diff --git a/.gitignore b/.gitignore index 53a8465..8d28f89 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ db.sqlite3 __pycache__ *.pyc static/static_root +device-config +imagebuilder diff --git a/device-config/bin/heartbeat b/device-config/bin/heartbeat deleted file mode 100755 index 4cc35ab..0000000 --- a/device-config/bin/heartbeat +++ /dev/null @@ -1,59 +0,0 @@ -ipaddr(){ - if="${1:-br-VPN360}" - result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//') - /usr/bin/printf %s "${result}" -} - -stopwifi(){ - /sbin/uci set wireless.radio1.disabled=1 - /sbin/uci commit -} - -startwifi(){ - /sbin/uci set wireless.radio1.disabled=0 - /sbin/uci commit - /sbin/wifi -} - -restartwifi(){ - stopwifi - startwifi -} - -. /etc/vpnsecret - -/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1 - -/sbin/uci set wireless.@wifi-iface[0].network="VPN360" -/sbin/uci commit -stopwifi - -/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn & - -/bin/sleep 60 - -if [ $(ipaddr) ] - then - startwifi - while [ True ] - do - sleep 10 - if [ $(ipaddr) ] - then - /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash - fi - done - else - /sbin/uci set wireless.@wifi-iface[0].network="DHCP" - /sbin/uci commit - startwifi - /sbin/ip a add 192.168.36.1/24 dev br-DHCP - /sbin/ifconfig br-DHCP down - /sbin/ifconfig br-DHCP up - while [ True ] - do - sleep 10 - /usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash - done -fi - diff --git a/device-config/etc/config/chinadns b/device-config/etc/config/chinadns deleted file mode 100644 index bcdaf8a..0000000 --- a/device-config/etc/config/chinadns +++ /dev/null @@ -1,7 +0,0 @@ - -config chinadns - option enable '0' - option bidirectional '0' - option chnroute '/etc/chinadns_chnroute.txt' - option port '5353' - option server '114.114.114.114,8.8.4.4' diff --git a/device-config/etc/config/dhcp b/device-config/etc/config/dhcp deleted file mode 100644 index dd6a8fd..0000000 --- a/device-config/etc/config/dhcp +++ /dev/null @@ -1,43 +0,0 @@ - -config dnsmasq - option domainneeded '1' - option boguspriv '1' - option filterwin2k '0' - option localise_queries '1' - option rebind_protection '1' - option rebind_localhost '1' - option local '/lan/' - option domain 'lan' - option expandhosts '1' - option nonegcache '0' - option authoritative '1' - option readethers '1' - option leasefile '/tmp/dhcp.leases' - option resolvfile '/tmp/resolv.conf.auto' - option nonwildcard '1' - option localservice '1' - -config dhcp 'lan' - option interface 'lan' - option start '100' - option limit '150' - option leasetime '12h' - option dhcpv6 'server' - option ra 'server' - -config dhcp 'wan' - option interface 'wan' - option ignore '1' - -config odhcpd 'odhcpd' - option maindhcp '0' - option leasefile '/tmp/hosts/odhcpd' - option leasetrigger '/usr/sbin/odhcpd-update' - option loglevel '4' - -config dhcp 'DHCP' - option start '100' - option leasetime '12h' - option limit '150' - option interface 'DHCP' - diff --git a/device-config/etc/config/dns-forwarder b/device-config/etc/config/dns-forwarder deleted file mode 100644 index 852fec2..0000000 --- a/device-config/etc/config/dns-forwarder +++ /dev/null @@ -1,6 +0,0 @@ - -config dns-forwarder - option enable '0' - option listen_addr '0.0.0.0' - option listen_port '5300' - option dns_servers '8.8.8.8' diff --git a/device-config/etc/config/dropbear b/device-config/etc/config/dropbear deleted file mode 100644 index 05a0b4c..0000000 --- a/device-config/etc/config/dropbear +++ /dev/null @@ -1,5 +0,0 @@ - -config dropbear - option PasswordAuth 'on' - option Port '22' - diff --git a/device-config/etc/config/firewall b/device-config/etc/config/firewall deleted file mode 100644 index b8097d6..0000000 --- a/device-config/etc/config/firewall +++ /dev/null @@ -1,15 +0,0 @@ - -config defaults - option syn_flood '1' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'ACCEPT' - -config include - option path '/etc/firewall.user' - -config include 'mwan3' - option type 'script' - option path '/var/etc/mwan3.include' - option reload '1' - diff --git a/device-config/etc/config/glconfig b/device-config/etc/config/glconfig deleted file mode 100755 index bc338ed..0000000 --- a/device-config/etc/config/glconfig +++ /dev/null @@ -1,32 +0,0 @@ - -config service 'general' - option model 'ar150' - option port '83' - option language 'en' - option password '0073d12f67d604710231c0b780341795c6a9ae9c4a53364fbe3d9171367d5fb5' - option code_needed '0' - -config service 'ddns' - option enabled '1' - option lastip '80.110.109.118' - option updatetime 'Thu Nov 15 10:08:14 GMT 2018' - -config service 'download' - -config service 'adblock' - option enable '0' - -config service 'autoupdate' - option time '04:00' - option enable '0' - -config service 'samba' - option read_only 'yes' - -config service 'openvpn' - option enable '0' - option force '0' - -config service 'repeater' - option autoconnect '1' - diff --git a/device-config/etc/config/luci b/device-config/etc/config/luci deleted file mode 100644 index b385eae..0000000 --- a/device-config/etc/config/luci +++ /dev/null @@ -1,55 +0,0 @@ - -config core 'main' - option lang 'auto' - option mediaurlbase '/luci-static/bootstrap' - option resourcebase '/luci-static/resources' - -config extern 'flash_keep' - option uci '/etc/config/' - option dropbear '/etc/dropbear/' - option openvpn '/etc/openvpn/' - option passwd '/etc/passwd' - option opkg '/etc/opkg.conf' - option firewall '/etc/firewall.user' - option uploads '/lib/uci/upload/' - -config internal 'languages' - option en 'English' - option zh_cn '中文 (Chinese)' - -config internal 'sauth' - option sessionpath '/tmp/luci-sessions' - option sessiontime '3600' - -config internal 'ccache' - option enable '1' - -config internal 'themes' - option Bootstrap '/luci-static/bootstrap' - -config internal 'apply' - option rollback '30' - option holdoff '4' - option timeout '5' - option display '1.5' - -config internal 'diag' - option dns 'openwrt.org' - option ping 'openwrt.org' - option route 'openwrt.org' - -config ifstate - option interface 'lan' - option ifname 'eth0 radio0.network1' - option bridge 'true' - -config ifstate - option interface 'VPN360' - option ifname 'radio0.network1' - option bridge 'true' - -config ifstate - option interface 'DHCP' - option ifname 'tap0 radio1.network1' - option bridge 'true' - diff --git a/device-config/etc/config/mjpg-streamer b/device-config/etc/config/mjpg-streamer deleted file mode 100644 index 9899300..0000000 --- a/device-config/etc/config/mjpg-streamer +++ /dev/null @@ -1,10 +0,0 @@ -config mjpg-streamer core - option enabled "1" - option input 'uvc' - option output 'http' - option device "/dev/video0" - option resolution "640x480" - option fps "15" - option www "/www/webcam" - option port "8083" - option yuv "0" diff --git a/device-config/etc/config/mwan3 b/device-config/etc/config/mwan3 deleted file mode 100644 index 4917cb7..0000000 --- a/device-config/etc/config/mwan3 +++ /dev/null @@ -1,82 +0,0 @@ -config interface 'wan' - option enabled '1' - list track_ip '208.67.222.222' - list track_ip '208.67.220.220' - list track_ip '8.8.4.4' - list track_ip '8.8.8.8' - option reliability '1' - option count '1' - option timeout '2' - option interval '5' - option down '5' - option up '3' - -config interface 'wwan' - option enabled '1' - list track_ip '208.67.222.222' - list track_ip '208.67.220.220' - list track_ip '8.8.4.4' - list track_ip '8.8.8.8' - option reliability '1' - option count '1' - option timeout '2' - option interval '5' - option down '5' - option up '3' - -config interface 'tethering' - option enabled '1' - list track_ip '208.67.222.222' - list track_ip '208.67.220.220' - list track_ip '8.8.4.4' - list track_ip '8.8.8.8' - option reliability '1' - option count '1' - option timeout '2' - option interval '5' - option down '5' - option up '3' - -config interface 'modem' - option enabled '1' - list track_ip '208.67.222.222' - list track_ip '208.67.220.220' - list track_ip '8.8.4.4' - list track_ip '8.8.8.8' - option reliability '1' - option count '1' - option timeout '2' - option interval '5' - option down '5' - option up '3' - -config member 'wan_only' - option interface 'wan' - option metric '1' - option weight '3' - -config member 'wwan_only' - option interface 'wwan' - option metric '2' - option weight '3' - -config member 'tethering_only' - option interface 'tethering' - option metric '3' - option weight '3' - -config member 'modem_only' - option interface 'modem' - option metric '4' - option weight '3' - -config policy 'default_poli' - list use_member 'wan_only' - list use_member 'wwan_only' - list use_member 'tethering_only' - list use_member 'modem_only' - option last_resort 'default' - -config rule 'default_rule' - option dest_ip '0.0.0.0/0' - option use_policy 'default_poli' diff --git a/device-config/etc/config/network b/device-config/etc/config/network deleted file mode 100644 index f2dbc3f..0000000 --- a/device-config/etc/config/network +++ /dev/null @@ -1,32 +0,0 @@ - -config interface 'loopback' - option ifname 'lo' - option proto 'static' - option ipaddr '127.0.0.1' - option netmask '255.0.0.0' - -config globals 'globals' - option ula_prefix 'fd1b:3702:99a7::/48' - -config interface 'lan' - option type 'bridge' - option ipaddr '192.168.1.1' - option netmask '255.255.255.0' - option ip6assign '60' - option proto 'dhcp' - option ifname 'eth0' - -config interface 'VPN360' - option type 'bridge' - option proto 'dhcp' - option broadcast '1' - option force_link '1' - option ifname 'tap0' - -config interface 'DHCP' - option type 'bridge' - option proto 'static' - option ipaddr '192.168.36.1' - option netmask '255.255.255.0' - option ifname 'lo' - diff --git a/device-config/etc/config/openvpn b/device-config/etc/config/openvpn deleted file mode 100644 index 7bd5422..0000000 --- a/device-config/etc/config/openvpn +++ /dev/null @@ -1,5 +0,0 @@ - -config openvpn 'vpn360' - option enabled '0' - option config '/etc/openvpn/client.conf' - diff --git a/device-config/etc/config/openvpn-opkg b/device-config/etc/config/openvpn-opkg deleted file mode 100644 index 1fd846f..0000000 --- a/device-config/etc/config/openvpn-opkg +++ /dev/null @@ -1,407 +0,0 @@ -package openvpn - -################################################# -# Sample to include a custom config file. # -################################################# - -config openvpn custom_config - - # Set to 1 to enable this instance: - option enabled 0 - - # Include OpenVPN configuration - option config /etc/openvpn/my-vpn.conf - - -################################################# -# Sample OpenVPN 2.0 uci config for # -# multi-client server. # -################################################# - -config openvpn sample_server - - # Set to 1 to enable this instance: - option enabled 0 - - # Which local IP address should OpenVPN - # listen on? (optional) -# option local 0.0.0.0 - - # Which TCP/UDP port should OpenVPN listen on? - # If you want to run multiple OpenVPN instances - # on the same machine, use a different port - # number for each one. You will need to - # open up this port on your firewall. - option port 1194 - - # TCP or UDP server? -# option proto tcp - option proto udp - - # "dev tun" will create a routed IP tunnel, - # "dev tap" will create an ethernet tunnel. - # Use "dev tap0" if you are ethernet bridging - # and have precreated a tap0 virtual interface - # and bridged it with your ethernet interface. - # If you want to control access policies - # over the VPN, you must create firewall - # rules for the the TUN/TAP interface. - # On non-Windows systems, you can give - # an explicit unit number, such as tun0. - # On Windows, use "dev-node" for this. - # On most systems, the VPN will not function - # unless you partially or fully disable - # the firewall for the TUN/TAP interface. -# option dev tap - option dev tun - - # SSL/TLS root certificate (ca), certificate - # (cert), and private key (key). Each client - # and the server must have their own cert and - # key file. The server and all clients will - # use the same ca file. - # - # See the "easy-rsa" directory for a series - # of scripts for generating RSA certificates - # and private keys. Remember to use - # a unique Common Name for the server - # and each of the client certificates. - # - # Any X509 key management system can be used. - # OpenVPN can also use a PKCS #12 formatted key file - # (see "pkcs12" directive in man page). - option ca /etc/openvpn/ca.crt - option cert /etc/openvpn/server.crt - # This file should be kept secret: - option key /etc/openvpn/server.key - - # Diffie hellman parameters. - # Generate your own with: - # openssl dhparam -out dh1024.pem 1024 - # Substitute 2048 for 1024 if you are using - # 2048 bit keys. - option dh /etc/openvpn/dh1024.pem - - # Configure server mode and supply a VPN subnet - # for OpenVPN to draw client addresses from. - # The server will take 10.8.0.1 for itself, - # the rest will be made available to clients. - # Each client will be able to reach the server - # on 10.8.0.1. Comment this line out if you are - # ethernet bridging. See the man page for more info. - option server "10.8.0.0 255.255.255.0" - - # Maintain a record of client <-> virtual IP address - # associations in this file. If OpenVPN goes down or - # is restarted, reconnecting clients can be assigned - # the same virtual IP address from the pool that was - # previously assigned. - option ifconfig_pool_persist /tmp/ipp.txt - - # Configure server mode for ethernet bridging. - # You must first use your OS's bridging capability - # to bridge the TAP interface with the ethernet - # NIC interface. Then you must manually set the - # IP/netmask on the bridge interface, here we - # assume 10.8.0.4/255.255.255.0. Finally we - # must set aside an IP range in this subnet - # (start=10.8.0.50 end=10.8.0.100) to allocate - # to connecting clients. Leave this line commented - # out unless you are ethernet bridging. -# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" - - # Push routes to the client to allow it - # to reach other private subnets behind - # the server. Remember that these - # private subnets will also need - # to know to route the OpenVPN client - # address pool (10.8.0.0/255.255.255.0) - # back to the OpenVPN server. -# list push "route 192.168.10.0 255.255.255.0" -# list push "route 192.168.20.0 255.255.255.0" - - # To assign specific IP addresses to specific - # clients or if a connecting client has a private - # subnet behind it that should also have VPN access, - # use the subdirectory "ccd" for client-specific - # configuration files (see man page for more info). - - # EXAMPLE: Suppose the client - # having the certificate common name "Thelonious" - # also has a small subnet behind his connecting - # machine, such as 192.168.40.128/255.255.255.248. - # First, uncomment out these lines: -# option client_config_dir /etc/openvpn/ccd -# list route "192.168.40.128 255.255.255.248" - # Then create a file ccd/Thelonious with this line: - # iroute 192.168.40.128 255.255.255.248 - # This will allow Thelonious' private subnet to - # access the VPN. This example will only work - # if you are routing, not bridging, i.e. you are - # using "dev tun" and "server" directives. - - # EXAMPLE: Suppose you want to give - # Thelonious a fixed VPN IP address of 10.9.0.1. - # First uncomment out these lines: -# option client_config_dir /etc/openvpn/ccd -# list route "10.9.0.0 255.255.255.252" -# list route "192.168.100.0 255.255.255.0" - # Then add this line to ccd/Thelonious: - # ifconfig-push "10.9.0.1 10.9.0.2" - - # Suppose that you want to enable different - # firewall access policies for different groups - # of clients. There are two methods: - # (1) Run multiple OpenVPN daemons, one for each - # group, and firewall the TUN/TAP interface - # for each group/daemon appropriately. - # (2) (Advanced) Create a script to dynamically - # modify the firewall in response to access - # from different clients. See man - # page for more info on learn-address script. -# option learn_address /etc/openvpn/script - - # If enabled, this directive will configure - # all clients to redirect their default - # network gateway through the