Client/OpenWRT: Difference between revisions
From Bondix Wiki
(Created page with "The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice: = Configuration Location = * You...") |
No edit summary |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{Colored_box|Text='''Test version only - No commerial product!''' | |||
Please reach out to [mailto:consulting@sima.gmbh consulting@sima.gmbh] for the requirements to license and use Bondix on our own OpenWRT router platform!}} | |||
The client can be installed manually on nearly any OpenWRT based router following the [[Client|client installation guide]]. Things to notice: | The client can be installed manually on nearly any OpenWRT based router following the [[Client|client installation guide]]. Things to notice: | ||
Line 24: | Line 28: | ||
* You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan | * You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan | ||
* make sure to set a custom public DNS server | * make sure to set a custom public DNS server | ||
= Installation Script (WIP) = | |||
== Code == | |||
<nowiki>#!/bin/sh | |||
# SANE Configuration: | |||
TUNNEL="TUNNELNAME" | |||
TUNNELPASSWORD="TUNNELPASSWORD" | |||
ENDPOINT="127.0.0.2" | |||
# ------------------------------------------------------------------------------- | |||
# install directory | |||
INSTALLDIR="/opt/bondix" | |||
# version to download | |||
CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz" | |||
# location of saneclient config | |||
CONFIGLOCATION="/etc/config/saneclient.json" | |||
set -e | |||
echo Downloading \& Installing... | |||
echo --------------------------- | |||
mkdir -p $INSTALLDIR | |||
cd $INSTALLDIR | |||
curl -o sane.tar.gz $CURRENTVERSION | |||
tar -xvzf sane.tar.gz | |||
rm sane.tar.gz | |||
echo | |||
echo Creating start Script | |||
echo --------------------- | |||
cat <<EOT >> /etc/init.d/bondix | |||
#!/bin/sh /etc/rc.common | |||
START=90 | |||
STOP=15 | |||
start() { | |||
/opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION | |||
} | |||
stop() { | |||
/opt/bondix/client/bndutil shutdown | |||
sleep 1 | |||
} | |||
EOT | |||
chmod a+x /etc/init.d/bondix | |||
#/etc/init.d/bondix enable | |||
if [ ! -f $CONFIGLOCATION ]; then | |||
echo | |||
echo Creating SANE configuration | |||
echo --------------------------- | |||
cat <<EOT >> $CONFIGLOCATION | |||
[ | |||
{"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"}, | |||
{"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"}, | |||
{"action": "create-interfaces", "target": "tunnel", "interfaces": { | |||
"eth1": "mobile", | |||
"qmimux0": "mobile", | |||
"qmimux8": "mobile" | |||
}}, | |||
{"target": "tunnel", "action": "set-preset", "preset": "bonding"}, | |||
{"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}}, | |||
{"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"}, | |||
{"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"} | |||
] | |||
EOT | |||
fi | |||
cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh | |||
#!/bin/sh | |||
iptables -t nat -N BONDIX | |||
iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN | |||
iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN | |||
iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN | |||
iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN | |||
iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN | |||
iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN | |||
iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN | |||
iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN | |||
iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN | |||
iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN | |||
iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080 | |||
iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX | |||
EOT | |||
chmod a+x $INSTALLDIR/enable-bondingproxy.sh | |||
/etc/init.d/bondix start | |||
echo | |||
echo Done! 👍</nowiki> | |||
== ToDo == | |||
* UCI Interface Creation | |||
* Firewall Adjustments |
Latest revision as of 08:01, 22 August 2024
⚠️ | Test version only - No commerial product!
Please reach out to consulting@sima.gmbh for the requirements to license and use Bondix on our own OpenWRT router platform! |
---|
The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice:
Configuration Location
- You should create your configuration at
/etc/config/saneclient.json
init.d Script (etc/init.d/bondix)
#!/bin/sh /etc/rc.common START=90 STOP=15 start() { /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy /etc/config/saneclient.json } stop() { /opt/bondix/client/bndutil shutdown sleep 1 }
Use /etc/init.d/bondix enable
to automatically start the client
UCI integration
- You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
- make sure to set a custom public DNS server
Installation Script (WIP)
Code
#!/bin/sh # SANE Configuration: TUNNEL="TUNNELNAME" TUNNELPASSWORD="TUNNELPASSWORD" ENDPOINT="127.0.0.2" # ------------------------------------------------------------------------------- # install directory INSTALLDIR="/opt/bondix" # version to download CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz" # location of saneclient config CONFIGLOCATION="/etc/config/saneclient.json" set -e echo Downloading \& Installing... echo --------------------------- mkdir -p $INSTALLDIR cd $INSTALLDIR curl -o sane.tar.gz $CURRENTVERSION tar -xvzf sane.tar.gz rm sane.tar.gz echo echo Creating start Script echo --------------------- cat <<EOT >> /etc/init.d/bondix #!/bin/sh /etc/rc.common START=90 STOP=15 start() { /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION } stop() { /opt/bondix/client/bndutil shutdown sleep 1 } EOT chmod a+x /etc/init.d/bondix #/etc/init.d/bondix enable if [ ! -f $CONFIGLOCATION ]; then echo echo Creating SANE configuration echo --------------------------- cat <<EOT >> $CONFIGLOCATION [ {"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"}, {"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"}, {"action": "create-interfaces", "target": "tunnel", "interfaces": { "eth1": "mobile", "qmimux0": "mobile", "qmimux8": "mobile" }}, {"target": "tunnel", "action": "set-preset", "preset": "bonding"}, {"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}}, {"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"}, {"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"} ] EOT fi cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh #!/bin/sh iptables -t nat -N BONDIX iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080 iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX EOT chmod a+x $INSTALLDIR/enable-bondingproxy.sh /etc/init.d/bondix start echo echo Done! 👍
ToDo
- UCI Interface Creation
- Firewall Adjustments