Lots of improvements and fixes, getting VPN360 v4 to work

This commit is contained in:
Kumi 2018-12-15 12:35:00 +01:00
parent addf2a430e
commit a575ea8cd3
78 changed files with 172 additions and 1548 deletions

2
.gitignore vendored
View file

@ -2,3 +2,5 @@ db.sqlite3
__pycache__
*.pyc
static/static_root
device-config
imagebuilder

View file

@ -1,59 +0,0 @@
ipaddr(){
if="${1:-br-VPN360}"
result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
/usr/bin/printf %s "${result}"
}
stopwifi(){
/sbin/uci set wireless.radio1.disabled=1
/sbin/uci commit
}
startwifi(){
/sbin/uci set wireless.radio1.disabled=0
/sbin/uci commit
/sbin/wifi
}
restartwifi(){
stopwifi
startwifi
}
. /etc/vpnsecret
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
/sbin/uci commit
stopwifi
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
/bin/sleep 60
if [ $(ipaddr) ]
then
startwifi
while [ True ]
do
sleep 10
if [ $(ipaddr) ]
then
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
fi
done
else
/sbin/uci set wireless.@wifi-iface[0].network="DHCP"
/sbin/uci commit
startwifi
/sbin/ip a add 192.168.36.1/24 dev br-DHCP
/sbin/ifconfig br-DHCP down
/sbin/ifconfig br-DHCP up
while [ True ]
do
sleep 10
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
done
fi

View file

@ -1,7 +0,0 @@
config chinadns
option enable '0'
option bidirectional '0'
option chnroute '/etc/chinadns_chnroute.txt'
option port '5353'
option server '114.114.114.114,8.8.4.4'

View file

@ -1,43 +0,0 @@
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'DHCP'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'DHCP'

View file

@ -1,6 +0,0 @@
config dns-forwarder
option enable '0'
option listen_addr '0.0.0.0'
option listen_port '5300'
option dns_servers '8.8.8.8'

View file

@ -1,5 +0,0 @@
config dropbear
option PasswordAuth 'on'
option Port '22'

View file

@ -1,15 +0,0 @@
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'

View file

@ -1,32 +0,0 @@
config service 'general'
option model 'ar150'
option port '83'
option language 'en'
option password '0073d12f67d604710231c0b780341795c6a9ae9c4a53364fbe3d9171367d5fb5'
option code_needed '0'
config service 'ddns'
option enabled '1'
option lastip '80.110.109.118'
option updatetime 'Thu Nov 15 10:08:14 GMT 2018'
config service 'download'
config service 'adblock'
option enable '0'
config service 'autoupdate'
option time '04:00'
option enable '0'
config service 'samba'
option read_only 'yes'
config service 'openvpn'
option enable '0'
option force '0'
config service 'repeater'
option autoconnect '1'

View file

@ -1,55 +0,0 @@
config core 'main'
option lang 'auto'
option mediaurlbase '/luci-static/bootstrap'
option resourcebase '/luci-static/resources'
config extern 'flash_keep'
option uci '/etc/config/'
option dropbear '/etc/dropbear/'
option openvpn '/etc/openvpn/'
option passwd '/etc/passwd'
option opkg '/etc/opkg.conf'
option firewall '/etc/firewall.user'
option uploads '/lib/uci/upload/'
config internal 'languages'
option en 'English'
option zh_cn '中文 (Chinese)'
config internal 'sauth'
option sessionpath '/tmp/luci-sessions'
option sessiontime '3600'
config internal 'ccache'
option enable '1'
config internal 'themes'
option Bootstrap '/luci-static/bootstrap'
config internal 'apply'
option rollback '30'
option holdoff '4'
option timeout '5'
option display '1.5'
config internal 'diag'
option dns 'openwrt.org'
option ping 'openwrt.org'
option route 'openwrt.org'
config ifstate
option interface 'lan'
option ifname 'eth0 radio0.network1'
option bridge 'true'
config ifstate
option interface 'VPN360'
option ifname 'radio0.network1'
option bridge 'true'
config ifstate
option interface 'DHCP'
option ifname 'tap0 radio1.network1'
option bridge 'true'

View file

@ -1,10 +0,0 @@
config mjpg-streamer core
option enabled "1"
option input 'uvc'
option output 'http'
option device "/dev/video0"
option resolution "640x480"
option fps "15"
option www "/www/webcam"
option port "8083"
option yuv "0"

View file

@ -1,82 +0,0 @@
config interface 'wan'
option enabled '1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '5'
option up '3'
config interface 'wwan'
option enabled '1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '5'
option up '3'
config interface 'tethering'
option enabled '1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '5'
option up '3'
config interface 'modem'
option enabled '1'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '5'
option up '3'
config member 'wan_only'
option interface 'wan'
option metric '1'
option weight '3'
config member 'wwan_only'
option interface 'wwan'
option metric '2'
option weight '3'
config member 'tethering_only'
option interface 'tethering'
option metric '3'
option weight '3'
config member 'modem_only'
option interface 'modem'
option metric '4'
option weight '3'
config policy 'default_poli'
list use_member 'wan_only'
list use_member 'wwan_only'
list use_member 'tethering_only'
list use_member 'modem_only'
option last_resort 'default'
config rule 'default_rule'
option dest_ip '0.0.0.0/0'
option use_policy 'default_poli'

View file

@ -1,32 +0,0 @@
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1b:3702:99a7::/48'
config interface 'lan'
option type 'bridge'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option proto 'dhcp'
option ifname 'eth0'
config interface 'VPN360'
option type 'bridge'
option proto 'dhcp'
option broadcast '1'
option force_link '1'
option ifname 'tap0'
config interface 'DHCP'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.36.1'
option netmask '255.255.255.0'
option ifname 'lo'

