Client/OpenWRT: Difference between revisions

From Bondix Wiki
(Created page with "The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice: = Configuration Location = * You...")
 
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Colored_box|Text='''Test version only - No commerial product!'''
Please reach out to [mailto:consulting@sima.gmbh consulting@sima.gmbh] for the requirements to license and use  Bondix on our own OpenWRT router platform!}}
The client can be installed manually on nearly any OpenWRT based router following the [[Client|client installation guide]]. Things to notice:
The client can be installed manually on nearly any OpenWRT based router following the [[Client|client installation guide]]. Things to notice:


Line 24: Line 28:
* You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
* You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
* make sure to set a custom public DNS server
* make sure to set a custom public DNS server
= Installation Script (WIP) =
== Code ==
<nowiki>#!/bin/sh
# SANE Configuration:
TUNNEL="TUNNELNAME"
TUNNELPASSWORD="TUNNELPASSWORD"
ENDPOINT="127.0.0.2"
# -------------------------------------------------------------------------------
# install directory
INSTALLDIR="/opt/bondix"
# version to download
CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz"
# location of saneclient config
CONFIGLOCATION="/etc/config/saneclient.json"
set -e
echo Downloading \& Installing...
echo ---------------------------
mkdir -p $INSTALLDIR
cd $INSTALLDIR
curl -o sane.tar.gz $CURRENTVERSION
tar -xvzf sane.tar.gz
rm sane.tar.gz
echo
echo Creating start Script
echo ---------------------
cat <<EOT >> /etc/init.d/bondix
#!/bin/sh /etc/rc.common
START=90
STOP=15
start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION
}
stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}
EOT
chmod a+x /etc/init.d/bondix
#/etc/init.d/bondix enable
if [ ! -f $CONFIGLOCATION ]; then
echo
echo Creating SANE configuration
echo ---------------------------
cat <<EOT >> $CONFIGLOCATION
[
  {"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"},
  {"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"},
  {"action": "create-interfaces", "target": "tunnel", "interfaces": {
    "eth1": "mobile",
    "qmimux0": "mobile",
    "qmimux8": "mobile"
  }},
  {"target": "tunnel", "action": "set-preset", "preset": "bonding"},
  {"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}},
  {"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"},
  {"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"}
]
EOT
fi
cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh
#!/bin/sh
iptables -t nat -N BONDIX
iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN
iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN
iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN
iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080
iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX
EOT
chmod a+x $INSTALLDIR/enable-bondingproxy.sh
/etc/init.d/bondix start
echo
echo Done! 👍</nowiki>
== ToDo ==
* UCI Interface Creation
* Firewall Adjustments

Latest revision as of 08:01, 22 August 2024

⚠️ Test version only - No commerial product!

Please reach out to consulting@sima.gmbh for the requirements to license and use Bondix on our own OpenWRT router platform!


The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice:

Configuration Location

  • You should create your configuration at /etc/config/saneclient.json

init.d Script (etc/init.d/bondix)

#!/bin/sh /etc/rc.common

START=90
STOP=15

start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy /etc/config/saneclient.json
}

stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}

Use /etc/init.d/bondix enable to automatically start the client

UCI integration

  • You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
  • make sure to set a custom public DNS server

Installation Script (WIP)

Code

#!/bin/sh
# SANE Configuration:
TUNNEL="TUNNELNAME"
TUNNELPASSWORD="TUNNELPASSWORD"
ENDPOINT="127.0.0.2"

# -------------------------------------------------------------------------------

# install directory
INSTALLDIR="/opt/bondix"

# version to download
CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz"

# location of saneclient config
CONFIGLOCATION="/etc/config/saneclient.json"

set -e

echo Downloading \& Installing...
echo ---------------------------

mkdir -p $INSTALLDIR
cd $INSTALLDIR
curl -o sane.tar.gz $CURRENTVERSION
tar -xvzf sane.tar.gz
rm sane.tar.gz

echo
echo Creating start Script
echo ---------------------

cat <<EOT >> /etc/init.d/bondix
#!/bin/sh /etc/rc.common

START=90
STOP=15

start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION
}

stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}
EOT
chmod a+x /etc/init.d/bondix
#/etc/init.d/bondix enable

if [ ! -f $CONFIGLOCATION ]; then
echo
echo Creating SANE configuration
echo ---------------------------
cat <<EOT >> $CONFIGLOCATION
[
  {"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"},
  {"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"},
  {"action": "create-interfaces", "target": "tunnel", "interfaces": {
    "eth1": "mobile",
    "qmimux0": "mobile",
    "qmimux8": "mobile"
  }},
  {"target": "tunnel", "action": "set-preset", "preset": "bonding"},
  {"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}},
  {"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"},
  {"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"}
]
EOT
fi

cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh
#!/bin/sh
iptables -t nat -N BONDIX
iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN
iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN
iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN
iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080
iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX
EOT
chmod a+x $INSTALLDIR/enable-bondingproxy.sh


/etc/init.d/bondix start

echo
echo Done! 👍

ToDo

  • UCI Interface Creation
  • Firewall Adjustments