interesting
/
linux-router
mirror of https://github.com/garywill/linux-router.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

wifi qr code

This commit is contained in:
garywill 2020-12-24 20:36:09 +08:00
parent d3eaf9c71b
commit 8c1c2f9d45
2 changed files with 109 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
README.md
View File

@ -14,11 +14,10 @@ Basic features:
- Provide Internet - Provide Internet
- DHCP server and RA - DHCP server and RA
- DNS server - DNS server
- IPv6 (NAT only for now) - IPv6 (behind NATed LAN, like IPv4)
- Creating Wifi hotspot: - Creating Wifi hotspot:
- Channel selecting - Channel selecting
- Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption - Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption
- Hidden SSID
- Create AP on the same interface you are getting Internet (require same channel) - Create AP on the same interface you are getting Internet (require same channel)
- Transparent proxy (redsocks) - Transparent proxy (redsocks)
- DNS proxy - DNS proxy
@ -64,49 +63,38 @@ Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container
### Provide Internet to an interface ### Provide Internet to an interface
``` ```
# lnxrouter -i eth1 sudo lnxrouter -i eth1
``` ```
### Provide an interface's Internet to another interface ### Provide an interface's Internet to another interface
``` ```
# lnxrouter -i eth1 -o vpn0 --dhcp-dns 1.1.1.1 sudo lnxrouter -i eth1 -o vpn0 --dhcp-dns 1.1.1.1
``` ```
> Read _Notice 1_
### Create Wifi hotspot ### Create Wifi hotspot
``` ```
# lnxrouter --ap wlan0 MyAccessPoint --password MyPassPhrase sudo lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
``` ```
### LAN without Internet ### LAN without Internet
``` ```
# lnxrouter -n -i eth1 sudo lnxrouter -n -i eth1
# lnxrouter -n --ap wlan0 MyAccessPoint --password MyPassPhrase sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
``` ```
### Transparent proxy with Tor > Read _Notice 1_
```
# lnxrouter -i eth1 --tp 9040 --dns 9053
```
In `torrc`
```
TransPort 0.0.0.0:9040
DNSPort 0.0.0.0:9053
TransPort [::]:9040
DNSPort [::]:9053
```
### Internet for LXC ### Internet for LXC
Create a bridge Create a bridge
``` ```
# brctl addbr lxcbr5 sudo brctl addbr lxcbr5
``` ```
In LXC container `config` In LXC container `config`
@ -119,22 +107,52 @@ lxc.network.hwaddr = xx:xx:xx:xx:xx:xx
``` ```
``` ```
# lnxrouter -i lxcbr5 sudo lnxrouter -i lxcbr5
``` ```
### Transparent proxy with Tor
```
sudo lnxrouter -i eth1 --tp 9040 --dns 9053 -g 192.168.55.1 --p6 fd00:5:6:7::
```
In `torrc`
```
TransPort 192.168.55.1:9040
DNSPort 192.168.55.1:9053
TransPort [fd00:5:6:7::1]:9040
DNSPort [fd00:5:6:7::1]:9053
```
### Clients-in-sandbox network
To not give our infomation to clients:
```
sudo lnxrouter -i eth1 \
--tp 9040 --dns 9053 \
--random-mac \
--ban-priv \
--catch-dns --log-dns # optional
```
> This script comes with no warrenty, use on your own risk
### Use as transparent proxy for LXD ### Use as transparent proxy for LXD
Create a bridge Create a bridge
``` ```
# brctl addbr lxdbr5 sudo brctl addbr lxdbr5
``` ```
Create and add LXD profile Create and add a new LXD profile overriding container's `eth0`
``` ```
$ lxc profile create profile5 lxc profile create profile5
$ lxc profile edit profile5 lxc profile edit profile5
### profile content ### ### profile content ###
config: {} config: {}
@ -147,33 +165,31 @@ devices:
type: nic type: nic
name: profile5 name: profile5
$ lxc profile add <container> profile5 lxc profile add <container> profile5
``` ```
That should make one container have 2 profiles. `profile5` will override container's`eth0`.