View file

@ -1,5 +0,0 @@
config openvpn 'vpn360'
option enabled '0'
option config '/etc/openvpn/client.conf'

View file

@ -1,407 +0,0 @@
package openvpn
#################################################
# Sample to include a custom config file. #
#################################################
config openvpn custom_config
# Set to 1 to enable this instance:
option enabled 0
# Include OpenVPN configuration
option config /etc/openvpn/my-vpn.conf
#################################################
# Sample OpenVPN 2.0 uci config for #
# multi-client server. #
#################################################
config openvpn sample_server
# Set to 1 to enable this instance:
option enabled 0
# Which local IP address should OpenVPN
# listen on? (optional)
# option local 0.0.0.0
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
option port 1194
# TCP or UDP server?
# option proto tcp
option proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
# option dev tap
option dev tun
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
option ca /etc/openvpn/ca.crt
option cert /etc/openvpn/server.crt
# This file should be kept secret:
option key /etc/openvpn/server.key
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
option dh /etc/openvpn/dh1024.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
option server "10.8.0.0 255.255.255.0"
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
option ifconfig_pool_persist /tmp/ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100"
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
# list push "route 192.168.10.0 255.255.255.0"
# list push "route 192.168.20.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
# option client_config_dir /etc/openvpn/ccd
# list route "192.168.40.128 255.255.255.248"
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
# option client_config_dir /etc/openvpn/ccd
# list route "10.9.0.0 255.255.255.252"
# list route "192.168.100.0 255.255.255.0"
# Then add this line to ccd/Thelonious:
# ifconfig-push "10.9.0.1 10.9.0.2"
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
# option learn_address /etc/openvpn/script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# the TUN/TAP interface to the internet in
# order for this to work properly).
# CAVEAT: May break client's network config if
# client's local DHCP server packets get routed
# through the tunnel. Solution: make sure
# client's local DHCP server is reachable via
# a more specific route than the default route
# of 0.0.0.0/0.0.0.0.
# list push "redirect-gateway"
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# list push "dhcp-option DNS 10.8.0.1"
# list push "dhcp-option WINS 10.8.0.1"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
# option client_to_client 1
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
# option duplicate_cn 1
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
option keepalive "10 120"
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
# This file is secret:
# option tls_auth "/etc/openvpn/ta.key 0"
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Blowfish (default):
# option cipher BF-CBC
# AES:
# option cipher AES-128-CBC
# Triple-DES:
# option cipher DES-EDE3-CBC
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
# LZ4 requires OpenVPN 2.4+ client and server
# option compress lz4
# LZO is compatible with most OpenVPN versions
# (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients)
option compress lzo
# The maximum number of concurrently connected
# clients we want to allow.
# option max_clients 100
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
option persist_key 1
option persist_tun 1
option user nobody
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
option status /tmp/openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
# option log /tmp/openvpn.log
# option log_append /tmp/openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
option verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
# option mute 20
##############################################
# Sample client-side OpenVPN 2.0 uci config #
# for connecting to multi-client server. #
##############################################
config openvpn sample_client
# Set to 1 to enable this instance:
option enabled 0
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
option client 1
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
# option dev tap
option dev tun
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
# option proto tcp
option proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
list remote "my_server_1 1194"
# list remote "my_server_2 1194"
# Choose a random host from the remote
# list for load_balancing. Otherwise
# try hosts in the order specified.
# option remote_random 1
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
option resolv_retry infinite
# Most clients don't need to bind to
# a specific local port number.
option nobind 1
# Try to preserve some state across restarts.
option persist_key 1
option persist_tun 1
option user nobody
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
# retry on connection failures:
# option http_proxy_retry 1
# specify http proxy address and port:
# option http_proxy "192.168.1.100 8080"
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
# option mute_replay_warnings 1
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
option ca /etc/openvpn/ca.crt
option cert /etc/openvpn/client.crt
option key /etc/openvpn/client.key
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build_key_server
# script in the easy_rsa folder will do this.
# option ns_cert_type server
# If a tls_auth key is used on the server
# then every client must also have the key.
# option tls_auth "/etc/openvpn/ta.key 1"
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# option cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
# LZ4 requires OpenVPN 2.4+ on server and client
# option compress lz4
# LZO is compatible with most OpenVPN versions
option compress lzo
# Set log file verbosity.
option verb 3
# Silence repeating messages
# option mute 20

View file

@ -1,68 +0,0 @@
# QoS configuration for OpenWrt
# INTERFACES:
config interface wan
option classgroup "Default"
option enabled 0
option upload 128
option download 1024
# RULES:
config classify
option target "Priority"
option ports "22,53"
option comment "ssh, dns"
config classify
option target "Normal"
option proto "tcp"
option ports "20,21,25,80,110,443,993,995"
option comment "ftp, smtp, http(s), imap"
config classify
option target "Express"
option ports "5190"
option comment "AOL, iChat, ICQ"
config default
option target "Express"
option proto "udp"
option pktsize "-500"
config reclassify
option target "Priority"
option proto "icmp"
config default
option target "Bulk"
option portrange "1024-65535"
# Don't change the stuff below unless you
# really know what it means :)
config classgroup "Default"
option classes "Priority Express Normal Bulk"
option default "Normal"
config class "Priority"
option packetsize 400
option avgrate 10
option priority 20
config class "Priority_down"
option packetsize 1000
option avgrate 10
config class "Express"
option packetsize 1000
option avgrate 50
option priority 10
config class "Normal"
option packetsize 1500
option packetdelay 100
option avgrate 10
option priority 5
config class "Normal_down"
option avgrate 20
config class "Bulk"
option avgrate 1
option packetdelay 200

