├── configs ├── blocked.hosts ├── passwd.add ├── lan.hosts ├── shadow.add ├── fstab ├── profile.add ├── adblock.urls ├── adblock.domains └── dnsmasq.conf.add ├── scripts ├── services-stop ├── wan-start ├── nat-start ├── post-mount ├── services-start ├── init-start └── firewall-start ├── pxe ├── ipxe.pxe ├── ipxe-x32.efi ├── ipxe-x64.efi ├── undionly.kpxe ├── undionly.pxe ├── snponly-x32.efi ├── snponly-x64.efi └── undionly.kkpxe ├── .gitignore ├── library ├── openvpn-ap.up ├── openvpn-ap.down ├── openvpn ├── cronjobs ├── update-adblock-hosts ├── udhcpc-vlan4 ├── openvpn-eu.down ├── voip-vlan ├── isolate-guest-wifi ├── offload-jffs └── openvpn-eu.up ├── README.md └── LICENSE /configs/blocked.hosts: -------------------------------------------------------------------------------- 1 | 192.168.254.254 iadsdk.apple.com 2 | 3 | -------------------------------------------------------------------------------- /configs/passwd.add: -------------------------------------------------------------------------------- 1 | root:x:501:501:admin:/root: 2 | 3 | 4 | -------------------------------------------------------------------------------- /scripts/services-stop: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | /opt/etc/init.d/rc.unslung stop 4 | -------------------------------------------------------------------------------- /pxe/ipxe.pxe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/ipxe.pxe -------------------------------------------------------------------------------- /pxe/ipxe-x32.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/ipxe-x32.efi -------------------------------------------------------------------------------- /pxe/ipxe-x64.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/ipxe-x64.efi -------------------------------------------------------------------------------- /pxe/undionly.kpxe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/undionly.kpxe -------------------------------------------------------------------------------- /pxe/undionly.pxe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/undionly.pxe -------------------------------------------------------------------------------- /pxe/snponly-x32.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/snponly-x32.efi -------------------------------------------------------------------------------- /pxe/snponly-x64.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/snponly-x64.efi -------------------------------------------------------------------------------- /pxe/undionly.kkpxe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/the-darkvoid/AsusWRT-Merlin-AC87U/HEAD/pxe/undionly.kkpxe -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | library/openvpn-ap.conf 2 | library/openvpn-eu.conf 3 | scripts/unmount 4 | syslog* 5 | jffs.tar.gz 6 | 7 | -------------------------------------------------------------------------------- /configs/lan.hosts: -------------------------------------------------------------------------------- 1 | # Internal lan hosts 2 | 3 | ### Configure your internal hosts here 4 | ### ex. 5 | ### 192.168.10.10 nas.lan 6 | -------------------------------------------------------------------------------- /configs/shadow.add: -------------------------------------------------------------------------------- 1 | # Insert root shadow account here - 2 | # Ex. root::0:0:99999:7:0:0: -------------------------------------------------------------------------------- /configs/fstab: -------------------------------------------------------------------------------- 1 | UUID=548a473a-b855-422f-bfd1-d1d1d366163d /tmp/mnt/sda ext4 