├── LICENSE ├── fwd ├── hotspot ├── noderedsetup └── readme.md /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 . 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /fwd: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set +e 3 | fwdversion="V0.2" 4 | opt1="$1" 5 | opt2="$2" 6 | opt3="$3" 7 | opt4="$4" 8 | 9 | RED="\033[0;31m" 10 | GREEN="\033[0;32m" 11 | NC="\033[0m" # No Color 12 | 13 | # setup for firewalld 14 | # flags: noFW INPUTaccept LOaccept ssh authelia ZeroConfig web LogDrop UPnP hostapd icmpvisible 15 | 16 | # defs 17 | perm="--permanent" 18 | permap="--permanent" 19 | zone="--zone=public" 20 | zoneap="--zone=trusted" 21 | ifap="ap0" 22 | ap_iptsubn="10.3.141.0/24" 23 | noif="lo $ifap" 24 | actn="add" 25 | if [ "$opt2" == "delete" ] || [ "$opt2" == "remove" ]; then actn="remove"; fi 26 | 27 | function mark { 28 | export $1=`pwd`; 29 | } 30 | 31 | function _msg { 32 | echo -e `date +"%Y-%m-%d %T"` "$1" 33 | } 34 | 35 | function _stamp { 36 | _msg "$1$2 ##########################################################################" 37 | } 38 | 39 | function IPT_noFW { 40 | _msg "FWD $1 filter: noFW $2 $3" 41 | rm -rf /etc/firewalld/zones 42 | # Purge old iptables rules 43 | iptables -t nat -F 44 | iptables -t mangle -F 45 | iptables -t nat -X 46 | iptables -t mangle -X 47 | iptables -t raw -F 48 | iptables -t raw -X 49 | for i in $(iptables -S | awk '{print $2}' | uniq ); do iptables -F $i && iptables -Z $i && iptables -X $i ; done 50 | # iptables -F 51 | # iptables -Z 52 | # iptables -X 53 | iptables-save > /etc/iptables/rules.v4 54 | ip6tables-save > /etc/iptables/rules.v6 55 | systemctl restart firewalld 56 | systemctl restart nginx 57 | return $? 58 | } 59 | 60 | function FWD_IFadd { 61 | _msg "FWD $1 filter: IFadd $2 $3" 62 | ret=1 63 | for i in $( ifconfig -a | sed 's/[ \t].*//;/^\(\)$/d' | awk -F ":" '{ print $1 }' ); do 64 | if [[ "$noif" != *"$i"* ]]; then 65 | _msg " add iface $i to $zone" 66 | firewall-cmd $perm $zone --change-interface=$i 67 | ret=$? 68 | fi 69 | done 70 | return $ret 71 | } 72 | 73 | function IPT_notICMPvisible { 74 | _msg "FWD $1 filter: notICMPvisible $2 $3" 75 | firewall-cmd $3 $2 --$1-icmp-block=echo-request 76 | return $? 77 | } 78 | 79 | function IPT_web { 80 | _msg "FWD $1 filter: web $2 $3" 81 | firewall-cmd $3 $2 --$1-service=http --$1-service=https 82 | return $? 83 | } 84 | 85 | function IPT_sambaclient { 86 | _msg "FWD $1 filter: sambaclient $2 $3" 87 | firewall-cmd $3 $2 --$1-service=samba-client 88 | return $? 89 | } 90 | 91 | function IPT_samba { 92 | _msg "FWD $1 filter: samba $2 $3" 93 | firewall-cmd $3 $2 --$1-service=samba 94 | return $? 95 | } 96 | 97 | function IPT_mqtt { 98 | _msg "FWD $1 filter: mqtt $2 $3" 99 | firewall-cmd $3 $2 --$1-service=mqtt --$1-service=mqtt-tls 100 | return $? 101 | } 102 | 103 | function IPT_mqttws { 104 | _msg "FWD $1 filter: mqttws $2 $3" 105 | firewall-cmd $3 $2 --$1-port=9001/tcp 106 | return $? 107 | } 108 | 109 | function IPT_DNS { 110 | _msg "FWD $1 filter: DNS $2 $3" 111 | firewall-cmd $3 $2 --$1-service=dns 112 | return $? 113 | } 114 | 115 | function IPT_ssh { 116 | _msg "FWD $1 filter: ssh $2 $3" 117 | firewall-cmd $3 $2 --$1-service=ssh 118 | return $? 119 | } 120 | 121 | function IPT_mosh { 122 | _msg "FWD $1 filter: mosh $2 $3" 123 | firewall-cmd $3 $2 --$1-service=mosh 124 | return $? 125 | } 126 | 127 | function IPT_rdp { 128 | _msg "FWD $1 filter: rdp $2 $3" 129 | firewall-cmd $3 $2 --$1-service=rdp 130 | return $? 131 | } 132 | 133 | function IPT_rsync { 134 | _msg "FWD $1 filter: rsync $2 $3" 135 | firewall-cmd $3 $2 --$1-service=rsyncd 136 | return $? 137 | } 138 | 139 | function IPT_CUPS { 140 | _msg "FWD $1 filter: CUPS $2 $3" 141 | firewall-cmd $3 $2 --$1-service=ipp 142 | return $? 143 | } 144 | 145 | function IPT_openVPN { 146 | _msg "FWD $1 filter: openVPN $2 $3" 147 | firewall-cmd $3 $2 --$1-service=openvpn 148 | return $? 149 | } 150 | 151 | function IPT_NTP { 152 | _msg "FWD $1 filter: NTP $2 $3" 153 | firewall-cmd $3 $2 --$1-service=ntp 154 | return $? 155 | } 156 | 157 | function IPT_cntlm { 158 | _msg "FWD $1 filter: cntlm $2 $3" 159 | firewall-cmd $3 $2 --$1-service=squid 160 | return $? 161 | } 162 | 163 | function IPT_Warpin { 164 | _msg "FWD $1 filter: Warpin $2 $3" 165 | firewall-cmd $3 $2 --$1-port=42000/tcp 166 | return $? 167 | } 168 | 169 | function IPT_fcgi { 170 | _msg "FWD $1 filter: fcgi $2 $3" 171 | firewall-cmd $3 $2 --$1-port=2500/tcp 172 | return $? 173 | } 174 | 175 | function IPT_nodered { 176 | _msg "FWD $1 filter: nodered $2 $3" 177 | firewall-cmd $3 $2 --$1-port=1880/tcp 178 | return $? 179 | } 180 | 181 | function IPT_DHCPserver { 182 | _msg "FWD $1 filter: DHCPserver $2 $3" 183 | firewall-cmd $3 $2 --$1-service=dhcp 184 | return $? 185 | } 186 | 187 | function IPT_syncthing { 188 | _msg "FWD $1 filter: syncthing $2 $3" 189 | firewall-cmd $3 $2 --$1-service=syncthing --$1-service=syncthing-gui 190 | return $? 191 | } 192 | 193 | function IPT_shellinabox { 194 | _msg "FWD $1 filter: shellinabox $2 $3" 195 | firewall-cmd $3 $2 --$1-port=4200/tcp 196 | return $? 197 | } 198 | 199 | function IPT_DHCPclient { 200 | _msg "FWD $1 filter: DHCPclient $2 $3" 201 | firewall-cmd $3 $2 --$1-service=dhcpv6-client 202 | return $? 203 | } 204 | 205 | function IPT_ZeroConfig { 206 | _msg "FWD $1 filter: ZeroConfig $2 $3" 207 | firewall-cmd $3 $2 --$1-service=mdns 208 | return $? 209 | } 210 | 211 | function IPT_UPnP { 212 | _msg "FWD $1 filter: UPnP $2 $3" 213 | firewall-cmd $3 $2 --$1-service=upnp-client 214 | return $? 215 | } 216 | 217 | function IPT_nfs { 218 | _msg "FWD $1 filter: nfs $2 $3" 219 | firewall-cmd $3 $2 --$1-service=nfs --$1-service=nfs3 --$1-service=mountd --$1-service=rpc-bind 220 | return $? 221 | } 222 | 223 | function IPT_FAUXMO { 224 | _msg "FWD $1 filter: FAUXMO $2 $3" 225 | firewall-cmd $3 $2 --$1-port=12340-12389/udp 226 | firewall-cmd $3 $2 --$1-port=12340-12389/tcp 227 | return $? 228 | } 229 | 230 | function IPT_ftp { 231 | _msg "FWD $1 filter: ftp $2 $3" 232 | firewall-cmd $3 $2 --$1-service=ftp 233 | # firewall-cmd $3 $2 --$1-port=57000-58000/tcp # ports for passive ftp 234 | return $? 235 | } 236 | 237 | function IPT_ftps { 238 | _msg "FWD $1 filter: ftps $2 $3" 239 | firewall-cmd $3 $2 --$1-port=989-990/tcp 240 | return $? 241 | } 242 | 243 | function IPT_hostapd { 244 | _msg "FWD $1 filter: hostapd $2 $3" 245 | firewall-cmd $3 $zone --$1-masquerade 246 | firewall-cmd $3 $2 --$1-interface=$ifap 247 | firewall-cmd $3 $2 --$1-source=$ap_iptsubn 248 | return $? 249 | } 250 | 251 | function IPT_redis { 252 | _msg "FWD $1 filter: redis $2 $3" 253 | firewall-cmd $3 $2 --$1-port=6379/tcp 254 | return $? 255 | } 256 | 257 | function IPT_redisHA { 258 | _msg "FWD $1 filter: redisHA $2 $3" 259 | firewall-cmd $3 $2 --$1-port=16379/tcp 260 | return $? 261 | } 262 | 263 | function IPT_authelia { 264 | _msg "FWD $1 filter: authelia $2 $3" 265 | IPT_redis "$1" "$2" "$3" 266 | firewall-cmd $3 $2 --$1-port=9091/tcp 267 | return $? 268 | } 269 | 270 | function FWD_reload { 271 | _msg "FWD $1 filter: reload $2 $3" 272 | firewall-cmd --reload 273 | return $? 274 | } 275 | 276 | function FWD_list { 277 | firewall-cmd --list-all 278 | firewall-cmd --list-rich-rules 279 | firewall-cmd --list-all-zones 280 | firewall-cmd --get-active-zones 281 | firewall-cmd --get-default-zone 282 | firewall-cmd --get-zones 283 | return=$? 284 | } 285 | 286 | ret=0 287 | case "$opt1" in 288 | noFW) 289 | IPT_noFW "$actn" "$zone" "$perm" 290 | ret=$? 291 | ;; 292 | IFadd) 293 | FWD_IFadd "$actn" "$zone" "$perm" 294 | ret=$? 295 | ;; 296 | notICMPvisible) 297 | IPT_notICMPvisible "$actn" "$zone" "$perm" 298 | ret=$? 299 | ;; 300 | web) 301 | IPT_web "$actn" "$zone" "$perm" 302 | ret=$? 303 | ;; 304 | sambaclient) 305 | IPT_sambaclient "$actn" "$zone" "$perm" 306 | ret=$? 307 | ;; 308 | samba) 309 | IPT_samba "$actn" "$zone" "$perm" 310 | ret=$? 311 | ;; 312 | mqtt) 313 | IPT_mqtt "$actn" "$zone" "$perm" 314 | ret=$? 315 | ;; 316 | mqttws) 317 | IPT_mqttws "$actn" "$zone" "$perm" 318 | ret=$? 319 | ;; 320 | DNS) 321 | IPT_DNS "$actn" "$zone" "$perm" 322 | ret=$? 323 | ;; 324 | ssh) 325 | IPT_ssh "$actn" "$zone" "$perm" 326 | ret=$? 327 | ;; 328 | mosh) 329 | IPT_mosh "$actn" "$zone" "$perm" 330 | ret=$? 331 | ;; 332 | rdp) 333 | IPT_rdp "$actn" "$zone" "$perm" 334 | ret=$? 335 | ;; 336 | rsync) 337 | IPT_rsync "$actn" "$zone" "$perm" 338 | ret=$? 339 | ;; 340 | CUPS) 341 | IPT_CUPS "$actn" "$zone" "$perm" 342 | ret=$? 343 | ;; 344 | openVPN) 345 | IPT_openVPN "$actn" "$zone" "$perm" 346 | ret=$? 347 | ;; 348 | NTP) 349 | IPT_NTP "$actn" "$zone" "$perm" 350 | ret=$? 351 | ;; 352 | cntlm) 353 | IPT_cntlm "$actn" "$zone" "$perm" 354 | ret=$? 355 | ;; 356 | Warpin) 357 | IPT_Warpin "$actn" "$zone" "$perm" 358 | ret=$? 359 | ;; 360 | fcgi) 361 | IPT_fcgi "$actn" "$zone" "$perm" 362 | ret=$? 363 | ;; 364 | nodered) 365 | IPT_nodered "$actn" "$zone" "$perm" 366 | ret=$? 367 | ;; 368 | DHCPserver) 369 | IPT_DHCPserver "$actn" "$zone" "$perm" 370 | ret=$? 371 | ;; 372 | syncthing) 373 | IPT_syncthing "$actn" "$zone" "$perm" 374 | ret=$? 375 | ;; 376 | shellinabox) 377 | IPT_shellinabox "$actn" "$zone" "$perm" 378 | ret=$? 379 | ;; 380 | DHCPclient) 381 | IPT_DHCPclient "$actn" "$zone" "$perm" 382 | ret=$? 383 | ;; 384 | ZeroConfig) 385 | IPT_ZeroConfig "$actn" "$zone" "$perm" 386 | ret=$? 387 | ;; 388 | UPnP) 389 | IPT_UPnP "$actn" "$zone" "$perm" 390 | ret=$? 391 | ;; 392 | nfs) 393 | IPT_nfs "$actn" "$zone" "$perm" 394 | ret=$? 395 | ;; 396 | FAUXMO) 397 | IPT_FAUXMO "$actn" "$zone" "$perm" 398 | ret=$? 399 | ;; 400 | ftp) 401 | IPT_ftp "$actn" "$zone" "$perm" 402 | ret=$? 403 | ;; 404 | ftps) 405 | IPT_ftps "$actn" "$zone" "$perm" 406 | ret=$? 407 | ;; 408 | hostapd) 409 | IPT_hostapd "$actn" "$zoneap" "$permap" 410 | ret=$? 411 | ;; 412 | redis) 413 | IPT_redis "$actn" "$zone" "$perm" 414 | ret=$? 415 | ;; 416 | redisHA) 417 | IPT_redisHA "$actn" "$zone" "$perm" 418 | ret=$? 419 | ;; 420 | authelia) 421 | IPT_authelia "$actn" "$zone" "$perm" 422 | ret=$? 423 | ;; 424 | reload) 425 | FWD_reload "$actn" "$zone" "$perm" 426 | ret=$? 427 | ;; 428 | 4pump) 429 | IPT_noFW "$actn" "$zone" "$perm" 430 | ret=$? 431 | FWD_IFadd "$actn" "$zone" "$perm" 432 | ret=$? 433 | IPT_web "$actn" "$zone" "$perm" 434 | ret=$? 435 | IPT_ssh "$actn" "$zone" "$perm" 436 | ret=$? 437 | IPT_ZeroConfig "$actn" "$zone" "$perm" 438 | ret=$? 439 | IPT_UPnP "$actn" "$zone" "$perm" 440 | ret=$? 441 | IPT_hostapd "$actn" "$zoneap" "$permap" 442 | ret=$? 443 | IPT_authelia "$actn" "$zone" "$perm" 444 | ret=$? 445 | FWD_reload "$actn" "$zone" "$perm" 446 | ret=$? 447 | systemctl restart nginx 448 | ;; 449 | list) 450 | FWD_list "$opt2" "$opt3" "$opt4" 451 | ret=$? 