View file

@ -1,7 +0,0 @@
config login
option username 'root'
option password '$p$root'
list read '*'
list write '*'

View file

@ -1,7 +0,0 @@
config samba
option workgroup 'WORKGROUP'
option homes '1'
option name 'GL-AR300M'
option description 'GL-AR300M-c6b'

View file

@ -1,30 +0,0 @@
config general
option startup_delay '0'
config transparent_proxy
list main_server 'nil'
option udp_relay_server 'nil'
option local_port '1234'
config socks5_proxy
list server 'nil'
option local_port '1080'
config port_forward
list server 'nil'
option local_port '5300'
option destination '8.8.4.4:53'
config servers
option alias 'sample'
option fast_open '0'
option no_delay '0'
option server '127.0.0.1'
option server_port '8388'
option timeout '60'
option password 'barfoo!'
option encrypt_method 'rc4-md5'
config access_control
option self_proxy '1'

View file

@ -1,35 +0,0 @@
config system
option ttylogin '0'
option log_size '64'
option urandom_seed '0'
option zonename 'UTC'
option timezone 'GMT0'
option log_proto 'udp'
option conloglevel '8'
option cronloglevel '8'
option hostname 'VPN360'
config timeserver 'ntp'
option enabled '1'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'
config led
option trigger 'netdev'
option dev 'br-lan'
option mode 'link'
option name 'WAN'
option sysfs 'gl-ar300m:green:lan'
option default '0'
config led
option name 'VPN'
option trigger 'netdev'
option dev 'br-VPN360'
option mode 'link'
option sysfs 'gl-ar300m:green:wlan'
option default '0'

View file

@ -1,13 +0,0 @@
config system
option hostname 'GL-AR150'
option conloglevel '8'
option cronloglevel '8'
option zonename 'Asia/Shanghai'
option timezone 'CST-8'
config timeserver 'ntp'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'

View file

@ -1,7 +0,0 @@
config ubootenv
option dev '/dev/mtd1'
option offset '0x0'
option envsize '0x10000'
option secsize '0x10000'

View file

@ -1,61 +0,0 @@
config network
option init 'network'
list affects 'dhcp'
list affects 'radvd'
config wireless
list affects 'network'
config firewall
option init 'firewall'
list affects 'luci-splash'
list affects 'qos'
list affects 'miniupnpd'
config olsr
option init 'olsrd'
config dhcp
option init 'dnsmasq'
list affects 'odhcpd'
config odhcpd
option init 'odhcpd'
config dropbear
option init 'dropbear'
config httpd
option init 'httpd'
config fstab
option exec '/sbin/block mount'
config qos
option init 'qos'
config system
option init 'led'
option exec '/etc/init.d/log reload'
list affects 'luci_statistics'
list affects 'dhcp'
config luci_splash
option init 'luci_splash'
config upnpd
option init 'miniupnpd'
config ntpclient
option init 'ntpclient'
config samba
option init 'samba'
config tinyproxy
option init 'tinyproxy'
config mwan3
option init 'mwan3'

View file

@ -1,30 +0,0 @@
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option redirect_https '1'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
option lua_prefix '/luci'
option lua_handler '/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
config cert 'defaults'
option days '730'
option bits '2048'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'

View file

@ -1,3 +0,0 @@
config unbound
option enable '0'
option manual_conf '1'

View file

@ -1,27 +0,0 @@
config upnpd 'config'
option secure_mode '1'
option log_output '0'
option download '1024'
option upload '512'
option internal_iface 'lan'
option port '5000'
option upnp_lease_file '/var/upnp.leases'
option uuid 'dddee5fa-fc97-466b-809d-491c4b9a8adc'
option enable_upnp '0'
option enable_natpmp '0'
config perm_rule
option action 'allow'
option ext_ports '1-65535'
option int_addr '0.0.0.0/0'
option int_ports '1-65535'
option comment 'Allow ports'
config perm_rule
option action 'deny'
option ext_ports '0-65535'
option int_addr '0.0.0.0/0'
option int_ports '0-65535'
option comment 'Default deny'

View file

@ -1,14 +0,0 @@
config general 'global'
option enable '0'
config service 'vpn'
option auth 'SHA1'
option proto 'udp'
option port '1194'
option dev 'tun-SERVER'
option dev_type 'tun'
option cipher 'BF-CBC'
option comp 'adaptive'
option subnet '10.8.0.0'
option mask '255.255.255.0'
option host '127.0.0.1'

View file

@ -1,30 +0,0 @@
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/soc/20980000.usb/usb1/1-1/1-1.5/1-1.5:1.0'
option htmode 'HT20'
option country '00'
option legacy_rates '1'
option __toggle 'Enable'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/qca953x_wmac'
option htmode 'HT20'
option txpower '22'
option country 'US'
option legacy_rates '1'
option enabled '1'
option disabled '0'
config wifi-iface
option device 'radio1'
option mode 'ap'
option encryption 'none'
option ssid '$SSID'
option network 'VPN360'

View file

@ -1,11 +0,0 @@
force_dns() {
# lanip=$(ifconfig br-lan |sed -n 's/.*dr:\(.*\) Bc.*/\1/p')
lanip=$(uci get network.lan.ipaddr)
iptables -t nat -A PREROUTING -s 0/0 -p udp --dport 53 -j DNAT --to $lanip
iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport 53 -j DNAT --to $lanip
}
force=$(uci get glconfig.general.force_dns)
if [ -n "$force" ]; then
force_dns
fi