VPN, causing - # all IP traffic such as web browsing and - # and DNS lookups to go through the VPN - # (The OpenVPN server machine may need to NAT - # the TUN/TAP interface to the internet in - # order for this to work properly). - # CAVEAT: May break client's network config if - # client's local DHCP server packets get routed - # through the tunnel. Solution: make sure - # client's local DHCP server is reachable via - # a more specific route than the default route - # of 0.0.0.0/0.0.0.0. -# list push "redirect-gateway" - - # Certain Windows-specific network settings - # can be pushed to clients, such as DNS - # or WINS server addresses. CAVEAT: - # http://openvpn.net/faq.html#dhcpcaveats -# list push "dhcp-option DNS 10.8.0.1" -# list push "dhcp-option WINS 10.8.0.1" - - # Uncomment this directive to allow different - # clients to be able to "see" each other. - # By default, clients will only see the server. - # To force clients to only see the server, you - # will also need to appropriately firewall the - # server's TUN/TAP interface. -# option client_to_client 1 - - # Uncomment this directive if multiple clients - # might connect with the same certificate/key - # files or common names. This is recommended - # only for testing purposes. For production use, - # each client should have its own certificate/key - # pair. - # - # IF YOU HAVE NOT GENERATED INDIVIDUAL - # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, - # EACH HAVING ITS OWN UNIQUE "COMMON NAME", - # UNCOMMENT THIS LINE OUT. -# option duplicate_cn 1 - - # The keepalive directive causes ping-like - # messages to be sent back and forth over - # the link so that each side knows when - # the other side has gone down. - # Ping every 10 seconds, assume that remote - # peer is down if no ping received during - # a 120 second time period. - option keepalive "10 120" - - # For extra security beyond that provided - # by SSL/TLS, create an "HMAC firewall" - # to help block DoS attacks and UDP port flooding. - # - # Generate with: - # openvpn --genkey --secret ta.key - # - # The server and each client must have - # a copy of this key. - # The second parameter should be '0' - # on the server and '1' on the clients. - # This file is secret: -# option tls_auth "/etc/openvpn/ta.key 0" - - # Select a cryptographic cipher. - # This config item must be copied to - # the client config file as well. - # Blowfish (default): -# option cipher BF-CBC - # AES: -# option cipher AES-128-CBC - # Triple-DES: -# option cipher DES-EDE3-CBC - - # Enable compression on the VPN link. - # If you enable it here, you must also - # enable it in the client config file. - # LZ4 requires OpenVPN 2.4+ client and server -# option compress lz4 - # LZO is compatible with most OpenVPN versions - # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients) - option compress lzo - - # The maximum number of concurrently connected - # clients we want to allow. -# option max_clients 100 - - # The persist options will try to avoid - # accessing certain resources on restart - # that may no longer be accessible because - # of the privilege downgrade. - option persist_key 1 - option persist_tun 1 - option user nobody - - # Output a short status file showing - # current connections, truncated - # and rewritten every minute. - option status /tmp/openvpn-status.log - - # By default, log messages will go to the syslog (or - # on Windows, if running as a service, they will go to - # the "\Program Files\OpenVPN\log" directory). - # Use log or log-append to override this default. - # "log" will truncate the log file on OpenVPN startup, - # while "log-append" will append to it. Use one - # or the other (but not both). -# option log /tmp/openvpn.log -# option log_append /tmp/openvpn.log - - # Set the appropriate level of log - # file verbosity. - # - # 0 is silent, except for fatal errors - # 4 is reasonable for general usage - # 5 and 6 can help to debug connection problems - # 9 is extremely verbose - option verb 3 - - # Silence repeating messages. At most 20 - # sequential messages of the same message - # category will be output to the log. -# option mute 20 - - -############################################## -# Sample client-side OpenVPN 2.0 uci config # -# for connecting to multi-client server. # -############################################## - -config openvpn sample_client - - # Set to 1 to enable this instance: - option enabled 0 - - # Specify that we are a client and that we - # will be pulling certain config file directives - # from the server. - option client 1 - - # Use the same setting as you are using on - # the server. - # On most systems, the VPN will not function - # unless you partially or fully disable - # the firewall for the TUN/TAP interface. -# option dev tap - option dev tun - - # Are we connecting to a TCP or - # UDP server? Use the same setting as - # on the server. -# option proto tcp - option proto udp - - # The hostname/IP and port of the server. - # You can have multiple remote entries - # to load balance between the servers. - list remote "my_server_1 1194" -# list remote "my_server_2 1194" - - # Choose a random host from the remote - # list for load_balancing. Otherwise - # try hosts in the order specified. -# option remote_random 1 - - # Keep trying indefinitely to resolve the - # host name of the OpenVPN server. Very useful - # on machines which are not permanently connected - # to the internet such as laptops. - option resolv_retry infinite - - # Most clients don't need to bind to - # a specific local port number. - option nobind 1 - - # Try to preserve some state across restarts. - option persist_key 1 - option persist_tun 1 - option user nobody - - # If you are connecting through an - # HTTP proxy to reach the actual OpenVPN - # server, put the proxy server/IP and - # port number here. See the man page - # if your proxy server requires - # authentication. - # retry on connection failures: -# option http_proxy_retry 1 - # specify http proxy address and port: -# option http_proxy "192.168.1.100 8080" - - # Wireless networks often produce a lot - # of duplicate packets. Set this flag - # to silence duplicate packet warnings. -# option mute_replay_warnings 1 - - # SSL/TLS parms. - # See the server config file for more - # description. It's best to use - # a separate .crt/.key file pair - # for each client. A single ca - # file can be used for all clients. - option ca /etc/openvpn/ca.crt - option cert /etc/openvpn/client.crt - option key /etc/openvpn/client.key - - # Verify server certificate by checking - # that the certicate has the nsCertType - # field set to "server". This is an - # important precaution to protect against - # a potential attack discussed here: - # http://openvpn.net/howto.html#mitm - # - # To use this feature, you will need to generate - # your server certificates with the nsCertType - # field set to "server". The build_key_server - # script in the easy_rsa folder will do this. -# option ns_cert_type server - - # If a tls_auth key is used on the server - # then every client must also have the key. -# option tls_auth "/etc/openvpn/ta.key 1" - - # Select a cryptographic cipher. - # If the cipher option is used on the server - # then you must also specify it here. -# option cipher x - - # Enable compression on the VPN link. - # Don't enable this unless it is also - # enabled in the server config file. - # LZ4 requires OpenVPN 2.4+ on server and client -# option compress lz4 - # LZO is compatible with most OpenVPN versions - option compress lzo - - # Set log file verbosity. - option verb 3 - - # Silence repeating messages -# option mute 20 diff --git a/device-config/etc/config/qos b/device-config/etc/config/qos deleted file mode 100644 index 44e988a..0000000 --- a/device-config/etc/config/qos +++ /dev/null @@ -1,68 +0,0 @@ -# QoS configuration for OpenWrt - -# INTERFACES: -config interface wan - option classgroup "Default" - option enabled 0 - option upload 128 - option download 1024 - -# RULES: -config classify - option target "Priority" - option ports "22,53" - option comment "ssh, dns" -config classify - option target "Normal" - option proto "tcp" - option ports "20,21,25,80,110,443,993,995" - option comment "ftp, smtp, http(s), imap" -config classify - option target "Express" - option ports "5190" - option comment "AOL, iChat, ICQ" -config default - option target "Express" - option proto "udp" - option pktsize "-500" -config reclassify - option target "Priority" - option proto "icmp" -config default - option target "Bulk" - option portrange "1024-65535" - - -# Don't change the stuff below unless you -# really know what it means :) - -config classgroup "Default" - option classes "Priority Express Normal Bulk" - option default "Normal" - - -config class "Priority" - option packetsize 400 - option avgrate 10 - option priority 20 -config class "Priority_down" - option packetsize 1000 - option avgrate 10 - - -config class "Express" - option packetsize 1000 - option avgrate 50 - option priority 10 - -config class "Normal" - option packetsize 1500 - option packetdelay 100 - option avgrate 10 - option priority 5 -config class "Normal_down" - option avgrate 20 - -config class "Bulk" - option avgrate 1 - option packetdelay 200 diff --git a/device-config/etc/config/rpcd b/device-config/etc/config/rpcd deleted file mode 100644 index 499ea27..0000000 --- a/device-config/etc/config/rpcd +++ /dev/null @@ -1,7 +0,0 @@ - -config login - option username 'root' - option password '$p$root' - list read '*' - list write '*' - diff --git a/device-config/etc/config/samba b/device-config/etc/config/samba deleted file mode 100644 index 6457e43..0000000 --- a/device-config/etc/config/samba +++ /dev/null @@ -1,7 +0,0 @@ - -config samba - option workgroup 'WORKGROUP' - option homes '1' - option name 'GL-AR300M' - option description 'GL-AR300M-c6b' - diff --git a/device-config/etc/config/shadowsocks b/device-config/etc/config/shadowsocks deleted file mode 100644 index a8e392d..0000000 --- a/device-config/etc/config/shadowsocks +++ /dev/null @@ -1,30 +0,0 @@ - -config general - option startup_delay '0' - -config transparent_proxy - list main_server 'nil' - option udp_relay_server 'nil' - option local_port '1234' - -config socks5_proxy - list server 'nil' - option local_port '1080' - -config port_forward - list server 'nil' - option local_port '5300' - option destination '8.8.4.4:53' - -config servers - option alias 'sample' - option fast_open '0' - option no_delay '0' - option server '127.0.0.1' - option server_port '8388' - option timeout '60' - option password 'barfoo!' - option encrypt_method 'rc4-md5' - -config access_control - option self_proxy '1' diff --git a/device-config/etc/config/system b/device-config/etc/config/system deleted file mode 100644 index d2e40fc..0000000 --- a/device-config/etc/config/system +++ /dev/null @@ -1,35 +0,0 @@ - -config system - option ttylogin '0' - option log_size '64' - option urandom_seed '0' - option zonename 'UTC' - option timezone 'GMT0' - option log_proto 'udp' - option conloglevel '8' - option cronloglevel '8' - option hostname 'VPN360' - -config timeserver 'ntp' - option enabled '1' - list server '0.openwrt.pool.ntp.org' - list server '1.openwrt.pool.ntp.org' - list server '2.openwrt.pool.ntp.org' - list server '3.openwrt.pool.ntp.org' - -config led - option trigger 'netdev' - option dev 'br-lan' - option mode 'link' - option name 'WAN' - option sysfs 'gl-ar300m:green:lan' - option default '0' - -config led - option name 'VPN' - option trigger 'netdev' - option dev 'br-VPN360' - option mode 'link' - option sysfs 'gl-ar300m:green:wlan' - option default '0' - diff --git a/device-config/etc/config/system1 b/device-config/etc/config/system1 deleted file mode 100755 index c68ee1d..0000000 --- a/device-config/etc/config/system1 +++ /dev/null @@ -1,13 +0,0 @@ - -config system - option hostname 'GL-AR150' - option conloglevel '8' - option cronloglevel '8' - option zonename 'Asia/Shanghai' - option timezone 'CST-8' - -config timeserver 'ntp' - list server '0.openwrt.pool.ntp.org' - list server '1.openwrt.pool.ntp.org' - list server '2.openwrt.pool.ntp.org' - list server '3.openwrt.pool.ntp.org' diff --git a/device-config/etc/config/ubootenv b/device-config/etc/config/ubootenv deleted file mode 100644 index 3bef92c..0000000 --- a/device-config/etc/config/ubootenv +++ /dev/null @@ -1,7 +0,0 @@ - -config ubootenv - option dev '/dev/mtd1' - option offset '0x0' - option envsize '0x10000' - option secsize '0x10000' - diff --git a/device-config/etc/config/ucitrack b/device-config/etc/config/ucitrack deleted file mode 100644 index 0387d7b..0000000 --- a/device-config/etc/config/ucitrack +++ /dev/null @@ -1,61 +0,0 @@ - -config network - option init 'network' - list affects 'dhcp' - list affects 'radvd' - -config wireless - list affects 'network' - -config firewall - option init 'firewall' - list affects 'luci-splash' - list affects 'qos' - list affects 'miniupnpd' - -config olsr - option init 'olsrd' - -config dhcp - option init 'dnsmasq' - list affects 'odhcpd' - -config odhcpd - option init 'odhcpd' - -config dropbear - option init 'dropbear' - -config httpd - option init 'httpd' - -config fstab - option exec '/sbin/block mount' - -config qos - option init 'qos' - -config system - option init 'led' - option exec '/etc/init.d/log reload' - list affects 'luci_statistics' - list affects 'dhcp' - -config luci_splash - option init 'luci_splash' - -config upnpd - option init 'miniupnpd' - -config ntpclient - option init 'ntpclient' - -config samba - option init 'samba' - -config tinyproxy - option init 'tinyproxy' - -config mwan3 - option init 'mwan3' - diff --git a/device-config/etc/config/uhttpd b/device-config/etc/config/uhttpd deleted file mode 100644 index 7c6410e..0000000 --- a/device-config/etc/config/uhttpd +++ /dev/null @@ -1,30 +0,0 @@ - -config uhttpd 'main' - list listen_http '0.0.0.0:80' - list listen_http '[::]:80' - list listen_https '0.0.0.0:443' - list listen_https '[::]:443' - option redirect_https '1' - option home '/www' - option rfc1918_filter '1' - option max_requests '3' - option max_connections '100' - option cert '/etc/uhttpd.crt' - option key '/etc/uhttpd.key' - option cgi_prefix '/cgi-bin' - option lua_prefix '/luci' - option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua' - option script_timeout '60' - option network_timeout '30' - option http_keepalive '20' - option tcp_keepalive '1' - option ubus_prefix '/ubus' - -config cert 'defaults' - option days '730' - option bits '2048' - option country 'ZZ' - option state 'Somewhere' - option location 'Unknown' - option commonname 'OpenWrt' - diff --git a/device-config/etc/config/unbound b/device-config/etc/config/unbound deleted file mode 100644 index 2509921..0000000 --- a/device-config/etc/config/unbound +++ /dev/null @@ -1,3 +0,0 @@ -config unbound - option enable '0' - option manual_conf '1' diff --git a/device-config/etc/config/upnpd b/device-config/etc/config/upnpd deleted file mode 100644 index 35f6b61..0000000 --- a/device-config/etc/config/upnpd +++ /dev/null @@ -1,27 +0,0 @@ - -config upnpd 'config' - option secure_mode '1' - option log_output '0' - option download '1024' - option upload '512' - option internal_iface 'lan' - option port '5000' - option upnp_lease_file '/var/upnp.leases' - option uuid 'dddee5fa-fc97-466b-809d-491c4b9a8adc' - option enable_upnp '0' - option enable_natpmp '0' - -config perm_rule - option action 'allow' - option ext_ports '1-65535' - option int_addr '0.0.0.0/0' - option int_ports '1-65535' - option comment 'Allow ports' - -config perm_rule - option action 'deny' - option ext_ports '0-65535' - option int_addr '0.0.0.0/0' - option int_ports '0-65535' - option comment 'Default deny' - diff --git a/device-config/etc/config/vpn_service b/device-config/etc/config/vpn_service deleted file mode 100755 index 8cbc68a..0000000 --- a/device-config/etc/config/vpn_service +++ /dev/null @@ -1,14 +0,0 @@ -config general 'global' - option enable '0' - -config service 'vpn' - option auth 'SHA1' - option proto 'udp' - option port '1194' - option dev 'tun-SERVER' - option dev_type 'tun' - option cipher 'BF-CBC' - option comp 'adaptive' - option subnet '10.8.0.0' - option mask '255.255.255.0' - option host '127.0.0.1' diff --git a/device-config/etc/config/wireless b/device-config/etc/config/wireless deleted file mode 100644 index 4fefc2d..0000000 --- a/device-config/etc/config/wireless +++ /dev/null @@ -1,30 +0,0 @@ - -config wifi-device 'radio0' - option type 'mac80211' - option channel '11' - option hwmode '11g' - option path 'platform/soc/20980000.usb/usb1/1-1/1-1.5/1-1.5:1.0' - option htmode 'HT20' - option country '00' - option legacy_rates '1' - option __toggle 'Enable' - -config wifi-device 'radio1' - option type 'mac80211' - option channel '11' - option hwmode '11g' - option path 'platform/qca953x_wmac' - option htmode 'HT20' - option txpower '22' - option country 'US' - option legacy_rates '1' - option enabled '1' - option disabled '0' - -config wifi-iface - option device 'radio1' - option mode 'ap' - option encryption 'none' - option ssid '$SSID' - option network 'VPN360' - diff --git a/device-config/etc/dropbear/authorized_keys b/device-config/etc/dropbear/authorized_keys deleted file mode 100644 index e69de29..0000000 diff --git a/device-config/etc/dropbear/dropbear_dss_host_key b/device-config/etc/dropbear/dropbear_dss_host_key deleted file mode 100644 index d9fbf2d..0000000 Binary files a/device-config/etc/dropbear/dropbear_dss_host_key and /dev/null differ diff --git a/device-config/etc/dropbear/dropbear_rsa_host_key b/device-config/etc/dropbear/dropbear_rsa_host_key deleted file mode 100644 index 9c96aa9..0000000 Binary files a/device-config/etc/dropbear/dropbear_rsa_host_key and /dev/null differ diff --git a/device-config/etc/firewall.user b/device-config/etc/firewall.user deleted file mode 100644 index 509687e..0000000 --- a/device-config/etc/firewall.user +++ /dev/null @@ -1,11 +0,0 @@ - -force_dns() { - # lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p') - lanip=$(uci get network.lan.ipaddr) - iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip - iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip -} -force=$(uci get glconfig.general.force_dns) -if [ -n "$force" ]; then - force_dns -fi diff --git a/device-config/etc/fw_env.config b/device-config/etc/fw_env.config deleted file mode 100644 index 244ad98..0000000 --- a/device-config/etc/fw_env.config +++ /dev/null @@ -1 +0,0 @@ -/dev/mtd1 0x0 0x10000 0x10000 diff --git a/device-config/etc/group b/device-config/etc/group deleted file mode 100644 index 29ede86..0000000 --- a/device-config/etc/group +++ /dev/null @@ -1,13 +0,0 @@ -root:x:0: -daemon:x:1: -adm:x:4: -tty:x:5: -mail:x:8: -audio:x:29: -www-data:x:33: -ftp:x:55: -users:x:100: -network:x:101: -nogroup:x:65534: -dnsmasq:x:453:dnsmasq -unbound:x:553:unbound diff --git a/device-config/etc/hosts b/device-config/etc/hosts deleted file mode 100644 index f66085f..0000000 --- a/device-config/etc/hosts +++ /dev/null @@ -1,3 +0,0 @@ -127.0.0.1 localhost -10.8.0.1 private.vpn360 -5.9.48.18 public.vpn360 diff --git a/device-config/etc/inittab b/device-config/etc/inittab deleted file mode 100644 index b944a93..0000000 --- a/device-config/etc/inittab +++ /dev/null @@ -1,4 +0,0 @@ -::sysinit:/etc/init.d/rcS S boot -::shutdown:/etc/init.d/rcS K shutdown -::askconsole:/usr/libexec/login.sh -tty1::askfirst:/usr/libexec/login.sh diff --git a/device-config/etc/lighttpd/lighttpd.conf b/device-config/etc/lighttpd/lighttpd.conf deleted file mode 100644 index acac638..0000000 --- a/device-config/etc/lighttpd/lighttpd.conf +++ /dev/null @@ -1,30 +0,0 @@ -server.document-root = "/www" -server.upload-dirs = ( "/tmp" ) -server.errorlog = "/var/log/lighttpd/error.log" -server.pid-file = "/var/run/lighttpd.pid" -server.username = "http" -server.groupname = "www-data" - -index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm", - ) - -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -### Options that are useful but not always necessary: -#server.chroot = "/" -server.port = 81 -server.bind = "localhost" -#server.tag = "lighttpd" -#server.errorlog-use-syslog = "enable" -#server.network-backend = "writev" - -### Use IPv6 if available -#include_shell "/usr/share/lighttpd/use-ipv6.pl" - -#dir-listing.encoding = "utf-8" -#server.dir-listing = "enable" - -include "/etc/lighttpd/mime.conf" -include "/etc/lighttpd/conf.d/*.conf" - diff --git a/device-config/etc/luci-uploads/.placeholder b/device-config/etc/luci-uploads/.placeholder deleted file mode 100644 index e69de29..0000000 diff --git a/device-config/etc/opkg.conf b/device-config/etc/opkg.conf deleted file mode 100644 index bd8505f..0000000 --- a/device-config/etc/opkg.conf +++ /dev/null @@ -1,4 +0,0 @@ -dest root / -dest ram /tmp -lists_dir ext /var/opkg-lists -option overlay_root /overlay \ No newline at end of file diff --git a/device-config/etc/opkg/customfeeds.conf b/device-config/etc/opkg/customfeeds.conf deleted file mode 100644 index 0519ecb..0000000 --- a/device-config/etc/opkg/customfeeds.conf +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/device-config/etc/opkg/keys/1035ac73cc4e59e3 b/device-config/etc/opkg/keys/1035ac73cc4e59e3 deleted file mode 100644 index e8ce435..0000000 --- a/device-config/etc/opkg/keys/1035ac73cc4e59e3 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: OpenWrt 18.06 public key -RWQQNaxzzE5Z41cVmEh2rilAPKLsyfPKm+S4BJWA1Yv+LP1hKebmGtXi diff --git a/device-config/etc/opkg/keys/5151f69420c3f508 b/device-config/etc/opkg/keys/5151f69420c3f508 deleted file mode 100644 index d4cd777..0000000 --- a/device-config/etc/opkg/keys/5151f69420c3f508 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of Hans Dedecker -RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX diff --git a/device-config/etc/opkg/keys/53bad1233d4c98c5 b/device-config/etc/opkg/keys/53bad1233d4c98c5 deleted file mode 100644 index e49bd7d..0000000 --- a/device-config/etc/opkg/keys/53bad1233d4c98c5 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: openwrt.org 15.05 release key -RWRTutEjPUyYxcuFKuF19hS8WfHi09AkVhK33KMQPri/dFG9PhEzDtMH diff --git a/device-config/etc/opkg/keys/6549bc466575035e b/device-config/etc/opkg/keys/6549bc466575035e deleted file mode 100644 index 2f17e42..0000000 --- a/device-config/etc/opkg/keys/6549bc466575035e +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: Local build key -RWRlSbxGZXUDXkGTGW4c1UX2NT71KDIe1xDzkH40PzgMQ9h2Jk0a+KSU diff --git a/device-config/etc/opkg/keys/72a57f2191b211e0 b/device-config/etc/opkg/keys/72a57f2191b211e0 deleted file mode 100644 index 1719816..0000000 --- a/device-config/etc/opkg/keys/72a57f2191b211e0 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of Jo-Philipp Wich -RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL diff --git a/device-config/etc/opkg/keys/792d9d9b39f180dc b/device-config/etc/opkg/keys/792d9d9b39f180dc deleted file mode 100644 index 9044a0e..0000000 --- a/device-config/etc/opkg/keys/792d9d9b39f180dc +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE 17.01 "Reboot" public key -RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo diff --git a/device-config/etc/opkg/keys/7d75c2e892e71b62 b/device-config/etc/opkg/keys/7d75c2e892e71b62 deleted file mode 100644 index 76395b7..0000000 --- a/device-config/etc/opkg/keys/7d75c2e892e71b62 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: Local build key -RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS diff --git a/device-config/etc/opkg/keys/9ef4694208102c43 b/device-config/etc/opkg/keys/9ef4694208102c43 deleted file mode 100644 index c4df7b6..0000000 --- a/device-config/etc/opkg/keys/9ef4694208102c43 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of Álvaro Fernández Rojas -RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2 diff --git a/device-config/etc/opkg/keys/9f9024096bd6e280 b/device-config/etc/opkg/keys/9f9024096bd6e280 deleted file mode 100644 index 86bb45f..0000000 --- a/device-config/etc/opkg/keys/9f9024096bd6e280 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: Local build key -RWSfkCQJa9bigD3Hp7zlN1LFyRXqfjYr4JR9+BNfGWhbz8PfveH7PXzV diff --git a/device-config/etc/opkg/keys/b26f36ae0f4106d b/device-config/etc/opkg/keys/b26f36ae0f4106d deleted file mode 100644 index 