interesting
/
linux-router
mirror of https://github.com/garywill/linux-router.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

wifi qr code

This commit is contained in:
garywill 2020-12-24 20:36:09 +08:00
parent d3eaf9c71b
commit 8c1c2f9d45
2 changed files with 109 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
README.md
View File

@ -14,11 +14,10 @@ Basic features:
- Provide Internet
- DHCP server and RA
- DNS server
- IPv6 (NAT only for now)
- IPv6 (behind NATed LAN, like IPv4)
- Creating Wifi hotspot:
- Channel selecting
- Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption
- Hidden SSID
- Create AP on the same interface you are getting Internet (require same channel)
- Transparent proxy (redsocks)
- DNS proxy
@ -64,49 +63,38 @@ Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container
### Provide Internet to an interface
```
# lnxrouter -i eth1
sudo lnxrouter -i eth1
```
### Provide an interface's Internet to another interface
```
# lnxrouter -i eth1 -o vpn0 --dhcp-dns 1.1.1.1
sudo lnxrouter -i eth1 -o vpn0 --dhcp-dns 1.1.1.1
```
> Read _Notice 1_
### Create Wifi hotspot
```
# lnxrouter --ap wlan0 MyAccessPoint --password MyPassPhrase
sudo lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
```
### LAN without Internet
```
# lnxrouter -n -i eth1
# lnxrouter -n --ap wlan0 MyAccessPoint --password MyPassPhrase
sudo lnxrouter -n -i eth1
sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
```
### Transparent proxy with Tor
> Read _Notice 1_
```
# lnxrouter -i eth1 --tp 9040 --dns 9053
```
In `torrc`
```
TransPort 0.0.0.0:9040
DNSPort 0.0.0.0:9053
TransPort [::]:9040
DNSPort [::]:9053
```
### Internet for LXC
Create a bridge
```
# brctl addbr lxcbr5
sudo brctl addbr lxcbr5
```
In LXC container `config`
@ -119,22 +107,52 @@ lxc.network.hwaddr = xx:xx:xx:xx:xx:xx
```
```
# lnxrouter -i lxcbr5
sudo lnxrouter -i lxcbr5
```
### Transparent proxy with Tor
```
sudo lnxrouter -i eth1 --tp 9040 --dns 9053 -g 192.168.55.1 --p6 fd00:5:6:7::
```
In `torrc`
```
TransPort 192.168.55.1:9040
DNSPort 192.168.55.1:9053
TransPort [fd00:5:6:7::1]:9040
DNSPort [fd00:5:6:7::1]:9053
```
### Clients-in-sandbox network
To not give our infomation to clients:
```
sudo lnxrouter -i eth1 \
--tp 9040 --dns 9053 \
--random-mac \
--ban-priv \
--catch-dns --log-dns # optional
```
> This script comes with no warrenty, use on your own risk
### Use as transparent proxy for LXD
Create a bridge
```
# brctl addbr lxdbr5
sudo brctl addbr lxdbr5
```
Create and add LXD profile
Create and add a new LXD profile overriding container's `eth0`
```
$ lxc profile create profile5
$ lxc profile edit profile5
lxc profile create profile5
lxc profile edit profile5
### profile content ###
config: {}
@ -147,33 +165,31 @@ devices:
type: nic
name: profile5
$ lxc profile add <container> profile5
lxc profile add <container> profile5
```
That should make one container have 2 profiles. `profile5` will override container's`eth0`.
```
# lnxrouter -i lxdbr5 --tp 9040 --dns 9053
sudo lnxrouter -i lxdbr5 --tp 9040 --dns 9053
```
To remove that new profile from container
```
$ lxc profile remove <container> profile5
lxc profile remove <container> profile5
```
#### To not use profile
Add device `eth0` to container overriding default `eth0`
Add new `eth0` to container overriding default `eth0`
```
$ lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5
lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5
```
To remove the customized `eth0` to restore default `eth0`
```
$ lxc config device remove <container> eth0
lxc config device remove <container> eth0
```
### Use as transparent proxy for VirtualBox
@ -181,7 +197,7 @@ $ lxc config device remove <container> eth0
On VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled.
```
# lnxrouter -i vboxnet5 --tp 9040 --dns 9053
sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
```
### Use as transparent proxy for firejail
@ -189,12 +205,12 @@ On VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP
Create a bridge
```
# brctl addbr firejail5
sudo brctl addbr firejail5
```
```
# lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053
$ firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd
sudo lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053
firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd
```
### CLI usage and other features
@ -220,7 +236,8 @@ Options:
--no4 Disable IPv4 Internet (not forwarding IPv4)
(See Notice 1). Usually used with '-6'
--p6 <prefix> Set IPv6 prefix (length 64) (example: fd00:1:2:3::)
--p6 <prefix> Set IPv6 LAN address prefix (length 64)
(example: fd00:1:2:3::) Using this enables '-6'
--dns <ip>|<port>|<ip:port>
DNS server's upstream DNS.
