Client/OpenWRT: Difference between revisions

From Bondix Wiki
(Created page with "The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice: = Configuration Location = * You...")
 
No edit summary
Line 24: Line 24:
* You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
* You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
* make sure to set a custom public DNS server
* make sure to set a custom public DNS server
= Installation Script (WIP) =
== Code ==
<nowiki>#!/bin/sh
# SANE Configuration:
TUNNEL="TUNNELNAME"
TUNNELPASSWORD="TUNNELPASSWORD"
ENDPOINT="127.0.0.2"
# -------------------------------------------------------------------------------
# install directory
INSTALLDIR="/opt/bondix"
# version to download
CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz"
# location of saneclient config
CONFIGLOCATION="/etc/config/saneclient.json"
set -e
echo Downloading \& Installing...
echo ---------------------------
mkdir -p $INSTALLDIR
cd $INSTALLDIR
curl -o sane.tar.gz $CURRENTVERSION
tar -xvzf sane.tar.gz
rm sane.tar.gz
echo
echo Creating start Script
echo ---------------------
cat <<EOT >> /etc/init.d/bondix
#!/bin/sh /etc/rc.common
START=90
STOP=15
start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION
}
stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}
EOT
chmod a+x /etc/init.d/bondix
#/etc/init.d/bondix enable
if [ ! -f $CONFIGLOCATION ]; then
echo
echo Creating SANE configuration
echo ---------------------------
cat <<EOT >> $CONFIGLOCATION
[
  {"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"},
  {"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"},
  {"action": "create-interfaces", "target": "tunnel", "interfaces": {
    "eth1": "mobile",
    "qmimux0": "mobile",
    "qmimux8": "mobile"
  }},
  {"target": "tunnel", "action": "set-preset", "preset": "bonding"},
  {"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}},
  {"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"},
  {"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"}
]
EOT
fi
cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh
#!/bin/sh
iptables -t nat -N BONDIX
iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN
iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN
iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN
iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080
iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX
EOT
chmod a+x $INSTALLDIR/enable-bondingproxy.sh
/etc/init.d/bondix start
echo
echo Done! 👍</nowiki>
== ToDo ==
* UCI Interface Creation
* Firewall Adjustments

Revision as of 12:26, 28 June 2021

The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice:

Configuration Location

  • You should create your configuration at /etc/config/saneclient.json

init.d Script (etc/init.d/bondix)

#!/bin/sh /etc/rc.common

START=90
STOP=15

start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy /etc/config/saneclient.json
}

stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}

Use /etc/init.d/bondix enable to automatically start the client

UCI integration

  • You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
  • make sure to set a custom public DNS server

Installation Script (WIP)

Code

#!/bin/sh
# SANE Configuration:
TUNNEL="TUNNELNAME"
TUNNELPASSWORD="TUNNELPASSWORD"
ENDPOINT="127.0.0.2"

# -------------------------------------------------------------------------------

# install directory
INSTALLDIR="/opt/bondix"

# version to download
CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz"

# location of saneclient config
CONFIGLOCATION="/etc/config/saneclient.json"

set -e

echo Downloading \& Installing...
echo ---------------------------

mkdir -p $INSTALLDIR
cd $INSTALLDIR
curl -o sane.tar.gz $CURRENTVERSION
tar -xvzf sane.tar.gz
rm sane.tar.gz

echo
echo Creating start Script
echo ---------------------

cat <<EOT >> /etc/init.d/bondix
#!/bin/sh /etc/rc.common

START=90
STOP=15

start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION
}

stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}
EOT
chmod a+x /etc/init.d/bondix
#/etc/init.d/bondix enable

if [ ! -f $CONFIGLOCATION ]; then
echo
echo Creating SANE configuration
echo ---------------------------
cat <<EOT >> $CONFIGLOCATION
[
  {"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"},
  {"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"},
  {"action": "create-interfaces", "target": "tunnel", "interfaces": {
    "eth1": "mobile",
    "qmimux0": "mobile",
    "qmimux8": "mobile"
  }},
  {"target": "tunnel", "action": "set-preset", "preset": "bonding"},
  {"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}},
  {"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"},
  {"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"}
]
EOT
fi

cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh
#!/bin/sh
iptables -t nat -N BONDIX
iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN
iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN
iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN
iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080
iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX
EOT
chmod a+x $INSTALLDIR/enable-bondingproxy.sh


/etc/init.d/bondix start

echo
echo Done! 👍

ToDo

  • UCI Interface Creation
  • Firewall Adjustments