``` ```
# lnxrouter -i lxdbr5 --tp 9040 --dns 9053 sudo lnxrouter -i lxdbr5 --tp 9040 --dns 9053
``` ```
To remove that new profile from container To remove that new profile from container
``` ```
$ lxc profile remove <container> profile5 lxc profile remove <container> profile5
``` ```
#### To not use profile #### To not use profile
Add device `eth0` to container overriding default `eth0` Add new `eth0` to container overriding default `eth0`
``` ```
$ lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5 lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5
``` ```
To remove the customized `eth0` to restore default `eth0` To remove the customized `eth0` to restore default `eth0`
``` ```
$ lxc config device remove <container> eth0 lxc config device remove <container> eth0
``` ```
### Use as transparent proxy for VirtualBox ### Use as transparent proxy for VirtualBox
@ -181,7 +197,7 @@ $ lxc config device remove <container> eth0
On VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled. On VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled.
``` ```
# lnxrouter -i vboxnet5 --tp 9040 --dns 9053 sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
``` ```
### Use as transparent proxy for firejail ### Use as transparent proxy for firejail
@ -189,12 +205,12 @@ On VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP
Create a bridge Create a bridge
``` ```
# brctl addbr firejail5 sudo brctl addbr firejail5
``` ```
``` ```
# lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053 sudo lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053
$ firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd
``` ```
### CLI usage and other features ### CLI usage and other features
@ -220,7 +236,8 @@ Options:
--no4 Disable IPv4 Internet (not forwarding IPv4) --no4 Disable IPv4 Internet (not forwarding IPv4)
(See Notice 1). Usually used with '-6' (See Notice 1). Usually used with '-6'
--p6 <prefix> Set IPv6 prefix (length 64) (example: fd00:1:2:3::) --p6 <prefix> Set IPv6 LAN address prefix (length 64)
(example: fd00:1:2:3::) Using this enables '-6'
--dns <ip>|<port>|<ip:port> --dns <ip>|<port>|<ip:port>
DNS server's upstream DNS. DNS server's upstream DNS.
@ -256,6 +273,7 @@ Options:
Create Wifi access point Create Wifi access point
-p, --password <password> -p, --password <password>
Wifi password Wifi password
--qr Show Wifi QR code in terminal
--hidden Hide access point (not broadcast SSID) --hidden Hide access point (not broadcast SSID)
--no-virt Do not create virtual interface --no-virt Do not create virtual interface
@ -314,9 +332,13 @@ Options:
- iw - iw
- iwconfig (you only need this if 'iw' can not recognize your adapter) - iwconfig (you only need this if 'iw' can not recognize your adapter)
- haveged (optional) - haveged (optional)
- qrencode (opional)
## TODO ## TODO
- WPA3
- Global IPv6
- Refactor clients(neighbors) listing
- Explictly ban forwarding if not needed - Explictly ban forwarding if not needed
## Donate ## Donate

69
lnxrouter
View File

@ -33,7 +33,8 @@ Options:
--no4 Disable IPv4 Internet (not forwarding IPv4) --no4 Disable IPv4 Internet (not forwarding IPv4)
(See Notice 1). Usually used with '-6' (See Notice 1). Usually used with '-6'
--p6 <prefix> Set IPv6 prefix (length 64) (example: fd00:1:2:3::) --p6 <prefix> Set IPv6 LAN address prefix (length 64)
(example: fd00:1:2:3::) Using this enables '-6'
--dns <ip>|<port>|<ip:port> --dns <ip>|<port>|<ip:port>
DNS server's upstream DNS. DNS server's upstream DNS.