452 | ;; 453 | version) 454 | echo "$fwdversion" 455 | ;; 456 | *) 457 | echo "Usage: ${0##*/} 4pump | list | version | noFW | IFadd | notICMPvisible | web | sambaclient | samba | mqtt | mqttws | DNS | ssh | mosh | rdp | rsync | CUPS | openVPN | NTP | cntlm | Warpin | fcgi | nodered | DHCPserver | syncthing | shellinabox | DHCPclient | ZeroConfig | UPnP | nfs | FAUXMO | ftp | ftps | hostapd | redis | redisHA | authelia | reload" 458 | ret=1 459 | esac 460 | -------------------------------------------------------------------------------- /hotspot: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set +e 3 | 4 | hotspotver="V0.970" 5 | snam="${0##*/}" 6 | opt1="$1" 7 | opt2="$2" 8 | opt3="$3" 9 | opt4="$4" 10 | 11 | torstart="no" 12 | wgstart="no" 13 | nodogsplashstart="no" 14 | ovpnstart="no" 15 | ovpnrefreshbeforestart="no" 16 | 17 | aptaddinstlist="tor openvpn wireguard" 18 | 19 | eth_dev="eth0" 20 | # if 0 defined, automatic discovery disabled 21 | ch_autofind="1" 22 | ch_dflt2GHz="6" 23 | ch_dflt5GHz="32" 24 | ch_dflt="$ch_dflt2GHz" 25 | # freq_filter: 2|5 GHz band 26 | freq_filter="2" 27 | if [ "$freq_filter" == "5" ]; then 28 | ch_dflt="$ch_dflt5GHz" 29 | else 30 | ch_dflt="$ch_dflt2GHz" 31 | freq_filter="2" 32 | fi 33 | 34 | # valid channels 35 | ch_2GHz_ovrlap="2 3 4 5 7 8 9 10 12 13" 36 | ch_2GHz_022MHz="1 6 11" 37 | ch_5GHz_020MHz="32 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 144 149 153 157 161 165 169 173" 38 | ch_5GHz_040MHz="34 38 46 54 62 102 110 118 126 134 142 151 159" 39 | ch_5GHz_080MHz="42 58 106 122 138 155" 40 | ch_5GHz_160MHz="50 114" 41 | 42 | # wl0_dev: on board wlan (e.g. wlan0) 43 | # wl1_dev: external wlan adaptor (optional) 44 | wl0_dev="" 45 | wl1_dev="" 46 | wap_dev="" 47 | ap_dev="ap0" 48 | ap_devmac="b8:27:eb:00:00:00" 49 | ap_net="10.3.141" 50 | ap_devext="$eth_dev" 51 | ns_dom="local" 52 | 53 | ap_restricted="no" 54 | ap_useextdev="no" 55 | ap_share="no" 56 | ap_ip="${ap_net}.1" 57 | ap_subn="${ap_net}.255" 58 | ap_ipanet="${ap_net}.1/24" 59 | ap_iptsubn="${ap_net}.0/24" 60 | ap_revip=`echo "$ap_ip" | awk -F "." '{ print $4"."$3"."$2"."$1 }'` 61 | ap_revnet=`echo "$ap_ip" | awk -F "." '{ print $3"."$2"."$1 }'` 62 | ap_cauri="http://${ap_ip}/index.html" 63 | 64 | # The UID that Tor runs as (varies from system to system) 65 | tor_uid=$(id -u debian-tor 2>/dev/null) #Debian/Ubuntu 66 | if [ "$tor_uid" == "" ]; then tor_uid=$(id -u tor 2>/dev/null); fi #ArchLinux/Gentoo 67 | if [ "$tor_uid" == "" ]; then tor_uid="109"; fi #As per assumption 68 | tor_trans_port="9050" 69 | tor_dns_port="53053" 70 | tor_subn="10.192.0.0/10" 71 | 72 | if [ "$wl0_dev" == "" ]; then 73 | # internal wlan adapter 74 | wl0_devs=`ls -l --full-time /sys/class/net/ 2>/dev/null | grep -iE "mmc.*wlan" | cut -d" " -f9` 75 | wl0_dev=`echo "$wl0_devs" | awk -F " " '{ print $1 }'` 76 | if [ "$wl0_dev" == "" ]; then wl0_dev="wlan0"; fi 77 | fi 78 | if [ "$wl1_dev" == "" ]; then 79 | # external wlan adapter via usb 80 | wl1_devs=`ls -l --full-time /sys/class/net/ 2>/dev/null | grep -iE "usb.*wlan" | cut -d" " -f9` 81 | wl1_dev=`echo "$wl1_devs" | awk -F " " '{ print $1 }'` 82 | fi 83 | 84 | wpactrl="/var/run/wpa_supplicant" 85 | wpasupg="/etc/wpa_supplicant/wpa_supplicant.conf" 86 | hostapdf="/etc/hostapd/hostapd.conf" 87 | dnsmasqf="/etc/dnsmasq.conf" 88 | dnsmasqcpf="no" 89 | crdaf="/etc/default/crda" 90 | tordir="/etc/tor" 91 | torcfg="$tordir/torrc" 92 | hostn="`hostname`" 93 | usr="`whoami`" 94 | fbdev="/dev/fb0" 95 | qrshow="yes" 96 | qrfile="/tmp/qrcode.png" 97 | # spot_ssid="${hostn}-hotspot" # -hotspot 98 | spot_ssid=`echo "$hostn" | sed 's/./\U&/g'`wlan-`cat /sys/class/net/$wl0_dev/address | awk -F ":" '{print $4$5$6}'` # wlan- 99 | spot_psk="hallohallo" 100 | spot_cntry2="`locale | awk -F"[_.]" '/LANG=/{print $2}'`" 101 | if [ "$spot_cntry2" == "" ]; then spot_cntry2="DE"; fi 102 | hostapd_ssid=`cat $hostapdf | grep ^ssid= | awk -F "=" '{ print $2 }'` 103 | hostapd_psk=`cat $hostapdf | grep ^wpa_passphrase= | awk -F "=" '{ print $2 }'` 104 | if [ "$hostapd_ssid" == "" ]; then hostapd_ssid="$spot_ssid"; hostapd_psk="$spot_psk"; fi 105 | 106 | # free wg server for testing https://www.jagoanssh.com 107 | 108 | # wireguard defines 109 | wg_dev="wg0" 110 | # wg networks: pivpn: 10.6.0 111 | wg_net="10.6.0" 112 | wg_ipclient="${wg_net}.2" 113 | wg_ipsrv="${wg_net}.1" 114 | wg_ipsnet="${wg_ipsrv}/24" 115 | wg_dns="9.9.9.9, 149.112.112.112" 116 | wg_top="/etc/wireguard" 117 | wg_cfg="$wg_dev" 118 | wg_fil="$wg_top/$wg_cfg.conf" 119 | #e.g. format "URSgXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXJEPQY=" 120 | wg_srvpubkey="" 121 | wg_clientprivkey="" 122 | wg_presharedkey="" 123 | wg_listenport="51820" 124 | # e.g. "wg.example.com:51820" 125 | wg_endpoint="wg.example.com:$wg_listenport" 126 | wg_publkeyf="vpn-public.key" 127 | wg_privkeyf="vpn-private.key" 128 | 129 | # openvpn defines 130 | # e.g. "AT CH DE ES FR GB JP KR SC TW US" 131 | ovpnsel="AT CH DE ES FR GB JP KR SC TW US" 132 | ovpntop="/etc/openvpn" 133 | ovpnlogdir="/var/log/openvpn" 134 | ovpnlogfil="$ovpnlogdir/openvpn.log" 135 | ovpncfg="$snam" 136 | ovpnfil="$ovpntop/$ovpncfg.conf" 137 | _ovpndev=`cat $ovpnfil 2>/dev/null | grep -E "^.{0}dev " | awk -F " " '{print $2}'` 138 | if [ "$_ovpndev" == "" ] || [ "$_ovpndev" == "tun" ]; then _ovpndev="tun0"; fi 139 | if [ ! -d "$ovpnlogdir" ] && [ "$ovpnlogdir" != "" ]; then mkdir -p $ovpnlogdir; fi 140 | 141 | ovpn_dev="$_ovpndev" 142 | 143 | # vpngate defines 144 | vpngdir="$ovpntop/client" 145 | vpngate="${vpngdir}/vpngate.csv" 146 | vpngatefileage="900" 147 | vpngpwd="vpngate.pwd" 148 | vpngpwdpath="${vpngdir}/${vpngpwd}" 149 | if [ "$ovpnlogfil" != "" ]; then vpnglogpar="--log $ovpnlogfil"; else vpnglogpar=""; fi 150 | ovpnopt="--auth-nocache $vpnglogpar --config $ovpnfil" 151 | if [ "$vpngpwd" != "" ]; then ovpnopt="$ovpnopt --auth-user-pass $vpngpwdpath"; fi 152 | 153 | # firewalld defines 154 | fwdnoif="lo $ap_dev $ovpn_dev" 155 | pubzone="--zone=public" 156 | apperm="" 157 | apzone="--zone=home" 158 | ovpnzone="$pubzone" 159 | wgzone="$pubzone" 160 | trustzone="--zone=trusted" 161 | 162 | #autostrt not needed anymore since V0.960, use hotspot enable/disable instead 163 | autostart="yes" 164 | 165 | # etc defines 166 | startdate=`date +"%Y%m%d%H%M%S"` 167 | hsautocreate="$startdate file autocreated by $snam, do not edit" 168 | RED="\033[0;31m" 169 | GREEN="\033[0;32m" 170 | NC="\033[0m" # No Color 171 | 172 | function _msgdat { echo -e `date +"%Y-%m-%d %T"` "$1"; } 173 | function _msg { echo -e "$1"; } 174 | function _msgerr { _msg "${RED}ERR:${NC} $1"; } 175 | function _msgsuc { _msg "${GREEN}SUC:${NC} $1"; } 176 | function _msgred { _msg "${RED}$1${NC}"; } 177 | function _msggrn { _msg "${GREEN}$1${NC}"; } 178 | function mark { export $1=`pwd`; } 179 | function isint { case ${1#[-+]} in ''|*[!0-9]*) return 1;;esac; } 180 | 181 | function checkIP { 182 | _ret=1 183 | _chkurl="https://myip.expert/" 184 | # _ext_ip0=$(wget -q -T10 -U "curl" -O - http://whatismyip.akamai.com/) 185 | _ext_ip=`dig txt o-o.myaddr.test.l.google.com @ns1.google.com +short -4 2>/dev/null | sed 's/"//g'` 186 | if [ "$_ext_ip" != "" ]; then 187 | _msg " CheckIP external ${1}-ip: $_ext_ip" 188 | _msg " CheckIP $_chkurl" 189 | # curl -s $_chkurl 190 | wget -q -T10 -U "curl" -O - $_chkurl 191 | _ret=$? 192 | case "$1" in 193 | wg) wg show ;; 194 | esac 195 | else 196 | _msg " CheckIP ERROR, no internet connection" 197 | case "$1" in 198 | wg) 199 | _port=$(cat "/etc/wireguard/$wg_dev.conf" | grep "ndpoint" | awk -F ":" '{ print $2 }') 200 | _msg " check your router config, is $1 outgoing port $_port opened?" 201 | ;; 202 | ovpn) 203 | _port="" 204 | _msg " check your router config, is $1 outgoing port $_port opened?" 205 | ;; 206 | esac 207 | fi 208 | return $_ret 209 | } 210 | 211 | function qrcode_on_oled { 212 | # show access info on a small OLED screen 213 | # qrcode_on_oled "x" "http://xx.xx.xx.xx" 214 | # qrcode_on_oled "x" "WIFI:S:$hostapd_ssid;T:WPA2;P:$hostapd_psk;;" 215 | if [ "$qrshow" == "yes" ] || [ "$1" == "interactive" ]; then 216 | if [ "$2" != "" ] && [ "$qrfile" != "" ]; then 217 | /usr/bin/qrencode -o "$qrfile" "$2" 218 | if [ -f "$qrfile" ] && [ -e "$fbdev" ]; then 219 | # echo " QRcode show $2" 220 | /usr/bin/fbi -noverbose -T 1 -a -d "$fbdev" "$qrfile" 2>/dev/null 221 | # rm "$qrfile" 222 | fi 223 | fi 224 | fi 225 | } 226 | 227 | function phy_get { 228 | if [ "$1" != "" ]; then 229 | phy=$(ls /sys/class/ieee80211/*/device/net/ | \ 230 | sed -z 's/\n\n/+++++/g' | sed -z 's/\n/ /g' | \ 231 | sed 's/+++++/\n/g' | grep "$1" | \ 232 | awk -F "/" '{ print $5 }') 233 | else 234 | phy="" 235 | fi 236 | } 237 | 238 | function Show_Defines { 239 | _msg "eth_dev:$eth_dev eth_subn:$eth_subn ap_ipanet:$ap_ipanet" 240 | _msg "wl0_dev:$wl0_dev wl0_subn:$wl0_subn wl0_ip:$wl0_ip wl0_phy:$wl0_phy wl0_drv:$wl0_drv wl0_cap:$wl0_cap" 241 | _msg "wl1_dev:$wl1_dev wl1_subn:$wl1_subn wl1_ip:$wl1_ip wl1_phy:$wl1_phy wl1_drv:$wl1_drv wl1_cap:$wl1_cap" 242 | _msg "wap_dev:$wap_dev ap_shar:$ap_share hs_try:$hs_try $wl1_dev avail: $wl1_avail wap_drv:$wap_drv wap_cap:$wap_cap" 243 | _msg "wl0_dev:$wl0_dev wl0_devs: $wl0_devs" 244 | _msg "wl1_dev:$wl1_dev wl1_devs: $wl1_devs" 245 | _msg "apdvext:$ap_devext" 246 | } 247 | 248 | function Hotspot_Defines { 249 | ovpn_ip=`ip addr show dev "$ovpn_dev" 2>/dev/null | awk '/inet / { print $2 }'` 250 | eth_ip=`ip addr show dev "$eth_dev" 2>/dev/null | awk '/inet / { print $2 }'` 251 | wl0_ip=`ip addr show dev "$wl0_dev" 2>/dev/null | awk '/inet / { print $2 }'` 252 | eth_subn=`ip addr show dev "$eth_dev" 2>/dev/null | awk '/inet / { print $4 }'` 253 | wl0_subn=`ip addr show dev "$wl0_dev" 2>/dev/null | awk '/inet / { print $4 }'` 254 | wl0_drv=$(ethtool -i "$wl0_dev" | grep driver | awk -F ": " '{ print $2 }') 255 | wl0_cap="" 256 | phy_get "$wl0_dev"; wl0_phy="$phy" 257 | 258 | _hlp=$(iw $wl0_phy info | grep "Supported interface modes" -A 8 | grep "AP" | xargs) 259 | if [ "$_hlp" != "" ]; then wl0_cap=$(echo "$wl0_cap AP" | xargs); fi 260 | 261 | _hlp=$(iw $wl0_phy info | grep "VHT" | xargs) 262 | if [ "$_hlp" != "" ]; then wl0_cap=$(echo "$wl0_cap VHT" | xargs); fi 263 | 264 | wl1_drv=""; wl1_cap="" 265 | 266 | if [ "$wl1_dev" != "" ]; then 267 | wl1_avail="yes" 268 | wl1_ip=`ip addr show dev "$wl1_dev" 2>/dev/null | awk '/inet / { print $2 }'` 269 | wl1_subn=`ip addr show dev "$wl1_dev" 2>/dev/null | awk '/inet / { print $4 }'` 270 | wl1_drv=$(ethtool -i "$wl1_dev" | grep driver | awk -F ": " '{ print $2 }') 271 | phy_get "$wl1_dev"; wl1_phy="$phy" 272 | if [ "$eth_ip" == "" ]; then ap_devext="$wl1_dev"; fi 273 | else 274 | if [ "$eth_ip" == "" ]; then ap_devext="$wl0_dev"; fi 275 | fi 276 | hs_try="no" 277 | if [ "$eth_subn" != "$ap_subn" ]; then 278 | if [ "$wl1_avail" == "yes" ] || [ "$eth_subn" == "$wl0_subn" ] || [ "$wl0_subn" == "" ]; then hs_try="yes"; fi 279 | fi 280 | 281 | # onboard device as default AP device 282 | wap_dev="$wl0_dev" 283 | wap_drv="$wl0_drv" 284 | wap_cap="$wl0_cap" 285 | wap_phy="$wl0_phy" 286 | 287 | # check, if external device can be AP 288 | if [ "$wl1_avail" == "yes" ] && [ "$wl1_phy" != "" ] && [ "$ap_useextdev" == "yes" ]; then 289 | # echo "$wl1_dev $wl1_phy $wl1_drv" 290 | _hlp=$(iw $wl1_phy info | grep "VHT" | xargs) 291 | if [ "$_hlp" != "" ]; then wl1_cap=$(echo "$wl1_cap VHT" | xargs); fi 292 | 293 | _hlp=$(iw $wl1_phy info | grep "Supported interface modes" -A 8 | grep "AP" | xargs) 294 | if [ "$_hlp" != "" ]; then 295 | # echo " $wl1_phy $wl1_dev $wl1_drv can work in AP mode (highly experimental, may not work)" 296 | wl1_cap=$(echo "$wl1_cap AP" | xargs) 297 | # external dev can be AP 298 | wap_dev="$wl1_dev" 299 | wap_cap="$wl1_cap" 300 | wap_drv="$wl1_drv" 301 | wap_phy="$wl1_phy" 302 | fi 303 | fi 304 | 305 | case "$wap_drv" in 306 | xxather) wap_drv="hostap" ;; # Prism2/2.5/3 Chip, wip how to find out 307 | xmadwifi) wap_drv="madwifi" ;; # Atheros (ar521x) Chip, wip how to find out 308 | *) wap_drv="nl80211" ;; # rpi4 on board driver, fits for most other devices 309 | esac 310 | 311 | acc_info="" 312 | if [ "$hs_try" == "yes" ]; then 313 | # acc_info="WIFI:S:$spot_ssid;T:WPA2;P:$spot_psk;;" 314 | acc_info="WIFI:S:$hostapd_ssid;T:WPA2;P:$hostapd_psk;;" 315 | else 316 | if [ "$wl1_ip" != "" ]; then acc_info="$wl1_ip"; fi 317 | if [ "$eth_ip" != "" ]; then acc_info="$eth_ip"; fi 318 | if [ "$wl0_ip" != "" ]; then acc_info="$wl0_ip"; fi 319 | acc_info=`echo "$acc_info" | awk -F "/" '{ print $1 }'` 320 | if [ "$acc_info" != "" ]; then acc_info="http://$acc_info"; fi 321 | # echo "$acc_info" 322 | fi 323 | 324 | bckext=`date +"%Y%m%d%H%M%S"` 325 | # Show_Defines 326 | } 327 | 328 | function fil_bck { 329 | if [ "$1" != "" ] && [ -f "$1" ]; then 330 | if [ "$2" != "" ]; then fn="$1.