View file

@ -1 +0,0 @@
/dev/mtd1 0x0 0x10000 0x10000

View file

@ -1,13 +0,0 @@
root:x:0:
daemon:x:1:
adm:x:4:
tty:x:5:
mail:x:8:
audio:x:29:
www-data:x:33:
ftp:x:55:
users:x:100:
network:x:101:
nogroup:x:65534:
dnsmasq:x:453:dnsmasq
unbound:x:553:unbound

View file

@ -1,3 +0,0 @@
127.0.0.1 localhost
10.8.0.1 private.vpn360
5.9.48.18 public.vpn360

View file

@ -1,4 +0,0 @@
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K shutdown
::askconsole:/usr/libexec/login.sh
tty1::askfirst:/usr/libexec/login.sh

View file

@ -1,30 +0,0 @@
server.document-root = "/www"
server.upload-dirs = ( "/tmp" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "http"
server.groupname = "www-data"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
)
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
### Options that are useful but not always necessary:
#server.chroot = "/"
server.port = 81
server.bind = "localhost"
#server.tag = "lighttpd"
#server.errorlog-use-syslog = "enable"
#server.network-backend = "writev"
### Use IPv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
#dir-listing.encoding = "utf-8"
#server.dir-listing = "enable"
include "/etc/lighttpd/mime.conf"
include "/etc/lighttpd/conf.d/*.conf"

View file

@ -1,4 +0,0 @@
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay

View file

@ -1 +0,0 @@

View file

@ -1,2 +0,0 @@
untrusted comment: OpenWrt 18.06 public key
RWQQNaxzzE5Z41cVmEh2rilAPKLsyfPKm+S4BJWA1Yv+LP1hKebmGtXi

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of Hans Dedecker
RWRRUfaUIMP1CAL9wvk3ABBHdUM+3SjMvIuJlK68b3b04Pw3wiaiAfxX

View file

@ -1,2 +0,0 @@
untrusted comment: openwrt.org 15.05 release key
RWRTutEjPUyYxcuFKuF19hS8WfHi09AkVhK33KMQPri/dFG9PhEzDtMH

View file

@ -1,2 +0,0 @@
untrusted comment: Local build key
RWRlSbxGZXUDXkGTGW4c1UX2NT71KDIe1xDzkH40PzgMQ9h2Jk0a+KSU

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of Jo-Philipp Wich
RWRypX8hkbIR4FLhtx5pjXcAIsI1iPUIcI5bMG8jZoiCkrwTstECBPqL

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE 17.01 "Reboot" public key
RWR5LZ2bOfGA3FGliZosEDhodiAKDOISmQs/mmjo4rhcbFtqkibJqMzo

View file

@ -1,2 +0,0 @@
untrusted comment: Local build key
RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of Álvaro Fernández Rojas
RWSe9GlCCBAsQwI5+wztnWKHfBlvPFP2G00FvZyx+Wfv9AwSViUwo/s2

View file

@ -1,2 +0,0 @@
untrusted comment: Local build key
RWSfkCQJa9bigD3Hp7zlN1LFyRXqfjYr4JR9+BNfGWhbz8PfveH7PXzV

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of Stijn Tintel
RWQLJvNq4PQQbSGZ05Az9jXSt/xlw/IfWc6USiB2FHEUoWL7QpMibzv6

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key for unattended build jobs
RWS1BD5w+adc3j2Hqg9+b66CvLR7NlHbsj7wjNVj0XGt/othDgIAOJS+

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of Alexander Couzens
RWTBC5r6sZ7kKA/C5VnxUbJw5E0vy3MGo3MP2eXCQlgg65+2si4MKBnf

View file

@ -1,2 +0,0 @@
untrusted comment: Local build key
RWTGpADvZNB3/MmWOxQ9IAjQm7wLDoQiY6zyIIfMVs8JaYVkNKt7LQPL

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of Ted Hess
RWTazp1N8WiWvy7rYxstJqaMzGiS4XfW1oyYrk2vwJMRBeBF+8xEA+EZ

View file

@ -1,2 +0,0 @@
untrusted comment: LEDE usign key of John Crispin
RWTdbeDQa709heyMmwDZjWmlhcTCUv/q+3TBYDPdJAGRuys6xcxE09fp

View file

@ -1,2 +0,0 @@
untrusted comment: openwrt.org 15.05 release key
RWTemKLdHQ+KBxOILy8gyk+5PaDVdfyJ32TFnY/jnQOrBAd1wobbLNYz

View file

@ -1,8 +0,0 @@
root:x:0:0:root:/root:/bin/ash
daemon:*:1:1:daemon:/var:/bin/false
ftp:*:55:55:ftp:/home/ftp:/bin/false
network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false
dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
unbound:x:553:553:unbound:/var/run/unbound:/bin/false
http:x:65536:65536:http:/var/run/http:/bin/false

View file

@ -1,55 +0,0 @@
#!/bin/sh
[ -e /tmp/.failsafe ] && export FAILSAFE=1
[ -f /etc/banner ] && cat /etc/banner
[ -n "$FAILSAFE" ] && cat /etc/banner.failsafe
fgrep -sq '/ overlay ro,' /proc/mounts && {
echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.'
echo 'Please try to remove files from /overlay/upper/... and reboot!'
}
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
export HOME=${HOME:-/root}
export PS1='\u@\h:\w\$ '
[ "$TERM" = "xterm" ] && export PS1='\[\e]0;\u@\h: \w\a\]'$PS1
[ -x /bin/more ] || alias more=less
[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
alias ll='ls -alF --color=auto'
[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; }
[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
[ -n "$FAILSAFE" ] || {
for FILE in /etc/profile.d/*.sh; do
[ -e "$FILE" ] && . "$FILE"
done
unset FILE
}
if ( grep -qs '^root::' /etc/shadow && \
[ -z "$FAILSAFE" ] )
then
cat << EOF
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
EOF
fi
service() {
[ -f "/etc/init.d/$1" ] || {
echo "service "'"'"$1"'"'" not found, the following services are available:"
ls "/etc/init.d"
return 1
}
/etc/init.d/$@
}

