KumiSystems/vpnmanager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

All the things we did today

Browse source
This commit is contained in:
Kumi 2018-12-01 18:56:29 +01:00
parent de44a793e1
commit addf2a430e
17 changed files with 197 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
device-config/bin/heartbeat
View file

@ -1,22 +1,59 @@
. /etc/vpnsecret
/bin/sleep 10
/bin/rm -f /var/log/wget
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
/usr/sbin/openvpn /etc/openvpn/client.conf &
ipaddr(){ ipaddr(){
if="${1:-br-VPN360}" if="${1:-br-VPN360}"
result=$(/sbin/ip -o -4 addr show dev "${if}" | /bin/sed 's/^.*inet // ; s/\/...*$//') result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
/usr/bin/printf %s "${result}" /usr/bin/printf %s "${result}"
tty -s && printf "\n"
} }
while [ True ]; do stopwifi(){
/bin/sleep 60; /sbin/uci set wireless.radio1.disabled=1
/bin/rm /var/log/wget /sbin/uci commit
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash; }
done
startwifi(){
/sbin/uci set wireless.radio1.disabled=0
/sbin/uci commit
/sbin/wifi
}
restartwifi(){
stopwifi
startwifi
}
. /etc/vpnsecret
/usr/bin/wget -O/etc/hosts https://admin360.kumi.host/hosts --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
/sbin/uci commit
stopwifi
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
/bin/sleep 60
if [ $(ipaddr) ]
then
startwifi
while [ True ]
do
sleep 10
if [ $(ipaddr) ]
then
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
fi
done
else
/sbin/uci set wireless.@wifi-iface[0].network="DHCP"
/sbin/uci commit
startwifi
/sbin/ip a add 192.168.36.1/24 dev br-DHCP
/sbin/ifconfig br-DHCP down
/sbin/ifconfig br-DHCP up
while [ True ]
do
sleep 10
/usr/bin/wget -O- https://admin360.kumi.host/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
done
fi

6
device-config/etc/config/dhcp
View file

@ -35,3 +35,9 @@ config odhcpd 'odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update' option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4' option loglevel '4'
config dhcp 'DHCP'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'DHCP'

5
device-config/etc/config/firewall
View file

@ -8,3 +8,8 @@ config defaults
config include config include
option path '/etc/firewall.user' option path '/etc/firewall.user'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'

7
device-config/etc/config/luci
View file

@ -14,6 +14,8 @@ config extern 'flash_keep'
option uploads '/lib/uci/upload/' option uploads '/lib/uci/upload/'
config internal 'languages' config internal 'languages'
option en 'English'
option zh_cn '中文 (Chinese)'
config internal 'sauth' config internal 'sauth'
option sessionpath '/tmp/luci-sessions' option sessionpath '/tmp/luci-sessions'
@ -46,3 +48,8 @@ config ifstate
option ifname 'radio0.network1' option ifname 'radio0.network1'
option bridge 'true' option bridge 'true'
config ifstate
option interface 'DHCP'
option ifname 'tap0 radio1.network1'
option bridge 'true'

8
device-config/etc/config/network
View file

@ -20,5 +20,13 @@ config interface 'VPN360'
option type 'bridge' option type 'bridge'
option proto 'dhcp' option proto 'dhcp'
option broadcast '1' option broadcast '1'
option force_link '1'
option ifname 'tap0' option ifname 'tap0'
config interface 'DHCP'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.36.1'
option netmask '255.255.255.0'
option ifname 'lo'

2
device-config/etc/config/openvpn
View file

@ -1,5 +1,5 @@
config openvpn 'vpn360' config openvpn 'vpn360'
option enabled '1' option enabled '0'
option config '/etc/openvpn/client.conf' option config '/etc/openvpn/client.conf'