$2"; else fn="$1.old"; fi 331 | cp "$1" "$fn" 332 | fi 333 | } 334 | 335 | function IP4_fwdSet { 336 | if [ "$1" == "1" ]; then _opt="1"; else _opt="0"; fi 337 | # _fil="/proc/sys/net/ipv4/ip_forward" 338 | # echo "$_opt" > "$_fil" 339 | sysctl -w net.ipv4.ip_forward=$_opt >/dev/null 340 | } 341 | 342 | function IP4_fwdShow { sysctl net.ipv4.ip_forward; } 343 | 344 | function Hotspot_Status { 345 | _msg "Status $snam ..." 346 | systemctl -n50 status $snam 347 | _msg "" 348 | ps ax | grep wpa_ 349 | _msg "" 350 | ip a 351 | _msg "" 352 | hostname -I 353 | } 354 | 355 | function Check_installed_PKG { 356 | _ret=1 357 | # Check that what we need is installed 358 | for command in iw firewalld hostapd dnsmasq; do 359 | if [ "$command" != "" ]; then 360 | which $command 2>&1 >/dev/null 361 | if [ $? -ne 0 ]; then 362 | _msgerr " $command is not installed (use $snam setup)" 363 | else 364 | _ret=0 365 | fi 366 | fi 367 | done 368 | return $_ret 369 | } 370 | 371 | function Mod_Para { 372 | fnv="file_not_valid" 373 | cfil="$fnv" 374 | case "$1" in 375 | self) cfil="$0" ;; 376 | hostapd) cfil="$hostapdf" ;; 377 | dnsmasq) cfil="$dnsmasqf" ;; 378 | crda) cfil="$crdaf" ;; 379 | ovpncfg) if [ -d "$vpngdir" ]; then cfil="$ovpnfil"; fi ;; 380 | ovpnpwd) if [ -d "$vpngdir" ]; then cfil="$vpngpwdpath"; fi ;; 381 | torcfg) if [ -d "$tordir" ]; then cfil="$torcfg"; fi ;; 382 | esac 383 | 384 | if [ "$cfil" != "$fnv" ]; then 385 | _msg " change $1 $2 $3 ($cfil)" 386 | case "$1" in 387 | ovpnpwd) echo -e "$2\n$3" > $cfil ;; 388 | ovpncfg|torcfg) sed -i -r "s/^$2[ ]* .*/$2 $3/g" "$cfil" ;; 389 | self) sed -i -r "s&^$2[ ]*=.*&$2=\"$3\"&g" "$cfil" ;; 390 | *) sed -i -r "s/^$2[ ]*=.*/$2=$3/g" "$cfil" ;; 391 | esac 392 | else 393 | _msg " Mod_Para invalid file selector $1" 394 | Check_installed_PKG 395 | fi 396 | } 397 | 398 | function Hotspot_Enable { 399 | _msg "Enable $snam service ..." 400 | systemctl enable $snam.service 401 | } 402 | 403 | function Hotspot_Disable { 404 | _msg "Disable $snam service ..." 405 | systemctl disable $snam.service 406 | } 407 | 408 | # + ##### ipt functions not used anymore ##### 409 | function ipt_cln { 410 | echo " ipt $1 $2" 411 | iptables -t nat -F 412 | iptables -t mangle -F 413 | iptables -t nat -X 414 | iptables -t mangle -X 415 | iptables -t raw -F 416 | iptables -t raw -X 417 | iptables -F 418 | iptables -X 419 | } 420 | 421 | function ipt_chains { 422 | echo " ipt chains" 423 | iptables -P INPUT ACCEPT 424 | iptables -P OUTPUT ACCEPT 425 | iptables -P FORWARD ACCEPT 426 | } 427 | 428 | function ipt_ap { 429 | echo " ipt ap $1 $ap_devext $ap_dev $ap_iptsubn" 430 | iptables -t nat $1 POSTROUTING -s $ap_iptsubn ! -d $ap_iptsubn -j MASQUERADE 431 | iptables $1 FORWARD -i $ap_devext -o $ap_dev -m state --state RELATED,ESTABLISHED -j ACCEPT 432 | iptables $1 FORWARD -i $ap_dev -o $ap_devext -j ACCEPT 433 | } 434 | 435 | function ipt_ovpn { 436 | echo " ipt ovpn $1 $ovpn_dev $ap_dev" 437 | iptables -t nat $1 POSTROUTING -o $ovpn_dev -j MASQUERADE 438 | iptables $1 FORWARD -i $ovpn_dev -o $ap_dev -m state --state RELATED,ESTABLISHED -j ACCEPT 439 | iptables $1 FORWARD -i $ap_dev -o $ovpn_dev -j ACCEPT 440 | } 441 | 442 | function ipt_tor { 443 | echo " ipt tor $1 $ap_dev (using ports 53 $tor_dns_port $tor_trans_port)" 444 | iptables -F 445 | iptables -t nat -F 446 | iptables -t nat $1 PREROUTING -i $ap_dev -p udp --dport 53 -j REDIRECT --to-ports $tor_dns_port 447 | iptables -t nat $1 PREROUTING -i $ap_dev -p udp --dport $tor_dns_port -j REDIRECT --to-ports $tor_dns_port 448 | iptables -t nat $1 PREROUTING -i $ap_dev -p tcp --syn -j REDIRECT --to-ports $tor_trans_port 449 | } 450 | 451 | function ipt_do { 452 | if [ "$1" == "add" ] || [ "$1" == "del" ] || [ "$1" == "remove" ]; then 453 | echo " ipt $1 $2" 454 | if [ "$1" == "add" ]; then opt="-A"; else opt="-D"; fi 455 | if [ "$2" == "tor" ]; then ipt_tor "$opt"; fi 456 | if [ "$2" == "ovpn" ]; then ipt_ovpn "$opt"; fi 457 | if [ "$2" == "ap" ]; then ipt_ap "$opt"; fi 458 | else 459 | echo " ipt invalid option $1" 460 | fi 461 | } 462 | # - ##### ipt functions not used anymore ##### 463 | 464 | function fwd_list { 465 | case "$1" in 466 | all) firewall-cmd --list-all ;; 467 | allzones) firewall-cmd --list-all-zones ;; 468 | active) firewall-cmd --list-all-zones | awk '!/^[[:blank:]]/ && /active/ {p=1} !/^[[:blank:]]/ && !/active/ {p=0} p' ;; 469 | *) echo "Usage: $snam fwd list [all|active]" ;; 470 | esac 471 | } 472 | 473 | function fwd_log { 474 | case "$1" in 475 | all) firewall-cmd --set-log-denied=all ;; 476 | off) firewall-cmd --set-log-denied=off ;; 477 | *) echo "Usage: $snam fwd log [all|off]" ;; 478 | esac 479 | } 480 | 481 | function fwd_stat { 482 | _msgred "+ $1 ######################################################" 483 | ip a 484 | netstat -tulpn 485 | fwd_list active 486 | iptables -t nat -nvL PREROUTING 487 | _msgred "- $1 ######################################################" 488 | } 489 | 490 | function fwd_wipe { 491 | _ret=1 492 | step="fwd_wipe" 493 | rm -rf /etc/firewalld/zones > /dev/null 2>&1 494 | # Purge old iptables rules 495 | iptables -t nat -F > /dev/null 2>&1 496 | iptables -t mangle -F > /dev/null 2>&1 497 | iptables -t nat -X > /dev/null 2>&1 498 | iptables -t mangle -X > /dev/null 2>&1 499 | iptables -t raw -F > /dev/null 2>&1 500 | iptables -t raw -X > /dev/null 2>&1 501 | for i in $(iptables -S | awk '{print $2}' | uniq ); do 502 | iptables -F $i > /dev/null 2>&1 503 | iptables -Z $i > /dev/null 2>&1 504 | iptables -X $i > /dev/null 2>&1 505 | done 506 | # iptables -F > /dev/null 2>&1 507 | # iptables -Z > /dev/null 2>&1 508 | # iptables -X > /dev/null 2>&1 509 | # iptables-save > /etc/iptables/rules.v4 510 | # ip6tables-save > /etc/iptables/rules.v6 511 | systemctl restart firewalld 512 | _ret=$? 513 | return $_ret 514 | } 515 | 516 | function fwd_def { 517 | # 1:add|remove 2:service|port|interface|... [3:value] [4:"--permanent"] [5:"--zone="] [6:step] 518 | # /usr/lib/firewalld/services 519 | _ret=1 520 | _mode="" 521 | _errf="/tmp/ERR_fwd_def.txt" 522 | _step="$6" 523 | _zone="$5" 524 | _perm="$4" 525 | _valu="$3" 526 | if [ "$_valu" != "" ]; then _valu="=$_valu"; fi 527 | if [ "$_step" == "" ]; then _step="fwd_def"; fi 528 | # if [ "$_zone" != "$apzone" ] && [ "$_zone" != "$pubzone" ]; then _zone="$apzone"; fi 529 | if [ "$_zone" == "" ]; then _zone="$apzone"; fi 530 | if [ "$1" != "" ] && [ "$2" != "" ]; then 531 | _msg " $_step $1 $2 $3 $_zone $_perm" 532 | # _msg "firewall-cmd $_perm $_zone --$1-$2$_valu" 533 | firewall-cmd $_perm $_zone --$1-$2$_valu >$_errf 2>&1 534 | _ret=$? 535 | if [ $_ret -ne 0 ] && [ "$_mode" == "test" ]; then 536 | _msgerr "$_ret $step: firewall-cmd $_perm $_zone --$1-$2$_valu" 537 | cat $_errf 538 | rm $_errf 539 | fi 540 | else 541 | _msgerr " fwd_def missing param #1[add|remove] #2[service|port|...]" 542 | fi 543 | return $_ret 544 | } 545 | 546 | function fwd_if { 547 | # 1:add|remove [2:opt-permanent] [3:step] 548 | step="fwd_if " 549 | if [ "$3" != "" ]; then step="$3"; fi 550 | # _msg " $step $1 $2" 551 | ret=1 552 | for i in $( ifconfig -a | sed 's/[ \t].*//;/^\(\)$/d' | awk -F ":" '{ print $1 }' ); do 553 | if [[ "$fwdnoif" != *"$i"* ]]; then 554 | fwd_def "$1" interface "$i" "$2" "$pubzone" "$step" 555 | ret=$? 556 | fi 557 | done 558 | return $ret 559 | } 560 | 561 | function fwd_vpns { 562 | # 1:add|remove [2:"--permanent"] [3:step] 563 | # remove regular interfaces, if tunnel will be build 564 | if [ "$1" == "add" ]; then _act="remove"; else _act="add"; fi 565 | fwd_if "$_act" "$2" "$3" 566 | _ret=$? 567 | return $_ret 568 | } 569 | 570 | function fwd_ovpn_part2 { 571 | # attach tun interface to ovpn zone 572 | step="fw2ovpn" 573 | # fwd_def "$1" service openvpn "$2" "$apzone" "$step" 574 | fwd_def "$1" interface "$ovpn_dev" "$2" "$ovpnzone" "$step" 575 | _ret=$? 576 | return $_ret 577 | } 578 | 579 | function fwd_ovpn { 580 | # remove/add all interfaces from ovpn zone in contrast to tun interface 581 | # 1:add|remove [2:"--permanent"] 582 | fwd_vpns "$1" "$2" "fwdovpn" 583 | _ret=$? 584 | return $_ret 585 | } 586 | 587 | function fwd_wg_part2 { 588 | # attach wg interface to wg zone 589 | step="fw2_wg " 590 | fwd_def "$1" interface "$wg_dev" "$2" "$wgzone" "$step" 591 | _ret=$? 592 | # experimental 593 | # iptables -A -t -nat POSTROUTING -o wlan0 -j MASQUERADE 594 | # iptables -A -t -nat POSTROUTING -o wlan1 -j MASQUERADE 595 | # iptables -A -t -nat POSTROUTING -o eth0 -j MASQUERADE 596 | # firewall-cmd $2 --direct --$1-rule ipv4 nat POSTROUTING 0 -o wlan0 -j MASQUERADE 597 | # firewall-cmd $2 --direct --$1-rule ipv4 nat POSTROUTING 0 -o wlan1 -j MASQUERADE 598 | # firewall-cmd $2 --direct --$1-rule ipv4 nat POSTROUTING 0 -o eth0 -j MASQUERADE 599 | return $_ret 600 | } 601 | 602 | function fwd_wg { 603 | # remove/add all interfaces from wireguard zone in contrast to wg interface 604 | # 1:add|remove [2:"--permanent"] 605 | fwd_vpns "$1" "$2" "fwd_wg " 606 | _ret=$? 607 | return $_ret 608 | } 609 | 610 | function fwd_tor { 611 | # Anonymizing Middlebox: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy 612 | # 1:add|remove [2:"--permanent"] 613 | step="fwd_tor" 614 | mode="" 615 | _errf="/tmp/ERR_fwd_tor.txt" 616 | rm $_errf >/dev/null 2>&1 617 | # fwd_def "$1" service "tor-socks" "$2" "$apzone" "$step" 618 | iptables -F 619 | iptables -t nat -F 620 | firewall-cmd $2 --direct --$1-rule ipv4 nat PREROUTING 0 -i $ap_dev -p udp --dport 53 -j REDIRECT --to-ports $tor_dns_port >>$_errf 2>&1 621 | firewall-cmd $2 --direct --$1-rule ipv4 nat PREROUTING 0 -i $ap_dev -p udp --dport $tor_dns_port -j REDIRECT --to-ports $tor_dns_port >>$_errf 2>&1 622 | firewall-cmd $2 --direct --$1-rule ipv4 nat PREROUTING 0 -i $ap_dev -p tcp --syn -j REDIRECT --to-ports $tor_trans_port >>$_errf 2>&1 623 | _ret=$? 