Client Configuration
Configuration is done using JSON commands. These can either be sent via a raw TCP socket (localhost:5113), or written to a configuration file (in a json-array) that is parsed on start-up.
By default, SANE checks for the existence of a configuration file in its installation directory (e.g. /opt/bondix/client/saneclient.json
) and at /etc/saneclient.json
. If you want SANE to load a configuration from a different location, you can specify it using a command line parameter.
Quick Start
This example provides the minimal necessities to get a tunnel up and running:
[ {"action": "create", "target": "tunnel", "name": "TUNNELNAME", "password": "TUNNELPASSWORD"}, {"action": "add-server", "target": "tunnel", "host": "ENDPOINTSERVER", "port": "443"}, {"action": "create-interfaces", "target": "tunnel", "interfaces": { "eth1": "mobileAggressive", "wwan0": "mobileAggressive", "wwan1": "mobileAggressive" }}, {"target": "tunnel", "action": "set-preset", "preset": "bonding"} ]
Commands
A JSON command has the following structure:
{"target": "<module>", "action": "<command>", [...additional values...]}
, where <module> specifies the configuration submodule and <command> specifies what should be done.
Tunnel Commands
createSets up basic tunnel configuration.
|
{"target": "tunnel", "action": "create", "name": "MyTunnel", "password: "1234", "server": "10.0.0.1", "interfaceName": "bndx0", "values": {...} } | ||||||||||
add-serverAdds a endpoint server. If multiple servers are added, the client will cycle through them until a connection has been established successfully.
|
{"target": "tunnel", "action": "add-server", "host": "10.0.0.1", "port": "443" } | ||||||||||
create-interfacesCreates channels for the specified interfaces using presets.
|
{"target": "tunnel", "action": "create-interfaces", "interfaces": { "wwan0": "mobile", "eth1": "ethernet" } } | ||||||||||
add-interfaceAdds a single interface to the tunnel.
|
{"target": "tunnel", "action": "add-interface", "interface": "wlan0", "name": "WiFi", "preset": "mobile", "values": {"enabled": false} } | ||||||||||
enable-layer2Adds a single interface to the tunnel.
|
{ "target": "tunnel", "action": "enable-layer2", "bridge": "br-lan", "tapname": "bondixTap0" } | ||||||||||
enable-proxyEnables Bonding Proxy.
|
{ "target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080" } | ||||||||||
quicksetupSets up client using a base64 encoded JSON string containing connection info. JSON must be in this format: {"t":"TUNNELNAME", "p":"TUNNELPASSWORD", "s": "SERVER"}
|
{"target": "tunnel", "action": "quicksetup", "data": "..." } } | ||||||||||
setSets tunnel properties. See Tunnel Settings.
|
{"target": "tunnel", "action": "set", "values": {"maxConcurrentChannel": 2} } | ||||||||||
set-metaAllows to add custom information that is shown on the server's tunnel status page. It has no further effect.
|
{ "target": "tunnel", "action": "set-meta", "data": {"location": "Test Lab", "customer": "Evil Corp"} } | ||||||||||
set-remoteSets tunnel properties on the remote end. See Tunnel Settings.
|
{"target": "tunnel", "action": "set-remote", "values": {"maxConcurrentChannel": 2} } | ||||||||||
set-interfaceSets tunnel interface properties. See Tunnel Settings.
|
{"target": "tunnel", "action": "set-interface", "index": 0, "values": {"enabled": false} } | ||||||||||
set-remote-interfaceSets interface properties on the remote end. See Tunnel Settings.
|
{"target": "tunnel", "action": "set-remote-interface", "index": 0, "values": {"enabled": false} } | ||||||||||
set-presetApplies a tunnel preset. See Presets for more info.
|
{"target": "tunnel", "action": "set-preset", "preset": "Bonding" } | ||||||||||
set-ifnameRenames the virtual network tunnel interface.
|
{"target": "tunnel", "action": "set-ifname", "name": "bondix0" } } | ||||||||||
set-cert-checkEnables or disables verification of the server's SSL certificate. TODO: Which root cert dir is used when no custom root certificate is provided?
|
{"target": "tunnel", "action": "set-cert-check", "enabled": true } } | ||||||||||
set-root-caSpecifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled.
|
{"target": "tunnel", "action": "set-root-ca", "file": "/etc/ssl/foobar.pub" } } | ||||||||||
set-certificateLoads a tunnel client certificate. See Certificates for further information.
|
{"target": "tunnel", "action": "set-certificate", "cert": "/etc/ssl/foobar.pem" "key": "/etc/ssl/foobar.key" } | ||||||||||
embed-certsA helper functions to embed tunnel & root certificate inside the configuration instead of an external file. Performs the same actions as set-certificate and set-root-ca combined.
|
{"target": "tunnel", "action": "embed-certs", "cert": "...", "key": "...", "root": "..." } | ||||||||||
set-root-caSpecifies a root certificate that can be used to verify the authenticity of the remote server. When used, SSL server verification will be automatically enabled.
|
{"target": "tunnel", "action": "set-root-ca", "file": "/etc/ssl/foobar.pub" } } | ||||||||||
deleteResets the complete tunnel configuration, including interfaces. |
{"target": "tunnel", "action": "delete" } |
Interactive Commands
Interactive commands can be used to interact with the tunnel and retrieve various information via the CLI socket. TODO: Add JSON responses
getReturns all tunnel settings. |
{"target": "tunnel", "action": "get" } | ||
get-interfaceReturns settings for a specific interface.
|
{"target": "tunnel", "action": "get-interface", "index": 0 } | ||
statusReturns current tunnel information. |
{"target": "tunnel", "action": "status" } | ||
resetPerforms a disconnect & reconnect. |
{"target": "tunnel", "action": "reset" } |
System Commands
shutdownShuts down the client and terminates. |
{ "target": "system", "action": "shutdown" } | ||||||||||||
set-logEnables logging to file or changes output file.
|
{ "target": "system", "action": "set-log", "file": "/var/log/saneclient.log", "fileMode": "append" } | ||||||||||||
set-script-pathChanges the directory that points towards the client scripts. (/opt/bondix/client/scripts by default)
|
{ "target": "system", "action": "set-script-path", "path": "/etc/bondix/scripts" } | ||||||||||||
set-webinterfaceEnables the integrated webserver & debug webinterface.
|
{ "target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "80", "allowConfig": false, "allowMonitor": true, "configApiKey": "123456", "webroot": "/tmp/" } |