Client: Difference between revisions
From Bondix Wiki
(add remaining commands) |
|||
| Line 42: | Line 42: | ||
Where <module> specifies the configuration submodule and <command> specifies what should be done. | Where <module> specifies the configuration submodule and <command> specifies what should be done. | ||
== System Commands == | == System Commands == | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| | | | ||
=== shutdown === | |||
Shuts down the client and terminates. | |||
| style="width: 40%"| | |||
<nowiki>{"target": "system", | <nowiki>{"target": "system", | ||
"action": "shutdown" | "action": "shutdown" | ||
} | }</nowiki> | ||
</nowiki> | |- | ||
| | |||
| | | | ||
=== set-log === | === set-log === | ||
Enables logging to file or changes output file. | Enables logging to file or changes output file. | ||
| Line 73: | Line 65: | ||
| fileMode|| can be <code>append</code> or <code>overwrite</code>. Required. | | fileMode|| can be <code>append</code> or <code>overwrite</code>. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "system", | |||
"action": "set-log", | |||
"file": "/var/log/saneclient.log", | |||
"fileMode": "append" | |||
}</nowiki> | |||
|- | |||
| | | | ||
=== set-webinterface === | |||
Enables the integrated webserver & debug webinterface. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Parameters | |+ Parameters | ||
| Line 102: | Line 91: | ||
| webroot || Web root directory. Points to the "www" subdirectory in installation directory. Not required, changing not advised. | | webroot || Web root directory. Points to the "www" subdirectory in installation directory. Not required, changing not advised. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "system", | |||
"action": "set-webinterface", | |||
"host": "0.0.0.0", | |||
"port": "80", | |||
"allowConfig": false, | |||
"allowMonitor": true, | |||
"configApiKey": "123456", | |||
"webroot": "/tmp/" | |||
}</nowiki> | |||
|} | |} | ||
| Line 107: | Line 106: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| | | | ||
=== create === | === create === | ||
Sets up basic tunnel configuration. | Sets up basic tunnel configuration. | ||
| Line 133: | Line 123: | ||
| values || A JSON object containing configuration parameters for the tunnel. | | values || A JSON object containing configuration parameters for the tunnel. | ||
|} | |} | ||
| style="width: 40%"| | |||
<nowiki>{"target": "tunnel", | |||
"action": "create", | |||
"name": "MyTunnel", | |||
"password: "1234", | |||
"server": "10.0.0.1", | |||
"interfaceName": "bndx0", | |||
"values": {...} | |||
}</nowiki> | |||
|- | |||
| | | | ||
=== add-server === | === add-server === | ||
Adds a endpoint server. If multiple servers are added, the client will cycle through | Adds a endpoint server. If multiple servers are added, the client will cycle through | ||
| Line 153: | Line 145: | ||
| port || Port of the destination server. Optional (Default: "443"). | | port || Port of the destination server. Optional (Default: "443"). | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "add-server", | |||
"host": "10.0.0.1", | |||
"port": "443" | |||
}</nowiki> | |||
|- | |||
| | |||
=== create-interfaces === | |||
Creates channels for the specified interfaces using [[Client/Presets|presets]]. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |- | ||
| | | interfaces|| a JSON object where each key is a network interface name, with the corresponding value being a [[Client/Presets|preset]] name. Required. | ||
|} | |||
|| | |||
<nowiki>{"target": "tunnel", | <nowiki>{"target": "tunnel", | ||
"action": "create-interfaces", | "action": "create-interfaces", | ||
| Line 162: | Line 168: | ||
"eth1": "ethernet" | "eth1": "ethernet" | ||
} | } | ||
} | }</nowiki> | ||
</nowiki> | |- | ||
=== | | | ||
=== add-interface === | |||
Adds a single interface to the tunnel. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |||
| interface || Name of the linux network interface. Required. | |||
|- | |||
| name || Human-readable name for the interface. Optional. | |||
|- | |||
| preset || [[Client/Presets|Preset]] that should be applied to this interface. Optional. | |||
|- | |||
| values || Configuration values for this interface. See [[Tunnel Settings]]. Optional. | |||
|} | |||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "add-interface", | |||
"interface": "wlan0", | |||
"name": "WiFi", | |||
"preset": "mobile", | |||
"values": {"enabled": false} | |||
}</nowiki> | |||
|- | |||
| | |||
=== set === | |||
Sets tunnel properties. See [[Tunnel Settings]]. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |||
| values || JSON object with values to change. Required. | |||
|} | |||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set", | |||
"values": {"maxConcurrentChannel": 2} | |||
}</nowiki> | |||
|- | |||
=== set-remote === | |||
Sets tunnel properties on the remote end. See [[Tunnel Settings]]. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Parameters | |+ Parameters | ||