624 | if [ $_ret -ne 0 ] && [ "$_mode" == "test" ]; then 625 | _msgerr "$_ret $step" 626 | cat $_errf 627 | rm $_errf >/dev/null 2>&1 628 | fi 629 | return $_ret 630 | } 631 | 632 | function fwd_ap { 633 | # 1:add|remove [2:"--permanent"] 634 | step="fwd_ap" 635 | fwd_def "$1" masquerade "" "$2" "$pubzone" "$step " 636 | if [ "$ap_restricted" == "yes" ]; then 637 | fwd_def "$1" interface "$ap_dev" "$2" "$apzone" "$step " 638 | _ret=$? 639 | fwd_def "$1" service http "$2" "$apzone" "$step " 640 | fwd_def "$1" service https "$2" "$apzone" "$step " 641 | fwd_def "$1" service dns "$2" "$apzone" "$step " 642 | fwd_def "$1" service dhcp "$2" "$apzone" "$step " 643 | # fwd_def "$1" service upnp-client "$2" "$apzone" "$step " 644 | # fwd_def "$1" service ntp "$2" "$apzone" "$step " 645 | # fwd_def "remove" service samba-client "$2" "$apzone" "$step " # default service not required 646 | else 647 | fwd_def "$1" interface "$ap_dev" "$2" "$trustzone" "$step " 648 | _ret=$? 649 | fwd_def "$1" source "$ap_iptsubn" "$2" "$trustzone" "$step " 650 | fi 651 | return $_ret 652 | } 653 | 654 | function fwd_do { 655 | # 1:add|del|remove 2:servicename 656 | step="fwd_do" 657 | _ret=1 658 | if [ "$1" == "add" ] || [ "$1" == "remove" ]; then 659 | if [ "$1" == "add" ]; then _opt="add"; else _opt="remove"; fi 660 | _msg " $step $opt $2" 661 | if [ "$2" == "ap" ]; then fwd_ap "$_opt" "$apperm"; _ret=$?; fi 662 | if [ "$2" == "tor" ]; then fwd_tor "$_opt" "$apperm"; _ret=$?; fi 663 | if [ "$2" == "ovpn" ]; then fwd_ovpn "$_opt" "$apperm"; _ret=$?; fi 664 | if [ "$2" == "wg" ]; then fwd_wg "$_opt" "$apperm"; _ret=$?; fi 665 | else 666 | _msgerr " $step invalid option $1 $2 $3 $4" 667 | fi 668 | return $_ret 669 | } 670 | 671 | function ovpn_cfg_dwn { 672 | # download and create ovpn config files, source: www.vpngate.net 673 | #HostName,IP,Score,Ping,Speed,CountryLong,CountryShort,NumVpnSessions,Uptime,TotalUsers,TotalTraffic,LogType,Operator,Message,OpenVPN_ConfigData_Base64 674 | _ret=1 675 | vpnurl="https://www.vpngate.net/api/iphone/" 676 | _msg " dwnload $vpnurl" 677 | wget -q -O $vpngate $vpnurl 678 | _ret=$? 679 | if [ -f "$vpngate" ]; then 680 | vg_filn2="${vpngdir}/vpngate_scores.txt" 681 | vg_filn3="${vpngdir}/vpngate_bestscore.ovpn" 682 | echo -e "vpn\nvpn" > ${vpngdir}/vpngate.pwd 683 | rm $vg_filn2 >/dev/null 2>&1 684 | nr=0 685 | vpnsel_arr=($ovpnsel) 686 | while read line; do 687 | vg_hname=`echo "$line" | awk -F "," '{print $1}'` 688 | vg_ipadr=`echo "$line" | awk -F "," '{print $2}'` 689 | vg_score=`echo "$line" | awk -F "," '{print $3}'` 690 | vg_cntlg=`echo "$line" | awk -F "," '{print $6}'` 691 | vg_cntsh=`echo "$line" | awk -F "," '{print $7}'` 692 | vg_confg=`echo "$line" | awk -F "," '{print $15}'` 693 | vg_filn1="${vpngdir}/vpngate_${vg_cntsh}_${vg_hname}.ovpn" 694 | idx=0 695 | while [ "${vpnsel_arr[idx]}" != "" ]; do 696 | if [ "$vg_cntsh" == "${vpnsel_arr[idx]}" ]; then 697 | nr=$(($nr+1)) 698 | _msg " create $vg_filn1" 699 | echo "$vg_score $vg_cntsh $vg_hname $vg_ipadr" >>$vg_filn2 700 | echo $vg_confg | base64 --decode 2>/dev/null | tr -d "\r" >$vg_filn1 701 | if [ "$nr" -eq "1" ]; then 702 | cp $vg_filn1 $vg_filn3 703 | cp $vg_filn1 $ovpntop/${snam}.conf 704 | fi 705 | fi 706 | idx=$(($idx+1)) 707 | done 708 | done <<< $(cat $vpngate) 709 | chmod 600 ${vpngdir}/vpngate* 710 | fi 711 | return $_ret 712 | } 713 | 714 | function ovpn_refresh { 715 | _ret=1 716 | if [ -d "$vpngdir" ]; then 717 | dodwn="yes" 718 | if [ -f "$vpngate" ]; then 719 | # test file is recent (not older than xx mins) 720 | if [ `stat --format=%Y $vpngate` -ge $((`date +%s` - $vpngatefileage)) ]; then 721 | dodwn="no" 722 | fi 723 | fi 724 | if [ "$dodwn" == "yes" ]; then 725 | ovpn_cfg_dwn 726 | _ret=$? 727 | else 728 | _msg " file is recent ($vpngate)" 729 | fi 730 | # rm $vpngate >/dev/null 2>&1 731 | fi 732 | return $_ret 733 | } 734 | 735 | function ovpn_check_running { 736 | _ret=0 737 | vpnpid=`ps -ef | grep openvpn | grep -v grep | awk '{print $2}'` 738 | if [ ! -z $vpnpid ]; then 739 | # OpenVPN is currently running 740 | echo $vpnpid | xargs kill 741 | fi 742 | return $_ret 743 | } 744 | 745 | function wg_check_running { 746 | _ret=0 747 | vpnpid=`ps -ef | grep wg | grep -v grep | awk '{print $2}'` 748 | if [ ! -z $vpnpid ]; then 749 | # wg is currently running 750 | echo $vpnpid | xargs kill 751 | fi 752 | return $_ret 753 | } 754 | 755 | function wg_up { 756 | _ret=1 757 | step="wg_up" 758 | if [ "$1" == "" ]; then _cfg="$wg_dev"; else _cfg="$1"; fi 759 | if [ -f "$wg_top/$_cfg.conf" ]; then 760 | _msg " $step start cfg $_cfg (experimental)" 761 | IP4_fwdSet "1" 762 | systemctl start wg-quick@$_cfg 763 | _ret=$? 764 | if [ $_ret -eq 0 ]; then 765 | # wait max. 60sec for wg device gets an IPadr 766 | i="0" 767 | wg_ip="" 768 | while [ $i -le 60 ] && [ "$wg_ip" == "" ]; do 769 | sleep 1 770 | wg_ip=`ip addr show dev "$wg_dev" 2>/dev/null | awk '/inet / { print $2 }'` 771 | _msg " $step wait for $wg_dev to come up" 772 | i=$[$i+1] 773 | done 774 | if [ "$wg_ip" != "" ]; then 775 | _msg " OK wg $wg_dev $wg_ip" 776 | fwd_do "add" "wg" 777 | _ret=$? 778 | fwd_wg_part2 "add" "$apperm" 779 | _ret=$? 780 | if [ $_ret -eq 0 ]; then checkIP "wg"; fi 781 | # fwd_stat "wg" 782 | else 783 | _msgerr " $step no IPassignment on $wg_dev" 784 | fi 785 | else 786 | _msgerr " $step ret:$_ret can not start with systemctl start wg-quick@$_cfg " 787 | fi 788 | else 789 | _msgerr "$step missing $wg_top/$_cfg.conf, use hotspot wg config" 790 | fi 791 | return $_ret 792 | } 793 | 794 | function wg_dwn { 795 | _ret=1 796 | step="wg_dwn" 797 | if [ "$1" == "" ]; then _cfg="$wg_dev"; else _cfg="$1"; fi 798 | if [ -f "$wg_top/$_cfg.conf" ]; then 799 | _msg " $step stop cfg $_cfg" 800 | systemctl stop wg-quick@$_cfg 801 | _ret=$? 802 | fwd_do "remove" "wg" 803 | _ret=$? 804 | fwd_wg_part2 "remove" "$apperm" 805 | checkIP "wg-OFF" 806 | else 807 | _msgerr "$step missing $wg_top/$_cfg.conf, use hotspot wg config" 808 | fi 809 | return $_ret 810 | } 811 | 812 | function wg_keys { 813 | _ret=1 814 | step="wg_keys" 815 | mark _wg 816 | cd $wg_top 817 | _msg " $step create key files $wg_privkeyf $wg_publkeyf in $wg_top/" 818 | wg genkey | tee $wg_privkeyf | wg pubkey > $wg_publkeyf 819 | _ret=$? 820 | chmod 600 "$wg_privkeyf" 821 | cd $_wg 822 | return $_ret 823 | } 824 | 825 | function wg_scfg { 826 | _ret=1 827 | step="wg_scfg" 828 | _msg " $step create server config file $wg_fil" 829 | if [ -f "$wg_top/$wg_publkeyf" ] && [ -f "$wg_top/$wg_privkeyf" ]; then 830 | _publkey="`cat $wg_top/$wg_publkeyf`" 831 | _privkey="`cat $wg_top/$wg_privkeyf`" 832 | echo "# $hsautocreate wg config server" > $wg_fil 833 | echo "" >> $wg_fil 834 | echo "[Interface]" >> $wg_fil 835 | echo "PrivateKey = $_privkey" >> $wg_fil 836 | echo "Address = $wg_ipsrv/24" >> $wg_fil 837 | echo "MTU = 1420" >> $wg_fil 838 | echo "ListenPort = $wg_listenport" >> $wg_fil 839 | echo "" >> $wg_fil 840 | echo "[Peer]" >> $wg_fil 841 | echo "PublicKey = $_publkey" >> $wg_fil 842 | if [ "$wg_presharedkey" != "" ]; then 843 | echo "PresharedKey = $wg_presharedkey" >> $wg_fil 844 | fi 845 | echo "AllowedIPs = $wg_ipclient/32" >> $wg_fil 846 | chmod 600 "$wg_fil" 847 | _ret=0 848 | else 849 | _msgerr "missing $wg_top/$wg_publkeyf, use hotspot wg config genkeys" 850 | fi 851 | return $_ret 852 | } 853 | 854 | function wg_ccfgOLD { 855 | _ret=1 856 | step="wg_ccfg" 857 | _msg " $step create client config file $wg_fil" 858 | if [ "$wg_endpoint" != "" ]; then 859 | if [ "$wg_srvpubkey" != "" ]; then 860 | if [ -f "$wg_top/$wg_privkeyf" ]; then 861 | _privkey="`cat $wg_top/$wg_privkeyf`" 862 | echo "# $hsautocreate wg config client" > $wg_fil 863 | echo "" >> $wg_fil 864 | echo "[Interface]" >> $wg_fil 865 | echo "PrivateKey = $_privkey" >> $wg_fil 866 | echo "Address = $wg_ipclient/24" >> $wg_fil 867 | if [ "$wg_dns" != "" ]; then 868 | echo "DNS = $wg_dns" >> $wg_fil 869 | fi 870 | echo "" >> $wg_fil 871 | echo "[Peer]" >> $wg_fil 872 | echo "PublicKey = $wg_srvpubkey" >> $wg_fil 873 | if [ "$wg_presharedkey" != "" ]; then 874 | echo "PresharedKey = $wg_presharedkey" >> $wg_fil 875 | fi 876 | echo "Endpoint = $wg_endpoint" >> $wg_fil 877 | echo "AllowedIPs = 0.0.0.0/0, ::/0" >> $wg_fil 878 | _ret=0 879 | chmod 600 "$wg_fil" 880 | else 881 | _msgerr "missing $wg_top/$wg_privkeyf, use hotspot wg config genkeys" 882 | fi 883 | else 884 | _msgerr "no server public key defined, use hotspot modpar self wg_srvpubkey \"\"" 885 | fi 886 | else 887 | _msgerr "no server Endpoint defined, use hotspot modpar self wg_endpoint \"\"" 888 | fi 889 | return $_ret 890 | } 891 | 892 | function wg_ccfg { 893 | # 1:endpoint 2:ipaddr 3:dns 4:privkey 5:pubkey 6:preshrkey 894 | _ret=1 895 | step="wg_ccfg" 896 | _msg " $step create client config file $wg_fil" 897 | 898 | _endpoint="$1"; if [ "_endpoint" == "" ]; then _endpoint="$wg_endpoint"; fi 899 | _ipaddr="$2"; if [ "_ipaddr" == "" ]; then _ipaddr="$wg_ipclient"; fi 900 | _dns="$3"; if [ "_dns" == "" ]; then _dns="$wg_dns"; fi 901 | _privkey="$4"; if [ "_privkey" == "" ]; then _privkey="$wg_clientprivkey"; fi 902 | _srvpubkey="$5"; if [ "_srvpubkey" == "" ]; then _srvpubkey="$wg_srvpubkey"; fi 903 | _preshrkey="$6"; if [ "_preshrkey" == "" ]; then _preshrkey="$wg_presharedkey"; fi 904 | 905 | if [ "$_endpoint" != "" ]; then 906 | if [ "$_srvpubkey" != "" ]; then 907 | if [ "$_privkey" != "" ]; then 908 | if [ "$_dns" != "" ]; then 909 | if [ "$_ipaddr" != "" ]; then 910 | echo "# $hsautocreate ($snam wg config client)" > $wg_fil 911 | echo "" >> $wg_fil 912 | echo "[Interface]" >> $wg_fil 913 | echo "PrivateKey = $_privkey" >> $wg_fil 914 | echo "Address = $_ipaddr/24" >> $wg_fil 915 | if [ "$_dns" != "" ]; then 916 | echo "DNS = $_dns" >> $wg_fil 917 | fi 918 | echo "" >> $wg_fil 919 | echo "[Peer]" >> $wg_fil 920 | echo "PublicKey = $_srvpubkey" >> $wg_fil 921 | if [ "$_preshrkey" != "" ]; then 922 | echo "PresharedKey = $_preshrkey" >> $wg_fil 923 | fi 924 | echo "Endpoint = $_endpoint" >> $wg_fil 925 | echo "AllowedIPs = 0.0.0.0/0, ::/0" >> $wg_fil 926 | chmod 600 "$wg_fil" 927 | _ret=$? 928 | else 929 | _msgerr "no client address, use hotspot modpar self wg_ipclient \"\"" 930 | fi 931 | else 932 | _msgerr "no dns, use hotspot modpar self wg_dns \"\"" 933 | fi 934 | else 935 | _msgerr "no client private key defined, use hotspot modpar self wg_clientprivkey \"\"" 936 | fi 937 | else 938 | _msgerr "no server public key defined, use hotspot modpar self wg_srvpubkey \"\"" 939 | fi 940 | else 941 | _msgerr "no server Endpoint defined, use hotspot modpar self wg_endpoint \"\"" 942 | fi 943 | return $_ret 944 | } 945 | 946 | function _gi { 947 | # 1:question 2:defaultval 3:mode 948 | getinfo="" 949 | while [ "$getinfo" == "" ]; do 950 | read -p "[?] pls. enter $1: " -r getinfo 951 | case "$3" in 952 | 0) # input can be empty 953 | break 954 | ;; 955 | 1) # use non empty defaultval, if getinfo is empty 956 | if [ "$2" != "" ] && [ "$getinfo" == "" ]; then 957 | getinfo="$2" 958 | break 959 | fi 960 | ;; 961 | esac 962 | done 963 | } 964 | 965 | function wg_ccfg_interactive { 966 | step="wg_ccfg_interactive" 967 | _msg " $step create wireguard client config file $wg_fil" 968 | _msg " $step default values taken from $snam modpar self " 969 | 970 | _gi "[Interface] PrivateKey ($wg_clientprivkey)" "$wg_clientprivkey" "1"; _privkey="$getinfo"; 971 | _gi "[Interface] Address ($wg_ipclient)" "$wg_ipclient" "1"; _ipaddr="$getinfo"; 972 | _gi "[Interface] DNS ($wg_dns)" "$wg_dns" "1"; _dns="$getinfo"; 973 | _gi "[Peer] PublicKey ($wg_srvpubkey)" "$wg_srvpubkey" "1"; _srvpubkey="$getinfo"; 974 | _gi "[Peer] PresharedKey ($wg_presharedkey)" "$wg_presharedkey" "0"; _preshrkey="$getinfo"; 975 | _gi "[Peer] Endpoint ($wg_endpoint)" "$wg_endpoint" "1"; _endpoint="$getinfo"; 976 | 977 | # echo "PrivateKey: $_privkey" 978 | # echo "Address: $_ipaddr" 979 | # echo "DNS: $_dns" 980 | # echo "PublicKey: $_srvpubkey" 981 | # echo "Endpoint: $_endpoint" 982 | # echo "PresharedKey: $_preshrkey" 983 | 984 | wg_ccfg "$_endpoint" "$_ipaddr" "$_dns" "$_privkey" "$_srvpubkey" "$_preshrkey" 985 | _ret=$? 