@ -256,6 +273,7 @@ Options:
Create Wifi access point
-p, --password <password>
Wifi password
--qr Show Wifi QR code in terminal
--hidden Hide access point (not broadcast SSID)
--no-virt Do not create virtual interface
@ -314,9 +332,13 @@ Options:
- iw
- iwconfig (you only need this if 'iw' can not recognize your adapter)
- haveged (optional)
- qrencode (opional)
## TODO
- WPA3
- Global IPv6
- Refactor clients(neighbors) listing
- Explictly ban forwarding if not needed
## Donate

69
lnxrouter
View File

@ -33,7 +33,8 @@ Options:
--no4 Disable IPv4 Internet (not forwarding IPv4)
(See Notice 1). Usually used with '-6'
--p6 <prefix> Set IPv6 prefix (length 64) (example: fd00:1:2:3::)
--p6 <prefix> Set IPv6 LAN address prefix (length 64)
(example: fd00:1:2:3::) Using this enables '-6'
--dns <ip>|<port>|<ip:port>
DNS server's upstream DNS.
@ -69,6 +70,7 @@ Options:
Create Wifi access point
-p, --password <password>
Wifi password
--qr Show Wifi QR code in terminal
--hidden Hide access point (not broadcast SSID)
--no-virt Do not create virtual interface
@ -172,6 +174,7 @@ NO_HAVEGED=0
HOSTAPD_DEBUG_ARGS=
USE_PSK=0
ISOLATE_CLIENTS=0
QR=0
LIST_RUNNING=0
STOP_ID=
@ -187,7 +190,7 @@ while [[ -n "$1" ]]; do
exit 0
;;
--version)
echo $VERSION
echo "$VERSION"
exit 0
;;
-i)
@ -240,6 +243,7 @@ while [[ -n "$1" ]]; do
--p6)
shift
PREFIX6="$1"
IPV6=1
shift
;;
--mac)
@ -315,6 +319,10 @@ while [[ -n "$1" ]]; do
PASSPHRASE="$1"
shift
;;
--qr)
shift
QR=1
;;
--hidden)
@ -437,8 +445,8 @@ sep_ip_port() {
local PORT
local INPUT
INPUT="$1"
if (echo $INPUT | grep '\.' >/dev/null 2>&1) ;then
if (echo $INPUT | grep ':' >/dev/null 2>&1) ;then
if (echo "$INPUT" | grep '\.' >/dev/null 2>&1) ;then
if (echo "$INPUT" | grep ':' >/dev/null 2>&1) ;then
# ipv4 + port
IP="$(echo $INPUT | cut -d: -f1)"
PORT="$(echo $INPUT | cut -d: -f2)"
@ -446,8 +454,8 @@ sep_ip_port() {
# ipv4
IP="$INPUT"
fi
elif (echo $INPUT | grep '\]' >/dev/null 2>&1) ;then
if (echo $INPUT | grep '\]\:' >/dev/null 2>&1) ;then
elif (echo "$INPUT" | grep '\]' >/dev/null 2>&1) ;then
if (echo "$INPUT" | grep '\]\:' >/dev/null 2>&1) ;then
# ipv6 + port
IP="$(echo $INPUT | cut -d']' -f1 | cut -d'[' -f2)"
PORT="$(echo $INPUT | cut -d']' -f2 |cut -d: -f2)"
@ -476,7 +484,7 @@ get_phy_device() { # only for wifi interface
for x in /sys/class/ieee80211/*; do
[[ ! -e "$x" ]] && continue
if [[ "${x##*/}" = "$1" ]]; then
echo $1
echo "$1"
return 0
elif [[ -e "$x/device/net/$1" ]]; then
echo ${x##*/}
@ -601,7 +609,7 @@ alloc_new_iface() { # only for wifi
if ! is_interface ${v_iface_name} && [[ ! -f $COMMON_CONFDIR/ifaces/${v_iface_name} ]]; then
mkdir -p $COMMON_CONFDIR/ifaces
touch $COMMON_CONFDIR/ifaces/${v_iface_name}
echo ${v_iface_name}
echo "${v_iface_name}"
return
fi
i=$((i + 1))
@ -626,7 +634,7 @@ get_new_macaddr() {
NEWMAC="${OLDMAC%:*}:$(printf %02x $(( ($LAST_BYTE + $i) % 256 )))"
(get_all_macaddrs | grep "$NEWMAC" > /dev/null 2>&1) || break
done
echo $NEWMAC
echo "$NEWMAC"
}
generate_random_mac() {
@ -1094,7 +1102,7 @@ list_running_conf() {