@ -69,6 +70,7 @@ Options:
Create Wifi access point Create Wifi access point
-p, --password <password> -p, --password <password>
Wifi password Wifi password
--qr Show Wifi QR code in terminal
--hidden Hide access point (not broadcast SSID) --hidden Hide access point (not broadcast SSID)
--no-virt Do not create virtual interface --no-virt Do not create virtual interface
@ -172,6 +174,7 @@ NO_HAVEGED=0
HOSTAPD_DEBUG_ARGS= HOSTAPD_DEBUG_ARGS=
USE_PSK=0 USE_PSK=0
ISOLATE_CLIENTS=0 ISOLATE_CLIENTS=0
QR=0
LIST_RUNNING=0 LIST_RUNNING=0
STOP_ID= STOP_ID=
@ -187,7 +190,7 @@ while [[ -n "$1" ]]; do
exit 0 exit 0
;; ;;
--version) --version)
echo $VERSION echo "$VERSION"
exit 0 exit 0
;; ;;
-i) -i)
@ -240,6 +243,7 @@ while [[ -n "$1" ]]; do
--p6) --p6)
shift shift
PREFIX6="$1" PREFIX6="$1"
IPV6=1
shift shift
;; ;;
--mac) --mac)
@ -315,6 +319,10 @@ while [[ -n "$1" ]]; do
PASSPHRASE="$1" PASSPHRASE="$1"
shift shift
;; ;;
--qr)
shift
QR=1
;;
--hidden) --hidden)
@ -437,8 +445,8 @@ sep_ip_port() {
local PORT local PORT
local INPUT local INPUT
INPUT="$1" INPUT="$1"
if (echo $INPUT | grep '\.' >/dev/null 2>&1) ;then if (echo "$INPUT" | grep '\.' >/dev/null 2>&1) ;then
if (echo $INPUT | grep ':' >/dev/null 2>&1) ;then if (echo "$INPUT" | grep ':' >/dev/null 2>&1) ;then
# ipv4 + port # ipv4 + port
IP="$(echo $INPUT | cut -d: -f1)" IP="$(echo $INPUT | cut -d: -f1)"
PORT="$(echo $INPUT | cut -d: -f2)" PORT="$(echo $INPUT | cut -d: -f2)"
@ -446,8 +454,8 @@ sep_ip_port() {
# ipv4 # ipv4
IP="$INPUT" IP="$INPUT"
fi fi
elif (echo $INPUT | grep '\]' >/dev/null 2>&1) ;then elif (echo "$INPUT" | grep '\]' >/dev/null 2>&1) ;then
if (echo $INPUT | grep '\]\:' >/dev/null 2>&1) ;then if (echo "$INPUT" | grep '\]\:' >/dev/null 2>&1) ;then
# ipv6 + port # ipv6 + port
IP="$(echo $INPUT | cut -d']' -f1 | cut -d'[' -f2)" IP="$(echo $INPUT | cut -d']' -f1 | cut -d'[' -f2)"
PORT="$(echo $INPUT | cut -d']' -f2 |cut -d: -f2)" PORT="$(echo $INPUT | cut -d']' -f2 |cut -d: -f2)"
@ -476,7 +484,7 @@ get_phy_device() { # only for wifi interface
for x in /sys/class/ieee80211/*; do for x in /sys/class/ieee80211/*; do
[[ ! -e "$x" ]] && continue [[ ! -e "$x" ]] && continue
if [[ "${x##*/}" = "$1" ]]; then if [[ "${x##*/}" = "$1" ]]; then
echo $1 echo "$1"
return 0 return 0
elif [[ -e "$x/device/net/$1" ]]; then elif [[ -e "$x/device/net/$1" ]]; then
echo ${x##*/} echo ${x##*/}
@ -601,7 +609,7 @@ alloc_new_iface() { # only for wifi
if ! is_interface ${v_iface_name} && [[ ! -f $COMMON_CONFDIR/ifaces/${v_iface_name} ]]; then if ! is_interface ${v_iface_name} && [[ ! -f $COMMON_CONFDIR/ifaces/${v_iface_name} ]]; then
mkdir -p $COMMON_CONFDIR/ifaces mkdir -p $COMMON_CONFDIR/ifaces
touch $COMMON_CONFDIR/ifaces/${v_iface_name} touch $COMMON_CONFDIR/ifaces/${v_iface_name}
echo ${v_iface_name} echo "${v_iface_name}"
return return
fi fi
i=$((i + 1)) i=$((i + 1))
@ -626,7 +634,7 @@ get_new_macaddr() {
