· 7 years ago · Jan 25, 2019, 09:32 AM
1##### Info: /etc/banner #####
2# ____ _ ___ ____ _(_)_
3# | _ \ _ _| |_ / _ \/ ___| (_)@(_)
4# | |_) | | | | __| | | \___ \ /(_)
5# | _ <| |_| | |_| |_| |___) | \|/
6# |_| \_\\__,_|\__|\___/|____/ \|/
7#
8#Teltonika RUT9XX 2014 - 2018
9#
10##### Info: /proc/cpuinfo #####
11#system type : Atheros AR9344 rev 3
12#machine : TELTONIKA TLT-RUT900
13#processor : 0
14#cpu model : MIPS 74Kc V4.12
15#BogoMIPS : 274.02
16#wait instruction : yes
17#microsecond timers : yes
18#tlb_entries : 32
19#extra interrupt vector : yes
20#hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
21#isa : mips1 mips2 mips32r1 mips32r2
22#ASEs implemented : mips16 dsp dsp2
23#shadow register sets : 1
24#kscratch registers : 0
25#package : 0
26#core : 0
27#VCED exceptions : not available
28#VCEI exceptions : not available
29#
30##### Info: /etc/openwrt_release #####
31#cat: can't open '/etc/openwrt_release': No such file or directory
32##### Info: sysupgrade -l #####
33#Collected errors:
34# * file_sha256sum_alloc: Failed to open file /etc/quagga/bgpd.conf: No such file or directory.
35# * file_sha256sum_alloc: Failed to open file /etc/quagga/ospfd.conf: No such file or directory.
36# * file_sha256sum_alloc: Failed to open file /etc/quagga/ripd.conf: No such file or directory.
37#/etc/chilli.conf
38#/etc/config/.directory
39#/etc/config/auto_update
40#/etc/config/blocklist
41#/etc/config/call_utils
42#/etc/config/cam_monitoring
43#/etc/config/cli
44#/etc/config/coovachilli
45#/etc/config/data_limit
46#/etc/config/ddns
47#/etc/config/ddos
48#/etc/config/dhcp
49#/etc/config/dropbear
50#/etc/config/easycwmp
51#/etc/config/events_reporting
52#/etc/config/eventslog_report
53#/etc/config/firewall
54#/etc/config/fstab
55#/etc/config/gps
56#/etc/config/gre_tunnel
57#/etc/config/hostblock
58#/etc/config/hotspot_scheduler
59#/etc/config/hwinfo
60#/etc/config/ioman
61#/etc/config/kmod_man
62#/etc/config/landingpage
63#/etc/config/load_balancing
64#/etc/config/logtrigger
65#/etc/config/luci
66#/etc/config/mdcollectd
67#/etc/config/modbus
68#/etc/config/mosquitto
69#/etc/config/mqtt_pub
70#/etc/config/multiwan
71#/etc/config/network
72#/etc/config/ntpclient
73#/etc/config/ntpserver
74#/etc/config/openvpn
75#/etc/config/operctl
76#/etc/config/output_control
77#/etc/config/overview
78#/etc/config/p910nd
79#/etc/config/periodic_reboot
80#/etc/config/ping_reboot
81#/etc/config/portscan
82#/etc/config/pptpd
83#/etc/config/privoxy
84#/etc/config/profiles
85#/etc/config/qos
86#/etc/config/quagga
87#/etc/config/racoon
88#/etc/config/radius
89#/etc/config/reregister
90#/etc/config/rms_connect
91#/etc/config/rms_connect_timer
92#/etc/config/rpcd
93#/etc/config/rs
94#/etc/config/samba
95#/etc/config/sim_idle_protection
96#/etc/config/sim_switch
97#/etc/config/simcard
98#/etc/config/smpp_config
99#/etc/config/sms_gateway
100#/etc/config/sms_utils
101#/etc/config/smscollect
102#/etc/config/snmpd
103#/etc/config/static_arp
104#/etc/config/strongswan
105#/etc/config/stunnel
106#/etc/config/system
107#/etc/config/teltonika
108#/etc/config/ucitrack
109#/etc/config/uhttpd
110#/etc/config/upnpd
111#/etc/config/usb_to_serial
112#/etc/config/vrrpd
113#/etc/config/wget_reboot
114#/etc/config/wireless
115#/etc/config/xl2tpd
116#/etc/default/snmpd
117#/etc/dnsmasq.conf
118#/etc/dropbear/dropbear_rsa_host_key
119#/etc/easy-rsa/openssl-1.0.cnf
120#/etc/easy-rsa/vars
121#/etc/firewall.user
122#/etc/freeradius2/acct_users
123#/etc/freeradius2/clients.conf
124#/etc/freeradius2/eap.conf
125#/etc/freeradius2/modules/chap
126#/etc/freeradius2/modules/exec
127#/etc/freeradius2/modules/files
128#/etc/freeradius2/modules/mschap
129#/etc/freeradius2/modules/pap
130#/etc/freeradius2/modules/radutmp
131#/etc/freeradius2/modules/realm
132#/etc/freeradius2/modules/sradutmp
133#/etc/freeradius2/preproxy_users
134#/etc/freeradius2/proxy.conf
135#/etc/freeradius2/radiusd.conf
136#/etc/freeradius2/sites/default
137#/etc/freeradius2/users
138#/etc/group
139#/etc/hosts
140#/etc/init.d/luci_fixtime
141#/etc/inittab
142#/etc/iproute2/rt_tables
143#/etc/ipsec.user
144#/etc/openvpn/auth
145#/etc/openvpn/auth-pam.sh
146#/etc/openvpn/tlt_ca.crt
147#/etc/opkg.conf
148#/etc/opkg/customfeeds.conf
149#/etc/passwd
150#/etc/ppp/chap-secrets
151#/etc/ppp/filter
152#/etc/ppp/options
153#/etc/ppp/options.pptpd
154#/etc/ppp/options.xl2tpd
155#/etc/pptpd.conf
156#/etc/profile
157#/etc/quagga/bgpd.conf
158#/etc/quagga/ospfd.conf
159#/etc/quagga/ripd.conf
160#/etc/quagga/zebra.conf
161#/etc/rc.d/K10auto_update
162#/etc/rc.d/K10ddns
163#/etc/rc.d/K10port_event_checker_init
164#/etc/rc.d/K10quagga
165#/etc/rc.d/K39limit_guard
166#/etc/rc.d/K40mdcollectd
167#/etc/rc.d/K50dropbear
168#/etc/rc.d/K51gsmd
169#/etc/rc.d/K51gsmd-usb
170#/etc/rc.d/K51ledsman
171#/etc/rc.d/K51ntpserver
172#/etc/rc.d/K56chilli
173#/etc/rc.d/K89log
174#/etc/rc.d/K90network
175#/etc/rc.d/K95luci_fixtime
176#/etc/rc.d/K97modem
177#/etc/rc.d/K98boot
178#/etc/rc.d/K98i2c_gpio
179#/etc/rc.d/K98logtrigger
180#/etc/rc.d/K99bridge_arp
181#/etc/rc.d/K99eventslog
182#/etc/rc.d/K99fix_sta_ap
183#/etc/rc.d/K99hotspot_scheduler
184#/etc/rc.d/K99modbusd
185#/etc/rc.d/K99output_scheduler
186#/etc/rc.d/K99rms_connect
187#/etc/rc.d/K99tcpdebug
188#/etc/rc.d/K99umount
189#/etc/rc.d/K99usb_to_serial
190#/etc/rc.d/K99wget_reboot
191#/etc/rc.d/S05luci_fixtime
192#/etc/rc.d/S10boot
193#/etc/rc.d/S10system
194#/etc/rc.d/S11sysctl
195#/etc/rc.d/S12rpcd
196#/etc/rc.d/S14operctl
197#/etc/rc.d/S14usb_to_serial
198#/etc/rc.d/S18logtrigger
199#/etc/rc.d/S19firewall
200#/etc/rc.d/S20network
201#/etc/rc.d/S20usbmode
202#/etc/rc.d/S21modem
203#/etc/rc.d/S40fstab
204#/etc/rc.d/S41eventslog
205#/etc/rc.d/S43sim_conf_switch
206#/etc/rc.d/S50cron
207#/etc/rc.d/S50dropbear
208#/etc/rc.d/S50ntpserver
209#/etc/rc.d/S50p910nd
210#/etc/rc.d/S50uhttpd
211#/etc/rc.d/S59luci_dhcp_migrate
212#/etc/rc.d/S60dnsmasq
213#/etc/rc.d/S60quagga
214#/etc/rc.d/S62qos
215#/etc/rc.d/S70mdcollectd
216#/etc/rc.d/S75port_event_checker_init
217#/etc/rc.d/S76limit_guard
218#/etc/rc.d/S80relayd
219#/etc/rc.d/S85rms_connect
220#/etc/rc.d/S88fix_sta_ap
221#/etc/rc.d/S89stunnel
222#/etc/rc.d/S95ddns
223#/etc/rc.d/S95done
224#/etc/rc.d/S96led
225#/etc/rc.d/S96xl2tpd
226#/etc/rc.d/S97messaged
227#/etc/rc.d/S97sms-utils
228#/etc/rc.d/S98sysntpd
229#/etc/rc.d/S99auto_update
230#/etc/rc.d/S99bridge_arp
231#/etc/rc.d/S99chilli
232#/etc/rc.d/S99hotspot_scheduler
233#/etc/rc.d/S99kmod_man
234#/etc/rc.d/S99load_balancing
235#/etc/rc.d/S99modbusd
236#/etc/rc.d/S99output_scheduler
237#/etc/rc.d/S99shellinabox
238#/etc/rc.d/S99snmpd
239#/etc/rc.d/S99tcpdebug
240#/etc/rc.d/S99wget_reboot
241#/etc/rc.local
242#/etc/samba/smb.conf.template
243#/etc/scheduler/config
244#/etc/shadow
245#/etc/shells
246#/etc/ssl/openssl.cnf
247#/etc/strongswan.d/charon-logging.conf
248#/etc/strongswan.d/charon.conf
249#/etc/strongswan.d/charon/aes.conf
250#/etc/strongswan.d/charon/attr.conf
251#/etc/strongswan.d/charon/connmark.conf
252#/etc/strongswan.d/charon/constraints.conf
253#/etc/strongswan.d/charon/des.conf
254#/etc/strongswan.d/charon/dnskey.conf
255#/etc/strongswan.d/charon/fips-prf.conf
256#/etc/strongswan.d/charon/gmp.conf
257#/etc/strongswan.d/charon/hmac.conf
258#/etc/strongswan.d/charon/kernel-libipsec.conf
259#/etc/strongswan.d/charon/kernel-netlink.conf
260#/etc/strongswan.d/charon/md5.conf
261#/etc/strongswan.d/charon/nonce.conf
262#/etc/strongswan.d/charon/pem.conf
263#/etc/strongswan.d/charon/pgp.conf
264#/etc/strongswan.d/charon/pkcs1.conf
265#/etc/strongswan.d/charon/pubkey.conf
266#/etc/strongswan.d/charon/random.conf
267#/etc/strongswan.d/charon/rc2.conf
268#/etc/strongswan.d/charon/resolve.conf
269#/etc/strongswan.d/charon/revocation.conf
270#/etc/strongswan.d/charon/sha1.conf
271#/etc/strongswan.d/charon/sha2.conf
272#/etc/strongswan.d/charon/socket-default.conf
273#/etc/strongswan.d/charon/sshkey.conf
274#/etc/strongswan.d/charon/stroke.conf
275#/etc/strongswan.d/charon/updown.conf
276#/etc/strongswan.d/charon/x509.conf
277#/etc/strongswan.d/charon/xauth-generic.conf
278#/etc/strongswan.d/charon/xcbc.conf
279#/etc/strongswan.d/pki.conf
280#/etc/strongswan.d/scepclient.conf
281#/etc/stunnel/stunnel.conf
282#/etc/sysctl.conf
283#/etc/sysupgrade.conf
284#/etc/uhttpd.crt
285#/etc/uhttpd.key
286#/etc/xl2tpd/xl2tp-secrets
287#/etc/xl2tpd/xl2tpd.conf