986 | 987 | if [ $_ret -eq 0 ]; then cat $wg_fil; fi 988 | return $_ret 989 | } 990 | 991 | function wg_menu { 992 | _ret=1 993 | case "$1" in 994 | start) 995 | wg_up "$2" "$3" 996 | _ret=$? 997 | ;; 998 | stop) 999 | wg_dwn "$2" "$3" 1000 | _ret=$? 1001 | ;; 1002 | config) 1003 | case "$2" in 1004 | client) 1005 | wg_ccfg_interactive 1006 | _ret=$? 1007 | ;; 1008 | # server) 1009 | # wg_scfg "$3" 1010 | # _ret=$? 1011 | # ;; 1012 | # genkeys) 1013 | # wg_keys "$3" 1014 | # _ret=$? 1015 | # _msgerr "client only" 1016 | # ;; 1017 | *) echo "Usage: $snam wg config [client]" 1018 | esac 1019 | ;; 1020 | *) echo "Usage: $snam wg [start [cfg] | stop [cfg] | config client]" 1021 | esac 1022 | return $_ret 1023 | } 1024 | 1025 | function stop_ap_dev { 1026 | _ret=1 1027 | if [ "$1" != "" ]; then 1028 | ip -force link set dev "$1" down 1029 | ip addr flush dev "$1" 1030 | _ret=$? 1031 | fi 1032 | return $_ret 1033 | } 1034 | 1035 | function inst_ap_dev { 1036 | _ret=1 1037 | if [ "$wap_dev" != "$ap_dev" ] && [ "$wap_dev" != "" ]; then 1038 | _msg " install & check dev $ap_dev drv $wap_drv $wap_cap" 1039 | apnet255=`ip addr show dev "$ap_dev" 2>/dev/null | awk '/inet / { print $4 }'` 1040 | if [ "$ap_subn" != "$apnet255" ]; then 1041 | _msg " assign dev $ap_dev $ap_ipanet on $wap_dev" 1042 | ip -force link set dev "$wap_dev" down 1043 | ip addr flush dev "$wap_dev" 1044 | # sleep 3 1045 | iw dev $wap_dev interface add $ap_dev type __ap 1046 | stop_ap_dev "$ap_dev" 1047 | # ip link set $ap_dev address $ap_devmac 1048 | ip a add "$ap_ipanet" brd + dev "$ap_dev" 1049 | ip link set dev "$ap_dev" up 1050 | fi 1051 | apipn=`ip addr show dev "$ap_dev" 2>/dev/null | awk '/inet / { print $2 }'` 1052 | if [ "$apipn" == "$ap_ipanet" ]; then 1053 | _msg " install dev $ap_dev on $wap_dev done" 1054 | _ret=0 1055 | else 1056 | _msgerr " install dev $ap_dev" 1057 | fi 1058 | fi 1059 | return $_ret 1060 | } 1061 | 1062 | function wlan { 1063 | _ret=1 1064 | if [ "$wl1_avail" != "yes" ]; then wl_dev="$wl0_dev"; else wl_dev="$wl1_dev"; fi 1065 | if [ "$2" != "" ]; then wl_dev="$2"; fi 1066 | case "$1" in 1067 | start) 1068 | _msg " start wlan $wl_dev" 1069 | systemctl restart dhcpcd 1070 | _ret=$? 1071 | # wpa_cli -i $wl_dev reconfigure 1072 | _ret=$? 1073 | ;; 1074 | stop) 1075 | _msg " stop wlan $wl_dev" 1076 | wpa_cli -p $wpactrl -i $wl_dev terminate >/dev/null 2>&1 1077 | _ret=$? 1078 | ;; 1079 | clean) 1080 | _msg " clean wlan $wl_dev" 1081 | wpa_cli terminate >/dev/null 2>&1 1082 | ip addr flush $wl_dev 1083 | ip link set dev $wl_dev down 1084 | rm -r /var/run/wpa_supplicant >/dev/null 2>&1 1085 | _ret=$? 1086 | ;; 1087 | check) 1088 | if [ "$wl_dev" != "" ]; then 1089 | status=`wpa_cli -i $wl_dev status | grep wpa_state` 1090 | if [ "$status" != "wpa_state=COMPLETED" ]; then 1091 | _msgerr " wlan $wl_dev $status" 1092 | else 1093 | _msgsuc " wlan $wl_dev" 1094 | _ret=0 1095 | fi 1096 | fi 1097 | ;; 1098 | *) 1099 | echo "Usage: $snam wlan start|stop|check|clean [$wl0_dev|$wl1_dev]" 1100 | esac 1101 | return $_ret 1102 | } 1103 | 1104 | function do_fwd { 1105 | _ret=1 1106 | case "$1" in 1107 | wipe) 1108 | fwd_wipe "$2" "$3" "$2" 1109 | _ret=$? 1110 | ;; 1111 | inst) 1112 | fwd_do "$2" "$3" "$4" 1113 | _ret=$? 1114 | ;; 1115 | list) 1116 | fwd_list "$2" "$3" "$4" 1117 | _ret=$? 1118 | ;; 1119 | log) 1120 | fwd_log "$2" "$3" "$4" 1121 | _ret=$? 1122 | ;; 1123 | *) 1124 | echo "Usage: $snam fwd wipe | inst | list | log" 1125 | esac 1126 | return $_ret 1127 | } 1128 | 1129 | function do_ovpn { 1130 | _ret=1 1131 | Check_installed_PKG 1132 | if [ -d "$vpngdir" ]; then 1133 | case "$1" in 1134 | start) 1135 | if [ -f "$ovpnfil" ]; then 1136 | _msg " start openvpn on $ovpn_dev" 1137 | ovpn_check_running 1138 | IP4_fwdSet "1" 1139 | _msg " ovpn on $ovpn_dev as service openvpn@$ovpncfg" 1140 | systemctl start openvpn@$ovpncfg 1141 | # wait max. 60sec for tun device gets an IPadr 1142 | i="0" 1143 | ovpn_ip="" 1144 | while [ $i -le 60 ] && [ "$ovpn_ip" == "" ]; do 1145 | sleep 1 1146 | ovpn_ip=`ip addr show dev "$ovpn_dev" 2>/dev/null | awk '/inet / { print $2 }'` 1147 | _msg " ovpn wait for $ovpn_dev to come up" 1148 | i=$[$i+1] 1149 | done 1150 | if [ "$ovpn_ip" != "" ]; then 1151 | _msg " OK ovpn $ovpn_dev $ovpn_ip" 1152 | fwd_do "add" "ovpn" 1153 | fwd_ovpn_part2 "add" "$apperm" 1154 | _ret=$? 1155 | if [ $_ret -eq 0 ]; then checkIP "ovpn"; fi 1156 | # fwd_stat "ovpn" 1157 | else 1158 | _msgerr " ovpn no IPassignment on $ovpn_dev" 1159 | fi 1160 | else 1161 | _msgerr " ovpn no config file found $ovpnfil" 1162 | fi 1163 | ;; 1164 | stop) 1165 | _msg " stop openvpn" 1166 | if [ -f "$ovpnfil" ]; then 1167 | systemctl stop openvpn@$ovpncfg 1168 | fi 1169 | ovpn_check_running 1170 | fwd_do "remove" "ovpn" 1171 | _ret=$? 1172 | fwd_ovpn_part2 "remove" "$apperm" 1173 | _ret=$? 1174 | checkIP "ovpn-OFF" 1175 | ;; 1176 | refresh) 1177 | _msg " refresh openvpn config files" 1178 | ovpn_cfg_dwn 1179 | _ret=$? 1180 | ;; 1181 | *) 1182 | echo "Usage: $snam ovpn start|stop" 1183 | esac 1184 | else 1185 | _msgerr "ovpn not installed" 1186 | fi 1187 | return $_ret 1188 | } 1189 | 1190 | function do_tor { 1191 | _ret=1 1192 | Check_installed_PKG 1193 | if [ -d "$tordir" ]; then 1194 | case "$1" in 1195 | start) 1196 | _msg " start tor" 1197 | fwd_do "add" "tor" 1198 | _ret=$? 1199 | # service dnsmasq stop 1200 | service tor restart 1201 | # if [ $_ret -eq 0 ]; then checkIP "tor"; fi 1202 | _msg " check tor functionality: https://check.torproject.org/" 1203 | # fwd_log all 1204 | # fwd_stat "tor" 1205 | ;; 1206 | stop) 1207 | _msg " stop tor" 1208 | service tor stop 1209 | fwd_do "remove" "tor" 1210 | _ret=$? 1211 | # checkIP "tor-OFF" 1212 | # service dnsmasq restart 1213 | # fwd_log off 1214 | ;; 1215 | *) 1216 | echo "Usage: $snam tor start|stop" 1217 | esac 1218 | else 1219 | _msgerr "tor not installed" 1220 | fi 1221 | return $_ret 1222 | } 1223 | 1224 | function do_syslog { 1225 | if [ "$1" != "" ]; then lins="-A $1"; else lins=""; fi 1226 | tail -500 /var/log/syslog | grep --color -a $lins "${snam}" 1227 | } 1228 | 1229 | function Chan_in_Group { 1230 | _ret=1 1231 | _hlp=$(echo "$1" | grep "$chanw") 1232 | if [ "$_hlp" != "" ]; then _ret=0; fi 1233 | return $_ret 1234 | } 1235 | 1236 | function Chan_Group { 1237 | # determine channels bandwidth group 1238 | case "$chanw" in 1239 | 2|3|4|5|7|8|9|10|12|13) 1240 | changrp="2GHZ-OVRLAP" ;; 1241 | 1|6|11) 1242 | changrp="2GHZ-22MHZ" ;; 1243 | 32|36|40|44|48|52|56|60|64|100|104|108|112|116|120|124|128|132|136|140|144|149|153|157|161|165|169|173) 1244 | changrp="5GHZ-20MHZ" ;; 1245 | 34|38|46|54|62|102|110|118|126|134|142|151|159) 1246 | changrp="5GHZ-40MHZ" ;; 1247 | 42|58|106|122|138|155) 1248 | changrp="5GHZ-80MHZ" ;; 1249 | 50|114) 1250 | changrp="5GHZ-160MHZ" ;; 1251 | *) changrp="" ;; 1252 | esac 1253 | } 1254 | 1255 | function Check_Chan { 1256 | isint "$chanw" 1257 | if [ $? -ne 0 ]; then 1258 | isint "$ch_dflt" 1259 | if [ $? -eq 0 ]; then chanw="$ch_dflt"; else chanw="6"; fi 1260 | fi 1261 | Chan_Group 1262 | } 1263 | 1264 | function Find_Chan { 1265 | # find best (least used) channel 1266 | # Find_Chan "wlan1" "11" "104" "5" 1267 | # hotspot findchan wlan1 2 dbg 1268 | # OUT: chanw changrp 1269 | _ret=1 1270 | chanw="" 1271 | _filter="$4" 1272 | if [ "$1" != "" ] && [ "$3" == "dbg" ]; then 1273 | _dbg=1 1274 | _filter="$2" 1275 | else _dbg=0; fi 1276 | 1277 | case "$_filter" in # valid channels and selection prio 1278 | 2) ch_prio=${ch_2GHz_ovrlap}" "${ch_2GHz_022MHz} ;; 1279 | 5) ch_prio=${ch_5GHz_020MHz}" "${ch_5GHz_040MHz}" "${ch_5GHz_080MHz}" "${ch_5GHz_160MHz} ;; 1280 | *) ch_prio=${ch_5GHz_020MHz}" "${ch_5GHz_040MHz}" "${ch_5GHz_080MHz}" "${ch_5GHz_160MHz}" "${ch_2GHz_ovrlap}" "${ch_2GHz_022MHz} ;; 1281 | esac 1282 | 1283 | if [ "$ch_autofind" -gt "0" ] || [ $_dbg -eq 1 ]; then 1284 | if [ "$1" != "" ]; then 1285 | chanw="$ch_dflt" 1286 | Check_Chan 1287 | fil="/tmp/$1_${_filter}_scan.txt" 1288 | iwlist $1 chan 2>/dev/null | grep -i " : $_filter" | sed 's/ //g' | sed 's/Channel 0//g' | sed 's/Channel //g' | awk -F " " '{ print $1 }' > ${fil}.tmp 1289 | iwlist $1 scan 2>/dev/null | grep -i "Frequency:$_filter" | sort | sed 's/ //g' | sed 's/)//g' | awk -F "hannel " '{ print $2 }' >> ${fil}.tmp 1290 | cat ${fil}.tmp | sort | uniq -c | sed 's/ //g' | sort > $fil 1291 | linr=0 1292 | ch_prio_arr=($ch_prio) 1293 | while read line; do 1294 | linr=$(($linr+1)) 1295 | ch_use=`echo "$line" | awk '{print $1}'` 1296 | ch_num=`echo "$line" | awk '{print $2}'` 1297 | # if [ $_dbg -eq 1 ]; then echo "ch: $ch_num use: $ch_use line: $line"; fi 1298 | # if [ "$linr" -le "1" ]; then chanw="$ch_num"; fi 1299 | if [ $_dbg -eq 1 ]; then echo "linr:$linr foundCH:$chanw"; fi 1300 | idx=0 1301 | while [ "${ch_prio_arr[idx]}" != "" ]; do 1302 | if [ $_dbg -eq 1 ]; then echo "checkChan: ${ch_prio_arr[idx]} chan:$ch_num usecnt:$ch_use"; fi 1303 | if [ "$ch_num" == "${ch_prio_arr[idx]}" ] && [ $ch_use -le 1 ]; then 1304 | chanw="$ch_num" 1305 | _ret=0 1306 | if [ $_dbg -eq 1 ]; then echo "found idx: $idx ch: $chanw use: $ch_use"; fi 1307 | fi 1308 | idx=$(($idx+1)) 1309 | done 1310 | done <<< $(cat $fil) 1311 | fi 1312 | else chanw="$3"; fi 1313 | if [ "$chanw" == "" ]; then chanw="$2"; fi 1314 | if [ "$chanw" == "" ]; then chanw="$ch_dflt"; fi 1315 | Check_Chan 1316 | if [ $_dbg -eq 1 ]; then echo "$_ret channel:$chanw group:$changrp"; fi 1317 | return $_ret 1318 | } 1319 | 1320 | # Tech FreqBand MaxSpeed 1321 | # 802.11a 5GHz 54Mbps obsolete 1322 | # 802.11b 2.4GHz 11Mbps obsolete 1323 | # 802.11g 2.4GHz 54Mbps becoming obsolete 1324 | # 802.11n 2.4 or 5GHz 150Mbps 1325 | # 802.11ac 5GHz 867Mbps 1326 | # 802.11ax 2.4 or 5GHz 1201Mbps 1327 | 1328 | # FreqBand 802.11 Channels 1329 | # 2.4GHz b/g/n/ax up to 14, depends on country 1330 | # 5GHz a/n/ac/ax up to 37, depends on country 1331 | 1332 | function Mdfy_hostapd { 1333 | _ret=1 1334 | if [ "$wap_drv" != "" ]; then 1335 | Mod_Para "hostapd" "driver" "$wap_drv" 1336 | _ret=$? 1337 | fi 1338 | 1339 | _hlp=$(echo "$wap_cap" | grep "VHT") 1340 | if [ "$_hlp" != "" ] && [ $chanw -ge 32 ]; then # 5GHz 1341 | Mod_Para "hostapd" "ieee80211ac" "1" 1342 | _ret=$? 