|- | |- | ||
| | | values || JSON object with values to change. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-remote", | |||
"values": {"maxConcurrentChannel": 2} | |||
}</nowiki> | |||
|- | |||
| | |||
=== set-interface === | |||
Sets tunnel interface properties. See [[Tunnel Settings]]. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |||
| index || Index of the channel. 0 for first created channel, 1 for second, etc.. | |||
| values || JSON object with values to change. | |||
|} | |||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-interface", | |||
"index": 0, | |||
"values": {"enabled": false} | |||
}</nowiki> | |||
|- | |- | ||
| | | | ||
=== set-remote-interface === | |||
Sets interface properties on the remote end. See [[Tunnel Settings]]. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |||
| index || Index of the channel. 0 for first created channel, 1 for second, etc.. | |||
| values || JSON object with values to change. | |||
|} | |||
|| | |||
<nowiki>{"target": "tunnel", | <nowiki>{"target": "tunnel", | ||
"action": "set- | "action": "set-remote-interface", | ||
" | "index": 0, | ||
} | "values": {"enabled": false} | ||
</nowiki> | }</nowiki> | ||
|- | |||
| | |||
=== set-preset === | === set-preset === | ||
Applies a tunnel preset. See [[Client/Presets|Presets]] for more info. | Applies a tunnel preset. See [[Client/Presets|Presets]] for more info. | ||
| Line 188: | Line 268: | ||
| name || Name of the tunnel preset. Required. | | name || Name of the tunnel preset. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-preset", | |||
"preset": "Bonding" | |||
}</nowiki> | |||
|- | |||
| | | | ||
=== set-ifname === | === set-ifname === | ||
Renames the virtual network tunnel interface. | Renames the virtual network tunnel interface. | ||
| Line 205: | Line 283: | ||
| name || The name that the interface should be renamed to. Required. | | name || The name that the interface should be renamed to. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-ifname", | |||
"name": "bondix0" | |||
} | |||
}</nowiki> | |||
|- | |||
| | | | ||
=== set-cert-check === | === set-cert-check === | ||
Enables or disables verification of the server's SSL certificate. ''TODO: Which root cert dir is used when no custom root certificate is provided?'' | Enables or disables verification of the server's SSL certificate. ''TODO: Which root cert dir is used when no custom root certificate is provided?'' | ||
| Line 222: | Line 299: | ||
| enabled || Enables or disables SSL certificate verification. Required. | | enabled || Enables or disables SSL certificate verification. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-cert-check", | |||
"enabled": true | |||
} | |||
}</nowiki> | |||
|- | |||
| | | | ||
=== set-root-ca === | === set-root-ca === | ||
Specifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled. | Specifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled. | ||
| Line 239: | Line 315: | ||
| file || location of the public root certificate file. Required. | | file || location of the public root certificate file. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-root-ca", | |||
"file": "/etc/ssl/foobar.pub" | |||
} | |||
}</nowiki> | |||
|- | |||
| | | | ||
=== set-certificate === | === set-certificate === | ||
Loads a tunnel client certificate. See [[Certificates]] for further information. | Loads a tunnel client certificate. See [[Certificates]] for further information. | ||
| Line 259: | Line 333: | ||
| key || location of the private certificate key file. Required. | | key || location of the private certificate key file. Required. | ||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "set-certificate", | |||
"cert": "/etc/ssl/foobar.pem" | |||
"key": "/etc/ssl/foobar.key" | |||
}</nowiki> | |||
|- | |||
| | |||
=== embed-certs === | |||
A helper functions to embed tunnel & root certificate inside the configuration instead of an external file. Performs the same actions as set-certificate and set-root-ca combined. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |- | ||
| | | cert || The tunnel public certificate as string. Required. | ||
|- | |||
| key || The tunnel private certificate key as string. Required. | |||
|- | |||
| root || The public root certificate for server verification. Required. | |||
|} | |||
|| | |||
<nowiki>{"target": "tunnel", | <nowiki>{"target": "tunnel", | ||
"action": "embed-certs", | "action": "embed-certs", | ||
| Line 267: | Line 359: | ||
"key": "...", | "key": "...", | ||
"root": "..." | "root": "..." | ||
}</nowiki> | |||
|- | |||
</nowiki> | |||
| | |||
=== | === set-root-ca === | ||
Specifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Parameters | |+ Parameters | ||
|- | |- | ||
| | | file || location of the public root certificate file. Required. | ||
| | |} | ||
| | || | ||
<nowiki>{"target": "tunnel", | |||