rw,nodev,noatime,barrier=1,stripe=128,data=writeback 0 0 2 | 3 | -------------------------------------------------------------------------------- /scripts/wan-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Delay until pppd is active 4 | sleep 60 5 | 6 | ### OpenVPN Clients 7 | . /jffs/library/openvpn 8 | -------------------------------------------------------------------------------- /scripts/nat-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### VoIP vlan 4 | . /jffs/library/voip-vlan 5 | 6 | ### Isolate guest wifi 7 | . /jffs/library/isolate-guest-wifi 8 | -------------------------------------------------------------------------------- /scripts/post-mount: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ $1 = "/tmp/mnt/sda" ] 4 | then 5 | mount -o remount /tmp/mnt/sda 6 | ln -nsf $1/entware.arm /tmp/opt 7 | fi 8 | 9 | . /jffs/library/offload-jffs 10 | 11 | -------------------------------------------------------------------------------- /scripts/services-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #### Initialize Entware 4 | sleep 10 5 | /opt/etc/init.d/rc.unslung start 6 | 7 | . /jffs/library/cronjobs 8 | 9 | #### Kill tftpd and restart dnsmasq for tftp 10 | killall tftpd 11 | service restart_dnsmasq 12 | -------------------------------------------------------------------------------- /scripts/init-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### Create mount points for USB 4 | mkdir -p /tmp/mnt/sda 5 | 6 | ### Create br1 interface for dnsmasq to listen (172.16.0.1) 7 | brctl addbr br1 8 | ip address add 172.16.0.1/24 broadcast 172.16.0.255 dev br1 9 | ip link set up dev br1 10 | 11 | -------------------------------------------------------------------------------- /library/openvpn-ap.up: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Enable machines behind the router to access the clients in VPN network 4 | /usr/sbin/iptables -I POSTROUTING -t nat -o $dev -j MASQUERADE 5 | 6 | # Enable the clients in the VPN network to access the router 7 | /usr/sbin/iptables -I INPUT -t filter -i $dev -j ACCEPT 8 | -------------------------------------------------------------------------------- /library/openvpn-ap.down: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Disable machines behind the router to access the clients in VPN network 4 | /usr/sbin/iptables -D POSTROUTING -t nat -o $dev -j MASQUERADE 5 | 6 | # Disable the clients in the VPN network to access the router 7 | /usr/sbin/iptables -D INPUT -t filter -i $dev -j ACCEPT 8 | 9 | -------------------------------------------------------------------------------- /library/openvpn: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### OpenVPN Clients 4 | 5 | # Install tun device 6 | modprobe tun 7 | 8 | # Load Asia-Pacific VPN 9 | /usr/sbin/openvpn --config /jffs/library/openvpn-ap.conf --daemon 10 | 11 | # Load Europe VPN 12 | /usr/sbin/openvpn --config /jffs/library/openvpn-eu.conf --daemon 13 | 14 | -------------------------------------------------------------------------------- /configs/profile.add: -------------------------------------------------------------------------------- 1 | # Coloured command prompt 2 | export PS1='\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' 3 | export PS2='> ' 4 | export PS4='+ ' 5 | 6 | # Coloured directory/file listings 7 | alias ls='ls --color=auto' 8 | 9 | # Prevent nano from wrapping long lines 10 | alias nano='/opt/bin/nano -w -c' 11 | 12 | -------------------------------------------------------------------------------- /configs/adblock.urls: -------------------------------------------------------------------------------- 