KumiSystems/vpnmanager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

All the things we did today

Browse source
This commit is contained in:
Kumi 2018-12-01 18:56:29 +01:00
parent de44a793e1
commit addf2a430e
17 changed files with 197 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
device-config/bin/heartbeat
View file

@ -1,22 +1,59 @@
. /etc/vpnsecret
/bin/sleep 10
/bin/rm -f /var/log/wget
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
/usr/sbin/openvpn /etc/openvpn/client.conf &
ipaddr(){
if="${1:-br-VPN360}"
result=$(/sbin/ip -o -4 addr show dev "${if}" | /bin/sed 's/^.*inet // ; s/\/...*$//')
result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
/usr/bin/printf %s "${result}"
tty -s && printf "\n"
}
while [ True ]; do
/bin/sleep 60;
/bin/rm /var/log/wget
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash;
done
stopwifi(){
/sbin/uci set wireless.radio1.disabled=1
/sbin/uci commit
}
startwifi(){
/sbin/uci set wireless.radio1.disabled=0
/sbin/uci commit
/sbin/wifi
}
restartwifi(){
stopwifi
startwifi
}
. /etc/vpnsecret
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
/sbin/uci commit
stopwifi
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
/bin/sleep 60
if [ $(ipaddr) ]
then
startwifi
while [ True ]
do
sleep 10
if [ $(ipaddr) ]
then
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
fi
done
else
/sbin/uci set wireless.@wifi-iface[0].network="DHCP"
/sbin/uci commit
startwifi
/sbin/ip a add 192.168.36.1/24 dev br-DHCP
/sbin/ifconfig br-DHCP down
/sbin/ifconfig br-DHCP up
while [ True ]
do
sleep 10
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
done
fi

6
device-config/etc/config/dhcp
View file

@ -35,3 +35,9 @@ config odhcpd 'odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'DHCP'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'DHCP'

5
device-config/etc/config/firewall
View file

@ -8,3 +8,8 @@ config defaults
config include
option path '/etc/firewall.user'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'

7
device-config/etc/config/luci
View file

@ -14,6 +14,8 @@ config extern 'flash_keep'
option uploads '/lib/uci/upload/'
config internal 'languages'
option en 'English'
option zh_cn '中文 (Chinese)'
config internal 'sauth'
option sessionpath '/tmp/luci-sessions'
@ -46,3 +48,8 @@ config ifstate
option ifname 'radio0.network1'
option bridge 'true'
config ifstate
option interface 'DHCP'
option ifname 'tap0 radio1.network1'
option bridge 'true'

8
device-config/etc/config/network
View file

@ -20,5 +20,13 @@ config interface 'VPN360'
option type 'bridge'
option proto 'dhcp'
option broadcast '1'
option force_link '1'
option ifname 'tap0'
config interface 'DHCP'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.36.1'
option netmask '255.255.255.0'
option ifname 'lo'

2
device-config/etc/config/openvpn
View file

@ -1,5 +1,5 @@
config openvpn 'vpn360'
option enabled '1'
option enabled '0'
option config '/etc/openvpn/client.conf'

51
device-config/etc/config/ucitrack
View file

@ -1,56 +1,61 @@
config network
option init network
list affects dhcp
list affects radvd
option init 'network'
list affects 'dhcp'
list affects 'radvd'
config wireless
list affects network
list affects 'network'
config firewall
option init firewall
list affects luci-splash
list affects qos
list affects miniupnpd
option init 'firewall'
list affects 'luci-splash'
list affects 'qos'
list affects 'miniupnpd'
config olsr
option init olsrd
option init 'olsrd'
config dhcp
option init dnsmasq
list affects odhcpd
option init 'dnsmasq'
list affects 'odhcpd'
config odhcpd
option init odhcpd
option init 'odhcpd'
config dropbear
option init dropbear
option init 'dropbear'
config httpd
option init httpd
option init 'httpd'
config fstab
option exec '/sbin/block mount'
config qos
option init qos
option init 'qos'
config system
option init led
option init 'led'
option exec '/etc/init.d/log reload'
list affects luci_statistics
list affects dhcp
list affects 'luci_statistics'
list affects 'dhcp'
config luci_splash
option init luci_splash
option init 'luci_splash'
config upnpd
option init miniupnpd
option init 'miniupnpd'
config ntpclient
option init ntpclient
option init 'ntpclient'
config samba
option init samba
option init 'samba'
config tinyproxy
option init tinyproxy
option init 'tinyproxy'
config mwan3
option init 'mwan3'

3
device-config/etc/config/unbound Normal file
View file

@ -0,0 +1,3 @@
config unbound
option enable '0'
option manual_conf '1'