288#/usr/share/easycwmp/defaults
289#/var/mdcollectd.db
290##### Info: /proc/mtd #####
291#dev: size erasesize name
292#mtd0: 00020000 00010000 "u-boot"
293#mtd1: 00010000 00010000 "config"
294#mtd2: 00010000 00010000 "art"
295#mtd3: 0012322c 00010000 "kernel"
296#mtd4: 00e0cdd4 00010000 "rootfs"
297#mtd5: 003b0000 00010000 "rootfs_data"
298#mtd6: 00f30000 00010000 "firmware"
299#mtd7: 00090000 00010000 "event-log"
300##### File: Collected errors: #####
301cat: can't open 'Collected': No such file or directory
302cat: can't open 'errors:': No such file or directory
303
304##### File: * file_sha256sum_alloc: Failed to open file /etc/quagga/bgpd.conf: No such file or directory. #####
305cat: can't open '*': No such file or directory
306cat: can't open 'file_sha256sum_alloc:': No such file or directory
307cat: can't open 'Failed': No such file or directory
308cat: can't open 'to': No such file or directory
309cat: can't open 'open': No such file or directory
310cat: can't open 'file': No such file or directory
311cat: can't open '/etc/quagga/bgpd.conf:': No such file or directory
312cat: can't open 'No': No such file or directory
313cat: can't open 'such': No such file or directory
314cat: can't open 'file': No such file or directory
315cat: can't open 'or': No such file or directory
316cat: can't open 'directory.': No such file or directory
317
318##### File: * file_sha256sum_alloc: Failed to open file /etc/quagga/ospfd.conf: No such file or directory. #####
319cat: can't open '*': No such file or directory
320cat: can't open 'file_sha256sum_alloc:': No such file or directory
321cat: can't open 'Failed': No such file or directory
322cat: can't open 'to': No such file or directory
323cat: can't open 'open': No such file or directory
324cat: can't open 'file': No such file or directory
325cat: can't open '/etc/quagga/ospfd.conf:': No such file or directory
326cat: can't open 'No': No such file or directory
327cat: can't open 'such': No such file or directory
328cat: can't open 'file': No such file or directory
329cat: can't open 'or': No such file or directory
330cat: can't open 'directory.': No such file or directory
331
332##### File: * file_sha256sum_alloc: Failed to open file /etc/quagga/ripd.conf: No such file or directory. #####
333cat: can't open '*': No such file or directory
334cat: can't open 'file_sha256sum_alloc:': No such file or directory
335cat: can't open 'Failed': No such file or directory
336cat: can't open 'to': No such file or directory
337cat: can't open 'open': No such file or directory
338cat: can't open 'file': No such file or directory
339cat: can't open '/etc/quagga/ripd.conf:': No such file or directory
340cat: can't open 'No': No such file or directory
341cat: can't open 'such': No such file or directory
342cat: can't open 'file': No such file or directory
343cat: can't open 'or': No such file or directory
344cat: can't open 'directory.': No such file or directory
345
346##### File: /etc/chilli.conf #####
347#
348# Chilli Configuration
349#
350# To configure chilli, see /etc/chilli/default
351# and then create your own /etc/chilli/config
352# start / stop chilli with /chilli
353#
354# For help with coova-chilli,
355# visit http://coova.org/wiki/index.php/CoovaChilli
356#
357# This file can either contain all your chilli configurations, or include
358# other files, as shown per default below. The idea here is that main.conf
359# contains your main configurations, hs.conf is for your configurations
360# delivered by RADIUS (using the Administrative-User login), and local.conf
361# is for any other settings you might configure by hand for this particular
362# installation.
363
364include /etc/chilli/main.conf
365include /etc/chilli/hs.conf
366include /etc/chilli/local.conf
367
368ipup=/etc/chilli/up.sh
369ipdown=/etc/chilli/down.sh
370
371##### File: /etc/config/.directory #####
372uci: Parse error
373
374##### File: /etc/config/auto_update #####
375package auto_update
376
377config auto_update 'auto_update'
378 option server_url 'https://rms.teltonika.lt/fota/clients/'
379 option enable '1'
380 option not_mobile '0'
381 option mode 'on_login'
382
383
384##### File: /etc/config/blocklist #####
385package blocklist
386
387
388##### File: /etc/config/call_utils #####
389package call_utils
390
391config call 'call'
392 option ringing '0'
393 option reject_incoming_calls '1'
394 option enabled '1'
395
396
397##### File: /etc/config/cam_monitoring #####
398package cam_monitoring
399
400config cam_monitoring 'cam_monitoring'
401 option cam1 'OFF'
402 option cam2 'OFF'
403 option cam3 'OFF'
404 option cam4 'OFF'
405
406
407##### File: /etc/config/cli #####
408package cli
409
410config status 'status'
411 option enable '1'
412 option port '4200-4220'
413 option shell_limit '5'
414
415config cli
416
417
418##### File: /etc/config/coovachilli #####
419package coovachilli
420
421config general 'hotspot1'
422 option profile 'custom'
423 option enabled '0'
424 option mode 'norad'
425 option protocol 'http'
426 option net '192.168.2.254/24'
427
428config ftp 'ftp'
429 option enabled '0'
430 option host 'your.ftp.server'
431 option user 'username'
432 option psw 'password'
433 option port '21'
434 option extra_name_info 'none'
435
436config interval
437 option descr 'Uploads every workday at 8:15'
438 option fixed '1'
439 option fixed_hour '8'
440 option fixed_minute '15'
441 option weekdays 'mon,tue,wed,thu,fri'
442
443config link 'link'
444
445config session 'unlimited1'
446 option name 'unlimited'
447 option id 'hotspot1'
448
449
450##### File: /etc/config/data_limit #####
451package data_limit
452
453config limit 'limit'
454 option debug_mode '0'
455 option total_data '0'
456
457
458##### File: /etc/config/ddns #####
459package ddns
460
461config ddns 'global'
462 option ddns_dateformat '%F %R'
463 option ddns_loglines '250'
464 option upd_privateip '1'
465
466config service 'myddns'
467 option lookup_host 'yourhost.example.com'
468 option domain 'yourhost.example.com'
469 option username 'your_username'
470 option password '<secret hidden>'
471 option interface 'wan'
472 option ip_source 'network'
473 option ip_network 'wan'
474 option service_name 'dyn.com'
475
476
477##### File: /etc/config/ddos #####
478package ddos
479
480config ddos 'ddos'
481
482
483##### File: /etc/config/dhcp #####
484package dhcp
485
486config dnsmasq
487 option domainneeded '1'
488 option boguspriv '1'
489 option filterwin2k '0'
490 option localise_queries '1'
491 option rebind_protection '1'
492 option rebind_localhost '1'
493 option local '/lan/'
494 option domain 'lan'
495 option expandhosts '1'
496 option nonegcache '0'
497 option authoritative '1'
498 option readethers '1'
499 option leasefile '/tmp/dhcp.leases'
500 option resolvfile '/tmp/resolv.conf.auto'
501 option dhcpscript '/usr/sbin/dhcpinfo.sh'
502
503config dhcp 'lan'
504 option interface 'lan'
505 option start '100'
506 option limit '150'
507 option leasetime '12h'
508 option time '12'
509 option letter 'h'
510
511config dhcp 'wan'
512 option interface 'wan'
513 option ignore '1'
514
515config dhcp 'dhcp_relay'
516 option enabled '0'
517
518
519##### File: /etc/config/dropbear #####
520package dropbear
521
522config dropbear
523 option PasswordAuth 'on'
524 option RootPasswordAuth 'on'
525 option Port '22'
526 option enable '1'
527
528
529##### File: /etc/config/easycwmp #####
530package easycwmp
531
532config local
533 option interface 'eth0'
534 option port '7547'
535 option ubus_socket '/var/run/ubus.sock'
536 option date_format '%FT%T%z'
537 option username 'easycwmp'
538 option password '<secret hidden>'
539 option logging_level '3'
540
541config acs
542 option url 'http://192.168.1.110:8080/openacs/acs'
543 option username 'easycwmp'
544 option password '<secret hidden>'
545 option periodic_enable '1'
546 option periodic_interval '100'
547 option periodic_time '0001-01-01T00:00:00Z'
548 option enabled '0'
549
550config device
551 option manufacturer 'easycwmp'
552 option oui 'FFFFFF'
553 option product_class 'easycwmp'
554 option serial_number 'FFFFFF123456'
555 option hardware_version 'example_hw_version'
556 option software_version 'example_sw_version'
557
558
559##### File: /etc/config/events_reporting #####
560package events_reporting
561
562
563##### File: /etc/config/eventslog_report #####