51
device-config/etc/config/ucitrack
View file

@ -1,56 +1,61 @@
config network config network
option init network option init 'network'
list affects dhcp list affects 'dhcp'
list affects radvd list affects 'radvd'
config wireless config wireless
list affects network list affects 'network'
config firewall config firewall
option init firewall option init 'firewall'
list affects luci-splash list affects 'luci-splash'
list affects qos list affects 'qos'
list affects miniupnpd list affects 'miniupnpd'
config olsr config olsr
option init olsrd option init 'olsrd'
config dhcp config dhcp
option init dnsmasq option init 'dnsmasq'
list affects odhcpd list affects 'odhcpd'
config odhcpd config odhcpd
option init odhcpd option init 'odhcpd'
config dropbear config dropbear
option init dropbear option init 'dropbear'
config httpd config httpd
option init httpd option init 'httpd'
config fstab config fstab
option exec '/sbin/block mount' option exec '/sbin/block mount'
config qos config qos
option init qos option init 'qos'
config system config system
option init led option init 'led'
option exec '/etc/init.d/log reload' option exec '/etc/init.d/log reload'
list affects luci_statistics list affects 'luci_statistics'
list affects dhcp list affects 'dhcp'
config luci_splash config luci_splash
option init luci_splash option init 'luci_splash'
config upnpd config upnpd
option init miniupnpd option init 'miniupnpd'
config ntpclient config ntpclient
option init ntpclient option init 'ntpclient'
config samba config samba
option init samba option init 'samba'
config tinyproxy config tinyproxy
option init tinyproxy option init 'tinyproxy'
config mwan3
option init 'mwan3'

3
device-config/etc/config/unbound Normal file
View file

@ -0,0 +1,3 @@
config unbound
option enable '0'
option manual_conf '1'

4
device-config/etc/config/wireless
View file

@ -18,11 +18,13 @@ config wifi-device 'radio1'
option txpower '22' option txpower '22'
option country 'US' option country 'US'
option legacy_rates '1' option legacy_rates '1'
option enabled '1'
option disabled '0'
config wifi-iface config wifi-iface
option device 'radio1' option device 'radio1'
option mode 'ap' option mode 'ap'
option encryption 'none' option encryption 'none'
option network 'VPN360'
option ssid '$SSID' option ssid '$SSID'
option network 'VPN360'

1
device-config/etc/group
View file

@ -10,3 +10,4 @@ users:x:100:
network:x:101: network:x:101:
nogroup:x:65534: nogroup:x:65534:
dnsmasq:x:453:dnsmasq dnsmasq:x:453:dnsmasq
unbound:x:553:unbound

3
device-config/etc/hosts Normal file
View file

@ -0,0 +1,3 @@
127.0.0.1 localhost
10.8.0.1 private.vpn360
5.9.48.18 public.vpn360

30
device-config/etc/lighttpd/lighttpd.conf Normal file
View file

@ -0,0 +1,30 @@
server.document-root = "/www"
server.upload-dirs = ( "/tmp" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "http"
server.groupname = "www-data"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
)
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
### Options that are useful but not always necessary:
#server.chroot = "/"
server.port = 81
server.bind = "localhost"
#server.tag = "lighttpd"
#server.errorlog-use-syslog = "enable"
#server.network-backend = "writev"
### Use IPv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
#dir-listing.encoding = "utf-8"
#server.dir-listing = "enable"
include "/etc/lighttpd/mime.conf"
include "/etc/lighttpd/conf.d/*.conf"

2
device-config/etc/opkg/keys/7d75c2e892e71b62 Normal file
View file

@ -0,0 +1,2 @@
untrusted comment: Local build key
RWR9dcLokucbYuJDzmnxQ756ZmeUiihRaO98lBJJapA0oW+ACCPgSLiS

2
device-config/etc/passwd
View file

@ -4,3 +4,5 @@ ftp:*:55:55:ftp:/home/ftp:/bin/false
network:*:101:101:network:/var:/bin/false network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false nobody:*:65534:65534:nobody:/var:/bin/false
dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
unbound:x:553:553:unbound:/var/run/unbound:/bin/false
http:x:65536:65536:http:/var/run/http:/bin/false