1 | http://winhelp2002.mvps.org/hosts.txt 2 | http://someonewhocares.org/hosts/zero/hosts 3 | http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&startdate[day]=&startdate[month]=&startdate[year]=&mimetype=plaintext&useip=0.0.0.0 4 | 5 | http://www.malwaredomainlist.com/hostslist/hosts.txt 6 | http://hosts-file.net/ad_servers.txt 7 | 8 | -------------------------------------------------------------------------------- /library/cronjobs: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #### Configure cron jobs 4 | # Rotate log files daily 5 | cru a logrotate "0 0 * * * /opt/sbin/logrotate /opt/etc/logrotate.conf &>/dev/null" 6 | # Reboot the router at 4am 7 | cru a ScheduledReboot "0 4 * * * /sbin/reboot" 8 | # Update adblock hosts once a week at 3am 9 | cru a UpdateHosts "0 3 * * 1 /jffs/scripts/update-hosts" 10 | -------------------------------------------------------------------------------- /configs/adblock.domains: -------------------------------------------------------------------------------- 1 | (local|localhost|.302br.net|.2o7.net|.51yes.com|.intellitxt.com|.hitbox.com|.go2cloud.org|.adnxs.com|.adk2.co|.liveadvert.com|.mydas.mobi|.ivwbox.de|.spylog.com|.doubleclick.net|.vmsn.de|.paycount.com|.2mdn.net|.2cnt.net|.focalink.com|.webtrekk.net|.247realmedia.com|.adtech.fr|.zedo.com|.am15.net|.sextracker.com|.fastclick.net|.esomniture.com|.sitemeter.com|.adtech.de|.adform.net) 2 | -------------------------------------------------------------------------------- /scripts/firewall-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Redirect traffic to 192.168.254.254 (non-existent) into pixelserv 4 | iptables -t nat -I PREROUTING --dest 192.168.254.254 -p tcp -m multiport --dport 80,443 -j DNAT --to-dest 192.168.10.1:8080 5 | 6 | # Asterisk TLS listening port 7 | iptables -I INPUT -p udp --destination-port 41002 -j ACCEPT 8 | # Asterisk RTP UDP ports 9 | iptables -I INPUT -p udp --destination-port 19000:20000 -j ACCEPT 10 | -------------------------------------------------------------------------------- /library/update-adblock-hosts: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ROOT=/jffs/configs 4 | 5 | # Update latest adblock hosts, replacing 0.0.0.0 / 127.0.0.1 with our adblock server ip of 192.168.254.254 6 | wget -qO- -i ${ROOT}/adblock.urls | grep '^0.0.0.0\|^127.0.0.1' | grep -E -v -f ${ROOT}/adblock.domains | sed $'s/\r$//;s/0.0.0.0\|127.0.0.1/192.168.254.254/' | sort -u > ${ROOT}/adblock.hosts 7 | sleep 5 8 | 9 | # Reload dnsmasq hosts 10 | killall -HUP dnsmasq 11 | -------------------------------------------------------------------------------- /library/udhcpc-vlan4: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ -z "$1" ] && echo "Error: should be called from udhcpc" && exit 1 3 | 4 | ifconfig $interface up 5 | 6 | [ -n "$broadcast" ] && BROADCAST="broadcast $broadcast" 7 | [ -n "$subnet" ] && NETMASK="netmask $subnet" 8 | 9 | case "$1" in 10 | deconfig) 11 | /sbin/ifconfig $interface 0.0.0.0 12 | ;; 13 | 14 | renew|bound) 15 | /sbin/ifconfig $interface $ip $BROADCAST $NETMASK 16 | 17 | if [ -n "$router" ] ; then 18 | # Apply additional routing instructions here 19 | fi 20 | 21 | ;; 22 | esac 23 | 24 | exit 0 25 | -------------------------------------------------------------------------------- /library/openvpn-eu.down: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Disable machines behind the router to access the clients in VPN network 4 | /usr/sbin/iptables -D POSTROUTING -t nat -o $dev -j MASQUERADE 5 | 6 | # Disable the clients in the VPN network to access the router 7 | /usr/sbin/iptables -D INPUT -t filter -i $dev -j ACCEPT 8 | 9 | # 10 | # Delete and table 100 and flush any existing rules if they exist. 