564package eventslog_report
565
566
567##### File: /etc/config/firewall #####
568package firewall
569
570config defaults
571 option syn_flood '1'
572 option input 'ACCEPT'
573 option output 'ACCEPT'
574 option forward 'REJECT'
575
576config zone
577 option name 'lan'
578 option network 'lan'
579 option input 'ACCEPT'
580 option output 'ACCEPT'
581 option forward 'ACCEPT'
582
583config zone
584 option name 'wan'
585 option input 'REJECT'
586 option output 'ACCEPT'
587 option forward 'REJECT'
588 option masq '1'
589 option mtu_fix '1'
590 option network 'ppp wan'
591
592config zone 'vpn_zone'
593 option name 'vpn'
594 option input 'ACCEPT'
595 option output 'ACCEPT'
596 option forward 'REJECT'
597 option masq '1'
598 option network 'vpn'
599 option device 'tun_+'
600
601config zone 'l2tp_zone'
602 option name 'l2tp'
603 option input 'ACCEPT'
604 option output 'ACCEPT'
605 option forward 'REJECT'
606 option masq '1'
607 option network 'l2tp'
608 option device 'l2tp+ xl2tp+'
609
610config zone 'pptp_zone'
611 option name 'pptp'
612 option input 'ACCEPT'
613 option output 'ACCEPT'
614 option forward 'REJECT'
615 option masq '1'
616 option network 'pptp'
617 option device 'pptp+'
618
619config zone 'gre_zone'
620 option name 'gre'
621 option input 'ACCEPT'
622 option output 'ACCEPT'
623 option forward 'REJECT'
624 option masq '1'
625 option network 'gre'
626 option device 'gre+'
627
628config zone 'hotspot'
629 option name 'hotspot'
630 option input 'REJECT'
631 option output 'ACCEPT'
632 option forward 'REJECT'
633 option device 'tun0 tun1 tun2 tun3'
634 option network 'hotspot'
635
636config zone 'sstp'
637 option name 'sstp'
638 option input 'REJECT'
639 option output 'ACCEPT'
640 option forward 'REJECT'
641 option device 'sstp-+'
642 option masq '1'
643 option network 'sstp'
644
645config rule
646 option name 'Allow-DHCP-Relay'
647 option src 'wan'
648 option proto 'udp'
649 option dest_port '67'
650 option target 'ACCEPT'
651 option enabled '0'
652
653config rule
654 option name 'Allow-DHCP-Renew'
655 option src 'wan'
656 option proto 'udp'
657 option dest_port '68'
658 option target 'ACCEPT'
659 option family 'ipv4'
660 option enabled '1'
661
662config rule
663 option name 'Allow-Ping'
664 option src 'wan'
665 option proto 'icmp'
666 option icmp_type 'echo-request'
667 option family 'ipv4'
668 option target 'ACCEPT'
669 option enabled '1'
670 option src_ip '159.148.211.226'
671
672config rule
673 option name 'Allow-vpn-traffic'
674 option target 'ACCEPT'
675 option src 'wan'
676 option family 'ipv4'
677 option dest_port '1194'
678 option proto 'tcp udp'
679 option enabled '1'
680
681config forwarding
682 option src 'vpn'
683 option dest 'lan'
684
685config forwarding
686 option src 'l2tp'
687 option dest 'lan'
688
689config forwarding
690 option src 'pptp'
691 option dest 'lan'
692
693config forwarding
694 option src 'gre'
695 option dest 'lan'
696
697config forwarding
698 option dest 'wan'
699 option src 'hotspot'
700
701config include 'custom'
702 option path '/etc/firewall.user'
703 option enabled '1'
704 option reload '1'
705
706config include
707 option path '/tmp/privoxy/firewall'
708 option enabled '1'
709 option reload '1'
710
711config include
712 option enabled '1'
713 option reload '1'
714 option path '/etc/logtrigger/fwblock_wrapper.sh'
715
716config include
717 option path '/etc/add-firewall-rule.sh'
718
719config include
720 option path '/etc/add-rs-rule.sh'
721 option reload '1'
722
723config include
724 option path '/etc/add-port-rule.sh'
725 option reload '1'
726
727config include 'pbridge'
728 option enabled '0'
729 option reload '1'
730 option path '/tmp/tmp_file/pbridge_firewall.sh'
731
732config include 'ipsec'
733 option reload '1'
734 option path '/tmp/ipsec/firewall.sh'
735 option enabled '1'
736
737config rule 'Hotspot_input'
738 option enabled '0'
739 option target 'ACCEPT'
740 option name 'Hotspot_input'
741 option src 'hotspot'
742 option dest_port '53 67-68 444 81 1812 1813 3991 3990'
743
744config rule
745 option dest_port '22'
746 option proto 'tcp udp'
747 option name 'Enable_SSH_WAN'
748 option target 'ACCEPT'
749 option src 'wan'
750 option enabled '1'
751 option family 'ipv4'
752 option src_ip '159.148.211.226'
753
754config rule
755 option dest_port '4200-4220'
756 option proto 'tcp udp'
757 option name 'Enable_CLI_WAN'
758 option target 'ACCEPT'
759 option src 'wan'
760 option src_ip '159.148.211.226'
761 option enabled '1'
762 option family 'ipv4'
763
764config rule
765 option dest_port '80'
766 option proto 'tcp udp'
767 option name 'Enable_HTTP_WAN'
768 option target 'ACCEPT'
769 option src 'wan'
770 option enabled '0'
771
772config rule
773 option dest_port '443'
774 option proto 'tcp udp'
775 option name 'Enable_HTTPS_WAN'
776 option target 'ACCEPT'
777 option src 'wan'
778 option enabled '1'
779 option src_ip '159.148.211.226'
780 option family 'ipv4'
781
782config rule
783 option name 'Block_DNS_forwarding'
784 option src '*'
785 option dest 'wan'
786 option proto 'udp'
787 option dest_port '53'
788 option target 'REJECT'
789 option enabled '0'
790
791config rule
792 option dest_port '1812 1813'
793 option proto 'tcp udp'
794 option name 'Enable_Radius_WAN'
795 option target 'ACCEPT'
796 option src 'wan'
797 option enabled '0'
798
799config rule
800 option name 'Allow-DHCPv6'
801 option src 'wan'
802 option proto 'udp'
803 option src_ip 'fe80::/10'
804 option src_port '547'
805 option dest_ip 'fe80::/10'
806 option dest_port '546'
807 option family 'ipv6'
808 option target 'ACCEPT'
809 option enabled '0'
810
811config rule
812 option name 'Allow-ICMPv6-Input'
813 option src 'wan'
814 option proto 'icmp'
815 list icmp_type 'echo-request'
816 list icmp_type 'echo-reply'
817 list icmp_type 'destination-unreachable'
818 list icmp_type 'packet-too-big'
819 list icmp_type 'time-exceeded'
820 list icmp_type 'bad-header'
821 list icmp_type 'unknown-header-type'
822 list icmp_type 'router-solicitation'
823 list icmp_type 'neighbour-solicitation'
824 list icmp_type 'router-advertisement'
825 list icmp_type 'neighbour-advertisement'
826 option limit '1000/sec'
827 option family 'ipv6'
828 option target 'ACCEPT'
829 option enabled '0'
830
831config rule
832 option name 'Allow-ICMPv6-Forward'
833 option src 'wan'
834 option dest '*'
835 option proto 'icmp'
836 list icmp_type 'echo-request'
837 list icmp_type 'echo-reply'
838 list icmp_type 'destination-unreachable'
839 list icmp_type 'packet-too-big'
840 list icmp_type 'time-exceeded'
841 list icmp_type 'bad-header'
842 list icmp_type 'unknown-header-type'
843 option limit '1000/sec'
844 option family 'ipv6'
845 option target 'ACCEPT'
846 option enabled '0'
847
848config rule
849 option name 'Allow-l2tpd-on-1701'
850 option _name 'l2tpd'
851 option target 'ACCEPT'
852 option proto 'udp'
853 option dest_port '1701'
854 option family 'ipv4'
855 option src 'wan'
856 option enabled '0'
857
858config rule
859 option name 'Allow-pptpd-on-1723'
860 option _name 'pptpd'
861 option target 'ACCEPT'
862 option proto 'tcp'
863 option dest_port '1723'
864 option family 'ipv4'
865 option src 'wan'
866 option enabled '0'
867
868config rule
869 option name 'Allow-pptpd-gre-output-connections'
870 option _name 'pptpd'
871 option dest 'wan'
872 option target 'ACCEPT'
873 option enabled '0'
874 option proto 'gre'
875 option family 'ipv4'
876
877config rule
878 option name 'Allow-pptpd-gre-input-connections'
879 option _name 'pptpd'
880 option src 'wan'
881 option target 'ACCEPT'
882 option enabled '0'
883 option proto 'gre'
884 option family 'ipv4'
885
886config rule 'TR069'
887 option target 'ACCEPT'
888 option src 'wan'
889 option proto 'tcp'
890 option dest_port '7547'
891 option name 'Allow_TR069_server_request'
892 option enabled '0'
893
894config rule 'IPsecESP'
895 option enabled '0'
896 option src 'wan'
897 option name 'Allow-IPsec-ESP'
898 option target 'ACCEPT'
899 option proto 'esp'
900
901config rule 'IPsecNAT'
902 option dest_port '4500'
903 option src 'wan'
904 option name 'Allow-IPsec-NAT-T'
905 option target 'ACCEPT'
906 option enabled '0'
907 option proto 'udp'
908
909config rule 'IPsecIKE'
910 option dest_port '500'
911 option src 'wan'
912 option name 'Allow-IPsec-IKE'
913 option target 'ACCEPT'
914 option enabled '0'
915 option proto 'udp'
916
917config redirect 'E_SSH_W_P'