View file

@ -1,5 +0,0 @@
#!/bin/sh
[ "${TYPE}" = "switch" ] || echo ${BUTTON} > /tmp/failsafe_button
return 0

View file

@ -1,7 +0,0 @@
#!/bin/sh
[ "${ACTION}" = "released" ] || exit 0
exec /sbin/poweroff
return 0

View file

@ -1,34 +0,0 @@
#!/bin/sh
. /lib/functions.sh
OVERLAY="$( grep ' /overlay ' /proc/mounts )"
case "$ACTION" in
pressed)
[ -z "$OVERLAY" ] && return 0
return 5
;;
timeout)
# . /etc/diag.sh
# set_state failsafe
echo "REBOOT" > /dev/console
sync
reboot
;;
released)
if [ "$SEEN" -lt 1 ]
then
echo "PING" > /dev/console
ping -c4 10.8.0.1
elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
then
echo "REBOOT" > /dev/console
sync
reboot
fi
;;
esac
return 0

View file

@ -1,32 +0,0 @@
#!/bin/sh
[ "${ACTION}" = "released" -o -n "${TYPE}" ] || exit 0
. /lib/functions.sh
rfkill_state=0
wifi_rfkill_set() {
uci set wireless.$1.disabled=$rfkill_state
}
wifi_rfkill_check() {
local disabled
config_get disabled $1 disabled
[ "$disabled" = "1" ] || rfkill_state=1
}
config_load wireless
case "${TYPE}" in
"switch")
[ "${ACTION}" = "released" ] && rfkill_state=1
;;
*)
config_foreach wifi_rfkill_check wifi-device
;;
esac
config_foreach wifi_rfkill_set wifi-device
uci commit wireless
wifi up
return 0

View file

@ -1,6 +0,0 @@
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
/bin/heartbeat &
exit 0

View file

@ -1,171 +0,0 @@
echo 7/tcp
echo 7/udp
discard 9/tcp
discard 9/udp
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
chargen 19/tcp
chargen 19/udp
ftp-data 20/tcp
ftp 21/tcp
ssh 22/tcp
ssh 22/udp
telnet 23/tcp
smtp 25/tcp
time 37/tcp
time 37/udp
whois 43/tcp
domain 53/tcp
domain 53/udp
bootps 67/tcp
bootps 67/udp
bootpc 68/tcp
bootpc 68/udp
tftp 69/udp
finger 79/tcp
www 80/tcp http
kerberos 88/tcp kerberos5 krb5 kerberos-sec
kerberos 88/udp kerberos5 krb5 kerberos-sec
pop3 110/tcp
pop3 110/udp
sunrpc 111/tcp
sunrpc 111/udp
auth 113/tcp ident
sftp 115/tcp
nntp 119/tcp
ntp 123/tcp
ntp 123/udp
netbios-ns 137/tcp
netbios-ns 137/udp
netbios-dgm 138/tcp
netbios-dgm 138/udp
netbios-ssn 139/tcp
netbios-ssn 139/udp
imap2 143/tcp imap
imap2 143/udp imap
snmp 161/tcp
snmp 161/udp
snmp-trap 162/tcp snmptrap
snmp-trap 162/udp snmptrap
xdmcp 177/tcp
xdmcp 177/udp
bgp 179/tcp
bgp 179/udp
imap3 220/tcp
imap3 220/udp
ldap 389/tcp
ldap 389/udp
https 443/tcp
https 443/udp
microsoft-ds 445/tcp
microsoft-ds 445/udp
isakmp 500/tcp
isakmp 500/udp
rtsp 554/tcp
rtsp 554/udp
ipp 631/tcp
ipp 631/udp
syslog 514/udp
printer 515/tcp spooler
dhcpv6-client 546/tcp
dhcpv6-client 546/udp
dhcpv6-server 547/tcp
dhcpv6-server 547/udp
afpovertcp 548/tcp
afpovertcp 548/udp
nntps 563/tcp snntp
nntps 563/udp snntp
ldaps 636/tcp
ldaps 636/udp
tinc 655/tcp
tinc 655/udp
rsync 873/tcp
rsync 873/udp
ftps-data 989/tcp
ftps 990/tcp
imaps 993/tcp
imaps 993/udp
ircs 994/tcp
ircs 994/udp
pop3s 995/tcp
pop3s 995/udp
socks 1080/tcp
socks 1080/udp
openvpn 1194/tcp
openvpn 1194/udp
l2f 1701/tcp l2tp
l2f 1701/udp l2tp
radius 1812/tcp
radius 1812/udp
radius-acct 1813/tcp radacct
radius-acct 1813/udp radacct
nfs 2049/tcp
nfs 2049/udp
dict 2628/tcp
dict 2628/udp
gpsd 2947/tcp
gpsd 2947/udp
icpv2 3130/tcp icp
icpv2 3130/udp icp
mysql 3306/tcp
mysql 3306/udp
nut 3493/tcp
nut 3493/udp
distcc 3632/tcp
distcc 3632/udp
daap 3689/tcp
daap 3689/udp
svn 3690/tcp subversion
svn 3690/udp subversion
epmd 4369/tcp
epmd 4369/udp
iax 4569/tcp
iax 4569/udp
mtn 4691/tcp
mtn 4691/udp
munin 4949/tcp
sip 5060/tcp
sip 5060/udp
sip-tls 5061/tcp
sip-tls 5061/udp
xmpp-client 5222/tcp jabber-client
xmpp-client 5222/udp jabber-client
xmpp-server 5269/tcp jabber-server
xmpp-server 5269/udp jabber-server
mdns 5353/tcp
mdns 5353/udp
postgresql 5432/tcp postgres
postgresql 5432/udp postgres
x11 6000/tcp
x11 6000/udp
mysql-proxy 6446/tcp
mysql-proxy 6446/udp
bacula-dir 9101/tcp
bacula-dir 9101/udp
bacula-fd 9102/tcp
bacula-fd 9102/udp
bacula-sd 9103/tcp
bacula-sd 9103/udp
nbd 10809/tcp
zabbix-agent 10050/tcp
zabbix-agent 10050/udp
zabbix-trapper 10051/tcp
zabbix-trapper 10051/udp
hkp 11371/tcp
hkp 11371/udp
ssmtp 465/tcp smtps
spamd 783/tcp
zebrasrv 2600/tcp
zebra 2601/tcp
ripd 2602/tcp
ripngd 2603/tcp
ospfd 2604/tcp
bgpd 2605/tcp
ospf6d 2606/tcp
ospfapi 2607/tcp
isisd 2608/tcp
sane-port 6566/tcp sane saned
ircd 6667/tcp
git 9418/tcp