11 | # 12 | ip route flush table 100 13 | ip route del default table 100 14 | ip rule del fwmark 1 table 100 15 | ip route flush cache 16 | iptables -t mangle -F PREROUTING 17 | 18 | 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AsusWRT-Merlin-AC87U 2 | 3 | This repository contains a sample script and configuration setup for the [Asus RT-AC87U](https://www.asus.com/Networking/RTAC87U/) running [AsusWRT Merlin](http://asuswrt.lostrealm.ca). 4 | 5 | Some of the features are: 6 | * Separated guest WiFi (DHCP and DNS access only) - [source](http://www.snbforums.com/threads/ac56u-how-to-add-bridges-with-dhcp-servers.20326/#post-189032) 7 | * Off-loading JFFS to USB stick - [source](http://www.snbforums.com/threads/jffs-usb-offloading.24884/) 8 | * Pixelserv and dnsmasq to block advertisement domains - [source](http://www.snbforums.com/threads/pixelserv-a-better-one-pixel-webserver-for-adblock.26114/) 9 | * Network PXE booting with iPXE 10 | * LAN port 4 as additional DHCP WAN port 11 | * Custom dual OpenVPN tunnel and policy based routing - [source](http://www.snbforums.com/threads/openvpn-selective-routing-and-port-forwarding.25383/) 12 | -------------------------------------------------------------------------------- /library/voip-vlan: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | if [ -z "$(pidof udhcpc)" ] 4 | then 5 | ### Place physical port 4 into a seperate VLAN 4 6 | # Physical ports 1-3 on vlan 1 7 | robocfg vlan 1 ports "2 3 5u 7t" 8 | # Physical port 4 to vlan 4 9 | robocfg vlan 4 ports "1 7t" 10 | # Add vlan 4 to eth0 11 | ip link add link eth0 name eth0.4 type vlan id 4 12 | # Enable interface vlan 4 13 | ip link set dev eth0.4 address AC:9E:17:94:B0:44 14 | ip link set dev eth0.4 up 15 | # Set appropriate firewall rules for new eth0.4 16 | iptables -I FORWARD -i eth0.4 -m state --state NEW -j ACCEPT 17 | iptables -I FORWARD -i eth0.4 -o br0 -m state --state NEW -j DROP 18 | iptables -I FORWARD -i br0 -o eth0.4 -m state --state NEW -j DROP 19 | iptables -I INPUT -i eth0.4 -j ACCEPT 20 | 21 | ### Use dhcp to request an ip for vlan 4 22 | udhcpc --background --interface eth0.4 /var/run/udhcpc-vlan4.pid --script /jffs/library/udhcpc-vlan4 23 | fi 24 | 25 | -------------------------------------------------------------------------------- /library/isolate-guest-wifi: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # get list of configured guest wireless networks 4 | Guest24=`nvram get wl0_vifs` 5 | Guest5=`nvram get wl1_vifs` 6 | # 7 | # Move all Guest wireless to br1 8 | # attempt to move wireless guest fails (no security only works) until restart of eapd below 9 | # 10 | lan1names="" 11 | 12 | # Drop any new connections from guest wifi to the router 13 | iptables -I INPUT -i br1 -m state --state NEW -j DROP 14 | # Allow guest wifi to access DHCP 15 | iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT 16 | # Allow guest wifi to access DNS 17 | iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT 18 | iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT 19 | 20 | # Set appropriate firewall rules for new br1 21 | iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT 22 | iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP 23 | iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP 24 | 25 | for GuestWifiDevice in $Guest24 $Guest5 26 | do 27 | brctl delif br0 $GuestWifiDevice 28 | brctl addif br1 $GuestWifiDevice 29 | # add name to list with preceding blank 30 | lan1names="$lan1names $GuestWifiDevice" 31 | done 32 | 33 | # brctl show 34 | 35 | # if guest wifi moved, set some nvram variables and restart eapd to fix security 36 | if [ "x$lan1names" != "x" ] 37 | then 38 | nvram set lan_ifnames="vlan1 eth1 wifi0" 39 | nvram set lan_ifname="br0" 40 | # 41 | nvram set lan1_ifnames="`echo $lan1names | sed 's/^[ \t]*//;s/[ \t]*$//'`" 42 | nvram set lan1_ifname="br1" 43 | # 44 | # nvram show | grep -i ifname | grep -i lan 45 | # 46 | # restart eapd 47 | killall eapd 48 | eapd 49 | fi 50 | 51 | -------------------------------------------------------------------------------- /configs/dnsmasq.conf.add: -------------------------------------------------------------------------------- 1 | # Additional DNS masq options 2 | proxy-dnssec 3 | domain-needed 4 | 5 | except-interface=ppp* 6 | except-interface=tun* 7 | except-interface=eth0.4 8 | 9 | # Enable TFTP server 10 | enable-tftp=br0 11 | tftp-root=/jffs/pxe 12 | tftp-lowercase # Convert all filenames to lowercase 13 | tftp-secure # Allow only files owned by dnsmasq process 14 | tftp-no-blocksize # Disable blocksize for buggy clients 15 | 16 | # filenames, the first loads iPXE, and the second tells iPXE what to 17 | # load. The dhcp-match sets the ipxe tag for requests from iPXE. 18 | # Important Note: the 'set:' and 'tag:!ipxe' syntax requires dnsmasq 2.53 or above. 19 | dhcp-match=set:ipxe,175 # iPXE sends a 175 option. 20 | 21 | dhcp-match=set:legacy,option:client-arch,0 22 | dhcp-match=set:efi-32,option:client-arch,6 23 | dhcp-match=set:efi-64,option:client-arch,7 24 | 25 | dhcp-boot=tag:efi-32,tag:!ipxe,snponly-x32.efi 26 | dhcp-boot=tag:efi-64,tag:!ipxe,snponly-x64.efi 27 | dhcp-boot=tag:legacy,tag:!ipxe,undionly.kpxe 28 | 29 | # iPXE issues a second DHCP request and we then serve boot.ipxe over http 30 | dhcp-boot=http://nas.lan:8000/pxe/boot.ipxe 31 | 32 | # Add additional host entries 33 | # - Local network 34 | addn-hosts=/jffs/configs/lan.hosts 35 | # - Blocked hosts 36 | addn-hosts=/jffs/configs/blocked.hosts 37 | # - Blocked advertisement hosts 38 | addn-hosts=/jffs/configs/adblock.hosts 39 | 40 | # Issue ip addresses in 172.16.0.10 - 172.16.0.50 on guest wifi 41 | interface=br1 42 | dhcp-range=tag:br1,172.16.0.10,172.16.0.50,255.255.255.0,1440m 43 | dhcp-option=tag:br1,3,172.16.0.1 44 | 45 | # Block well-known level 2 ad server domains 46 | address=/.302br.net/192.168.254.254 47 | address=/.2o7.net/192.168.254.254 48 | address=/.51yes.com/192.168.254.254 49 | address=/.intellitxt.com/192.168.254.254 50 | address=/.hitbox.com/192.168.254.254 51 | address=/.go2cloud.org/192.168.254.254 52 | address=/.adnxs.com/192.168.254.254 53 | address=/.adk2.co/192.168.254.254 54 | address=/.liveadvert.com/192.168.254.254 55 | address=/.mydas.mobi/192.168.254.254 56 | address=/.ivwbox.de/192.168.254.254 57 | address=/.spylog.com/192.168.254.254 58 | address=/.doubleclick.net/192.168.254.254 59 | address=/.vmsn.de/192.168.254.254 60 | address=/.paycount.com/192.168.254.254 61 | address=/.2mdn.net/192.168.254.254 62 | address=/.2cnt.net/192.168.254.254 63 | address=/.focalink.com/192.168.254.254 64 | address=/.webtrekk.net/192.168.254.254 65 | address=/.247realmedia.com/192.168.254.254 66 | address=/.adtech.fr/192.168.254.254 67 | address=/.zedo.com/192.168.254.254 68 | address=/.am15.net/192.168.254.254 69 | address=/.sextracker.com/192.168.254.254 70 | address=/.fastclick.net/192.168.254.254 71 | address=/.esomniture.com/192.168.254.254 72 | address=/.sitemeter.com/192.168.254.254 73 | address=/.adtech.de/192.168.254.254 74 | address=/.adform.net/192.168.254.254 75 | -------------------------------------------------------------------------------- /library/offload-jffs: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # post-mount script designed to offload jffs to usb. 4 | # 1. Create folder with name "jffs" under mount usb disk. 5 | # 2. Create this script as /jffs/scripts/post-mount, chmod a+x it so it can be executed. 