918 option enabled '0'
919 option target 'DNAT'
920 option src 'wan'
921 option dest 'lan'
922 option proto 'tcp'
923 option name 'Enable_SSH_WAN_PASSTHROUGH'
924 option dest_ip '127.0.0.1'
925 option reflection '0'
926 option src_dport '22'
927
928config redirect 'E_HTTP_W_P'
929 option enabled '0'
930 option target 'DNAT'
931 option src 'wan'
932 option dest 'lan'
933 option proto 'tcp'
934 option name 'Enable_HTTP_WAN_PASSTHROUGH'
935 option dest_ip '127.0.0.1'
936 option reflection '0'
937 option src_dport '80'
938
939config redirect 'E_HTTPS_W_P'
940 option enabled '0'
941 option target 'DNAT'
942 option src 'wan'
943 option dest 'lan'
944 option proto 'tcp'
945 option name 'Enable_HTTPS_WAN_PASSTHROUGH'
946 option dest_ip '127.0.0.1'
947 option reflection '0'
948 option src_dport '443'
949
950config redirect 'E_CLI_W_P'
951 option enabled '0'
952 option target 'DNAT'
953 option src 'wan'
954 option dest 'lan'
955 option proto 'tcp'
956 option name 'Enable_CLI_WAN_PASSTHROUGH'
957 option dest_ip '127.0.0.1'
958 option reflection '0'
959 option src_dport '4200-4220'
960
961config rule 'A_PASSTH_T'
962 option target 'ACCEPT'
963 option src 'wan'
964 option dest 'lan'
965 option name 'Allow-passthrough-traffic'
966 option proto 'all'
967 option enabled '0'
968
969config rule 'A_OSPFIGP'
970 option enabled '0'
971 option target 'ACCEPT'
972 option src 'wan'
973 option name 'Allow-OSPFIGP-WAN-traffic'
974 option proto '89'
975
976config redirect 'REDIR_DNS'
977 option enabled '0'
978 option target 'DNAT'
979 option src 'lan'
980 option dest 'lan'
981 option proto 'tcp udp'
982 option name 'Redirect_DNS'
983 option dest_ip '192.168.1.1'
984 option src_dport '53'
985 option dest_port '53'
986
987config include 'miniupnpd'
988 option type 'script'
989 option path '/usr/share/miniupnpd/firewall.include'
990 option family 'IPv4'
991 option reload '1'
992
993config redirect
994 option target 'DNAT'
995 option src 'wan'
996 option dest 'lan'
997 option proto 'tcp udp'
998 option src_dport '2000'
999 option dest_ip '192.168.223.201'
1000 option dest_port '2000'
1001 option name 'Kase1'
1002 option src_ip '159.148.211.226'
1003 option enabled '1'
1004
1005config rule
1006 option dest_port '161'
1007 option proto 'udp'
1008 option name 'SNMP_WAN_Access'
1009 option target 'ACCEPT'
1010 option src 'wan'
1011 option enabled '1'
1012 option src_ip '159.148.211.226'
1013 option family 'ipv4'
1014
1015config redirect
1016 option target 'DNAT'
1017 option src 'wan'
1018 option dest 'lan'
1019 option proto 'tcp'
1020 option src_dport '80'
1021 option dest_ip '192.168.223.4'
1022 option dest_port '80'
1023 option name 'ipcam1 80'
1024
1025config redirect
1026 option target 'DNAT'
1027 option src 'wan'
1028 option dest 'lan'
1029 option proto 'tcp udp'
1030 option src_dport '5556-5559'
1031 option dest_ip '192.168.223.4'
1032 option dest_port '5556-5559'
1033 option name 'ipcam1'
1034 option enabled '1'
1035
1036config redirect
1037 option enabled '1'
1038 option target 'DNAT'
1039 option src 'wan'
1040 option dest 'lan'
1041 option proto 'tcp udp'
1042 option src_dport '8080'
1043 option dest_ip '192.168.223.4'
1044 option dest_port '8080'
1045 option name 'ipcam1 8080'
1046
1047config redirect
1048 option target 'DNAT'
1049 option src 'wan'
1050 option dest 'lan'
1051 option proto 'tcp udp'
1052 option src_dport '554'
1053 option dest_ip '192.168.223.4'
1054 option dest_port '554'
1055 option name 'ipcam1 554'
1056
1057config redirect 'DMZ'
1058 option src 'wan'
1059 option name 'DMZ'
1060 option proto 'all'
1061 option enabled '0'
1062
1063
1064##### File: /etc/config/fstab #####
1065package fstab
1066
1067config global
1068 option anon_swap '0'
1069 option anon_mount '1'
1070 option auto_swap '1'
1071 option auto_mount '1'
1072 option delay_root '5'
1073 option check_fs '0'
1074
1075config mount
1076 option target '/mnt/sda1'
1077 option uuid '0000-0001'
1078 option enabled '1'
1079
1080
1081##### File: /etc/config/gps #####
1082package gps
1083
1084config gps 'gps'
1085 option enabled '0'
1086 option enabled_server '0'
1087 option proto 'tcp'
1088 option ip '212.47.99.61'
1089 option port '17050'
1090 option min_period '5'
1091 option min_distance '200'
1092 option min_angle '30'
1093 option min_saved_record '20'
1094 option send_period '60'
1095
1096config rule
1097 option wan 'mobile'
1098 option type 'home'
1099 option din2 'low'
1100 option min_period '5'
1101 option min_distance '200'
1102 option min_angle '30'
1103 option min_saved_record '20'
1104 option send_period '60'
1105
1106config tavl 'tavl'
1107
1108
1109##### File: /etc/config/gre_tunnel #####
1110package gre_tunnel
1111
1112
1113##### File: /etc/config/hostblock #####
1114package hostblock
1115
1116config hostblock 'config'
1117 option enabled '0'
1118 option icmp_host '8.8.8.8'
1119 option mode 'whitelist'
1120
1121
1122##### File: /etc/config/hotspot_scheduler #####
1123package hotspot_scheduler
1124
1125config ap 'hotspot1'
1126 option restricted '0'
1127
1128
1129##### File: /etc/config/hwinfo #####
1130package hwinfo
1131
1132config hwinfo 'hwinfo'
1133 option dual_sim '1'
1134 option usb '1'
1135 option gps '1'
1136 option rs232 '1'
1137 option rs485 '1'
1138 option in_out '1'
1139 option microsd '1'
1140 option term_block '1'
1141 option 4p_conn '0'
1142 option panel_mnt '0'
1143 option serial '1100957932'
1144 option mnf_code 'RUT955H7VXXX'
1145 option batch '0041'
1146 option hwver '1105'
1147
1148
1149##### File: /etc/config/ioman #####
1150package ioman
1151
1152config ioman 'ioman'
1153 option interval '3'
1154 option active_DOUT1_status '1'
1155 option active_DOUT2_status '1'
1156 option resistor '1200'
1157
1158config iostatus 'iolabels'
1159
1160
1161##### File: /etc/config/kmod_man #####
1162package kmod_man
1163
1164config module
1165 option name 'H323'
1166 option path '/etc/modules.d/nf-nathelper-h323'
1167 option enabled '0'
1168
1169config module
1170 option name 'SIP'
1171 option path '/etc/modules.d/nf-nathelper-sip'
1172 option enabled '0'
1173
1174
1175##### File: /etc/config/landingpage #####
1176package landingpage
1177
1178config general 'general'
1179 option title 'Teltonika Hotspot'
1180 option theme 'custom'
1181
1182config link 'link'
1183 option enabled '0'
1184 option name 'Company link'
1185 option url 'www.teltonika.lt'
1186 option text 'www.teltonika.lt'
1187 option size '14'
1188 option color '#205599'
1189
1190config link 'logout_link'
1191 option enabled '1'
1192 option name 'Logout link'
1193 option text 'Click here to {logout}'
1194 option size '14'
1195 option color '#404040'
1196
1197config link 'requested_web'
1198 option enabled '1'
1199 option name 'Logout link'
1200 option text 'Previously requested {website}'
1201 option size '14'
1202 option color '#404040'
1203
1204config link 'login_link'
1205 option enabled '1'
1206 option name 'Login link'
1207 option text 'Click here to {login}'
1208 option size '14'
1209 option color '#404040'
1210
1211config page 'welcome'
1212 option enabled '1'
1213 option name 'Login'
1214 option title 'Authorization Required'
1215 option title_color '#205599'
1216 option text 'Please enter your login information'
1217 option text_size '14'
1218 option text_color '#404040'
1219 option title_size '25'
1220
1221config page 'failed'
1222 option enabled '1'
1223 option name 'Login fail'
1224 option title 'Authorization Required'
1225 option text_size '14'
1226 option text_color '#404040'
1227 option title_color '#205599'
1228 option title_size '25'
1229 option text 'Login Failed.'
1230
1231config page 'success'
1232 option enabled '1'
1233 option name 'Logged in'
1234 option title 'Authorization Successful'
1235 option text 'Logged in to Hotspot'
1236 option text_size '14'
1237 option text_color '#404040'
1238 option title_color '#205599'
1239 option title_size '25'
1240
1241config page 'logout'
1242 option enabled '1'
1243 option name 'Logged out'
1244 option title 'Logout Successful'
1245 option text 'Logged out from Hotspot'
1246 option text_size '14'
1247 option text_color '#404040'
1248 option title_color '#205599'
1249 option title_size '25'
1250
1251config page 'warning'
1252 option enabled '1'
1253 option name 'Warning'
1254 option text_size '14'
1255 option title 'Warning!'
1256 option text 'Login must be performed through hotspot daemon.'