"action": "set-root-ca", | |||
"file": "/etc/ssl/foobar.pub" | |||
} | |||
}</nowiki> | |||
|- | |||
| | |||
=== delete === | |||
Resets the complete tunnel configuration, including interfaces. | |||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "delete" | |||
}</nowiki> | |||
|} | |} | ||
== Interactive Commands == | |||
Interactive commands can be used to retrieve various information via the CLI socket. | |||
''TODO: Add JSON responses'' | |||
{| class="wikitable" style="width: 100%" | |||
|- | |||
| | |||
=== get === | |||
Returns all [[Tunnel Settings|tunnel settings]]. | |||
| style="width: 40%"| | |||
<nowiki>{"target": "tunnel", | |||
"action": "get" | |||
}</nowiki> | |||
|- | |||
| | |||
=== get-interface === | |||
Returns [[Tunnel Settings|settings]] for a specific interface. | |||
{| class="wikitable" | |||
|+ Parameters | |||
|- | |||
| index || Index of the interface to fetch information from. | |||
|} | |} | ||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "get-interface", | |||
"index": 0 | |||
}</nowiki> | |||
|- | |||
| | |||
=== status === | |||
Returns various tunnel information. | |||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "status" | |||
}</nowiki> | |||
|- | |||
| | |||
=== reset=== | |||
Performs a disconnect & reconnect. | |||
|| | |||
<nowiki>{"target": "tunnel", | |||
"action": "reset" | |||
}</nowiki> | |||
|} | |||
= Running = | = Running = | ||
Revision as of 23:26, 25 June 2021
The Bondix SANE client is the software that you install on your supported router, which establishes a connection to the server using multiple WAN links.
For OpenWRT based routers, please check this page.
Installation
Log into your router via SSH and do the following:
| Create installation directory | mkdir -p /opt/bondix
|
| Download installation package | curl -o sane.tar.gz <DOWNLOAD-URL>
|
| Extract package | tar -xvzf sane.tar.gz
|
You can verify that the correct version has been installed with the command
/opt/bondix/client/saneclient --version
If successful, it should print its version string.
Configuration
Configuration is done using JSON commands. These can either be sent via a raw TCP socket (localhost:5113), or written to a configuration file (in a json-array) that is parsed at start-up. This allows both a fixed configuration as well as adjustments during runtime without the need to restart the service. By default, SANE checks for the existence of a configuration file in its installation directory (e.g. /opt/bondix/client/saneclient.json) and at /etc/saneclient.json. If you want SANE to load a configuration from a different location, you can specify it using a command line parameter.
Quick Start
This example provides the minimal necessities to get a tunnel up and running:
[
{"action": "create", "target": "tunnel", "name": "TUNNELNAME", "password": "TUNNELPASSWORD"},
{"action": "add-server", "target": "tunnel", "host": "ENDPOINTSERVER", "port": "443"},
{"action": "create-interfaces", "target": "tunnel", "interfaces": {
"eth1": "mobileAggressive",
"wwan0": "mobileAggressive",
"wwan1": "mobileAggressive"
}},
{"target": "tunnel", "action": "set-preset", "preset": "bonding"}
]
Command Structure
A JSON command has the following structure:
{"target": "<module>", "action": "<command>", [...additional values...]}
Where <module> specifies the configuration submodule and <command> specifies what should be done.
System Commands
shutdownShuts down the client and terminates. |
{"target": "system",
"action": "shutdown"
}
| ||||||||||||
set-logEnables logging to file or changes output file.
|
{"target": "system",
"action": "set-log",
"file": "/var/log/saneclient.log",
"fileMode": "append"
}
| ||||||||||||
set-webinterfaceEnables the integrated webserver & debug webinterface.
|
{"target": "system",
"action": "set-webinterface",
"host": "0.0.0.0",
"port": "80",
"allowConfig": false,
"allowMonitor": true,
"configApiKey": "123456",
"webroot": "/tmp/"
}
|
Tunnel Commands
set-remote
Sets tunnel properties on the remote end. See Tunnel Settings.
createSets up basic tunnel configuration.
|
{"target": "tunnel",
"action": "create",
"name": "MyTunnel",
"password: "1234",
"server": "10.0.0.1",
"interfaceName": "bndx0",
"values": {...}
}
| ||||||||||
add-serverAdds a endpoint server. If multiple servers are added, the client will cycle through them until a connection has been established successfully.
|
{"target": "tunnel",
"action": "add-server",
"host": "10.0.0.1",
"port": "443"
}
| ||||||||||
create-interfacesCreates channels for the specified interfaces using presets.
|
{"target": "tunnel",
"action": "create-interfaces",
"interfaces": {
"wwan0": "mobile",
"eth1": "ethernet"
}
}
| ||||||||||
add-interfaceAdds a single interface to the tunnel.
|
{"target": "tunnel",
"action": "add-interface",
"interface": "wlan0",
"name": "WiFi",
"preset": "mobile",
"values": {"enabled": false}
}
| ||||||||||
setSets tunnel properties. See Tunnel Settings.