8d408eb..0000000 --- a/device-config/etc/opkg/keys/b26f36ae0f4106d +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of Stijn Tintel -RWQLJvNq4PQQbSGZ05Az9jXSt/xlw/IfWc6USiB2FHEUoWL7QpMibzv6 diff --git a/device-config/etc/opkg/keys/b5043e70f9a75cde b/device-config/etc/opkg/keys/b5043e70f9a75cde deleted file mode 100644 index bcbd9db..0000000 --- a/device-config/etc/opkg/keys/b5043e70f9a75cde +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key for unattended build jobs -RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+ diff --git a/device-config/etc/opkg/keys/c10b9afab19ee428 b/device-config/etc/opkg/keys/c10b9afab19ee428 deleted file mode 100644 index ee925b4..0000000 --- a/device-config/etc/opkg/keys/c10b9afab19ee428 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of Alexander Couzens -RWTBC5r6sZ7kKA/C5VnxUbJw5E0vy3MGo3MP2eXCQlgg65+2si4MKBnf diff --git a/device-config/etc/opkg/keys/c6a400ef64d077fc b/device-config/etc/opkg/keys/c6a400ef64d077fc deleted file mode 100644 index 103edeb..0000000 --- a/device-config/etc/opkg/keys/c6a400ef64d077fc +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: Local build key -RWTGpADvZNB3/MmWOxQ9IAjQm7wLDoQiY6zyIIfMVs8JaYVkNKt7LQPL diff --git a/device-config/etc/opkg/keys/dace9d4df16896bf b/device-config/etc/opkg/keys/dace9d4df16896bf deleted file mode 100644 index 543d569..0000000 --- a/device-config/etc/opkg/keys/dace9d4df16896bf +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of Ted Hess -RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ diff --git a/device-config/etc/opkg/keys/dd6de0d06bbd3d85 b/device-config/etc/opkg/keys/dd6de0d06bbd3d85 deleted file mode 100644 index 3c21dcd..0000000 --- a/device-config/etc/opkg/keys/dd6de0d06bbd3d85 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: LEDE usign key of John Crispin -RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp diff --git a/device-config/etc/opkg/keys/de98a2dd1d0f8a07 b/device-config/etc/opkg/keys/de98a2dd1d0f8a07 deleted file mode 100644 index 5e3088c..0000000 --- a/device-config/etc/opkg/keys/de98a2dd1d0f8a07 +++ /dev/null @@ -1,2 +0,0 @@ -untrusted comment: openwrt.org 15.05 release key -RWTemKLdHQ+KBxOILy8gyk+5PaDVdfyJ32TFnY/jnQOrBAd1wobbLNYz diff --git a/device-config/etc/passwd b/device-config/etc/passwd deleted file mode 100644 index aa8a0f1..0000000 --- a/device-config/etc/passwd +++ /dev/null @@ -1,8 +0,0 @@ -root:x:0:0:root:/root:/bin/ash -daemon:*:1:1:daemon:/var:/bin/false -ftp:*:55:55:ftp:/home/ftp:/bin/false -network:*:101:101:network:/var:/bin/false -nobody:*:65534:65534:nobody:/var:/bin/false -dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false -unbound:x:553:553:unbound:/var/run/unbound:/bin/false -http:x:65536:65536:http:/var/run/http:/bin/false diff --git a/device-config/etc/profile b/device-config/etc/profile deleted file mode 100644 index cfbba05..0000000 --- a/device-config/etc/profile +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -[ -e /tmp/.failsafe ] && export FAILSAFE=1 - -[ -f /etc/banner ] && cat /etc/banner -[ -n "$FAILSAFE" ] && cat /etc/banner.failsafe - -fgrep -sq '/ overlay ro,' /proc/mounts && { - echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.' - echo 'Please try to remove files from /overlay/upper/... and reboot!' -} - -export PATH="/usr/sbin:/usr/bin:/sbin:/bin" -export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6) -export HOME=${HOME:-/root} -export PS1='\u@\h:\w\$ ' - -[ "$TERM" = "xterm" ] && export PS1='\[\e]0;\u@\h: \w\a\]'$PS1 - -[ -x /bin/more ] || alias more=less -[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi - -alias ll='ls -alF --color=auto' - -[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc - -[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; } -[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; } - -[ -n "$FAILSAFE" ] || { - for FILE in /etc/profile.d/*.sh; do - [ -e "$FILE" ] && . "$FILE" - done - unset FILE -} - -if ( grep -qs '^root::' /etc/shadow && \ - [ -z "$FAILSAFE" ] ) -then -cat << EOF -=== WARNING! ===================================== -There is no root password defined on this device! -Use the "passwd" command to set up a new password -in order to prevent unauthorized SSH logins. --------------------------------------------------- -EOF -fi - -service() { - [ -f "/etc/init.d/$1" ] || { - echo "service "'"'"$1"'"'" not found, the following services are available:" - ls "/etc/init.d" - return 1 - } - /etc/init.d/$@ -} diff --git a/device-config/etc/rc.button/failsafe b/device-config/etc/rc.button/failsafe deleted file mode 100755 index ba958fa..0000000 --- a/device-config/etc/rc.button/failsafe +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -[ "${TYPE}" = "switch" ] || echo ${BUTTON} > /tmp/failsafe_button - -return 0 diff --git a/device-config/etc/rc.button/power b/device-config/etc/rc.button/power deleted file mode 100755 index c245744..0000000 --- a/device-config/etc/rc.button/power +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -[ "${ACTION}" = "released" ] || exit 0 - -exec /sbin/poweroff - -return 0 diff --git a/device-config/etc/rc.button/reset b/device-config/etc/rc.button/reset deleted file mode 100755 index 76e7939..0000000 --- a/device-config/etc/rc.button/reset +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -. /lib/functions.sh - -OVERLAY="$( grep ' /overlay ' /proc/mounts )" - -case "$ACTION" in -pressed) - [ -z "$OVERLAY" ] && return 0 - - return 5 -;; -timeout) - # . /etc/diag.sh - # set_state failsafe - echo "REBOOT" > /dev/console - sync - reboot -;; -released) - if [ "$SEEN" -lt 1 ] - then - echo "PING" > /dev/console - ping -c4 10.8.0.1 - elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ] - then - echo "REBOOT" > /dev/console - sync - reboot - fi -;; -esac - -return 0 diff --git a/device-config/etc/rc.button/rfkill b/device-config/etc/rc.button/rfkill deleted file mode 100755 index fbdda40..0000000 --- a/device-config/etc/rc.button/rfkill +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -[ "${ACTION}" = "released" -o -n "${TYPE}" ] || exit 0 - -. /lib/functions.sh - -rfkill_state=0 - -wifi_rfkill_set() { - uci set wireless.$1.disabled=$rfkill_state -} - -wifi_rfkill_check() { - local disabled - config_get disabled $1 disabled - [ "$disabled" = "1" ] || rfkill_state=1 -} - -config_load wireless -case "${TYPE}" in -"switch") - [ "${ACTION}" = "released" ] && rfkill_state=1 - ;; -*) - config_foreach wifi_rfkill_check wifi-device - ;; -esac -config_foreach wifi_rfkill_set wifi-device -uci commit wireless -wifi up - -return 0 diff --git a/device-config/etc/rc.local b/device-config/etc/rc.local deleted file mode 100644 index 9004078..0000000 --- a/device-config/etc/rc.local +++ /dev/null @@ -1,6 +0,0 @@ -# Put your custom commands here that should be executed once -# the system init finished. By default this file does nothing. - -/bin/heartbeat & - -exit 0 diff --git a/device-config/etc/services b/device-config/etc/services deleted file mode 100644 index a12853e..0000000 --- a/device-config/etc/services +++ /dev/null @@ -1,171 +0,0 @@ -echo 7/tcp -echo 7/udp -discard 9/tcp -discard 9/udp -daytime 13/tcp -daytime 13/udp -netstat 15/tcp -chargen 19/tcp -chargen 19/udp -ftp-data 20/tcp -ftp 21/tcp -ssh 22/tcp -ssh 22/udp -telnet 23/tcp -smtp 25/tcp -time 37/tcp -time 37/udp -whois 43/tcp -domain 53/tcp -domain 53/udp -bootps 67/tcp -bootps 67/udp -bootpc 68/tcp -bootpc 68/udp -tftp 69/udp -finger 79/tcp -www 80/tcp http -kerberos 88/tcp kerberos5 krb5 kerberos-sec -kerberos 88/udp kerberos5 krb5 kerberos-sec -pop3 110/tcp -pop3 110/udp -sunrpc 111/tcp -sunrpc 111/udp -auth 113/tcp ident -sftp 115/tcp -nntp 119/tcp -ntp 123/tcp -ntp 123/udp -netbios-ns 137/tcp -netbios-ns 137/udp -netbios-dgm 138/tcp -netbios-dgm 138/udp -netbios-ssn 139/tcp -netbios-ssn 139/udp -imap2 143/tcp imap -imap2 143/udp imap -snmp 161/tcp -snmp 161/udp -snmp-trap 162/tcp snmptrap -snmp-trap 162/udp snmptrap -xdmcp 177/tcp -xdmcp 177/udp -bgp 179/tcp -bgp 179/udp -imap3 220/tcp -imap3 220/udp -ldap 389/tcp -ldap 389/udp -https 443/tcp -https 443/udp -microsoft-ds 445/tcp -microsoft-ds 