NEWMAC="${OLDMAC%:*}:$(printf %02x $(( ($LAST_BYTE + $i) % 256 )))" NEWMAC="${OLDMAC%:*}:$(printf %02x $(( ($LAST_BYTE + $i) % 256 )))"
(get_all_macaddrs | grep "$NEWMAC" > /dev/null 2>&1) || break (get_all_macaddrs | grep "$NEWMAC" > /dev/null 2>&1) || break
done done
echo $NEWMAC echo "$NEWMAC"
} }
generate_random_mac() { generate_random_mac() {
@ -1094,7 +1102,7 @@ list_running_conf() {
local x local x
for x in $TMPDIR/lnxrouter.*; do for x in $TMPDIR/lnxrouter.*; do
if [[ -f $x/pid && -f $x/subn_iface && -d /proc/$(cat $x/pid) ]]; then if [[ -f $x/pid && -f $x/subn_iface && -d /proc/$(cat $x/pid) ]]; then
echo $x echo "$x"
fi fi
done done
} }
@ -1126,7 +1134,7 @@ get_confdir_from_pid() {
local IFACE x local IFACE x
for x in $(list_running_conf); do for x in $(list_running_conf); do
if [[ $(cat $x/pid) == "$1" ]]; then if [[ $(cat $x/pid) == "$1" ]]; then
echo $x echo "$x"
break break
fi fi
done done
@ -1138,8 +1146,8 @@ print_client_by_mac() {
if [[ -f $CONFDIR/dnsmasq.leases ]]; then if [[ -f $CONFDIR/dnsmasq.leases ]]; then
line=$(grep " $mac " $CONFDIR/dnsmasq.leases | tail -n 1) line=$(grep " $mac " $CONFDIR/dnsmasq.leases | tail -n 1)
ipaddr=$(echo $line | cut -d' ' -f3) ipaddr=$(echo "$line" | cut -d' ' -f3)
hostname=$(echo $line | cut -d' ' -f4) hostname=$(echo "$line" | cut -d' ' -f4)
fi fi
[[ -z "$ipaddr" ]] && ipaddr="*" [[ -z "$ipaddr" ]] && ipaddr="*"
@ -1155,9 +1163,9 @@ print_clients_in_leases() {
if [[ -f $CONFDIR/dnsmasq.leases ]]; then if [[ -f $CONFDIR/dnsmasq.leases ]]; then
while read line while read line
do do
mac=$(echo $line | cut -d' ' -f2) mac=$(echo "$line" | cut -d' ' -f2)
ipaddr=$(echo $line | cut -d' ' -f3) ipaddr=$(echo "$line" | cut -d' ' -f3)
hostname=$(echo $line | cut -d' ' -f4) hostname=$(echo "$line" | cut -d' ' -f4)
printf "%-20s %-18s %s\n" "MAC" "IP" "Hostname" printf "%-20s %-18s %s\n" "MAC" "IP" "Hostname"
printf "%-20s %-18s %s\n" "$mac" "$ipaddr" "$hostname" printf "%-20s %-18s %s\n" "$mac" "$ipaddr" "$hostname"
@ -1489,7 +1497,7 @@ else
SUBNET_IFACE=${TARGET_IFACE} SUBNET_IFACE=${TARGET_IFACE}
fi fi
echo $SUBNET_IFACE > $CONFDIR/subn_iface echo "$SUBNET_IFACE" > $CONFDIR/subn_iface
if [[ $WIFI_IFACE ]]; then if [[ $WIFI_IFACE ]]; then
@ -1637,7 +1645,7 @@ if [[ $NO_DNSMASQ -eq 0 ]]; then
fi fi
if [[ $DNS ]]; then if [[ $DNS ]]; then
DNS_count=$(echo $DNS | awk -F, '{print NF}') DNS_count=$(echo "$DNS" | awk -F, '{print NF}')
for (( i=1;i<=DNS_count;i++ )); do for (( i=1;i<=DNS_count;i++ )); do
sep_ip_port "$(echo $DNS | cut -d, -f$i)" DNS_IP DNS_PORT sep_ip_port "$(echo $DNS | cut -d, -f$i)" DNS_IP DNS_PORT
[[ "$DNS_PORT" ]] && DNS_PORT_D="#$DNS_PORT" [[ "$DNS_PORT" ]] && DNS_PORT_D="#$DNS_PORT"
@ -1684,7 +1692,7 @@ if [[ $WIFI_IFACE ]]; then
if [[ $NO_HAVEGED -eq 0 ]]; then if [[ $NO_HAVEGED -eq 0 ]]; then
haveged_watchdog & haveged_watchdog &
HAVEGED_WATCHDOG_PID=$! HAVEGED_WATCHDOG_PID=$!
