+	option workgroup 'WORKGROUP'
+	option homes '1'
+	option name 'GL-AR300M'
+	option description 'GL-AR300M-c6b'
+

device-config/2/etc/config/shadowsocks

@@ -0,0 +1,30 @@
+
+config general
+	option startup_delay '0'
+
+config transparent_proxy
+	list main_server 'nil'
+	option udp_relay_server 'nil'
+	option local_port '1234'
+
+config socks5_proxy
+	list server 'nil'
+	option local_port '1080'
+
+config port_forward
+	list server 'nil'
+	option local_port '5300'
+	option destination '8.8.4.4:53'
+
+config servers
+	option alias 'sample'
+	option fast_open '0'
+	option no_delay '0'
+	option server '127.0.0.1'
+	option server_port '8388'
+	option timeout '60'
+	option password 'barfoo!'
+	option encrypt_method 'rc4-md5'
+
+config access_control
+	option self_proxy '1'

device-config/2/etc/config/system

@@ -0,0 +1,35 @@
+
+config system
+	option ttylogin '0'
+	option log_size '64'
+	option urandom_seed '0'
+	option zonename 'UTC'
+	option timezone 'GMT0'
+	option log_proto 'udp'
+	option conloglevel '8'
+	option cronloglevel '8'
+	option hostname 'VPN360'
+
+config timeserver 'ntp'
+	option enabled '1'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'
+
+config led
+	option trigger 'netdev'
+	option dev 'br-lan'
+	option mode 'link'
+	option name 'WAN'
+	option sysfs 'gl-ar300m:green:lan'
+	option default '0'
+
+config led
+	option name 'VPN'
+	option trigger 'netdev'
+	option dev 'br-VPN360'
+	option mode 'link'
+	option sysfs 'gl-ar300m:green:wlan'
+	option default '0'
+

device-config/2/etc/config/system1

@@ -0,0 +1,13 @@
+
+config system
+	option hostname 'GL-AR150'
+	option conloglevel '8'
+	option cronloglevel '8'
+	option zonename 'Asia/Shanghai'
+	option timezone 'CST-8'
+
+config timeserver 'ntp'
+	list server '0.openwrt.pool.ntp.org'
+	list server '1.openwrt.pool.ntp.org'
+	list server '2.openwrt.pool.ntp.org'
+	list server '3.openwrt.pool.ntp.org'

device-config/2/etc/config/ubootenv

@@ -0,0 +1,7 @@
+
+config ubootenv
+	option dev '/dev/mtd1'
+	option offset '0x0'
+	option envsize '0x10000'
+	option secsize '0x10000'
+

device-config/2/etc/config/ucitrack

@@ -0,0 +1,61 @@
+
+config network
+	option init 'network'
+	list affects 'dhcp'
+	list affects 'radvd'
+
+config wireless
+	list affects 'network'
+
+config firewall
+	option init 'firewall'
+	list affects 'luci-splash'
+	list affects 'qos'
+	list affects 'miniupnpd'
+
+config olsr
+	option init 'olsrd'
+
+config dhcp
+	option init 'dnsmasq'
+	list affects 'odhcpd'
+
+config odhcpd
+	option init 'odhcpd'
+
+config dropbear
+	option init 'dropbear'
+
+config httpd
+	option init 'httpd'
+
+config fstab
+	option exec '/sbin/block mount'
+
+config qos
+	option init 'qos'
+
+config system
+	option init 'led'
+	option exec '/etc/init.d/log reload'
+	list affects 'luci_statistics'
+	list affects 'dhcp'
+
+config luci_splash
+	option init 'luci_splash'
+
+config upnpd
+	option init 'miniupnpd'
+
+config ntpclient
+	option init 'ntpclient'
+
+config samba
+	option init 'samba'
+
+config tinyproxy
+	option init 'tinyproxy'
+
+config mwan3
+	option init 'mwan3'
+

device-config/2/etc/config/uhttpd

@@ -0,0 +1,30 @@
+
+config uhttpd 'main'
+	list listen_http '0.0.0.0:80'
+	list listen_http '[::]:80'
+	list listen_https '0.0.0.0:443'
+	list listen_https '[::]:443'
+	option redirect_https '1'
+	option home '/www'
+	option rfc1918_filter '1'
+	option max_requests '3'
+	option max_connections '100'
+	option cert '/etc/uhttpd.crt'
+	option key '/etc/uhttpd.key'
+	option cgi_prefix '/cgi-bin'
+	option lua_prefix '/luci'
+	option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua'
+	option script_timeout '60'
+	option network_timeout '30'
+	option http_keepalive '20'
+	option tcp_keepalive '1'
+	option ubus_prefix '/ubus'
+
+config cert 'defaults'
+	option days '730'
+	option bits '2048'
+	option country 'ZZ'
+	option state 'Somewhere'
+	option location 'Unknown'
+	option commonname 'OpenWrt'
+