1343 | Mod_Para "hostapd" "require_vht" "1" 1344 | Mod_Para "hostapd" "require_ht" "1" 1345 | Mod_Para "hostapd" "ieee80211n" "1" 1346 | Mod_Para "hostapd" "ieee80211d" "1" # activate country code 1347 | # Mod_Para "hostapd" "ieee80211h" "0" 1348 | else # 2.4GHz 1349 | Mod_Para "hostapd" "ieee80211ac" "0" 1350 | _ret=$? 1351 | Mod_Para "hostapd" "require_vht" "0" 1352 | Mod_Para "hostapd" "require_ht" "0" 1353 | Mod_Para "hostapd" "ieee80211n" "1" 1354 | Mod_Para "hostapd" "ieee80211d" "1" # activate country code 1355 | # Mod_Para "hostapd" "ieee80211h" "0" 1356 | fi 1357 | 1358 | return $_ret 1359 | } 1360 | 1361 | function Mdfy_HWmode { 1362 | _ret=1 1363 | if [ $chanw -le 14 ]; then _hm="g"; else _hm="a"; fi 1364 | if [ $chanw -ge 32 ]; then _att="$chanw (can cause problem)"; else _att="$chanw"; fi 1365 | _msg " select hw_mode $_hm chan $_att" 1366 | 1367 | Mod_Para "hostapd" "hw_mode" "$_hm" 1368 | _ret=$? 1369 | return $_ret 1370 | } 1371 | 1372 | function Mdfy_Chan { 1373 | # 1:msg 2:channel 3:chanh 1374 | _ret=1 1375 | _msg " modify channel strategy: $1 $2 $3" 1376 | chanw="$2" 1377 | Check_Chan 1378 | Mod_Para "hostapd" "channel" "$chanw" 1379 | Mdfy_HWmode 1380 | Mdfy_hostapd 1381 | _ret=$? 1382 | return $_ret 1383 | } 1384 | 1385 | function svc_showstat { 1386 | if [ "$1" != "" ]; then 1387 | msg="`service $1 status | grep -i \"Active:\" | awk -F " " '{ print $2" "$3 }'`" 1388 | _msg "$1 $msg" 1389 | fi 1390 | } 1391 | 1392 | function Hotspot_Start { 1393 | _ret=1 1394 | Check_installed_PKG 1395 | Hotspot_Defines 1396 | ext_ip=`dig txt o-o.myaddr.test.l.google.com @ns1.google.com +short -4 | sed 's/"//g'` 1397 | _msg "starting $snam $hotspotver usr:$usr" 1398 | _msg " extIP router $ext_ip" 1399 | _msg " ETHER $eth_dev $eth_ip" 1400 | _msg " WLANint $wl0_dev $wl0_phy $wl0_ip $wl0_drv $wl0_cap" 1401 | if [ "$wl1_avail" == "yes" ]; then 1402 | _msg " WLANext $wl1_dev $wl1_phy $wl1_ip $wl1_drv $wl1_cap" 1403 | else 1404 | _msg " WLANext no device connected" 1405 | fi 1406 | _msg " APdev $wap_dev $wap_phy $wap_drv $wap_cap" 1407 | 1408 | 1409 | if [ "$ch_autofind" -gt "0" ]; then 1410 | 1411 | chanw="$ch_dflt"; 1412 | Check_Chan 1413 | chanh=`cat "$hostapdf" | awk '/channel=/ { print $1 }' | sed 's/channel=//g'` 1414 | 1415 | if [ "$ap_share" != "yes" ] && \ 1416 | { [ "$wl1_avail" == "yes" ] || [ "$eth_ip" != "" ]; }; then 1417 | Find_Chan "$wap_dev" "$ch_dflt" "$chanh" "$freq_filter" 1418 | _msg " FndChan suggest channel $chanw" 1419 | msg="select channel for ap mode" 1420 | else 1421 | chanw=`iwlist $wap_dev channel | awk '/urrent / { print $5 }' | sed 's/)//g'` 1422 | msg="select same channel for ap & station mode on $wap_dev" 1423 | _msg " UseChan channel $chanw" 1424 | fi 1425 | 1426 | Mdfy_Chan "$msg" "$chanw" "$chanh" 1427 | 1428 | else 1429 | _msg " hostapd conf unattended, para ch_autofind=0" 1430 | fi 1431 | 1432 | if [ "$1" == "nowlan" ]; then wlan stop $wap_dev; fi 1433 | _msg " stop hostapd" 1434 | systemctl stop hostapd 1435 | _msg " stop dnsmasq" 1436 | systemctl stop dnsmasq 1437 | IP4_fwdSet "1" 1438 | inst_ap_dev 1439 | sleep 1 1440 | fwd_do "add" "ap" 1441 | _msg " start hostapd restart" 1442 | systemctl restart hostapd 1443 | _msg " start dnsmasq" 1444 | systemctl restart dnsmasq 1445 | 1446 | if [ "$nodogsplashstart" == "yes" ]; then 1447 | _msg "start captive portal (nodogsplash)" 1448 | nodogsplash 1449 | fi 1450 | 1451 | _vpnmode="" 1452 | if [ "$wgstart" == "yes" ] && [ -d "$wg_top" ]; then _vpnmode="wg"; fi 1453 | if [ "$ovpnstart" == "yes" ] && [ -d "$vpngdir" ]; then _vpnmode="ovpn"; fi 1454 | 1455 | case "$_vpnmode" in 1456 | ovpn) 1457 | if [ "$ovpnrefreshbeforestart" == "yes" ]; then ovpn_refresh; fi 1458 | # _msgdat "ovpn start" 1459 | do_ovpn start 1460 | ret=$? 1461 | ;; 1462 | wg) 1463 | wg_up 1464 | ret=$? 1465 | ;; 1466 | *) 1467 | fwd_def remove interface "$ovpn_dev" "$2" "$ovpnzone" "Hotspot_Start" 1468 | fwd_def remove interface "$wg_dev" "$2" "$wgzone" "Hotspot_Start" 1469 | fwd_if add "$apperm" 1470 | _ret=$? 1471 | ;; 1472 | esac 1473 | 1474 | if [ "$torstart" == "yes" ]; then 1475 | do_tor start "$apperm" 1476 | _ret=$? 1477 | fi 1478 | 1479 | svc_showstat dnsmasq 1480 | svc_showstat hostapd 1481 | # _msg "started $snam" 1482 | return $_ret 1483 | } 1484 | 1485 | function Hotspot_Try { 1486 | _ret=1 1487 | Check_installed_PKG 1488 | echo "trying $snam $hotspotver usr:$usr" 1489 | # wait max. 15sec for wlan0 gets an IPadr from DHCP if eth0 is not connected 1490 | i="0" 1491 | while [ $i -le 15 ] && [ "$wl0_ip" == "" ] && [ "$eth_ip" == "" ]; do 1492 | sleep 1 1493 | Hotspot_Defines 1494 | _msg " dhcp wait for IPadr on $wl0_dev $wl0_ip" 1495 | # Show_Defines 1496 | i=$[$i+1] 1497 | done 1498 | if [ "$wl0_ip" == "" ]; then 1499 | _msgerr " dhcp no IPassignment on $wl0_dev" 1500 | fi 1501 | if [ "$hs_try" == "yes" ] && [ "$ap_share" != "yes" ]; then 1502 | _msg " try $snam" 1503 | Hotspot_Start nowlan 1504 | _ret=$? 1505 | else 1506 | if [ "$ap_share" == "yes" ]; then 1507 | if [ "$wl0_subn" != "" ] && [ "$wl0_subn" != "$ap_subn" ]; then 1508 | _msg " ap&sta on $wl0_dev start $snam in parallel to station mode" 1509 | _msg " (not supported, use eth0 or additional usb wlan adaptor wlan1)" 1510 | # _msg " starting $snam, maybe this will fail" 1511 | Hotspot_Start wlan 1512 | _ret=$? 1513 | else 1514 | _msgerr " subnet conflict $eth_dev $eth_subn $wl0_dev $wl0_subn $ap_dev $ap_subn" 1515 | fi 1516 | else 1517 | _msg " param ap_share not set to yes" 1518 | fi 1519 | fi 1520 | qrcode_on_oled "try" "$acc_info" 1521 | return $_ret 1522 | } 1523 | 1524 | function Hotspot_Stop { 1525 | _ret=1 1526 | Check_installed_PKG 1527 | _msg "stopping all ovpn instances" 1528 | ovpn_check_running 1529 | _msg "stopping $snam" 1530 | _msg " stop hostapd" 1531 | systemctl stop hostapd 1532 | sleep 2 1533 | _msg " stop dnsmasq" 1534 | systemctl stop dnsmasq 1535 | IP4_fwdSet "0" 1536 | fwd_do "remove" "ap" 1537 | _ret=$? 1538 | sleep 2 1539 | if [ "$1" != "nowlan" ]; then 1540 | systemctl daemon-reload 1541 | wlan start $wl0_dev 1542 | sleep 10 1543 | fi 1544 | _msg " link down dev $ap_dev" 1545 | stop_ap_dev "$ap_dev" 1546 | _ret=$? 1547 | iw dev $ap_dev del 1548 | _msg "stopped $snam" 1549 | return $_ret 1550 | } 1551 | 1552 | function Setup_rclocal { 1553 | fil="/etc/rc.local" 1554 | fil2="/etc/issue" 1555 | fil_bck "$fil" "$bckext" 1556 | fil_bck "$fil2" "$bckext" 1557 | _msg "create $fil" 1558 | cat < "$fil" 1559 | #!/bin/sh -e 1560 | # $hsautocreate 1561 | 1562 | # Print the IP address 1563 | _IP=\$(hostname -I) || true 1564 | if [ "\$_IP" ]; then 1565 | printf "IP %s\nRaspbian GNU/Linux\n" "\$_IP" > /etc/issue 1566 | else 1567 | printf "Raspbian GNU/Linux\n" > /etc/issue 1568 | fi 1569 | 1570 | exit 0 1571 | EOF 1572 | chmod 750 "$fil" 1573 | } 1574 | 1575 | function Setup_ServiceFile { 1576 | fil="/lib/systemd/system/$snam.service" 1577 | fil_bck "$fil" "$bckext" 1578 | _msg "create $fil" 1579 | cat < "$fil" 1580 | [Unit] 1581 | Description=$snam 1582 | After=network.target syslog.target 1583 | Wants=network.target 1584 | 1585 | [Service] 1586 | Type=oneshot 1587 | WorkingDirectory=/usr/local/sbin 1588 | ExecStart=/usr/local/sbin/$snam try 1589 | StandardOutput=journal 1590 | StandardError=journal 1591 | SyslogIdentifier=$snam 1592 | #StandardOutput=file:/tmp/$snam.log 1593 | #StandardError=file:/tmp/$snam.log 1594 | 1595 | [Install] 1596 | WantedBy=multi-user.target 1597 | EOF 1598 | chmod 644 "$fil" 1599 | } 1600 | 1601 | function Setup_sysctlconf { 1602 | fil="/etc/sysctl.conf" 1603 | fil_bck "$fil" "$bckext" 1604 | # net.ipv4.ip_forward=1 1605 | grep -q -F "net.ipv4.ip_forward=" $fil || echo "net.ipv4.ip_forward=" >> $fil 1606 | sed -r -i 's/net\.ipv4\.ip_forward[ ]*=.*/net\.ipv4\.ip_forward=1/g' $fil 1607 | sed -r -i 's/#net\.ipv4\.ip_forward=1/net\.ipv4\.ip_forward=1/g' $fil 1608 | } 1609 | 1610 | function Setup_dhcpcdconf { 1611 | fil="/etc/dhcpcd.conf" 1612 | fil_bck "$fil" "$bckext" 1613 | _msg "create $fil" 1614 | cat < "$fil" 1615 | hostname 1616 | clientid 1617 | persistent 1618 | option rapid_commit 1619 | option domain_name_servers, domain_name, domain_search, host_name 1620 | option classless_static_routes 1621 | option ntp_servers 1622 | option interface_mtu 1623 | require dhcp_server_identifier 1624 | slaac private 1625 | 1626 | timeout 25 1627 | 1628 | denyinterfaces ap0 1629 | interface ap0 1630 | nohook wpa_supplicant 1631 | #static ip_address=10.3.141.1/24 1632 | EOF 1633 | chmod 664 "$fil" 1634 | chown root:netdev "$fil" 1635 | } 1636 | 1637 | function Setup_dnsmasqconf { 1638 | _dir="/etc/${snam}" 1639 | if [ ! -d "$_dir" ]; then 1640 | mkdir -p $_dir >/dev/null 2>&1 1641 | chmod 755 "$_dir" 1642 | fi 1643 | 1644 | _dir="/etc/dnsmasq.d" 1645 | if [ ! -d "$_dir" ]; then 1646 | mkdir -p $_dir >/dev/null 2>&1 1647 | chmod 755 "$_dir" 1648 | fi 1649 | 1650 | fil="/etc/dnsmasq.conf" 1651 | _okdir=`cat "$fil" | awk -F "conf-dir=" '{print $2}'` 1652 | if [ "$_dir" != "$_okdir" ]; then 1653 | fil_bck "$fil" "$bckext" 1654 | echo "conf-dir=$_dir" > $fil 1655 | chmod 644 "$fil" 1656 | fi 1657 | 1658 | rm "$_dir/*_${snam}*" 2>/dev/null 1659 | 1660 | fil="$_dir/01_${snam}.conf" 1661 | # fil_bck "$fil" "$bckext" 1662 | _msg "create $fil" 1663 | cat < "$fil" 1664 | # $hsautocreate 1665 | 1666 | # interface=$ap_dev # Use $snam interface 1667 | no-dhcp-interface=eth0,wlan0 # Don't use these interfaces 1668 | listen-address=$ap_ip # Explicitly specify the $snam address to listen on 1669 | listen-address=127.0.0.1 # Explicitly specify localhost ip4 1670 | bind-interfaces # Bind to the interface to make sure we aren't sending things elsewhere 1671 | domain-needed # Don't forward short names 1672 | # bogus-priv # Never forward addresses in the non-routed address spaces 1673 | 1674 | local-ttl=2 1675 | local-service 1676 | localise-queries 1677 | 1678 | # ========== [ nameserver ] ========== 1679 | 1680 | no-hosts # Do not read /etc/hosts 1681 | # Read additional hosts-file (not only /etc/hosts) to add entries into DNS 1682 | # addn-hosts=/etc/${snam}/dnsmasq_static_hosts.list 1683 | expand-hosts 1684 | domain=$ns_dom 1685 | local=/$ns_dom/$ap_ip 1686 | 1687 | # Host & PTR & Reverse 1688 | host-record=$hostn.$ns_dom,$ap_ip 1689 | server=/$ap_revnet.in-addr.arpa/$ap_ip 1690 | ptr-record=$ap_revip.in-addr.arpa,$hostn.