echo $HAVEGED_WATCHDOG_PID > $CONFDIR/haveged_watchdog.pid echo "$HAVEGED_WATCHDOG_PID" > $CONFDIR/haveged_watchdog.pid
echo "haveged_watchdog PID: $HAVEGED_WATCHDOG_PID" echo "haveged_watchdog PID: $HAVEGED_WATCHDOG_PID"
fi fi
@ -1700,7 +1708,7 @@ if [[ $WIFI_IFACE ]]; then
# hostapd '-P' works only when use '-B' (run in background) # hostapd '-P' works only when use '-B' (run in background)
$STDBUF_PATH hostapd $HOSTAPD_DEBUG_ARGS -P $CONFDIR/hostapd.pid $CONFDIR/hostapd.conf & $STDBUF_PATH hostapd $HOSTAPD_DEBUG_ARGS -P $CONFDIR/hostapd.pid $CONFDIR/hostapd.conf &
HOSTAPD_PID=$! HOSTAPD_PID=$!
echo $HOSTAPD_PID > $CONFDIR/hostapd.pid echo "$HOSTAPD_PID" > $CONFDIR/hostapd.pid
echo "hostapd PID: $HOSTAPD_PID" echo "hostapd PID: $HOSTAPD_PID"
#while [[ ! -f $CONFDIR/hostapd.pid ]]; do #while [[ ! -f $CONFDIR/hostapd.pid ]]; do
# sleep 1 # sleep 1
@ -1794,12 +1802,31 @@ if [[ $NO_DNSMASQ -eq 0 ]]; then
fi fi
show_qr() {
local T S P H
S="$SSID"
if [[ -n "$PASSPHRASE" ]]; then
T="WPA"
P="$PASSPHRASE"
else
T="nopass"
fi
[[ "$HIDDEN" -eq 1 ]] && H="true"
echo "Scan QR code on phone to connect to WiFi"
qrencode -m 2 -t ANSIUTF8 "WIFI:T:${T};S:${S};P:${P};H:${H};"
echo "Use this command to save QR code to image file:"
echo " qrencode -m 2 -o <file> \"WIFI:T:${T};S:${S};P:${P};H:${H};\""
}
echo echo
echo "== Setting up completed, now linux-router is working ==" echo "== Setting up completed, now linux-router is working =="
[[ "$QR" -eq 1 ]] && show_qr
# need loop to keep this script running # need loop to keep this script running
bash -c "while :; do sleep 8000 ; done " & bash -c "while :; do sleep 8000 ; done " &
KEEP_RUNNING_PID=$! KEEP_RUNNING_PID=$!
echo $KEEP_RUNNING_PID > $CONFDIR/keep_running.pid echo "$KEEP_RUNNING_PID" > $CONFDIR/keep_running.pid
wait $KEEP_RUNNING_PID wait $KEEP_RUNNING_PID
clean_exit clean_exit