View file

@ -1,8 +0,0 @@
root:$PASSWORD:17851:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
dnsmasq:x:0:0:99999:7:::
unbound:x:0:0:99999:7:::
http:x:0:0:99999:7:::

View file

@ -1 +0,0 @@
/bin/ash

View file

@ -1 +0,0 @@
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file

View file

@ -1,9 +0,0 @@
## This file contains files and directories that should
## be preserved during an upgrade.
# /etc/example.conf
# /etc/openvpn/
/etc/openvpn/
/etc/rc.button/
/bin/heartbeat

View file

@ -1,6 +1,7 @@
from django.contrib import admin
from .models import Organization, Device, Network
from .models import Organization, Device, Network, Model
admin.site.register(Organization)
admin.site.register(Device)
admin.site.register(Network)
admin.site.register(Model)

View file

@ -0,0 +1,23 @@
# Generated by Django 2.1.3 on 2018-12-01 19:27
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('manager', '0011_auto_20181128_1829'),
]
operations = [
migrations.AddField(
model_name='device',
name='lastbeat',
field=models.DateTimeField(blank=True, null=True, verbose_name='Last Received Timestamp'),
),
migrations.AlterField(
model_name='device',
name='lasttime',
field=models.DateTimeField(blank=True, null=True, verbose_name='Last Received IP'),
),
]

View file

@ -0,0 +1,22 @@
# Generated by Django 2.1.3 on 2018-12-06 16:32
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('manager', '0012_auto_20181201_1927'),
]
operations = [
migrations.CreateModel(
name='Model',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('name', models.CharField(max_length=100, unique=True, verbose_name='Model Name')),
('extname', models.CharField(max_length=100, verbose_name='Manufacturer Model Name')),
('config', models.TextField(blank=True, null=True, verbose_name='OpenWRT Compile Config')),
],
),
]

View file

@ -0,0 +1,20 @@
# Generated by Django 2.1.3 on 2018-12-06 17:03
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('manager', '0013_model'),
]
operations = [
migrations.AddField(
model_name='device',
name='model',
field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, to='manager.Model'),
preserve_default=False,
),
]

View file

@ -20,13 +20,23 @@ class Network(models.Model):
def __str__(self):
return "%s (%s)" % (self.intip, self.extip)
class Model(models.Model):
name = models.CharField("Model Name", max_length=100, unique=True)
extname = models.CharField("Manufacturer Model Name", max_length=100)
config = models.TextField("OpenWRT Compile Config", blank=True, null=True)
def __str__(self):
return self.name
class Device(models.Model):
serial = models.CharField("Device Serial Number", max_length=12, unique=True)
name = models.CharField("Common Name", max_length=100, default="", blank=True, null=True)
model = models.ForeignKey(Model, on_delete=models.CASCADE)
organization = models.ForeignKey(Organization, on_delete=models.CASCADE)
network = models.ForeignKey(Network, on_delete=models.SET_NULL, blank=True, null=True)
curip = models.CharField("Current IP Address", max_length=15, blank=True, null=True)
lasttime = models.DateTimeField("Last Received Heartbeat", blank=True, null=True)
lasttime = models.DateTimeField("Last Received IP", blank=True, null=True)
lastbeat = models.DateTimeField("Last Received Timestamp", blank=True, null=True)
secret = models.CharField("Secret", default=getRandom, max_length=128)
password = models.CharField("Device Password", default=getRandom, max_length=128)
vpnconfig = models.TextField("VPN Configuration", blank=True, null=True, editable=False)

View file

@ -19,6 +19,14 @@
<option value="{{ choice.id }}">{{ choice.name }}</option>
{% endfor %}
</select>
</div>
<div class="form-group">
<label for="model">Model</label>
<select class="custom-select mr-sm-2" id="model" name="model">
{% for choice in models %}
<option value="{{ choice.id }}">{{ choice.name }}</option>
{% endfor %}
</select>
</div>
<button type="submit" class="btn btn-success">Create Device</button>
<a class="btn btn-danger" href="/" role="button">Cancel</a>