2
device-config/etc/shadow
View file

@ -4,3 +4,5 @@ ftp:*:0:0:99999:7:::
network:*:0:0:99999:7::: network:*:0:0:99999:7:::
nobody:*:0:0:99999:7::: nobody:*:0:0:99999:7:::
dnsmasq:x:0:0:99999:7::: dnsmasq:x:0:0:99999:7:::
unbound:x:0:0:99999:7:::
http:x:0:0:99999:7:::

1
device-config/etc/vpnsecret
View file

@ -1 +0,0 @@
SECRET=

44
manager/views.py
View file

@ -28,8 +28,14 @@ def index(request):
@csrf_exempt @csrf_exempt
def heartbeat(request): def heartbeat(request):
device = get_object_or_404(Device, secret=request.POST.get("secret", "")) device = get_object_or_404(Device, secret=request.POST.get("secret", ""))
device.curip = request.POST.get("ip", "") ip = request.POST.get("ip", "")
device.lasttime = timezone.now() if ip:
device.lasttime = timezone.now()
if device.curip:
device.curip = ip or device.curip
else:
device.curip = ip
device.save() device.save()
return HttpResponse("reboot" if device.reboot else "") return HttpResponse("reboot" if device.reboot else "")
@ -124,7 +130,9 @@ def editdevice(request, device_id):
return redirect("/") return redirect("/")
def getconfig(request, device_id): def getconfig(request, device_id):
BEFORE = os.getcwd()
DEVICEDIR = "/opt/vpnmanager/device-config/" DEVICEDIR = "/opt/vpnmanager/device-config/"
SRCDIR = "/opt/openwrt/"
if not request.user.is_superuser: if not request.user.is_superuser:
return redirect("/") return redirect("/")
@ -162,6 +170,7 @@ def getconfig(request, device_id):
with open(tempdir.name + "/etc/config/wireless", "w") as wireout: with open(tempdir.name + "/etc/config/wireless", "w") as wireout:
wireout.write(wirein.replace("$SSID", device.serial)) wireout.write(wirein.replace("$SSID", device.serial))
'''
# Generate .tar.gz file # Generate .tar.gz file
with tarfile.open(tempdir.name + ".tar.gz", "w:gz") as tar: with tarfile.open(tempdir.name + ".tar.gz", "w:gz") as tar:
@ -171,6 +180,36 @@ def getconfig(request, device_id):
response = HttpResponse(download.read(), content_type="application/tar+gzip") response = HttpResponse(download.read(), content_type="application/tar+gzip")
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".tar.gz") response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".tar.gz")
return response return response
'''
# Create compilation environment
os.system("rm -rf " + SRCDIR + "/files/")
os.mkdir(SRCDIR + "/files/")
os.system("cp -r " + tempdir.name + "/* " + SRCDIR + "/files/")
tempdir.cleanup()
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
# Build image
os.chdir(SRCDIR)
try:
output = subprocess.check_output(["make", "-j9"])
except:
os.chdir(BEFORE)
return HttpResponse("Something went wrong building the image file.\n\n" + output)
os.chdir(BEFORE)
with open(glob.glob(SRCDIR + "/bin/targets/ar71xx/generic/*squashfs-sysupgrade.bin")[0], "rb") as download:
response = HttpResponse(download.read(), content_type="application/octet-stream")
response['Content-Disposition'] = 'inline; filename=' + os.path.basename(device.serial + ".bin")
os.system("rm -rf " + SRCDIR + "/files/")
os.system("rm " + SRCDIR + "/bin/targets/ar71xx/generic/*")
return response
def rebootdevice(request, device_id): def rebootdevice(request, device_id):
if request.user.is_authenticated: if request.user.is_authenticated:
@ -236,6 +275,7 @@ def makedevice(request):
device = Device.objects.create( device = Device.objects.create(
serial=device_serial, serial=device_serial,
name=device_name, name=device_name,
network=Network.objects.filter(intip="No VPN")[0],
organization=Organization.objects.filter(id=device_organization)[0], organization=Organization.objects.filter(id=device_organization)[0],
vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read() vpnconfig = open(CONFIGDIR + "/files/" + device_serial + ".ovpn").read()
) )