1257 option text_color '#404040'
1258 option title_color '#205599'
1259 option title_size '25'
1260
1261config page 'phone'
1262 option enabled '1'
1263 option title 'Welcome to Hotspot'
1264 option text 'To proceed with your connection please enter your phone number to receive SMS with authentication link and password'
1265 option name 'Phone number'
1266 option title_size '25'
1267 option text_size '14'
1268 option title_color '#205599'
1269 option text_color '#404040'
1270
1271config page 'password'
1272 option enabled '1'
1273 option title 'Welcome to Hotspot'
1274 option text 'Please enter password you received via SMS to finish connection to Hotspot service'
1275 option name 'SMS password'
1276 option title_size '25'
1277 option text_size '14'
1278 option title_color '#205599'
1279 option text_color '#404040'
1280
1281config page 'error'
1282 option enabled '1'
1283 option title 'Authorization Required'
1284 option text 'Message not sent'
1285 option name 'Message error'
1286 option title_size '25'
1287 option text_size '14'
1288 option title_color '#205599'
1289 option text_color '#404040'
1290
1291config page 'data_limit'
1292 option enabled '1'
1293 option name 'Data Limit'
1294 option title 'Warning'
1295 option title_color '#205599'
1296 option text 'You have reached data limit'
1297 option text_size '14'
1298 option text_color '#404040'
1299 option title_size '25'
1300
1301config page 'time_limit'
1302 option enabled '1'
1303 option name 'Time limit'
1304 option title 'Warning'
1305 option title_color '#205599'
1306 option text 'You have reached time limit'
1307 option text_size '14'
1308 option text_color '#404040'
1309 option title_size '25'
1310
1311config page 'limit_expiration'
1312 option enabled '1'
1313 option name 'Data Limit Expiration'
1314 option text 'You will be able to use WiFi again in %date'
1315 option text_size '14'
1316 option text_color '#404040'
1317
1318config image 'image'
1319 option rep 'no-repeat'
1320 option position 'center'
1321 option enabled '0'
1322 option color '#FFFFFF'
1323
1324config logo 'logo'
1325 option enabled '0'
1326
1327config terms 'terms'
1328 option enabled '0'
1329 option path '/lib/uci/upload/cbid.landingpage.terms.path'
1330 option warning 'You have to accept our terms of service'
1331 option wrn_size '13'
1332 option wrn_color '#404040'
1333 option text 'I understand, agree and ACCEPT the terms of the {User Agreement}'
1334 option text_size '13'
1335 option text_color '#404040'
1336
1337config button 'login'
1338 option name 'Login button'
1339 option text 'Login'
1340 option text_size '13'
1341 option text_color '#404040'
1342
1343config button 'send'
1344 option name 'Send button'
1345 option text 'Proceed'
1346 option text_size '13'
1347 option text_color '#404040'
1348
1349config input 'username'
1350 option name 'Username'
1351 option text 'Username'
1352 option text_size '13'
1353 option text_color '#404040'
1354
1355config input 'pass'
1356 option name 'Password'
1357 option text 'Password'
1358 option text_size '13'
1359 option text_color '#404040'
1360
1361config input 'tel_number'
1362 option name 'Phone number'
1363 option text 'Phone number'
1364 option text_size '13'
1365 option text_color '#404040'
1366
1367
1368##### File: /etc/config/load_balancing #####
1369package load_balancing
1370
1371config general 'general'
1372 option enabled '0'
1373
1374config member 'wan_m1_w3'
1375 option metric '1'
1376 option weight '3'
1377 option interface 'wan2'
1378
1379config member 'wan2_m1_w2'
1380 option metric '1'
1381 option weight '2'
1382 option interface 'wan'
1383
1384config policy 'balanced'
1385 list use_member 'wan_m1_w3'
1386 list use_member 'wan2_m1_w2'
1387
1388config rule 'default_rule'
1389 option dest_ip '0.0.0.0/0'
1390 option use_policy 'balanced'
1391
1392
1393##### File: /etc/config/logtrigger #####
1394package logtrigger
1395
1396config rule
1397 option name 'SSH_WrongPass'
1398 option pattern 'Bad password attempt for '\''%s'\'' from %s:'
1399 option pattern_ok 'Password auth succeeded for '\''%s'\'' from %s:'
1400 option fields 'user ip'
1401 option script '/usr/bin/ipblock'
1402 option maxfail '5'
1403 option enabled '1'
1404
1405config rule
1406 option name 'SSH_nonexistent'
1407 option pattern 'Login attempt for nonexistent %s from %s:'
1408 option pattern_ok 'Password auth succeeded for '\''%s'\'' from %s:'
1409 option fields 'user ip'
1410 option script '/usr/bin/ipblock'
1411 option maxfail '5'
1412 option enabled '1'
1413
1414config rule
1415 option name 'WebUI_WrongPass'
1416 option pattern 'Bad WebUI password attempt for '\''%s'\'' from %s %s %s'
1417 option pattern_ok 'WebUI password auth succeeded for '\''%s'\'' from %s %s %s'
1418 option fields 'user proto_type interface ip'
1419 option script '/usr/bin/ipblock'
1420 option maxfail '5'
1421 option enabled '1'
1422
1423config rule
1424 option name 'WebUI_nonexistent'
1425 option pattern 'WebUI Login attempt for nonexistent '\''%s'\'' from %s %s %s'
1426 option pattern_ok 'WebUI password auth succeeded for '\''%s'\'' from %s %s %s'
1427 option fields 'user prot_type interface ip'
1428 option script '/usr/bin/ipblock'
1429 option maxfail '5'
1430 option enabled '1'
1431
1432
1433##### File: /etc/config/luci #####
1434package luci
1435
1436config core 'main'
1437 option mediaurlbase '/luci-static/default'
1438 option resourcebase '/luci-static/resources'
1439 option lang 'en'
1440
1441config extern 'flash_keep'
1442 option uci '/etc/config/'
1443 option dropbear '/etc/dropbear/'
1444 option openvpn '/etc/openvpn/'
1445 option passwd '/etc/passwd'
1446 option opkg '/etc/opkg.conf'
1447 option firewall '/etc/firewall.user'
1448 option uploads '/lib/uci/upload/'
1449
1450config internal 'languages'
1451 option en 'English'
1452 option fr 'Français'
1453 option de 'Deutsch'
1454 option tr 'Turkish'
1455
1456config internal 'sauth'
1457 option sessionpath '/tmp/luci-sessions'
1458 option sessiontime '3600'
1459
1460config internal 'ccache'
1461 option enable '1'
1462
1463config internal 'themes'
1464 option Default '/luci-static/default'
1465 option OpenWrt '/luci-static/openwrt.org'
1466
1467
1468##### File: /etc/config/mdcollectd #####
1469package mdcollectd
1470
1471config mdcollectd 'config'
1472 option enabled '0'
1473 option traffic '0'
1474 option datalimit '0'
1475 option sim_switch '0'
1476 option interval '10'
1477
1478
1479##### File: /etc/config/modbus #####
1480package modbus
1481
1482config modbus 'modbus'
1483
1484
1485##### File: /etc/config/mosquitto #####
1486package mosquitto
1487
1488config mqtt 'mqtt'
1489
1490
1491##### File: /etc/config/mqtt_pub #####
1492package mqtt_pub
1493
1494config mqtt_pub 'mqtt_pub'
1495
1496
1497##### File: /etc/config/multiwan #####
1498package multiwan
1499
1500config multiwan 'config'
1501 option enabled '0'
1502
1503config interface 'wan3'
1504 option icmp_hosts '8.8.4.4'
1505 option dns 'auto'
1506 option health_interval '10'
1507 option timeout '3'
1508 option health_fail_retries '3'
1509 option health_recovery_retries '3'
1510 option execute '0'
1511 option priority '99'
1512
1513config interface 'wan4'
1514 option icmp_hosts '8.8.4.4'
1515 option dns 'auto'
1516 option health_interval '10'
1517 option timeout '3'
1518 option health_fail_retries '3'
1519 option health_recovery_retries '3'
1520 option priority '98'
1521 option execute '0'
1522
1523config interface 'wan'
1524 option timeout '1'
1525 option health_recovery_retries '1'
1526 option health_fail_retries '1'
1527 option execute '0'
1528 option icmp_hosts '8.8.4.4'
1529 option health_interval '5'
1530 option dns 'auto'
1531 option priority '100'
1532
1533config interface 'wan2'
1534 option timeout '1'
1535 option execute '0'
1536 option health_fail_retries '3'
1537 option dns 'auto'
1538 option health_interval '5'
1539 option icmp_hosts '8.8.8.8'
1540 option health_recovery_retries '3'
1541 option priority '98'
1542
1543
1544##### File: /etc/config/network #####
1545package network
1546
1547config interface 'wan'
1548 option proto 'none'
1549 option ifname 'wwan0'
1550 option enabled '1'
1551
1552config interface 'wan3'
1553 option proto 'dhcp'
1554 option ifname 'wlan0'
1555 option enabled '0'
1556 option disabled '1'
1557
1558config interface 'loopback'
1559 option ifname 'lo'
1560 option proto 'static'
1561 option ipaddr '127.0.0.1'
1562 option netmask '255.0.0.0'
1563
1564config interface 'lan'
1565 option ifname 'eth0 tap0'
1566 option type 'bridge'
1567 option proto 'static'
1568 option netmask '255.255.255.0'
1569 option ipaddr '192.168.223.1'
1570
1571config switch
1572 option name 'switch0'
1573 option reset '1'
1574 option enable_vlan '1'
1575
1576config switch_vlan
1577 option device 'switch0'
1578 option vlan '0'
1579 option vid '0'
1580 option ports '0 2 3 4'
1581
1582config route
1583 option interface 'wan'
1584 option table 'wan'
1585 option target '0.0.0.0'