View file

@ -8,6 +8,16 @@
<label for="serial">Serial Number</label>
<input type="text" class="form-control" id="serial" disabled="disabled" value="{{ device.serial }}"></input>
</div>
{% if user.is_superuser %}
<div class="form-group">
<label for="secret">Device Secret</label>
<input type="text" class="form-control" id="secret" disabled="disabled" value="{{ device.secret }}"></input>
</div>
<div class="form-group">
<label for="password">Root Password</label>
<input type="text" class="form-control" id="password" disabled="disabled" value="{{ device.password }}"></input>
</div>
{% endif %}
<div class="form-group">
<label for="name">Device Name</label>
<input type="text" class="form-control" name="name" id="name" placeholder="Enter Device Name (Optional)" value="{{ device.name }}"></input>

View file

@ -13,19 +13,17 @@
<th>Common Name</th>
<th>Network</th>
<th>Latest IP</th>
<th>Secret</th>
<th>Options {% if user.is_superuser %}<a href="/makedevice/" style="font-weight:bold;color:green;"><i class="fas fa-plus" title="Add Device"></i></a>{% endif %}</th>
</tr>
</thead>
{% for device in devices %}
<tr>
<td><div style="display: inline; color: grey; font-weight: bold;" id="{{ device.id }}-indicator">&#11044;</div>&nbsp;{{ device.serial }}</td>
<td>{% if device.name %}{{ device.name }}{% endif %}</td>
<td>{{ device.network }}</td>
<td><div style="display: inline; color: grey; font-weight: bold;" id="{{ device.id }}-indicator">&#11044;</div>&nbsp;<div style="display: inline;" id="{{ device.id }}-id">{{ device.serial }}</div></td>
<td id={{ device.id }}-name">{% if device.name %}{{ device.name }}{% endif %}</td>
<td id="{{ device.id }}-network">{{ device.network }}</td>
<td><div style="display:inline" id="{{ device.id }}-ip">{% if device.curip %}{{ device.curip }} (at {{ device.lasttime }}){% endif %}</div></td>
<td>{{ device.secret }}</td>
<td><a href="/devices/{{ device.id }}/edit"><i class="fas fa-edit" title="Edit Device"></i></a> <a href="#"><i style="color: green;" onclick="askreboot({{ device.id }});" class="fas fa-sync" title="Reboot Device"></i></a>{% if user.is_superuser %} <a href="/devices/{{ device.id }}/download"><i class="fas fa-download" title="Download Configuration"></i></a> <a href="#"><i style="color: darkred;" onclick="askdelete({{ device.id }});" class="fas fa-trash-alt" title="Delete Device"></i></a>{% endif %}</td>
<td><a href="/devices/{{ device.id }}/edit"><i class="fas fa-edit" title="Edit Device"></i></a> <a href="#"><i style="color: green;" onclick="askreboot({{ device.id }});" class="fas fa-sync" title="Reboot Device"></i></a>{% if user.is_staff %} <a onclick="downloadnotice();" href="/devices/{{ device.id }}/download"><i class="fas fa-download" title="Download Configuration"></i></a>{% endif %}{% if user.is_superuser %} <a href="#"><i style="color: darkred;" onclick="askdelete({{ device.id }});" class="fas fa-trash-alt" title="Delete Device"></i></a>{% endif %}</td>
</tr>
{% endfor %}
@ -41,7 +39,7 @@
{% for device in devices %}
updateStatus({{ device.id }});
setInterval(updateStatus, 3000, {{ device.id }});
setInterval(updateStatus, 10000, {{ device.id }});
{% endfor %}
</script>