local x
for x in $TMPDIR/lnxrouter.*; do
if [[ -f $x/pid && -f $x/subn_iface && -d /proc/$(cat $x/pid) ]]; then
echo $x
echo "$x"
fi
done
}
@ -1126,7 +1134,7 @@ get_confdir_from_pid() {
local IFACE x
for x in $(list_running_conf); do
if [[ $(cat $x/pid) == "$1" ]]; then
echo $x
echo "$x"
break
fi
done
@ -1138,8 +1146,8 @@ print_client_by_mac() {
if [[ -f $CONFDIR/dnsmasq.leases ]]; then
line=$(grep " $mac " $CONFDIR/dnsmasq.leases | tail -n 1)
ipaddr=$(echo $line | cut -d' ' -f3)
hostname=$(echo $line | cut -d' ' -f4)
ipaddr=$(echo "$line" | cut -d' ' -f3)
hostname=$(echo "$line" | cut -d' ' -f4)
fi
[[ -z "$ipaddr" ]] && ipaddr="*"
@ -1155,9 +1163,9 @@ print_clients_in_leases() {
if [[ -f $CONFDIR/dnsmasq.leases ]]; then
while read line
do
mac=$(echo $line | cut -d' ' -f2)
ipaddr=$(echo $line | cut -d' ' -f3)
hostname=$(echo $line | cut -d' ' -f4)
mac=$(echo "$line" | cut -d' ' -f2)
ipaddr=$(echo "$line" | cut -d' ' -f3)
hostname=$(echo "$line" | cut -d' ' -f4)
printf "%-20s %-18s %s\n" "MAC" "IP" "Hostname"
printf "%-20s %-18s %s\n" "$mac" "$ipaddr" "$hostname"
@ -1489,7 +1497,7 @@ else
SUBNET_IFACE=${TARGET_IFACE}
fi
echo $SUBNET_IFACE > $CONFDIR/subn_iface
echo "$SUBNET_IFACE" > $CONFDIR/subn_iface
if [[ $WIFI_IFACE ]]; then
@ -1637,7 +1645,7 @@ if [[ $NO_DNSMASQ -eq 0 ]]; then
fi
if [[ $DNS ]]; then
DNS_count=$(echo $DNS | awk -F, '{print NF}')
DNS_count=$(echo "$DNS" | awk -F, '{print NF}')
for (( i=1;i<=DNS_count;i++ )); do
sep_ip_port "$(echo $DNS | cut -d, -f$i)" DNS_IP DNS_PORT
[[ "$DNS_PORT" ]] && DNS_PORT_D="#$DNS_PORT"
@ -1684,7 +1692,7 @@ if [[ $WIFI_IFACE ]]; then
if [[ $NO_HAVEGED -eq 0 ]]; then
haveged_watchdog &
HAVEGED_WATCHDOG_PID=$!
echo $HAVEGED_WATCHDOG_PID > $CONFDIR/haveged_watchdog.pid
echo "$HAVEGED_WATCHDOG_PID" > $CONFDIR/haveged_watchdog.pid
echo "haveged_watchdog PID: $HAVEGED_WATCHDOG_PID"
fi
@ -1700,7 +1708,7 @@ if [[ $WIFI_IFACE ]]; then
# hostapd '-P' works only when use '-B' (run in background)
$STDBUF_PATH hostapd $HOSTAPD_DEBUG_ARGS -P $CONFDIR/hostapd.pid $CONFDIR/hostapd.conf &
HOSTAPD_PID=$!
echo $HOSTAPD_PID > $CONFDIR/hostapd.pid
echo "$HOSTAPD_PID" > $CONFDIR/hostapd.pid
echo "hostapd PID: $HOSTAPD_PID"
#while [[ ! -f $CONFDIR/hostapd.pid ]]; do
# sleep 1
@ -1794,12 +1802,31 @@ if [[ $NO_DNSMASQ -eq 0 ]]; then
fi
show_qr() {
local T S P H
S="$SSID"
if [[ -n "$PASSPHRASE" ]]; then
T="WPA"
P="$PASSPHRASE"
else
T="nopass"
fi
[[ "$HIDDEN" -eq 1 ]] && H="true"
echo "Scan QR code on phone to connect to WiFi"
qrencode -m 2 -t ANSIUTF8 "WIFI:T:${T};S:${S};P:${P};H:${H};"
echo "Use this command to save QR code to image file:"
echo " qrencode -m 2 -o <file> \"WIFI:T:${T};S:${S};P:${P};H:${H};\""
}
echo
echo "== Setting up completed, now linux-router is working =="
[[ "$QR" -eq 1 ]] && show_qr
# need loop to keep this script running
bash -c "while :; do sleep 8000 ; done " &
KEEP_RUNNING_PID=$!
echo $KEEP_RUNNING_PID > $CONFDIR/keep_running.pid
echo "$KEEP_RUNNING_PID" > $CONFDIR/keep_running.pid
wait $KEEP_RUNNING_PID
clean_exit