$ns_dom 1691 | 1692 | # ========== [ dhcp ] ========== 1693 | 1694 | dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:* 1695 | dhcp-mac=set:client_is_a_pi,DC:A6:32:*:*:* 1696 | dhcp-reply-delay=tag:client_is_a_pi,2 1697 | 1698 | dhcp-range=$ap_net.50,$ap_net.199,255.255.255.0,12h 1699 | dhcp-option=option:router,$ap_ip 1700 | # dhcp-option=option:ntp-server,$ap_ip 1701 | 1702 | dhcp-option=vendor:MSFT,2,1i # Tell MS Windows to release a lease on shutdown 1703 | dhcp-option=44,$ap_ip # set netbios-over-TCP/IP aka WINS 1704 | dhcp-option=45,$ap_ip # netbios datagram distribution server 1705 | dhcp-option=46,8 # netbios node type 1706 | dhcp-option=252,"\n" # REQUIRED to get win7 to behave 1707 | dhcp-option=160,http://10.3.141.1/index.html # RFC 7710 1708 | 1709 | # DHCPv4 Should be set when dnsmasq is definitely the only DHCP server on a network 1710 | # dhcp-authoritative 1711 | # DHCPv4 Server will attempt to ensure that an address is not in use before allocating it to a host 1712 | # no-ping 1713 | 1714 | # ========== [ etc ] ========== 1715 | 1716 | log-facility=/var/log/syslog 1717 | # log-queries 1718 | # log-dhcp 1719 | log-async 1720 | EOF 1721 | chmod 644 "$fil" 1722 | 1723 | fil="$_dir/05_${snam}_captiveportal.conf" 1724 | if [ "$dnsmasqcpf" == "yes" ]; then 1725 | # fil_bck "$fil" "$bckext" 1726 | _msg "create $fil" 1727 | cat < "$fil" 1728 | # $hsautocreate 1729 | 1730 | # Captive Portal 1731 | # DNS Internet Connectivity Test Domains 1732 | # redirect all requests 1733 | #address=/#/$ap_ip 1734 | # specific platform redirects 1735 | # Android 1736 | address=/clients1.google.com/$ap_ip 1737 | address=/clients3.google.com/$ap_ip 1738 | address=/connectivitycheck.android.com/$ap_ip 1739 | address=/connectivitycheck.gstatic.com/$ap_ip 1740 | # IOS 1741 | address=/captive.apple.com/$ap_ip 1742 | # WIN 1743 | address=/www.msftconnecttest.com/$ap_ip 1744 | address=/dns.msftncsi.com/$ap_ip 1745 | address=/www.msftncsi.com/$ap_ip 1746 | # Mozilla Firefox, Mozilla Thunderbird, SeaMonkey 1747 | address=/detectportal.firefox.com/$ap_ip 1748 | 1749 | # DHCP 1750 | #dhcp-option=160,$ap_cauri # RFC 7710 1751 | EOF 1752 | chmod 644 "$fil" 1753 | else 1754 | rm "$fil" >/dev/null 2>&1 1755 | fi 1756 | } 1757 | 1758 | function Setup_hostapddflt { 1759 | fil="/etc/default/hostapd" 1760 | fil_bck "$fil" "$bckext" 1761 | _msg "create $fil" 1762 | cat < "$fil" 1763 | #RUN_DAEMON=yes 1764 | DAEMON_CONF="/etc/hostapd/hostapd.conf" 1765 | EOF 1766 | chmod 600 "$fil" 1767 | } 1768 | 1769 | #ieee80211ac : 5GHz 1770 | #ieee80211n 1771 | #ieee80211d: amendment to the IEEE 802.11 1772 | 1773 | function Setup_hostapdconf { 1774 | fil="/etc/hostapd/hostapd.conf" 1775 | fil_bck "$fil" "$bckext" 1776 | _msg "create $fil" 1777 | cat < "$fil" 1778 | ctrl_interface=/var/run/hostapd 1779 | ctrl_interface_group=0 1780 | interface=$ap_dev 1781 | driver=nl80211 1782 | ignore_broadcast_ssid=0 1783 | ap_isolate=0 1784 | 1785 | channel=6 1786 | hw_mode=g 1787 | 1788 | country_code=$spot_cntry2 1789 | 1790 | ssid=$spot_ssid 1791 | wpa_passphrase=$spot_psk 1792 | 1793 | wpa=2 1794 | wpa_key_mgmt=WPA-PSK 1795 | rsn_pairwise=CCMP 1796 | 1797 | require_ht=0 1798 | ieee80211n=1 1799 | ieee80211d=0 1800 | ieee80211h=0 1801 | ieee80211ac=1 1802 | require_vht=0 1803 | 1804 | wmm_enabled=1 1805 | macaddr_acl=0 1806 | auth_algs=1 1807 | 1808 | logger_syslog=-1 1809 | logger_syslog_level=4 1810 | logger_stdout=-1 1811 | logger_stdout_level=4 1812 | EOF 1813 | _msg "$snam: setting default (pls. adjust ssid, wpa_passphrase, country_code and REGDOMAIN)" 1814 | Mdfy_Chan "select default channel" 1815 | Mod_Para "hostapd" "ssid" "$spot_ssid" 1816 | Mod_Para "hostapd" "wpa_passphrase" "$spot_psk" 1817 | Mod_Para "hostapd" "country_code" "$spot_cntry2" 1818 | Mod_Para "crda" "REGDOMAIN" "$spot_cntry2" 1819 | chmod 640 "$fil" 1820 | } 1821 | 1822 | function Setup_torcfg { 1823 | if [ -d "$tordir" ]; then 1824 | fil="$torcfg" 1825 | fil_bck "$fil" "$bckext" 1826 | _msg "create $fil" 1827 | cat < "$fil" 1828 | #Log debug file /var/log/tor/debug.log 1829 | #Log notice syslog 1830 | Log notice stderr 1831 | #VirtualAddrNetwork $tor_subn 1832 | VirtualAddrNetworkIPv4 $tor_subn 1833 | #AutomapHostsSuffixes .onion,.exit 1834 | AutomapHostsOnResolve 1 1835 | TransPort ${ap_ip}:${tor_trans_port} 1836 | DNSPort ${ap_ip}:${tor_dns_port} 1837 | EOF 1838 | chmod 644 "$fil" 1839 | touch /var/log/tor-notices.log >/dev/null 2>&1 1840 | chown debian-tor /var/log/tor-notices.log >/dev/null 2>&1 1841 | chmod 644 /var/log/tor-notices.log >/dev/null 2>&1 1842 | fi 1843 | } 1844 | 1845 | function Hotspot_Setup { 1846 | _msg "Setup $snam $1 $2 ..." 1847 | if [ "$1" != "noswpkg" ]; then 1848 | _msg "install sw packages" 1849 | apt-get -qy update 1850 | apt-get -qy install iw firewalld hostapd dnsmasq fbi wget ethtool qrencode $aptaddinstlist 1851 | ovpn_refresh 1852 | fi 1853 | # disable/stop services. starting by script if needed 1854 | systemctl disable dnsmasq.service >/dev/null 2>&1 1855 | systemctl stop dnsmasq.service >/dev/null 2>&1 1856 | systemctl disable openvpn.service >/dev/null 2>&1 1857 | systemctl stop openvpn.service >/dev/null 2>&1 1858 | systemctl unmask hostapd.service >/dev/null 2>&1 1859 | systemctl disable hostapd.service >/dev/null 2>&1 1860 | systemctl stop hostapd.service >/dev/null 2>&1 1861 | update-rc.d tor disable >/dev/null 2>&1 1862 | service tor stop >/dev/null 2>&1 1863 | 1864 | bckext=`date +"%Y%m%d%H%M%S"` 1865 | 1866 | Setup_rclocal $1 $2 1867 | # Setup_sysctlconf $1 $2 1868 | Setup_dhcpcdconf $1 $2 1869 | Setup_dnsmasqconf $1 $2 1870 | Setup_hostapddflt $1 $2 1871 | Setup_hostapdconf $1 $2 1872 | Setup_torcfg $1 $2 1873 | Setup_ServiceFile $1 $2 1874 | Hotspot_Enable $1 $2 1875 | } 1876 | 1877 | ret=0 1878 | Hotspot_Defines 1879 | case "$opt1" in 1880 | try) 1881 | Hotspot_Try "$opt2" 1882 | ret=$? 1883 | ;; 1884 | start) 1885 | Hotspot_Start "$opt2" 1886 | ret=$? 1887 | ;; 1888 | stop) 1889 | Hotspot_Stop "$opt2" 1890 | ret=$? 1891 | ;; 1892 | enable) 1893 | Hotspot_Enable "$opt2" 1894 | ;; 1895 | disable) 1896 | Hotspot_Disable "$opt2" 1897 | ;; 1898 | startmode) 1899 | case "$opt2" in 1900 | try) 1901 | if [ "$autostart" == "yes" ]; then 1902 | echo "ERR: since V0.960 not needed, started by systemd" 1903 | # Hotspot_Try "$opt3" 1904 | fi 1905 | ret=1 1906 | ;; 1907 | start) 1908 | if [ "$autostart" == "yes" ]; then 1909 | echo "ERR: since V0.960 not needed, started by systemd" 1910 | # Hotspot_Start "$opt3" 1911 | fi 1912 | ret=1 1913 | ;; 1914 | *) 1915 | echo "$autostart" 1916 | ;; 1917 | esac 1918 | ;; 1919 | restart) 1920 | Hotspot_Stop nowlan 1921 | echo " 20sec settle time" 1922 | sleep 20 1923 | Hotspot_Start "$opt2" 1924 | ret=$? 1925 | ;; 1926 | retry) 1927 | Hotspot_Stop nowlan 1928 | echo " 20sec settle time" 1929 | sleep 20 1930 | Hotspot_Try "$opt2" 1931 | ret=$? 1932 | ;; 1933 | wlan) 1934 | wlan "$opt2" "$opt3" 1935 | ;; 1936 | modpar) 1937 | Mod_Para "$opt2" "$opt3" "$opt4" 1938 | ;; 1939 | setchan) 1940 | Mdfy_Chan "given_by_cli" "$opt2" "given_by_cli" 1941 | ;; 1942 | findchan) 1943 | Find_Chan "$opt2" "$opt3" "dbg" 1944 | ;; 1945 | setup) 1946 | Hotspot_Setup "$opt2" "$opt3" 1947 | ;; 1948 | syslog) 1949 | do_syslog "$opt2" 1950 | ;; 1951 | tor) 1952 | do_tor "$opt2" 1953 | ;; 1954 | ovpn) 1955 | do_ovpn "$opt2" 1956 | ;; 1957 | wg) 1958 | wg_menu "$opt2" "$opt3" "$opt4" 1959 | ;; 1960 | fwd) 1961 | do_fwd "$opt2" "$opt3" "$opt4" 1962 | ;; 1963 | qrcode) 1964 | # echo "qrcode_on_oled $acc_info" 1965 | qrcode_on_oled "interactive" "$acc_info" 1966 | ;; 1967 | version) 1968 | echo "$hotspotver" 1969 | ;; 1970 | status) 1971 | Hotspot_Status 1972 | ;; 1973 | dbg) 1974 | Show_Defines "$opt2" "$opt3" "$opt4" 1975 | ;; 1976 | *) 1977 | echo "Usage: $snam try | start [nowlan] | stop [nowlan] | enable | disable | retry | restart [nowlan] | status | setup | setchan [channel] | syslog [lines] | fwd [wipe|install|list] | tor [start|stop] | ovpn [start|stop|refresh] | wg [start|stop|config] | modpar [value] | version | dbg | qrcode | wlan start|stop|check|clean [$wl0_dev|$wl1_dev]" 1978 | esac 1979 | exit $ret 1980 | -------------------------------------------------------------------------------- /noderedsetup: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # V0.1 3 | set +e 4 | snam="noderedsetup" 5 | 6 | # default params for hotspot 7 | hnam="pumpcentral" 8 | hpwd="hallohallo" 9 | # 10 | 11 | function ipt_flush { 12 | logger -s -t $snam " iptables flush" 13 | iptables -t nat -F 14 | iptables -t mangle -F 15 | iptables -t nat -X 16 | iptables -t mangle -X 17 | iptables -t raw -F 18 | iptables -t raw -X 19 | iptables -F 20 | iptables -X 21 | } 22 | 23 | function ipt_chains { 24 | logger -s -t $snam " iptables chains" 25 | iptables -P INPUT ACCEPT 26 | iptables -P OUTPUT ACCEPT 27 | iptables -P FORWARD ACCEPT 28 | } 29 | 30 | function hostname_change { 31 | if [ "$1" != "" ]; then 32 | logger -s -t $snam " set hostname to $1" 33 | fil="/etc/hosts" 34 | sed -r -i '/^127.0.1.1/d' $fil 35 | echo -e "127.0.1.1 \t$1" >> $fil 36 | /usr/bin/hostnamectl set-hostname $1 37 | else 38 | logger -s -t $snam " ERR: hostname_change wrong param $1" 39 | fi 40 | } 41 | 42 | function hotspot_setup { 43 | if [ "$1" != "" ]; then 44 | logger -s -t $snam " hotspot setup" 45 | sudo cp /usr/local/sbin/hotspot /usr/local/sbin/hotspot_old > /dev/null 46 | sudo rm /usr/local/sbin/hotspot > /dev/null 47 | wget https://raw.githubusercontent.com/rudiratlos/hotspot/master/hotspot -O /usr/local/sbin/hotspot > /dev/null 2>&1 48 | sudo chmod +x /usr/local/sbin/hotspot > /dev/null 49 | # hotspot setup noswpkg 50 | hotspot setup 51 | hotspot modpar hostapd ssid "$1" 52 | hotspot modpar hostapd wpa_passphrase "$2" 53 | # hotspot modpar hostapd country DE 54 | else 55 | logger -s -t $snam " ERR: hotspot_setup wrong param $1 $2" 56 | fi 57 | } 58 | 59 | function mqtt_setup { 60 | logger -s -t $snam " mqtt setup" 61 | sudo apt install -y build-essential mosquitto mosquitto-clients 62 | sudo systemctl enable mosquitto.service 63 | } 64 | 65 | function nodered_setup { 66 | # doc: https://nodered.org/docs/hardware/raspberrypi 67 | logger -s -t $snam " node-red setup (give 3x y)" 68 | bash <(curl -sL https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/update-nodejs-and-nodered) 69 | sudo systemctl enable nodered.service 70 | sudo wget https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/nodered.service -O /lib/systemd/system/nodered.service > /dev/null 2>&1 71 | sudo wget https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-start -O /usr/bin/node-red-start > /dev/null 2>&1 72 | sudo wget https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/node-red-stop -O /usr/bin/node-red-stop > /dev/null 2>&1 73 | sudo chmod +x /usr/bin/node-red-st* > /dev/null 74 | sudo systemctl daemon-reload 75 | # npm i node-red/node-red-dashboard 76 | } 77 | 78 | logger -s -t $snam " start install (required: fresh raspbian image)..." 79 | sudo apt-get -qy update 80 | sudo apt-get -qy install curl 81 | #ipt_flush 82 | #ipt_chains 83 | hostname_change "$hnam" 84 | hotspot_setup "$hnam" "$hpwd" 85 | mqtt_setup 86 | nodered_setup 87 | logger -s -t $snam " end install..." 88 | logger -s -t $snam "if everything went well, pls. reboot" 89 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # hotspot 2 | 3 | shell script for setup and management of hotspot (hostapd) functions on rpi platform 4 | 5 | functions: 6 | 7 | - try 8 | - start 9 | - stop 10 | - restart 11 | - enable 12 | - disable 13 | - retry 14 | - status 15 | - setup 16 | - setchan [channel] 17 | - syslog [lines] 18 | - fwd [wipe|install|list] 19 | - ovpn [start|stop|refresh] 20 | - wg [start|stop|config] 21 | - tor [start|stop] 22 | - version 23 | - wlan [start|stop] 24 | - modpar \ \ [value] 25 | - automatic start at boot process by systemd 26 | 27 | will use onboard wlan adaptor for hotspot functionality and\ 28 | the on board ethernet port or an optional external usb wlan adaptor (e.g. EW-7811Un Realtek RTL8188CUS)\ 29 | for internet access. 