View file

@ -6,7 +6,7 @@ from django.views.decorators.csrf import csrf_exempt
from django.utils import timezone
from django.core.files import File
from django.db.models.fields.files import FieldFile
from .models import Device, Organization, Network
from .models import Device, Organization, Network, Model
from distutils.dir_util import copy_tree
@ -29,6 +29,7 @@ def index(request):
def heartbeat(request):
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
ip = request.POST.get("ip", "")
device.lastbeat = timezone.now()
if ip:
device.lasttime = timezone.now()
if device.curip:
@ -60,9 +61,18 @@ def ping(request, device_id):
else:
try:
socket.inet_aton(device[0].curip)
ajax += str(int(not os.WEXITSTATUS(os.system("ping -c1 -w1 " + device[0].curip + " > /dev/null 2>&1")))) # This monster is not long enough yet.
ajax += str(int(not os.WEXITSTATUS(os.system("ping -c1 -w1 " + device[0].curip + " > /dev/null 2>&1"))))
ajax += ',\n "serial": "%s"' % device[0].serial
ajax += ',\n "name": "%s"' % device[0].name
ajax += ',\n "ip": "%s"' % device[0].curip
ajax += ',\n "time": "%s"' % device[0].lasttime
ajax += ',\n "lastbeat": "%s"' % device[0].lastbeat
ajax += ',\n "reboot": %i' % (1 if device[0].reboot else 0)
ajax += ',\n "network": {'
ajax += '\n "intip": "%s"' % device[0].network.intip
ajax += ',\n "extip": "%s"' % device[0].network.extip
ajax += '\n }'
except:
ajax += "-3"
@ -71,7 +81,7 @@ def ping(request, device_id):
ajax += "-2"
ajax += "\n}"
return HttpResponse(ajax)
return HttpResponse(ajax, content_type="application/json")
def devices(request):
if request.user.is_authenticated:
@ -122,7 +132,8 @@ def editdevice(request, device_id):
{
"title": "Edit Device",
"device": device[0],
"subnets": subnets
"subnets": subnets,
"user": request.user
}
)
@ -130,15 +141,21 @@ def editdevice(request, device_id):
return redirect("/")
def getconfig(request, device_id):
BEFORE = os.getcwd()
DEVICEDIR = "/opt/vpnmanager/device-config/"
SRCDIR = "/opt/openwrt/"
if not request.user.is_superuser:
return redirect("/")
device = get_object_or_404(Device, id=device_id)
BEFORE = os.getcwd()
DEVICEDIR = "/opt/vpnmanager/device-config/%i/" % device.model.id
SRCDIR = "/opt/vpnmanager/imagebuilder/%i/" % device.model.id
if glob.glob(SRCDIR + "/.kumilock"):
return HttpResponse("Another download is being prepared right now. Please wait for it to finish and try again later.")
with open(SRCDIR + "/.kumilock", "w") as lock:
lock.write("")
tempdir = tempfile.TemporaryDirectory()
copy_tree(DEVICEDIR, tempdir.name)
@ -197,16 +214,18 @@ def getconfig(request, device_id):
os.chdir(SRCDIR)
try:
output = subprocess.check_output(["make", "-j9"])
subprocess.call(["/usr/bin/make"])
except:
os.remove(SRCDIR + "/.kumilock")
os.chdir(BEFORE)
return HttpResponse("Something went wrong building the image file.\n\n" + output)
return HttpResponse("Something went wrong building the image file.")
os.chdir(BEFORE)
with open(glob.glob(SRCDIR + "/bin/targets/ar71xx/generic/*squashfs-sysupgrade.bin")[0], "rb") as download:
response = HttpResponse(download.read(), content_type="application/octet-stream")
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".bin")
os.remove(SRCDIR + "/.kumilock")
os.system("rm -rf " + SRCDIR + "/files/")
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
return response
@ -227,7 +246,18 @@ def rebootdevice(request, device_id):
def deletedevice(request, device_id):
if request.user.is_superuser:
CADIR = "/etc/openvpn/ca/"
BEFORE = os.getcwd()
device = get_object_or_404(Device, id=device_id)
os.chdir(CADIR)
subprocess.call(CADIR + "/revoke " + device.serial, shell=True)
os.system("rm " + CADIR + "/keys/" + device.serial + ".{crt,csr,key}")
os.chdir(BEFORE)
device.delete()
return redirect("/")
@ -240,17 +270,20 @@ def makedevice(request):
device_serial = request.POST.get("serial", "")
device_name = request.POST.get("name", "")
device_organization = request.POST.get("organization", "")
device_model = request.POST.get("model", "")
if not request.user.is_superuser:
return redirect("/")
if not device_serial:
orga = Organization.objects.all()
models = Model.objects.all()
return render(request, "manager/add.html",
{
"title": "Add Device",
"organizations": orga,
"models": models
}
)
@ -260,14 +293,17 @@ def makedevice(request):
os.chdir(CADIR)
if subprocess.call(CADIR + "/generate-key " + device_serial, shell=True):
os.chdir(BEFORE)
return HttpResponse("Something went wrong trying to generate the key.")
if glob.glob(CONFIGDIR + "/files/" + device_serial + "*"):
os.chdir(BEFORE)
return HttpResponse("This configuration file already exists.")
os.chdir(CONFIGDIR)
if subprocess.call(CONFIGDIR + "/make_config " + device_serial, shell=True):
os.chdir(BEFORE)
return HttpResponse("Something went wrong trying to generate the config file.")
os.chdir(BEFORE)
@ -275,6 +311,7 @@ def makedevice(request):
device = Device.objects.create(
serial=device_serial,
name=device_name,
model=Model.objects.filter(id=device_model)[0],
network=Network.objects.filter(intip="No VPN")[0],
organization=Organization.objects.filter(id=device_organization)[0],
vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read()

View file

@ -10,7 +10,7 @@ function timeSince(obj) {
interval = Math.floor(seconds / 60);
if (seconds < 120) out = seconds + " seconds "
else if (interval > 1) out = out + interval + " minutes ";
else if (interval > 1 && interval < 120) out = out + interval + " minutes ";
return out + "ago"
}
@ -18,12 +18,27 @@ function timeSince(obj) {
function styleStatus(msg, device) {
device_status = $("#" + device + "-indicator");
device_ip = $("#" + device + "-ip");
device_network = $("#" + device + "-network");
device_name = $("#" + device + "-name");
device_id = $("#" + device + "-id");
device_status.css("color", msg.status == 1 ? "green" : (msg.status == 0 ? "red" : "grey"))
device_status.css("color", msg.status == 1 ? "green" : (msg.status == 0 ? ((new Date(msg.lastbeat) < new Date(msg.time) && (new Date() - new Date(msg.lastbeat) < 60)) ? "yellow" : "red") : "grey"));
if (msg.hasOwnProperty("ip")) {
device_ip.text(msg.ip + (msg.status == 1 ? "" :" (" + timeSince(msg.time) + ")"));
};
if (msg.hasOwnProperty("network")) {
device_network.text(msg.network.intip + " (" + msg.network.extip + ")");
};
if (msg.hasOwnProperty("reboot")) {
device_id.css("font-style", msg.reboot == 1 ? "italic" : "normal")
};
if (msg.hasOwnProperty("name")) {
device_name.text(msg.name);
};
};
function updateStatus(device_id) {
@ -37,3 +52,7 @@ function askdelete(device_id) {
function askreboot(device_id) {
if (confirm("Are you sure you want to reboot this device?")) window.location.href = "/devices/" + device_id + "/reboot";
};
function downloadnotice() {
alert("Your file is being prepared. This will take a minute, please be patient and do not leave this page. The download will start automatically.");
};

View file

@ -1,2 +1,2 @@
#!/bin/bash
uwsgi --socket 127.0.0.1:9360 --module vpnmanager.wsgi --uid 1001
uwsgi --socket 127.0.0.1:9360 --module vpnmanager.wsgi --uid 1001 --processes=40