4
device-config/etc/config/wireless
View file

@ -18,11 +18,13 @@ config wifi-device 'radio1'
option txpower '22'
option country 'US'
option legacy_rates '1'
option enabled '1'
option disabled '0'
config wifi-iface
option device 'radio1'
option mode 'ap'
option encryption 'none'
option network 'VPN360'
option ssid '$SSID'
option network 'VPN360'

1
device-config/etc/group
View file

@ -10,3 +10,4 @@ users:x:100:
network:x:101:
nogroup:x:65534:
dnsmasq:x:453:dnsmasq
unbound:x:553:unbound

3
device-config/etc/hosts Normal file
View file

@ -0,0 +1,3 @@
127.0.0.1 localhost
10.8.0.1 private.vpn360
5.9.48.18 public.vpn360

30
device-config/etc/lighttpd/lighttpd.conf Normal file
View file

@ -0,0 +1,30 @@
server.document-root = "/www"
server.upload-dirs = ( "/tmp" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "http"
server.groupname = "www-data"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
)
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
### Options that are useful but not always necessary:
#server.chroot = "/"
server.port = 81
server.bind = "localhost"
#server.tag = "lighttpd"
#server.errorlog-use-syslog = "enable"
#server.network-backend = "writev"
### Use IPv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
#dir-listing.encoding = "utf-8"
#server.dir-listing = "enable"
include "/etc/lighttpd/mime.conf"
include "/etc/lighttpd/conf.d/*.conf"

2
device-config/etc/opkg/keys/7d75c2e892e71b62 Normal file
View file

@ -0,0 +1,2 @@
untrusted comment: Local build key
RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS

2
device-config/etc/passwd
View file

@ -4,3 +4,5 @@ ftp:*:55:55:ftp:/home/ftp:/bin/false
network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false
dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
unbound:x:553:553:unbound:/var/run/unbound:/bin/false
http:x:65536:65536:http:/var/run/http:/bin/false

2
device-config/etc/shadow
View file

@ -4,3 +4,5 @@ ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
dnsmasq:x:0:0:99999:7:::
unbound:x:0:0:99999:7:::
http:x:0:0:99999:7:::

1
device-config/etc/vpnsecret
View file

@ -1 +0,0 @@
SECRET=

44
manager/views.py
View file

@ -28,8 +28,14 @@ def index(request):
@csrf_exempt
def heartbeat(request):
device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
device.curip = request.POST.get("ip", "")
device.lasttime = timezone.now()
ip = request.POST.get("ip", "")
if ip:
device.lasttime = timezone.now()
if device.curip:
device.curip = ip or device.curip
else:
device.curip = ip
device.save()
return HttpResponse("reboot" if device.reboot else "")
@ -124,7 +130,9 @@ def editdevice(request, device_id):
return redirect("/")
def getconfig(request, device_id):
BEFORE = os.getcwd()
DEVICEDIR = "/opt/vpnmanager/device-config/"
SRCDIR = "/opt/openwrt/"
if not request.user.is_superuser:
return redirect("/")
@ -162,6 +170,7 @@ def getconfig(request, device_id):
with open(tempdir.name + "/etc/config/wireless", "w") as wireout:
wireout.write(wirein.replace("$SSID", device.serial))
'''
# Generate .tar.gz file
with tarfile.open(tempdir.name + ".tar.gz", "w:gz") as tar:
@ -171,6 +180,36 @@ def getconfig(request, device_id):
response = HttpResponse(download.read(), content_type="application/tar+gzip")
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".tar.gz")
return response
'''
# Create compilation environment
os.system("rm -rf " + SRCDIR + "/files/")
os.mkdir(SRCDIR + "/files/")
os.system("cp -r " + tempdir.name + "/* " + SRCDIR + "/files/")
tempdir.cleanup()
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
# Build image
os.chdir(SRCDIR)
try:
output = subprocess.check_output(["make", "-j9"])
except:
os.chdir(BEFORE)
return HttpResponse("Something went wrong building the image file.\n\n" + output)
os.chdir(BEFORE)
with open(glob.glob(SRCDIR + "/bin/targets/ar71xx/generic/*squashfs-sysupgrade.bin")[0], "rb") as download:
response = HttpResponse(download.read(), content_type="application/octet-stream")
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".bin")
os.system("rm -rf " + SRCDIR + "/files/")
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
return response
def rebootdevice(request, device_id):
if request.user.is_authenticated:
@ -236,6 +275,7 @@ def makedevice(request):
device = Device.objects.create(
serial=device_serial,
name=device_name,
network=Network.objects.filter(intip="No VPN")[0],
organization=Organization.objects.filter(id=device_organization)[0],
vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read()
)