6 | # 3. Be sure to check that 'Enable JFFS custom scripts and configs' is enabled under Administration->System. 7 | # 4. Create symbolic link /jffs/scripts/unmount to /jffs/scripts/post-mount. 8 | # 5. Reboot router. 9 | 10 | IFS=$'\n' 11 | 12 | JFFS_DISK=$(mount | grep -i jffs | awk '{print $1}') 13 | # Abort if we don't have a jffs mount point to begin with. 14 | if [ -z "$JFFS_DISK" ]; then 15 | logger -s "No JFFS mount point detected, aborting USB->JFFS." 16 | exit 1 17 | fi 18 | 19 | MNT=$1 20 | 21 | CUR_DISK=$(mount | grep -i $MNT | awk '{print $1}') 22 | 23 | if [ "$JFFS_DISK" == "$CUR_DISK" ]; then 24 | ORIG_JFFS=$(cat $MNT/.jffs_sync/orig_jffs.map 2>/dev/null) 25 | if [ -z "$ORIG_JFFS" ]; then 26 | logger -s "Couldn't locate original jffs mount point: $1/.jffs_sync/orig_jffs.map." 27 | exit 1 28 | fi 29 | umount -f /jffs 30 | mount -t jffs2 -o rw,noatime $ORIG_JFFS /jffs 31 | fi 32 | 33 | # Return if we don't find a jffs folder. 34 | if [ -z "$(find $MNT -name jffs 2>/dev/null)" ]; then 35 | logger -s "Couldn't locate jffs folder, skipping $1 as JFFS->USB." 36 | exit 1 37 | fi 38 | 39 | if [ -z "$(find $MNT -name .jffs_sync)" ]; then 40 | logger -s "Cloning JFFS to USB. ($1)" 41 | mkdir $MNT/.jffs_sync 42 | cp -pr /jffs/* $MNT/jffs/ 43 | echo $(mount | grep jffs | awk '{print $1}' ) > $MNT/.jffs_sync/orig_jffs.map 44 | echo $(ls -l $MNT/jffs/scripts | md5sum) > $MNT/.jffs_sync/scripts.md5 45 | echo $(ls -l $MNT/jffs/configs | md5sum) > $MNT/.jffs_sync/configs.md5 46 | echo $(ls -l $MNT/jffs/library | md5sum) > $MNT/.jffs_sync/library.md5 47 | fi 48 | 49 | update_folder () 50 | { 51 | DEPTH=$(echo $1 | grep -o "/" | wc -l) 52 | DEPTH=$((DEPTH+1)) 53 | DEST=$(echo $1 | cut -d'/' -f${DEPTH} ) 54 | LAST=$(cat $MNT/.jffs_sync/$DEST.md5 2>/dev/null) 55 | CUR=$(ls -l $MNT/jffs/$DEST | md5sum) 56 | 57 | if [ "$CUR" == "$LAST" ]; then 58 | return 59 | fi 60 | 61 | # Update files from USB to JFFS. 62 | for FILE in $(ls $1); do 63 | USB_FILE=$(md5sum $1/$FILE 2>/dev/null | awk '{print $1}') 64 | JFFS_FILE=$(md5sum /jffs/$DEST/$FILE 2>/dev/null | awk '{print $1}') 65 | 66 | if [ "$USB_FILE" != "$JFFS_FILE" ]; then 67 | logger -s "USB->JFFS Sync: Copying $1/$FILE to /jffs/$DEST." 68 | cp -pf $1/$FILE /jffs/$DEST/ 69 | if [ "$DEST" == "scripts" ]; then 70 | chmod a+x /jffs/$DEST/$FILE 71 | fi 72 | fi 73 | done 74 | 75 | # Remove files not found on USB. 76 | for FILE in $(ls /jffs/$DEST); do 77 | if [ -z "$(find $1/$FILE 2>/dev/null)" ]; then 78 | logger -s "USB->JFFS Sync: Erasing '$FILE' from /jffs/$DEST." 79 | rm -rf /jffs/$DEST/$FILE 80 | fi 81 | done 82 | echo $(ls -l /jffs/$DEST | md5sum) > $MNT/.jffs_sync/$DEST.md5 83 | } 84 | 85 | update_folder $MNT/jffs/scripts 86 | update_folder $MNT/jffs/configs 87 | update_folder $MNT/jffs/library 88 | 89 | # If this is not an unmount, unmount jffs and remount the usb jffs. 90 | if [ -z $(echo "$0" | grep "unmount") ]; then 91 | umount -l /jffs 92 | mount -o rbind $1/jffs /jffs 93 | fi 94 | -------------------------------------------------------------------------------- /library/openvpn-eu.up: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Enable machines behind the router to access the clients in VPN network 4 | /usr/sbin/iptables -I POSTROUTING -t nat -o $dev -j MASQUERADE 5 | 6 | # Enable the clients in the VPN network to access the router 7 | /usr/sbin/iptables -I INPUT -t filter -i $dev -j ACCEPT 8 | 9 | # This script configures "selective" VPN routing. Normally Tomato will route ALL traffic out 10 | # the OpenVPN tunnel. These changes to iptables allow some outbound traffic to use the VPN, and some 11 | # traffic to bypass the VPN and use the regular Internet instead. 