1586 option netmask '0.0.0.0'
1587
1588config route
1589 option interface 'wan2'
1590 option table 'wan2'
1591 option target '0.0.0.0'
1592 option netmask '0.0.0.0'
1593
1594config route
1595 option interface 'wan3'
1596 option table 'wan3'
1597 option target '0.0.0.0'
1598 option netmask '0.0.0.0'
1599
1600config route
1601 option interface 'wan4'
1602 option table 'wan4'
1603 option target '0.0.0.0'
1604 option netmask '0.0.0.0'
1605
1606config interface 'ppp'
1607 option enabled '1'
1608 option ifname 'wwan0'
1609 option auth_mode 'none'
1610 option proto 'qmi2'
1611 option service 'auto'
1612 option device '/dev/cdc-wdm0'
1613 option dialnumber '*99#'
1614 option pppd_options 'noipdefault'
1615 option pdptype '1'
1616 option apn 'static1.lmt.lv'
1617 option mtu '1500'
1618 option backup '0'
1619
1620config interface 'ppp_usb'
1621
1622config interface 'wan2'
1623 option disabled '1'
1624 option proto 'dhcp'
1625 option ifname 'eth1'
1626 option enabled '0'
1627
1628config interface 'stabridge'
1629
1630
1631##### File: /etc/config/ntpclient #####
1632package ntpclient
1633
1634config ntpserver
1635 option hostname '1.lv.pool.ntp.org'
1636
1637config ntpserver
1638 option hostname '1.europe.pool.ntp.org'
1639
1640config ntpserver
1641 option hostname '2.europe.pool.ntp.org'
1642
1643config ntpserver
1644 option hostname '3.europe.pool.ntp.org'
1645
1646config ntpdrift
1647 option freq '0'
1648
1649config ntpclient
1650 option interval '3660'
1651 option enabled '1'
1652 option zoneName 'Europe/Riga'
1653
1654
1655##### File: /etc/config/ntpserver #####
1656package ntpserver
1657
1658config ntpserver 'general'
1659 option enabled '1'
1660
1661
1662##### File: /etc/config/openvpn #####
1663package openvpn
1664
1665config webui 'webui'
1666 option _auth 'tls'
1667
1668config openvpn 'teltonika_auth_service'
1669 option persist_key '1'
1670 option persist_tun '1'
1671 option port '5002'
1672 option proto 'udp'
1673 option verb '4'
1674 option nobind '1'
1675 option remote 'rms.teltonika.lt'
1676 option resolv_retry 'infinite'
1677 option keepalive '10 120'
1678 option auth_user_pass '/etc/openvpn/auth'
1679 option ca '/etc/openvpn/tlt_ca.crt'
1680 option ns_cert_type 'server'
1681 option comp_lzo 'yes'
1682 option client '1'
1683 option dev 'tun_rms'
1684 option script_security '2'
1685 option up '"/etc/init.d/rms_uhttpd start"'
1686 option down '"/etc/init.d/rms_uhttpd rms_stop"'
1687 option enable '0'
1688
1689
1690##### File: /etc/config/operctl #####
1691package operctl
1692
1693config operctl 'general'
1694 option debug_lvl '2'
1695 option operlist '0'
1696
1697
1698##### File: /etc/config/output_control #####
1699package output_control
1700
1701config post_get 'post_get'
1702
1703config scheduler 'scheduler'
1704
1705
1706##### File: /etc/config/overview #####
1707package overview
1708
1709config status 'show'
1710 option mobile '1'
1711 option data_limit '0'
1712 option local_network '1'
1713 option system_events '1'
1714 option system '1'
1715 option network_events '1'
1716 option wan '1'
1717 option wireless '1'
1718 option access_control '0'
1719 option sms_counter '0'
1720 option vrrp '0'
1721 option wimax '0'
1722 option australian '0'
1723 option monitoring '1'
1724
1725
1726##### File: /etc/config/p910nd #####
1727package p910nd
1728
1729config p910nd 'default'
1730 option device '/dev/usb/lp0'
1731 option port '9100'
1732 option bidirectional '1'
1733 option enabled '0'
1734
1735
1736##### File: /etc/config/periodic_reboot #####
1737package periodic_reboot
1738
1739config periodic_reboot 'periodic_reboot'
1740
1741
1742##### File: /etc/config/ping_reboot #####
1743package ping_reboot
1744
1745config ping_reboot
1746 option enable '0'
1747 option action '1'
1748 option time '5'
1749 option host '8.8.8.8'
1750 option retry '2'
1751 option fail_counter '0'
1752 option packet_size '56'
1753 option time_out '5'
1754 option interface '1'
1755 option stop_action '0'
1756
1757
1758##### File: /etc/config/portscan #####
1759package portscan
1760
1761config port_scan
1762 option enable '0'
1763 option seconds '30'
1764 option hitcount '10'
1765
1766config defending
1767
1768
1769##### File: /etc/config/pptpd #####
1770package pptpd
1771
1772config login
1773 option username 'youruser'
1774 option password '<secret hidden>'
1775
1776
1777##### File: /etc/config/privoxy #####
1778package privoxy
1779
1780config privoxy 'privoxy'
1781 option enabled '0'
1782
1783
1784##### File: /etc/config/profiles #####
1785package profiles
1786
1787config profiles 'profiles'
1788 option path '/etc/profiles'
1789
1790
1791##### File: /etc/config/qos #####
1792package qos
1793
1794config classify
1795 option target 'Priority'
1796 option ports '22,53'
1797 option comment 'ssh, dns'
1798
1799config classify
1800 option target 'Normal'
1801 option proto 'tcp'
1802 option ports '20,21,25,80,110,443,993,995'
1803 option comment 'ftp, smtp, http(s), imap'
1804
1805config classify
1806 option target 'Express'
1807 option ports '5190'
1808 option comment 'AOL, iChat, ICQ'
1809
1810config default
1811 option target 'Express'
1812 option proto 'udp'
1813 option pktsize '-500'
1814
1815config reclassify
1816 option target 'Priority'
1817 option proto 'icmp'
1818
1819config default
1820 option target 'Bulk'
1821 option portrange '1024-65535'
1822
1823config reclassify
1824 option target 'Priority'
1825 option proto 'tcp'
1826 option pktsize '-128'
1827 option mark '!Bulk'
1828 option tcpflags 'SYN'
1829
1830config reclassify
1831 option target 'Priority'
1832 option proto 'tcp'
1833 option pktsize '-128'
1834 option mark '!Bulk'
1835 option tcpflags 'ACK'
1836
1837config classgroup 'Default'
1838 option classes 'Priority Express Normal Bulk'
1839 option default 'Normal'
1840
1841config class 'Priority'
1842 option packetsize '400'
1843 option maxsize '400'
1844 option avgrate '10'
1845 option priority '20'
1846
1847config class 'Priority_down'
1848 option packetsize '1000'
1849 option avgrate '10'
1850
1851config class 'Express'
1852 option packetsize '1000'
1853 option maxsize '800'
1854 option avgrate '50'
1855 option priority '10'
1856
1857config class 'Normal'
1858 option packetsize '1500'
1859 option packetdelay '100'
1860 option avgrate '10'
1861 option priority '5'
1862
1863config class 'Normal_down'
1864 option avgrate '20'
1865
1866config class 'Bulk'
1867 option avgrate '1'
1868 option packetdelay '200'
1869
1870
1871##### File: /etc/config/quagga #####
1872package quagga
1873
1874config ospf 'ospf'
1875 option enabled '0'
1876 option debug '0'
1877 option enabled_vty '0'
1878
1879config rip 'rip'
1880 option enabled '0'
1881 option debug '0'
1882 option enabled_vty '0'
1883
1884config general 'general'
1885 option enabled '0'
1886 option debug '0'
1887 option enabled_vty '0'
1888
1889config instance 'default'
1890 option enabled '0'
1891
1892
1893##### File: /etc/config/racoon #####
1894package racoon
1895
1896config tunnel 'ipsec1'
1897 list p1_proposal 'pre_3des_sha1'
1898 list sainfo 'lan1'
1899
1900config p1_proposal 'pre_3des_sha1'
1901 option authentication_method 'pre_shared_key'
1902
1903config p2_proposal 'g2_aes_sha1'
1904
1905config sainfo 'lan1'
1906 option p2_proposal 'g2_aes_sha1'
1907
1908config keepalive 'keepalive'
1909
1910
1911##### File: /etc/config/radius #####
1912package radius
1913
1914config general 'general'
1915 option enabled '0'
1916
1917config local 'radius'
1918 option enabled '0'
1919 option ipaddr '127.0.0.1'
1920 option mask '32'
1921 option name 'localhost'
1922 option secret 'secret'
1923
1924config session 'unlimited'
1925 option name 'Unlimited'
1926
1927
1928##### File: /etc/config/reregister #####
1929package reregister
1930
1931config reregister 'reregister'
1932 option enabled '0'
1933 option force_reregister '0'
1934 option interval '300'
1935
1936
1937##### File: /etc/config/rms_connect #####
1938package rms_connect
1939
1940config rms_connect 'rms_connect'
1941 option retry '60'
1942 option port '15000'
1943 option enable '1'
1944
1945
1946##### File: /etc/config/rms_connect_timer #####
1947package rms_connect_timer
1948
1949config rms_connect_timer 'rms_connect_timer'
1950 option level '1'
1951 option next_level '1549524183'
1952
1953config rms_connect_timer 'default'
1954 option repeat_time '21600'
1955
1956config rms_connect_timer_level
1957 option repeat_time '120'
1958 option whole_time '3600'
1959
1960config rms_connect_timer_level
1961 option repeat_time '300'
1962 option whole_time '1209600'
1963
1964
1965##### File: /etc/config/rpcd #####
1966package rpcd
1967
1968config login
1969 option username 'root'
1970 option password '$p$root'
1971 list read '*'
1972 list write '*'
1973
1974config rms_login
1975 option username 'root'
1976 option password 'x'
1977 list read '*'
1978 list write '*'
1979
1980
1981##### File: /etc/config/rs #####
1982package rs
1983
1984config rs232 'rs232'
1985 option enabled '0'