30 | 31 | best wlan channel for hotspot functionality will be determined automatically by least used frequency spectrum. 32 | 33 | support for vpns: wireguard and openvpn\ 34 | support for tor 35 | 36 | create .ovpn config files for free openvpn server taken from [https://www.vpngate.net](https://www.vpngate.net) 37 | 38 | actions will be logged in syslog\ 39 | pls. see examples in troubleshooting section. 40 | 41 | new hotspot version is using firewalld. 42 | 43 | for full installation and setup sequence, pls. see **installation and setup** section at the bottom of this file 44 | 45 | # fwd 46 | 47 | is a small script, that allows to have a jump start with firewalld 48 | 49 | ## installation 50 | 51 | rpi login as root required 52 | 53 | ~~~bash 54 | root:# cd /usr/local/sbin 55 | root:# wget -qN https://raw.githubusercontent.com/rudiratlos/hotspot/master/hotspot 56 | root:# chmod +x hotspot 57 | root:# apt-get update 58 | root:# apt-get upgrade 59 | ~~~ 60 | 61 | ## setup 62 | 63 | will install all required packages (e.g. iw tor openvpn wireguard hostapd dnsmasq),\ 64 | setting parameters and create config files: 65 | 66 | - /etc/sysctl.conf (activate line net.ipv4.ip_forward=1) 67 | - /etc/rc.local 68 | - /etc/issues 69 | - /etc/dhcpcd.conf 70 | - /etc/dnsmasq.conf 71 | - /etc/default/hostapd 72 | - /etc/hostapd/hostapd.conf 73 | - /etc/tor/torrc 74 | - /etc/wireguard/ 75 | - /etc/openvpn/ 76 | 77 | Existing files will be backed up with a date extension (YYYYMMDDhhmmss). 78 | 79 | ~~~bash 80 | hotspot setup 81 | hotspot try 82 | ~~~ 83 | 84 | above command sequence will create a hotspot with following default parameter: 85 | 86 | ssid: \wlan-\ (e.g. RPIwlan-abcdef)\ 87 | pwd: hallohallo\ 88 | country: DE 89 | 90 | 91 | next commands will create all config files and adjusts parameter to your environment. 92 | 93 | ~~~bash 94 | hotspot setup 95 | hotspot modpar hostapd ssid myHotspotID 96 | hotspot modpar hostapd wpa_passphrase myHotspotPassword 97 | hotspot modpar hostapd country_code SE 98 | hotspot modpar crda REGDOMAIN SE 99 | 100 | hotspot try 101 | ~~~ 102 | 103 | ### tor opvn install disable 104 | 105 | before executing **hotspot setup** command, \ 106 | you can disable the installation of tor and/or ovpn package by modifying the ***aptaddinstlist*** variable. 107 | 108 | ~~~bash 109 | hotspot modpar self aptaddinstlist "tor" # install tor only 110 | hotspot modpar self aptaddinstlist "openvpn" # install openvpn only 111 | hotspot modpar self aptaddinstlist "wireguard" # install wireguard only 112 | hotspot modpar self aptaddinstlist "tor openvpn wireguard" # install all three (default) 113 | hotspot modpar self aptaddinstlist "" # do not install vpns 114 | ~~~ 115 | 116 | ## enable 117 | 118 | enable hotspot service 119 | 120 | hotspot will be started by systemd service \ 121 | control file: /lib/systemd/system/hotspot.service \ 122 | the service will be started at boot stage where \ 123 | network interfaces are available. \ 124 | If autostart variable is set to "yes", hotspot will be tried to start. 125 | 126 | Older versions (V0.960), hotspot was started by rc.local 127 | 128 | ~~~bash 129 | hotspot enable 130 | ~~~ 131 | 132 | ## disable 133 | 134 | disable hotspot service 135 | 136 | ~~~bash 137 | hotspot disable 138 | ~~~ 139 | 140 | ## start 141 | 142 | start all hotspot associated functions: 143 | 144 | - terminate connection on wlan0 145 | - create device ap0 and assign IP addr 146 | - start dnsmasq 147 | - start hostapd 148 | 149 | ~~~bash 150 | hotspot start 151 | ~~~ 152 | 153 | ## try 154 | 155 | will start hotspot if following condition is met: 156 | 157 | - wlan0 or eth0 not connected 158 | - wlan0 and eth0 IP addresses are on same IP subnet (wlan0 connection will be stopped) 159 | 160 | ~~~bash 161 | hotspot try 162 | ~~~ 163 | 164 | ## stop [nowlan] 165 | 166 | stop hotspot functions: 167 | 168 | - stop hostapd 169 | - stop dnsmasq 170 | - optional: restart wlan 171 | 172 | ~~~bash 173 | hotspot stop 174 | ~~~ 175 | 176 | ## restart 177 | 178 | executes following hotspot sequence: 179 | 180 | - hotspot stop nowlan 181 | - sleep some seconds (settling time) 182 | - hotspot start 183 | 184 | ~~~bash 185 | hotspot restart 186 | ~~~ 187 | 188 | ## retry 189 | 190 | executes following hotspot sequence: 191 | 192 | - hotspot stop nowlan 193 | - sleep some seconds (settling time) 194 | - hotspot try 195 | 196 | ~~~bash 197 | hotspot retry 198 | ~~~ 199 | 200 | ## modpar 201 | 202 | change parameter value in config file 203 | 204 | format: 205 | hotspot modpar \ \ [value] 206 | 207 | ~~~ 208 | file selector: 209 | dnsmasq /etc/dnsmasq.conf 210 | hostapd /etc/hostapd/hostapd.conf 211 | self /usr/local/sbin/hotspot 212 | 213 | name parameter name 214 | value parameter value 215 | ~~~ 216 | 217 | examples: 218 | ~~~bash 219 | hotspot modpar hostapd ssid myHotspotID # set parameter ssid=myHotspotID 220 | hotspot modpar hostapd country_code DE # set parameter country_code=DE 221 | ~~~ 222 | 223 | ### special hostapd parameter 224 | 225 | #### autostart 226 | 227 | During boot process systemd service hotspot.service will look for \ 228 | file content ***autostart="yes"*** in /usr/local/sbin/hotspot and will execute **hotspot try** command.\ 229 | 230 | V0.960: This is not needed anymore, use ***hotspot enable/disable*** command. 231 | 232 | ~~~bash 233 | hotspot modpar self autostart yes # enable autostart (default) 234 | hotspot modpar self autostart no # disable autostart 235 | ~~~ 236 | 237 | #### ovpnstart 238 | 239 | start openvpn automatically 240 | 241 | ~~~bash 242 | hotspot modpar self ovpnstart yes # enable ovpnstart 243 | hotspot modpar self ovpnstart no # disable ovpnstart (default) 244 | ~~~ 245 | 246 | adjust specific openvpn parameter 247 | 248 | ~~~bash 249 | hotspot modpar self ovpn_dev tun3 # change ovpn device for firewalld 250 | ~~~ 251 | 252 | to work correctly, ovpn_dev has to be the same, that is defined in .ovpn config file (parameter dev). 253 | 254 | #### torstart 255 | 256 | start tor service automatically 257 | 258 | ~~~bash 259 | hotspot modpar self torstart yes # enable torstart 260 | hotspot modpar self torstart no # disable torstart (default) 261 | ~~~ 262 | 263 | #### wgstart 264 | 265 | start wireguard service automatically 266 | 267 | ~~~bash 268 | hotspot modpar self wgstart yes # enable wgstart 269 | hotspot modpar self wgstart no # disable wgstart (default) 270 | ~~~ 271 | 272 | ## openvpn (user specific) 273 | 274 | copy myconfig.ovpn file to /etc/openvpn/myconfig.conf 275 | 276 | ~~~bash 277 | cp myconfig.ovpn /etc/openvpn/myconfig.conf 278 | hotspot modpar self ovpncfg myconfig 279 | hotspot modpar self ovpnrefreshbeforestart no 280 | hotspot modpar self ovpnstart yes 281 | ~~~ 282 | 283 | pls. assure, that the your config file (/etc/openvpn/myconfig.conf) has the extension .conf\ 284 | and set parameter 'ovpncfg myconfig'\ 285 | the script will start a service **openvpn@myconfig** 286 | 287 | ## openvpn (vpngate) 288 | 289 | start, stop openvpn or refresh .ovpn files from vpngate.net **experimental**\ 290 | refresh will download the CSV list of free openvpn server and will create .ovpn files.\ 291 | server from these countries will be used, defined by **ovpnsel** parameter: **AT CH DE ES FR GB JP KR SC TW US** 292 | out of these, the server with the highest score is defined in /etc/openvpn/client/vpngate_bestscore.ovpn\ 293 | and will be copied to **/etc/openvpn/hotspot.conf** and used as default openvpn config file.\ 294 | the script will start a service **openvpn@hotspot** if parameter **ovpncfg** is set to **hotspot** 295 | 296 | pls. see ***ovpnstart*** parameter for automatic starting openvpn and modifying parameter 297 | 298 | ~~~bash 299 | hotspot modpar self ovpncfg hotspot # set default config name 300 | hotspot ovpn start # start openvpn service 301 | hotspot ovpn stop # stop openvpn service (default) 302 | hotpsot ovpn refresh # recreate .ovpn config files 303 | ~~~ 304 | 305 | ## tor 306 | 307 | start or stop tor service **experimental**\ 308 | pls. see ***torstart*** parameter for automatic starting tor service. 309 | 310 | ~~~bash 311 | hotspot tor start # start tor service 312 | hotspot tor stop # stop tor service 313 | ~~~ 314 | 315 | ## wireguard (experimental) 316 | 317 | setup example for wg client, which should connect to remote wireguard server (wg.example.com:51820) 318 | 319 | ~~~bash 320 | # set default values 321 | hotspot modpar self wg_clientprivkey "uME..EGE=" # [Interface] PrivateKey 322 | hotspot modpar self wg_srvpubkey "URS..PQY=" # [Peer] PublicKey 323 | hotspot modpar self wg_presharedkey "6Oo..qOs=" # [Peer] PresharedKey or leave blank 324 | hotspot modpar self wg_endpoint "wg.example.com:51820" # [Peer] Endpoint 325 | hotspot modpar self wgstart yes # will start wireguard tunnel at startup 326 | 327 | hotspot wg config client # create interactively wg config file /etc/wireguard/wg0.conf 328 | 329 | hotspot wg start # start wireguard service 330 | hotspot wg stop # stop wireguard service 331 | ~~~ 332 | 333 | ## syslog [lines] 334 | 335 | show hotspot related syslog entries 336 | 337 | ~~~bash 338 | hotspot syslog 339 | hotspot syslog 5 340 | ~~~ 341 | 342 | ## version 343 | 344 | show hotspot script version 345 | 346 | ~~~bash 347 | hotspot version 348 | ~~~ 349 | 350 | ## installation and setup 351 | 352 | rpi login as root required 353 | 354 | ~~~bash 355 | root:# cd /usr/local/sbin 356 | 357 | root:# cp hotspot hotspot.old # if you want to keep it 358 | root:# rm hotspot # just remove old hotspot script 359 | root:# wget -qN https://raw.githubusercontent.com/rudiratlos/hotspot/master/hotspot 360 | root:# chmod +x hotspot 361 | 362 | root:# cp fwd fwd.old # if you want to keep it 363 | root:# wget -qN https://raw.githubusercontent.com/rudiratlos/hotspot/master/fwd 364 | root:# chmod +x fwd 365 | 366 | root:# apt-get update 367 | root:# apt-get upgrade # optional 368 | 369 | root:# hotspot setup 370 | 371 | root:# hotspot modpar hostapd ssid myHotspotID 372 | root:# hotspot modpar hostapd wpa_passphrase myHotspotPassword 373 | root:# hotspot modpar hostapd country_code SE 374 | root:# hotspot modpar crda REGDOMAIN SE 375 | root:# hotspot modpar self autostart yes # optional autostart enable 376 | 377 | root:# reboot # if autostart enable or use hotspot try 378 | ~~~ 379 | 380 | ## troubleshooting 381 | 382 | syslog will be used as log utility 383 | 384 | ~~~bash 385 | hotspot syslog 386 | tail -500 /var/log/syslog | grep -a "hotspot" 387 | cat /var/log/syslog | grep -a "hotspot" 388 | ~~~ 389 | 390 | these commands will show 5 log entries of involved SW packages caused by hotspot command sequence 391 | 392 | ~~~bash 393 | hotspot syslog 5 394 | tail -500 /var/log/syslog | grep -a -A 5 "hotspot" 395 | cat /var/log/syslog | grep -a -A 5 "hotspot" 396 | ~~~ 397 | --------------------------------------------------------------------------------