12 | # 13 | # To list the current rules on the router, issue the command: 14 | # iptables -t mangle -L PREROUTING 15 | # 16 | # Flush/reset all the rules to default by issuing the command: 17 | # iptables -t mangle -F PREROUTING 18 | # 19 | 20 | # 21 | # First it is necessary to disable Reverse Path Filtering on all 22 | # current and future network interfaces: 23 | # 24 | for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do 25 | echo 0 > $i 26 | done 27 | 28 | # 29 | # Delete and table 100 and flush any existing rules if they exist. 30 | # 31 | ip route flush table 100 32 | ip route del default table 100 33 | ip rule del fwmark 1 table 100 34 | ip route flush cache 35 | iptables -t mangle -F PREROUTING 36 | 37 | # 38 | # Copy all non-default and non-PPP related routes from the main table into table 100. 39 | # Then configure table 100 to route all traffic out the VPN gateway and assign it mark "1" 40 | # 41 | # NOTE: Here I assume the OpenVPN tunnel is named "tun0". 42 | # 43 | # 44 | ip route show table main | grep -Ev ^default | grep -Ev ppp \ 45 | | while read ROUTE ; do 46 | ip route add table 100 $ROUTE 47 | done 48 | ##ip route add default table 100 via $(nvram get wan_gateway_get) 49 | ip route add default table 100 via $route_vpn_gateway 50 | ip route add $route_network_1 table 100 via $route_vpn_gateway 51 | ip rule add fwmark 1 table 100 52 | ip route flush cache 53 | 54 | # 55 | # Define the routing policies for the traffic. The rules will be applied in the order that they 56 | # are listed. In the end, packets with MARK set to "0" will pass through the WAN. If MARK is set 57 | # to "1" it will route through the VPN. 58 | # 59 | # EXAMPLES: 60 | # 61 | # All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can configure exceptions afterwards) 62 | # iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 0 63 | # Ports 80 and 443 will bypass the VPN 64 | # iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 0 65 | # All traffic from a particular computer on the LAN will use the VPN 66 | # iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 1 67 | # All traffic to a specific Internet IP address will use the VPN 68 | # iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 1 69 | # All UDP and ICMP traffic will bypass the VPN 70 | # iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 0 71 | # iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 0 72 | 73 | # By default all traffic bypasses the VPN 74 | iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 0 75 | 76 | # Traffic to the VPN network itself should go through the VPN 77 | iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 192.168.200.0-192.168.200.255 -j MARK --set-mark 1 78 | 79 | # pbs.gigaset.net & sip.gigaset.net explicitly uses the VPN 80 | iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 148.251.0.0-148.251.255.255 -j MARK --set-mark 1 81 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | {description} 294 | Copyright (C) {year} {fullname} 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | 341 | --------------------------------------------------------------------------------