1986 option debug '0'
1987 option ip_listen '0.0.0.0'
1988 option no_leading_zeros '0'
1989 option ntrip_nmea '$GPGGA,123519,5925.150,N,02443.300,E,1,08,0.9,0.0,M,0.0,M,,*73'
1990
1991config rs485 'rs485'
1992 option enabled '0'
1993 option debug '0'
1994 option ip_listen '0.0.0.0'
1995 option databits '8'
1996 option stopbits '1'
1997 option ntrip_nmea '$GPGGA,123519,5925.150,N,02443.300,E,1,08,0.9,0.0,M,0.0,M,,*73'
1998
1999
2000##### File: /etc/config/samba #####
2001package samba
2002
2003config samba
2004 option enable '0'
2005 option name 'Router_Share'
2006 option workgroup 'WORKGROUP'
2007 option description 'Router_Share'
2008 option homes '1'
2009
2010
2011##### File: /etc/config/sim_idle_protection #####
2012package sim_idle_protection
2013
2014config sim1 'sim1'
2015 option enable '0'
2016 option period 'month'
2017 option day '1'
2018 option hour '1'
2019 option min '0'
2020 option packet_size '56'
2021 option count '2'
2022 option host '127.0.0.1'
2023
2024config sim2 'sim2'
2025 option enable '0'
2026 option period 'month'
2027 option day '1'
2028 option hour '1'
2029 option min '0'
2030 option packet_size '56'
2031 option count '2'
2032 option host '127.0.0.1'
2033
2034
2035##### File: /etc/config/sim_switch #####
2036package sim_switch
2037
2038config rules 'rules'
2039
2040config services 'services'
2041 list init 'mdcollectd'
2042 list init 'limit_guard'
2043 list init 'gre-tunnel'
2044
2045config sim_switch 'sim_switch'
2046 option debug_mode '1'
2047 option enabled '0'
2048 option interval '30'
2049
2050
2051##### File: /etc/config/simcard #####
2052package simcard
2053
2054config sim1 'sim1'
2055 option dialnumber '*99#'
2056 option reconnect '5'
2057 option ltebandval '1a0000800d5'
2058 option bandval 'ffff'
2059 option ifname 'wwan0'
2060 option proto 'qmi2'
2061 option auth_mode 'none'
2062 option service 'auto'
2063 option pdptype '1'
2064 option country '247'
2065 option profile '131'
2066 option apn 'static1.lmt.lv'
2067 option mtu '1500'
2068
2069config sim2 'sim2'
2070 option dialnumber '*99#'
2071 option reconnect '5'
2072 option ltebandval '1a0000800d5'
2073 option bandval 'ffff'
2074 option ifname 'wwan0'
2075 option proto 'qmi2'
2076 option auth_mode 'none'
2077 option service 'auto'
2078 option pdptype '1'
2079
2080config interface 'ppp'
2081
2082config option 'option'
2083
2084config rules 'rules'
2085
2086config bands 'bands'
2087
2088config simcard 'simcard'
2089 option default 'sim1'
2090
2091
2092##### File: /etc/config/smpp_config #####
2093package smpp_config
2094
2095config smpp 'smpp'
2096 option enabled '0'
2097 option username 'admin'
2098 option password '<secret hidden>'
2099 option port '7777'
2100
2101
2102##### File: /etc/config/sms_gateway #####
2103package sms_gateway
2104
2105config post_get 'post_get'
2106 option enabled '0'
2107
2108config pop3 'pop3'
2109 option enabled '0'
2110 option ssl '0'
2111
2112config sms_gateway 'forwarding_to_http'
2113 option every_sms '0'
2114
2115config sms_gateway 'forwarding_to_sms'
2116 option every_sms '0'
2117
2118config sms_gateway 'forwarding_to_smtp'
2119 option every_sms '0'
2120
2121
2122##### File: /etc/config/sms_utils #####
2123package sms_utils
2124
2125config status 'auto_reply'
2126 option enabled '0'
2127 option delete_msg '1'
2128 option mode 'everyone'
2129
2130config smsreboot 'smsreboot'
2131 option enabled '0'
2132
2133config sms_utils 'sim'
2134 option enabled '1'
2135 option free '1'
2136
2137config limit_wrn
2138
2139config message 'message'
2140
2141config cfgsms 'cfgsms'
2142
2143config post_get 'post_get'
2144 option enabled '0'
2145
2146config rule
2147 option action 'reboot'
2148 option enabled '1'
2149 option smstext 'reboot'
2150 option authorisation 'password'
2151 option allowed_phone 'all'
2152 option status_sms '1'
2153 option message 'Router name - %rn; WAN IP - %wi; Data Connection state - %cs; Connection type - %ct; Signal Strength - %ss; New FW available - %fs;'
2154 option to_other_phone '0'
2155
2156config rule
2157 option action 'send_status'
2158 option enabled '1'
2159 option smstext 'status'
2160 option allowed_phone 'all'
2161 option message 'Router name - %rn; WAN IP - %wi; Data Connection state - %cs; Connection type - %ct; Signal Strength - %ss; New FW available - %fs;'
2162 option to_other_phone '0'
2163 option authorisation 'no'
2164
2165config rule
2166 option action 'iostatus'
2167 option enabled '1'
2168 option smstext 'iostatus'
2169 option allowed_phone 'all'
2170 option to_other_phone '0'
2171 option authorisation 'no'
2172
2173config rule
2174 option action 'vpnstatus'
2175 option enabled '1'
2176 option smstext 'vpnstatus'
2177 option authorisation 'password'
2178 option allowed_phone 'all'
2179 option to_other_phone '0'
2180
2181config rule
2182 option action 'wifi'
2183 option enabled '1'
2184 option value 'on'
2185 option smstext 'wifion'
2186 option authorisation 'password'
2187 option allowed_phone 'all'
2188 option write_wifi '1'
2189 option to_other_phone '0'
2190
2191config rule
2192 option action 'wifi'
2193 option enabled '1'
2194 option value 'off'
2195 option smstext 'wifioff'
2196 option authorisation 'password'
2197 option allowed_phone 'all'
2198 option write_wifi '1'
2199 option to_other_phone '0'
2200
2201config rule
2202 option action 'mobile'
2203 option enabled '1'
2204 option value 'on'
2205 option smstext 'mobileon'
2206 option authorisation 'password'
2207 option allowed_phone 'all'
2208 option write_mobile '1'
2209 option to_other_phone '0'
2210
2211config rule
2212 option action 'mobile'
2213 option enabled '1'
2214 option value 'off'
2215 option smstext 'mobileoff'
2216 option authorisation 'password'
2217 option allowed_phone 'all'
2218 option write_mobile '1'
2219 option to_other_phone '0'
2220
2221config rule
2222 option action 'vpn'
2223 option enabled '1'
2224 option value 'on'
2225 option smstext 'vpnon'
2226 option authorisation 'password'
2227 option allowed_phone 'all'
2228 option to_other_phone '0'
2229
2230config rule
2231 option action 'vpn'
2232 option enabled '1'
2233 option value 'off'
2234 option smstext 'vpnoff'
2235 option authorisation 'password'
2236 option allowed_phone 'all'
2237 option to_other_phone '0'
2238
2239config rule
2240 option action 'change_mobile_settings'
2241 option enabled '1'
2242 option smstext 'cellular'
2243 option authorisation 'password'
2244 option allowed_phone 'all'
2245 option simcard 'sim1'
2246 option to_other_phone '0'
2247
2248config rule
2249 option action 'list_of_profile'
2250 option enabled '1'
2251 option smstext 'profdisp'
2252 option authorisation 'password'
2253 option allowed_phone 'all'
2254 option to_other_phone '0'
2255
2256config rule
2257 option action 'change_profile'
2258 option enabled '1'
2259 option smstext 'pr'
2260 option authorisation 'password'
2261 option allowed_phone 'all'
2262 option to_other_phone '0'
2263
2264config rule
2265 option action 'ssh_access'
2266 option enabled '1'
2267 option smstext 'ssh'
2268 option authorisation 'password'
2269 option allowed_phone 'all'
2270 option ssh_access_enabled '1'
2271 option ssh_access_remote '1'
2272 option to_other_phone '0'
2273
2274config rule
2275 option action 'web_access'
2276 option enabled '1'
2277 option smstext 'web'
2278 option authorisation 'password'
2279 option allowed_phone 'all'
2280 option web_access_enabled '1'
2281 option web_access_http '1'
2282 option web_access_https '1'
2283 option to_other_phone '0'
2284
2285config rule
2286 option action 'firstboot'
2287 option enabled '1'
2288 option smstext 'restore'
2289 option authorisation 'password'
2290 option allowed_phone 'all'
2291 option to_other_phone '0'
2292
2293config rule
2294 option action 'get_configure'
2295 option smstext 'get_configure'
2296 option to_other_phone '0'
2297 option allowed_phone 'group'
2298 option group 'PFKIT'
2299 option enabled '1'
2300 option authorisation 'no'
2301
2302config rule
2303 option action 'set_configure'
2304 option smstext 'send_configure'
2305 option allowed_phone 'all'
2306 option to_other_phone '0'
2307
2308config rule
2309 option action 'switch_sim'
2310 option enabled '1'
2311 option smstext 'switch_sim'
2312 option authorisation 'password'
2313 option allowed_phone 'all'
2314 option to_other_phone '0'
2315
2316config rule
2317 option action 'gps_coordinates'
2318 option enabled '1'
2319 option smstext 'gps'
2320 option authorisation 'password'
2321 option allowed_phone 'all'
2322 option to_other_phone '0'
2323
2324config rule
2325 option action 'gps'
2326 option enabled '1'
2327 option value 'off'
2328 option smstext 'gps_off'
2329 option authorisation 'password'
2330 option allowed_phone 'all'
2331 option to_other_phone '0'
2332
2333config rule
2334 option action 'gps'
2335 option enabled '1'
2336 option value 'on'
2337 option smstext 'gps_on'
2338 option authorisation 'password'
2339 option allowed_phone 'all'