445/udp -isakmp 500/tcp -isakmp 500/udp -rtsp 554/tcp -rtsp 554/udp -ipp 631/tcp -ipp 631/udp -syslog 514/udp -printer 515/tcp spooler -dhcpv6-client 546/tcp -dhcpv6-client 546/udp -dhcpv6-server 547/tcp -dhcpv6-server 547/udp -afpovertcp 548/tcp -afpovertcp 548/udp -nntps 563/tcp snntp -nntps 563/udp snntp -ldaps 636/tcp -ldaps 636/udp -tinc 655/tcp -tinc 655/udp -rsync 873/tcp -rsync 873/udp -ftps-data 989/tcp -ftps 990/tcp -imaps 993/tcp -imaps 993/udp -ircs 994/tcp -ircs 994/udp -pop3s 995/tcp -pop3s 995/udp -socks 1080/tcp -socks 1080/udp -openvpn 1194/tcp -openvpn 1194/udp -l2f 1701/tcp l2tp -l2f 1701/udp l2tp -radius 1812/tcp -radius 1812/udp -radius-acct 1813/tcp radacct -radius-acct 1813/udp radacct -nfs 2049/tcp -nfs 2049/udp -dict 2628/tcp -dict 2628/udp -gpsd 2947/tcp -gpsd 2947/udp -icpv2 3130/tcp icp -icpv2 3130/udp icp -mysql 3306/tcp -mysql 3306/udp -nut 3493/tcp -nut 3493/udp -distcc 3632/tcp -distcc 3632/udp -daap 3689/tcp -daap 3689/udp -svn 3690/tcp subversion -svn 3690/udp subversion -epmd 4369/tcp -epmd 4369/udp -iax 4569/tcp -iax 4569/udp -mtn 4691/tcp -mtn 4691/udp -munin 4949/tcp -sip 5060/tcp -sip 5060/udp -sip-tls 5061/tcp -sip-tls 5061/udp -xmpp-client 5222/tcp jabber-client -xmpp-client 5222/udp jabber-client -xmpp-server 5269/tcp jabber-server -xmpp-server 5269/udp jabber-server -mdns 5353/tcp -mdns 5353/udp -postgresql 5432/tcp postgres -postgresql 5432/udp postgres -x11 6000/tcp -x11 6000/udp -mysql-proxy 6446/tcp -mysql-proxy 6446/udp -bacula-dir 9101/tcp -bacula-dir 9101/udp -bacula-fd 9102/tcp -bacula-fd 9102/udp -bacula-sd 9103/tcp -bacula-sd 9103/udp -nbd 10809/tcp -zabbix-agent 10050/tcp -zabbix-agent 10050/udp -zabbix-trapper 10051/tcp -zabbix-trapper 10051/udp -hkp 11371/tcp -hkp 11371/udp -ssmtp 465/tcp smtps -spamd 783/tcp -zebrasrv 2600/tcp -zebra 2601/tcp -ripd 2602/tcp -ripngd 2603/tcp -ospfd 2604/tcp -bgpd 2605/tcp -ospf6d 2606/tcp -ospfapi 2607/tcp -isisd 2608/tcp -sane-port 6566/tcp sane saned -ircd 6667/tcp -git 9418/tcp - diff --git a/device-config/etc/shadow b/device-config/etc/shadow deleted file mode 100644 index e60c86a..0000000 --- a/device-config/etc/shadow +++ /dev/null @@ -1,8 +0,0 @@ -root:$PASSWORD:17851:0:99999:7::: -daemon:*:0:0:99999:7::: -ftp:*:0:0:99999:7::: -network:*:0:0:99999:7::: -nobody:*:0:0:99999:7::: -dnsmasq:x:0:0:99999:7::: -unbound:x:0:0:99999:7::: -http:x:0:0:99999:7::: diff --git a/device-config/etc/shells b/device-config/etc/shells deleted file mode 100644 index 006aa38..0000000 --- a/device-config/etc/shells +++ /dev/null @@ -1 +0,0 @@ -/bin/ash diff --git a/device-config/etc/sysctl.conf b/device-config/etc/sysctl.conf deleted file mode 100644 index ae04212..0000000 --- a/device-config/etc/sysctl.conf +++ /dev/null @@ -1 +0,0 @@ -# Defaults are configured in /etc/sysctl.d/* and can be customized in this file diff --git a/device-config/etc/sysupgrade.conf b/device-config/etc/sysupgrade.conf deleted file mode 100644 index 42f882b..0000000 --- a/device-config/etc/sysupgrade.conf +++ /dev/null @@ -1,9 +0,0 @@ -## This file contains files and directories that should -## be preserved during an upgrade. - -# /etc/example.conf -# /etc/openvpn/ - -/etc/openvpn/ -/etc/rc.button/ -/bin/heartbeat \ No newline at end of file diff --git a/manager/admin.py b/manager/admin.py index 10b9e78..9b31b11 100644 --- a/manager/admin.py +++ b/manager/admin.py @@ -1,6 +1,7 @@ from django.contrib import admin -from .models import Organization, Device, Network +from .models import Organization, Device, Network, Model admin.site.register(Organization) admin.site.register(Device) admin.site.register(Network) +admin.site.register(Model) diff --git a/manager/migrations/0012_auto_20181201_1927.py b/manager/migrations/0012_auto_20181201_1927.py new file mode 100644 index 0000000..3671820 --- /dev/null +++ b/manager/migrations/0012_auto_20181201_1927.py @@ -0,0 +1,23 @@ +# Generated by Django 2.1.3 on 2018-12-01 19:27 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('manager', '0011_auto_20181128_1829'), + ] + + operations = [ + migrations.AddField( + model_name='device', + name='lastbeat', + field=models.DateTimeField(blank=True, null=True, verbose_name='Last Received Timestamp'), + ), + migrations.AlterField( + model_name='device', + name='lasttime', + field=models.DateTimeField(blank=True, null=True, verbose_name='Last Received IP'), + ), + ] diff --git a/manager/migrations/0013_model.py b/manager/migrations/0013_model.py new file mode 100644 index 0000000..e3f4ca4 --- /dev/null +++ b/manager/migrations/0013_model.py @@ -0,0 +1,22 @@ +# Generated by Django 2.1.3 on 2018-12-06 16:32 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('manager', '0012_auto_20181201_1927'), + ] + + operations = [ + migrations.CreateModel( + name='Model', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('name', models.CharField(max_length=100, unique=True, verbose_name='Model Name')), + ('extname', models.CharField(max_length=100, verbose_name='Manufacturer Model Name')), + ('config', models.TextField(blank=True, null=True, verbose_name='OpenWRT Compile Config')), + ], + ), + ] diff --git a/manager/migrations/0014_device_model.py b/manager/migrations/0014_device_model.py new file mode 100644 index 0000000..703ed2d --- /dev/null +++ b/manager/migrations/0014_device_model.py @@ -0,0 +1,20 @@ +# Generated by Django 2.1.3 on 2018-12-06 17:03 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('manager', '0013_model'), + ] + + operations = [ + migrations.AddField( + model_name='device', + name='model', + field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, to='manager.Model'), + preserve_default=False, + ), + ] diff --git a/manager/models.py b/manager/models.py index 3eafc5a..594eb21 100644 --- a/manager/models.py +++ b/manager/models.py @@ -20,13 +20,23 @@ class Network(models.Model): def __str__(self): return "%s (%s)" % (self.intip, self.extip) +class Model(models.Model): + name = models.CharField("Model Name", max_length=100, unique=True) + extname = models.CharField("Manufacturer Model Name", max_length=100) + config = models.TextField("OpenWRT Compile Config", blank=True, null=True) + + def __str__(self): + return self.name + class Device(models.Model): serial = models.CharField("Device Serial Number", max_length=12, unique=True) name = models.CharField("Common Name", max_length=100, default="", blank=True, null=True) + model = models.ForeignKey(Model, on_delete=models.CASCADE) organization = models.ForeignKey(Organization, on_delete=models.CASCADE) network = models.ForeignKey(Network, on_delete=models.SET_NULL, blank=True, null=True) curip = models.CharField("Current IP Address", max_length=15, blank=True, null=True) - lasttime = models.DateTimeField("Last Received Heartbeat", blank=True, null=True) + lasttime = models.DateTimeField("Last Received IP", blank=True, null=True) + lastbeat = models.DateTimeField("Last Received Timestamp", blank=True, null=True) secret = models.CharField("Secret", default=getRandom, max_length=128) password = models.CharField("Device Password", default=getRandom, max_length=128) vpnconfig = models.TextField("VPN Configuration", blank=True, null=True, editable=False) diff --git a/manager/templates/manager/add.html b/manager/templates/manager/add.html index f452f3a..4df7ea6 100644 --- a/manager/templates/manager/add.html +++ b/manager/templates/manager/add.html @@ -19,6 +19,14 @@ {% endfor %} + +
+ +
Cancel diff --git a/manager/templates/manager/edit.html b/manager/templates/manager/edit.html index aba9467..6a765a2 100644 --- a/manager/templates/manager/edit.html +++ b/manager/templates/manager/edit.html @@ -8,6 +8,16 @@ +{% if user.is_superuser %} +
+ + +
+
+ + +
+{% endif %}
diff --git a/manager/templates/manager/index.html b/manager/templates/manager/index.html index fe5ed3f..4297958 100644 --- a/manager/templates/manager/index.html +++ b/manager/templates/manager/index.html @@ -13,19 +13,17 @@ Common Name Network Latest IP - Secret Options {% if user.is_superuser %}{% endif %} {% for device in devices %} -
 {{ device.serial }} - {% if device.name %}{{ device.name }}{% endif %} - {{ device.network }} +
 