device-config/2/etc/config/unbound

@@ -0,0 +1,3 @@
+config unbound
+	option enable '0'
+	option manual_conf '1'

device-config/2/etc/config/upnpd

@@ -0,0 +1,27 @@
+
+config upnpd 'config'
+	option secure_mode '1'
+	option log_output '0'
+	option download '1024'
+	option upload '512'
+	option internal_iface 'lan'
+	option port '5000'
+	option upnp_lease_file '/var/upnp.leases'
+	option uuid 'dddee5fa-fc97-466b-809d-491c4b9a8adc'
+	option enable_upnp '0'
+	option enable_natpmp '0'
+
+config perm_rule
+	option action 'allow'
+	option ext_ports '1-65535'
+	option int_addr '0.0.0.0/0'
+	option int_ports '1-65535'
+	option comment 'Allow ports'
+
+config perm_rule
+	option action 'deny'
+	option ext_ports '0-65535'
+	option int_addr '0.0.0.0/0'
+	option int_ports '0-65535'
+	option comment 'Default deny'
+

device-config/2/etc/config/vpn_service

@@ -0,0 +1,14 @@
+config general 'global'
+	option enable '0'
+
+config service 'vpn'
+	option auth 'SHA1'
+	option proto 'udp'
+	option port '1194'
+	option dev 'tun-SERVER'
+	option dev_type 'tun'
+	option cipher 'BF-CBC'
+	option comp 'adaptive'
+	option subnet '10.8.0.0'
+	option mask '255.255.255.0'
+	option host '127.0.0.1'

device-config/2/etc/config/wireless

@@ -0,0 +1,39 @@
+config wifi-device 'radio0'
+	option type 'mac80211'
+	option channel '36'
+	option hwmode '11a'
+	option path 'pci0000:00/0000:00:00.0'
+	option htmode 'VHT80'
+	option doth '0'
+	option txpower '20'
+	option band '5G'
+	option disabled '0'
+	option country 'US'
+
+config wifi-iface 'default_radio0'
+	option device 'radio0'
+	option network 'VPN360'
+	option mode 'ap'
+	option encryption 'none'
+	option ifname 'wlan0'
+	option ssid '$SSID'
+
+config wifi-device 'radio1'
+	option type 'mac80211'
+	option path 'platform/qca953x_wmac'
+	option hwmode '11ng'
+	option channel '6'
+	option htmode 'HT40+'
+	option noscan '1'
+	option txpower '20'
+
+config wifi-iface 'default_radio1'
+	option device 'radio1'
+	option network 'VPN360'
+	option mode 'ap'
+	option ssid '$SSID-2.4'
+	option encryption 'none'
+	option wds '1'
+	option ifname 'wlan1'
+	option disabled '1'
+

device-config/2/etc/firewall.user

@@ -0,0 +1,11 @@
+
+force_dns() {
+	# lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p')
+	lanip=$(uci get network.lan.ipaddr)
+    iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
+    iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
+}
+force=$(uci get glconfig.general.force_dns)
+if [ -n "$force" ]; then
+    force_dns
+fi

device-config/2/etc/fw_env.config

@@ -0,0 +1 @@
+/dev/mtd1 0x0 0x10000 0x10000 

device-config/2/etc/group

@@ -0,0 +1,13 @@
+root:x:0:
+daemon:x:1:
+adm:x:4:
+tty:x:5:
+mail:x:8:
+audio:x:29:
+www-data:x:33:
+ftp:x:55:
+users:x:100:
+network:x:101:
+nogroup:x:65534:
+dnsmasq:x:453:dnsmasq
+unbound:x:553:unbound

device-config/2/etc/inittab

@@ -0,0 +1,4 @@
+::sysinit:/etc/init.d/rcS S boot
+::shutdown:/etc/init.d/rcS K shutdown
+::askconsole:/usr/libexec/login.sh
+tty1::askfirst:/usr/libexec/login.sh

device-config/2/etc/lighttpd/lighttpd.conf

@@ -0,0 +1,30 @@
+server.document-root        = "/www"
+server.upload-dirs          = ( "/tmp" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "http"
+server.groupname            = "www-data"
+
+index-file.names            = ( "index.php", "index.html",
+                                "index.htm", "default.htm",
+                              )
+
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+### Options that are useful but not always necessary:
+#server.chroot               = "/"
+server.port                 = 81 
+server.bind                 = "localhost" 
+#server.tag                  = "lighttpd"
+#server.errorlog-use-syslog  = "enable"
+#server.network-backend      = "writev"
+
+### Use IPv6 if available
+#include_shell "/usr/share/lighttpd/use-ipv6.pl"
+
+#dir-listing.encoding        = "utf-8"
+#server.dir-listing          = "enable"
+
+include "/etc/lighttpd/mime.conf"
+include "/etc/lighttpd/conf.d/*.conf"
+