|
{"target": "tunnel",
"action": "set",
"values": {"maxConcurrentChannel": 2}
}
|
| values | JSON object with values to change. Required. |
{"target": "tunnel",
"action": "set-remote",
"values": {"maxConcurrentChannel": 2}
}
set-interface
Sets tunnel interface properties. See Tunnel Settings.
| index | Index of the channel. 0 for first created channel, 1 for second, etc.. | values | JSON object with values to change. |
{"target": "tunnel",
"action": "set-interface",
"index": 0,
"values": {"enabled": false}
}
set-remote-interface
Sets interface properties on the remote end. See Tunnel Settings.
| index | Index of the channel. 0 for first created channel, 1 for second, etc.. | values | JSON object with values to change. |
{"target": "tunnel",
"action": "set-remote-interface",
"index": 0,
"values": {"enabled": false}
}
set-preset
Applies a tunnel preset. See Presets for more info.
| name | Name of the tunnel preset. Required. |
{"target": "tunnel",
"action": "set-preset",
"preset": "Bonding"
}
set-ifname
Renames the virtual network tunnel interface.
| name | The name that the interface should be renamed to. Required. |
{"target": "tunnel",
"action": "set-ifname",
"name": "bondix0"
}
}
set-cert-check
Enables or disables verification of the server's SSL certificate. TODO: Which root cert dir is used when no custom root certificate is provided?
| enabled | Enables or disables SSL certificate verification. Required. |
{"target": "tunnel",
"action": "set-cert-check",
"enabled": true
}
}
set-root-ca
Specifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled.
| file | location of the public root certificate file. Required. |
{"target": "tunnel",
"action": "set-root-ca",
"file": "/etc/ssl/foobar.pub"
}
}
set-certificate
Loads a tunnel client certificate. See Certificates for further information.
| cert | location of the public certificate file. Required. |
| key | location of the private certificate key file. Required. |
{"target": "tunnel",
"action": "set-certificate",
"cert": "/etc/ssl/foobar.pem"
"key": "/etc/ssl/foobar.key"
}
embed-certs
A helper functions to embed tunnel & root certificate inside the configuration instead of an external file. Performs the same actions as set-certificate and set-root-ca combined.
| cert | The tunnel public certificate as string. Required. |
| key | The tunnel private certificate key as string. Required. |
| root | The public root certificate for server verification. Required. |
{"target": "tunnel",
"action": "embed-certs",
"cert": "...",
"key": "...",
"root": "..."
}
set-root-ca
Specifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled.
| file | location of the public root certificate file. Required. |
{"target": "tunnel",
"action": "set-root-ca",
"file": "/etc/ssl/foobar.pub"
}
}
delete
Resets the complete tunnel configuration, including interfaces.
{"target": "tunnel",
"action": "delete"
}
Interactive Commands
Interactive commands can be used to retrieve various information via the CLI socket. TODO: Add JSON responses
getReturns all tunnel settings. |
{"target": "tunnel",
"action": "get"
}
| ||
get-interfaceReturns settings for a specific interface.
|
{"target": "tunnel",
"action": "get-interface",
"index": 0
}
| ||
statusReturns various tunnel information. |
{"target": "tunnel",
"action": "status"
}
| ||
resetPerforms a disconnect & reconnect. |
{"target": "tunnel",
"action": "reset"
}
|
Running
The software can be run in the shell using /opt/bondix/client/saneclient, where it will run in the foreground. However, it is recommended to start the service automatically on startup, which can be different depending on the platform.
Parameters
--daemon |
Runs the software as a daemon. |
--nopid |
Does not attempt to create a pid-file at /var/run/saneclient.pid
|
--listflags |
Lists available feature flags |
--flags <FLAG1> <FLAG2>... |
Enables the specified flag(s). Multiple flags are separated using space. |
</path/to/filename.json> |
JSON configuration file that should be used |
Feature Flags
Feature flags are switches that enable certain features that are otherwise unavailable. These features are usually experimental and should be used with caution.
| useBlake | Switches from SHA256 to the "blake" hashing algorithm. Depending on architecture, this can slightly improve performance. |
| useBlake3 | Switches to the "blake3" hashing algorithm. Depending on architecture, this can slightly improve performance. |
| disableHash | Disables hashing completely, allowing potential MitM, with a vast speed improvement. |
| useMMSG | uses useMMSG linux socket API to send & receive multiple UDP packets at once. This improves performance under load, while stable there are some corner cases which can trigger error messages in the log. |
| channelRoutes | Makes the client create specific routes for each channel. Experimental, do not use. |
| bondingProxy | Enables the TCP Bonding Proxy. |
