Client/OpenWRT

From Bondix Wiki
⚠️ Test version only - No commerial product!

Please reach out to consulting@sima.gmbh for the requirements to license and use Bondix on our own OpenWRT router platform!


The client can be installed manually on nearly any OpenWRT based router following the client installation guide. Things to notice:

Configuration Location

  • You should create your configuration at /etc/config/saneclient.json

init.d Script (etc/init.d/bondix)

#!/bin/sh /etc/rc.common

START=90
STOP=15

start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy /etc/config/saneclient.json
}

stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}

Use /etc/init.d/bondix enable to automatically start the client

UCI integration

  • You should create an interface in UCI. protocol=none, interface => sane's virtual interface (tun0), firewall zone => wan
  • make sure to set a custom public DNS server

Installation Script (WIP)

Code

#!/bin/sh
# SANE Configuration:
TUNNEL="TUNNELNAME"
TUNNELPASSWORD="TUNNELPASSWORD"
ENDPOINT="127.0.0.2"

# -------------------------------------------------------------------------------

# install directory
INSTALLDIR="/opt/bondix"

# version to download
CURRENTVERSION="https://releases.bondix.dev/files/saneclient-armv7-20210616-b7f5cab8.tar.gz"

# location of saneclient config
CONFIGLOCATION="/etc/config/saneclient.json"

set -e

echo Downloading \& Installing...
echo ---------------------------

mkdir -p $INSTALLDIR
cd $INSTALLDIR
curl -o sane.tar.gz $CURRENTVERSION
tar -xvzf sane.tar.gz
rm sane.tar.gz

echo
echo Creating start Script
echo ---------------------

cat <<EOT >> /etc/init.d/bondix
#!/bin/sh /etc/rc.common

START=90
STOP=15

start() {
    /opt/bondix/client/saneclient --daemon --flags disableHash useMMSG bondingProxy $CONFIGLOCATION
}

stop() {
    /opt/bondix/client/bndutil shutdown
    sleep 1
}
EOT
chmod a+x /etc/init.d/bondix
#/etc/init.d/bondix enable

if [ ! -f $CONFIGLOCATION ]; then
echo
echo Creating SANE configuration
echo ---------------------------
cat <<EOT >> $CONFIGLOCATION
[
  {"action": "create", "target": "tunnel", "name": "$TUNNEL", "password": "$TUNNELPASSWORD"},
  {"action": "add-server", "target": "tunnel", "host": "$ENDPOINT", "port": "443"},
  {"action": "create-interfaces", "target": "tunnel", "interfaces": {
    "eth1": "mobile",
    "qmimux0": "mobile",
    "qmimux8": "mobile"
  }},
  {"target": "tunnel", "action": "set-preset", "preset": "bonding"},
  {"target": "tunnel", "action": "set", "values": {"advancedSettings": {"maxFlowCount": 16, "maxFlowQueueLength": 30000, "buffers": {"packetCacheSize": 35000}}}},
  {"target": "tunnel", "action": "enable-proxy", "host": "0.0.0.0", "port": "18080"},
  {"target": "system", "action": "set-webinterface", "host": "0.0.0.0", "port": "8088"}
]
EOT
fi

cat <<EOT >> $INSTALLDIR/enable-bondingproxy.sh
#!/bin/sh
iptables -t nat -N BONDIX
iptables -t nat -A BONDIX -d 0.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 10.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 100.64.0.0/10 -j RETURN
iptables -t nat -A BONDIX -d 127.0.0.0/8 -j RETURN
iptables -t nat -A BONDIX -d 169.254.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 172.16.0.0/12 -j RETURN
iptables -t nat -A BONDIX -d 192.168.0.0/16 -j RETURN
iptables -t nat -A BONDIX -d 198.18.0.0/15 -j RETURN
iptables -t nat -A BONDIX -d 224.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -d 240.0.0.0/4 -j RETURN
iptables -t nat -A BONDIX -p tcp -j REDIRECT --to-ports 18080
iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j BONDIX
EOT
chmod a+x $INSTALLDIR/enable-bondingproxy.sh


/etc/init.d/bondix start

echo
echo Done! 👍

ToDo

  • UCI Interface Creation
  • Firewall Adjustments
Retrieved from "https://wiki.bondix.dev/index.php?title=Client/OpenWRT&oldid=713"