{{ device.serial }}
+ {% if device.name %}{{ device.name }}{% endif %} + {{ device.network }}
{% if device.curip %}{{ device.curip }} (at {{ device.lasttime }}){% endif %}
- {{ device.secret }} - {% if user.is_superuser %} {% endif %} + {% if user.is_staff %} {% endif %}{% if user.is_superuser %} {% endif %} {% endfor %} @@ -41,7 +39,7 @@ {% for device in devices %} updateStatus({{ device.id }}); -setInterval(updateStatus, 3000, {{ device.id }}); +setInterval(updateStatus, 10000, {{ device.id }}); {% endfor %} diff --git a/manager/views.py b/manager/views.py index 300e025..d40d833 100644 --- a/manager/views.py +++ b/manager/views.py @@ -6,7 +6,7 @@ from django.views.decorators.csrf import csrf_exempt from django.utils import timezone from django.core.files import File from django.db.models.fields.files import FieldFile -from .models import Device, Organization, Network +from .models import Device, Organization, Network, Model from distutils.dir_util import copy_tree @@ -29,6 +29,7 @@ def index(request): def heartbeat(request): device = get_object_or_404(Device, secret=request.POST.get("secret", "")) ip = request.POST.get("ip", "") + device.lastbeat = timezone.now() if ip: device.lasttime = timezone.now() if device.curip: @@ -60,9 +61,18 @@ def ping(request, device_id): else: try: socket.inet_aton(device[0].curip) - ajax += str(int(not os.WEXITSTATUS(os.system("ping -c1 -w1 " + device[0].curip + " > /dev/null 2>&1")))) # This monster is not long enough yet. + ajax += str(int(not os.WEXITSTATUS(os.system("ping -c1 -w1 " + device[0].curip + " > /dev/null 2>&1")))) + ajax += ',\n "serial": "%s"' % device[0].serial + ajax += ',\n "name": "%s"' % device[0].name ajax += ',\n "ip": "%s"' % device[0].curip ajax += ',\n "time": "%s"' % device[0].lasttime + ajax += ',\n "lastbeat": "%s"' % device[0].lastbeat + ajax += ',\n "reboot": %i' % (1 if device[0].reboot else 0) + + ajax += ',\n "network": {' + ajax += '\n "intip": "%s"' % device[0].network.intip + ajax += ',\n "extip": "%s"' % device[0].network.extip + ajax += '\n }' except: ajax += "-3" @@ -71,7 +81,7 @@ def ping(request, device_id): ajax += "-2" ajax += "\n}" - return HttpResponse(ajax) + return HttpResponse(ajax, content_type="application/json") def devices(request): if request.user.is_authenticated: @@ -122,7 +132,8 @@ def editdevice(request, device_id): { "title": "Edit Device", "device": device[0], - "subnets": subnets + "subnets": subnets, + "user": request.user } ) @@ -130,15 +141,21 @@ def editdevice(request, device_id): return redirect("/") def getconfig(request, device_id): - BEFORE = os.getcwd() - DEVICEDIR = "/opt/vpnmanager/device-config/" - SRCDIR = "/opt/openwrt/" - if not request.user.is_superuser: return redirect("/") device = get_object_or_404(Device, id=device_id) + BEFORE = os.getcwd() + DEVICEDIR = "/opt/vpnmanager/device-config/%i/" % device.model.id + SRCDIR = "/opt/vpnmanager/imagebuilder/%i/" % device.model.id + + if glob.glob(SRCDIR + "/.kumilock"): + return HttpResponse("Another download is being prepared right now. Please wait for it to finish and try again later.") + + with open(SRCDIR + "/.kumilock", "w") as lock: + lock.write("") + tempdir = tempfile.TemporaryDirectory() copy_tree(DEVICEDIR, tempdir.name) @@ -197,16 +214,18 @@ def getconfig(request, device_id): os.chdir(SRCDIR) try: - output = subprocess.check_output(["make", "-j9"]) + subprocess.call(["/usr/bin/make"]) except: + os.remove(SRCDIR + "/.kumilock") os.chdir(BEFORE) - return HttpResponse("Something went wrong building the image file.\n\n" + output) + return HttpResponse("Something went wrong building the image file.") os.chdir(BEFORE) with open(glob.glob(SRCDIR + "/bin/targets/ar71xx/generic/*squashfs-sysupgrade.bin")[0], "rb") as download: response = HttpResponse(download.read(), content_type="application/octet-stream") response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".bin") + os.remove(SRCDIR + "/.kumilock") os.system("rm -rf " + SRCDIR + "/files/") os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*") return response @@ -227,7 +246,18 @@ def rebootdevice(request, device_id): def deletedevice(request, device_id): if request.user.is_superuser: + CADIR = "/etc/openvpn/ca/" + BEFORE = os.getcwd() + device = get_object_or_404(Device, id=device_id) + + os.chdir(CADIR) + + subprocess.call(CADIR + "/revoke " + device.serial, shell=True) + os.system("rm " + CADIR + "/keys/" + device.serial + ".{crt,csr,key}") + + os.chdir(BEFORE) + device.delete() return redirect("/") @@ -240,17 +270,20 @@ def makedevice(request): device_serial = request.POST.get("serial", "") device_name = request.POST.get("name", "") device_organization = request.POST.get("organization", "") + device_model = request.POST.get("model", "") if not request.user.is_superuser: return redirect("/") if not device_serial: orga = Organization.objects.all() + models = Model.objects.all() return render(request, "manager/add.html", { "title": "Add Device", "organizations": orga, + "models": models } ) @@ -260,14 +293,17 @@ def makedevice(request): os.chdir(CADIR) if subprocess.call(CADIR + "/generate-key " + device_serial, shell=True): + os.chdir(BEFORE) return HttpResponse("Something went wrong trying to generate the key.") if glob.glob(CONFIGDIR + "/files/" + device_serial + "*"): + os.chdir(BEFORE) return HttpResponse("This configuration file already exists.") os.chdir(CONFIGDIR) if subprocess.call(CONFIGDIR + "/make_config " + device_serial, shell=True): + os.chdir(BEFORE) return HttpResponse("Something went wrong trying to generate the config file.") os.chdir(BEFORE) @@ -275,6 +311,7 @@ def makedevice(request): device = Device.objects.create( serial=device_serial, name=device_name, + model=Model.objects.filter(id=device_model)[0], network=Network.objects.filter(intip="No VPN")[0], organization=Organization.objects.filter(id=device_organization)[0], vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read() diff --git a/static/js/devices.js b/static/js/devices.js index 32e8913..733b1a4 100644 --- a/static/js/devices.js +++ b/static/js/devices.js @@ -10,7 +10,7 @@ function timeSince(obj) { interval = Math.floor(seconds / 60); if (seconds < 120) out = seconds + " seconds " - else if (interval > 1) out = out + interval + " minutes "; + else if (interval > 1 && interval < 120) out = out + interval + " minutes "; return out + "ago" } @@ -18,12 +18,27 @@ function timeSince(obj) { function styleStatus(msg, device) { device_status = $("#" + device + "-indicator"); device_ip = $("#" + device + "-ip"); + device_network = $("#" + device + "-network"); + device_name = $("#" + device + "-name"); + device_id = $("#" + device + "-id"); - device_status.css("color", msg.status == 1 ? "green" : (msg.status == 0 ? "red" : "grey")) + device_status.css("color", msg.status == 1 ? "green" : (msg.status == 0 ? ((new Date(msg.lastbeat) < new Date(msg.time) && (new Date() - new Date(msg.lastbeat) < 60)) ? "yellow" : "red") : "grey")); if (msg.hasOwnProperty("ip")) { device_ip.text(msg.ip + (msg.status == 1 ? "" :" (" + timeSince(msg.time) + ")")); }; + + if (msg.hasOwnProperty("network")) { + device_network.text(msg.network.intip + " (" + msg.network.extip + ")"); + }; + + if (msg.hasOwnProperty("reboot")) { + device_id.css("font-style", msg.reboot == 1 ? "italic" : "normal") + }; + + if (msg.hasOwnProperty("name")) { + device_name.text(msg.name); + }; }; function updateStatus(device_id) { @@ -37,3 +52,7 @@ function askdelete(device_id) { function askreboot(device_id) { if (confirm("Are you sure you want to reboot this device?")) window.location.href = "/devices/" + device_id + "/reboot"; }; + +function downloadnotice() { + alert("Your file is being prepared. This will take a minute, please be patient and do not leave this page. The download will start automatically."); +}; diff --git a/uwsgi.sh b/uwsgi.sh index c505209..f2617d5 100755 --- a/uwsgi.sh +++ b/uwsgi.sh @@ -1,2 +1,2 @@ #!/bin/bash -uwsgi --socket 127.0.0.1:9360 --module vpnmanager.wsgi --uid 1001 +uwsgi --socket 127.0.0.1:9360 --module vpnmanager.wsgi --uid 1001 --processes=40