2340 option to_other_phone '0'
2341
2342config rule
2343 option action 'fw_upgrade'
2344 option enabled '1'
2345 option smstext 'fw_upgrade'
2346 option authorisation 'password'
2347 option allowed_phone 'all'
2348 option to_other_phone '0'
2349
2350config rule
2351 option action 'config_update'
2352 option enabled '1'
2353 option smstext 'config_update'
2354 option authorisation 'password'
2355 option allowed_phone 'all'
2356 option to_other_phone '0'
2357
2358config rule
2359 option action 'monitoring'
2360 option enabled '1'
2361 option value 'on'
2362 option smstext 'monitoringon'
2363 option authorisation 'password'
2364 option allowed_phone 'all'
2365 option to_other_phone '0'
2366
2367config rule
2368 option action 'monitoring'
2369 option enabled '1'
2370 option value 'off'
2371 option smstext 'monitoringoff'
2372 option authorisation 'password'
2373 option allowed_phone 'all'
2374 option to_other_phone '0'
2375
2376config rule
2377 option action 'monitoring_status'
2378 option enabled '1'
2379 option smstext 'monitoring_status'
2380 option authorisation 'password'
2381 option allowed_phone 'all'
2382 option to_other_phone '0'
2383
2384config rule
2385 option action 'uci'
2386 option enabled '1'
2387 option smstext 'uci'
2388 option authorisation 'password'
2389 option allowed_phone 'all'
2390 option to_other_phone '0'
2391
2392config rule
2393 option action 'more'
2394 option enabled '1'
2395 option smstext 'more'
2396 option authorisation 'password'
2397 option allowed_phone 'all'
2398 option to_other_phone '0'
2399
2400config group
2401 option name 'PFKIT'
2402 list tel '+37129488839'
2403 list tel '+37126692909'
2404 list tel '+37129177012'
2405 list tel '+37125808580'
2406
2407
2408##### File: /etc/config/smscollect #####
2409package smscollect
2410
2411config smscollect 'config'
2412 option enabled '0'
2413
2414
2415##### File: /etc/config/snmpd #####
2416package snmpd
2417
2418config agent
2419 option agentaddress 'UDP:161'
2420 option portNumber '161'
2421 option version 'v1/v2'
2422 option enabled '1'
2423 option remoteAccess '1'
2424 option _community 'custom'
2425 option _community_name 'ArP6bqO6kZzsjGEf'
2426
2427config view 'all'
2428 option viewname 'all'
2429 option type 'included'
2430 option oid '.1'
2431
2432config system
2433 option sysLocation 'Location'
2434 option sysName 'Trader23veikals'
2435 option sysContact 'itservicedesk@pfkekava.lv'
2436
2437config exec
2438 option name 'filedescriptors'
2439 option prog '/bin/cat'
2440 option args '/proc/sys/fs/file-nr'
2441
2442config trap
2443 option trap_enabled '0'
2444 option trap_port '162'
2445 option trap_community 'public'
2446
2447config snmpd 'teltonika_auth_service'
2448 option enabled '0'
2449 option agentaddress 'UDP:9161'
2450 option portNumber '9161'
2451 option _community 'public'
2452 option remoteAccess '0'
2453
2454config com2sec 'ArP6bqO6kZzsjGEf'
2455 option secname 'rw'
2456 option source 'default'
2457 option community 'ArP6bqO6kZzsjGEf'
2458
2459config group 'ArP6bqO6kZzsjGEf_v1'
2460 option group 'ArP6bqO6kZzsjGEf'
2461 option version 'v1'
2462 option secname 'rw'
2463
2464config group 'ArP6bqO6kZzsjGEf_v2c'
2465 option group 'ArP6bqO6kZzsjGEf'
2466 option version 'v2c'
2467 option secname 'rw'
2468
2469config group 'ArP6bqO6kZzsjGEf_usm'
2470 option group 'ArP6bqO6kZzsjGEf'
2471 option version 'usm'
2472 option secname 'rw'
2473
2474config access 'ArP6bqO6kZzsjGEf_access'
2475 option group 'ArP6bqO6kZzsjGEf'
2476 option context 'none'
2477 option version 'any'
2478 option level 'noauth'
2479 option prefix 'exact'
2480 option read 'all'
2481 option write 'all'
2482 option notify 'all'
2483
2484
2485##### File: /etc/config/static_arp #####
2486package static_arp
2487
2488
2489##### File: /etc/config/strongswan #####
2490package strongswan
2491
2492
2493##### File: /etc/config/stunnel #####
2494package stunnel
2495
2496config globals 'globals'
2497 option enabled '0'
2498 option debug '5'
2499
2500
2501##### File: /etc/config/system #####
2502package system
2503
2504config system 'system'
2505 option conloglevel '8'
2506 option log_type 'circular'
2507 option log_buffer_size '128'
2508 option enable_pppd_debug '0'
2509 option enable_chat_log '1'
2510 option enable_gsmd_log '1'
2511 option enable_hotplug_log '1'
2512 option enable_luci_reload_log '0'
2513 option enable_sim_switch_log '0'
2514 option sms_utils_debug_level '2'
2515 option device_code 'RUT955H7VXXX'
2516 option device_fw_version 'RUT9XX_R_00.05.04'
2517 option timezone 'EET-2EEST,M3.5.0/3,M10.5.0/4'
2518 option routername 'Trader23veikals'
2519 option hostname 'Trader23veikals'
2520
2521config button
2522 option button 'reset'
2523 option action 'released'
2524 option handler 'reboot'
2525 option min '0'
2526 option max '5'
2527
2528config button
2529 option button 'reset'
2530 option action 'released'
2531 option handler 'firstboot && reboot'
2532 option min '5'
2533 option max '30'
2534
2535config device_info 'device_info'
2536 option reboot '0'
2537
2538config leds
2539 option enable '1'
2540
2541config ipv6 'ipv6'
2542 option enable '0'
2543
2544config removable_device 'module'
2545 option name 'Quectel LTE EC25'
2546 option vid '2C7C'
2547 option pid '0125'
2548 option device 'modem_cmd'
2549 option type '3g_ppp'
2550 option iface 'wwan0'
2551
2552config led 'usb_led'
2553 option dev 'wwan0'
2554
2555
2556##### File: /etc/config/teltonika #####
2557package teltonika
2558
2559config system 'sys'
2560 option unique_hash 'c61b4477c08d6480de54b2a897ec0731'
2561 option pass_changed '1'
2562 option shw3g '1'
2563 option showwan '1'
2564
2565
2566##### File: /etc/config/ucitrack #####
2567package ucitrack
2568
2569config network
2570 option init 'network'
2571 list affects 'gsmd-usb'
2572 list affects 'dhcp_common'
2573 list affects 'gre_tunnel'
2574 list affects 'openvpn'
2575 list affects 'xl2tpd'
2576 list affects 'pptpd'
2577 list affects 'vrrpd'
2578 list affects 'simpin'
2579 list affects 'strongswan'
2580 list affects 'reregister'
2581 list affects 'bridge_arp'
2582 list affects 'load_balancing'
2583 list affects 'fix_sta_ap'
2584 list affects 'mosquitto'
2585 list affects 'mqtt_pub'
2586 list affects 'stunnel'
2587
2588config quagga
2589 option init 'quagga'
2590
2591config gsmd-usb
2592 option init 'gsmd-usb'
2593
2594config bridge_arp
2595 option init 'bridge_arp'
2596
2597config wireless
2598 list affects 'network'
2599 list affects 'coovachilli'
2600
2601config portscan
2602 list affects 'firewall'
2603
2604config privoxy
2605 option init 'privoxy'
2606
2607config firewall
2608 option init 'firewall'
2609 list affects 'coovachilli'
2610 list affects 'qos'
2611 list affects 'hostblock'
2612 list affects 'pptpd'
2613 list affects 'gre_tunnel'
2614
2615config coovachilli
2616 option init 'chilli'
2617 list affects 'privoxy'
2618 list affects 'ftp_upload'
2619 list affects 'radius'
2620 list affects 'uhttpd'
2621
2622config dhcp_common
2623 option init 'dhcp_common'
2624 list affects 'dnsmasq'
2625 list affects 'dhcprelay'
2626
2627config dhcp
2628 option init 'dnsmasq'
2629
2630config dnsmasq
2631 option init 'dnsmasq'
2632
2633config bird4
2634 option init 'bird4'
2635 list affects 'firewall'
2636
2637config dhcprelay
2638 option init 'dhcprelay'
2639
2640config dropbear
2641 option init 'dropbear'
2642
2643config httpd
2644 option init 'httpd'
2645
2646config fstab
2647 option init 'fstab'
2648
2649config upnpd
2650 option init 'miniupnpd'
2651
2652config qos
2653 option init 'qos'
2654
2655config system
2656 option init 'tcpdebug'
2657 list affects 'luci_statistics'
2658
2659config ntpclient
2660 option init 'ntpclient'
2661 list affects 'ntpserver'
2662
2663config ntpserver
2664 option init 'ntpserver'
2665
2666config samba
2667 option init 'samba'
2668
2669config multiwan
2670 option init 'multiwan'
2671
2672config ping_reboot
2673 option init 'ping_reboot'
2674
2675config eventslog_report
2676 option init 'eventslog_report'
2677 list affects 'cron'
2678
2679config cron
2680 option init 'cron'
2681
2682config uhttpd
2683 option init 'uhttpd'
2684
2685config gre_tunnel
2686 option init 'gre-tunnel'
2687
2688config strongswan
2689 option init 'ipsec'
2690 list affects 'firewall'
2691 list affects 'multiwan'
2692
2693config sms_utils
2694 option init 'sms-utils'
2695
2696config radius
2697 option init 'radiusd'
2698
2699config ftp_upload
2700 option init 'ftp_upload'
2701
2702config snmpd
2703 option init 'snmpd'
2704
2705config openvpn
2706 option init 'openvpn'
2707
2708config mdcollectd
2709 option init 'mdcollectd'
2710
2711config smscollect
2712 option init 'smscollect'
2713
2714config rms_connect
2715 option init 'rms_connect'
2716 list affects 'mdcollectd'
2717
2718config hostblock
2719 option init 'hostblock'
2720
2721config data_limit
2722 option init 'limit_guard'
2723 list affects 'mdcollectd'
2724
2725config sim_switch
2726 option init 'sim_switch'
2727 list affects 'mdcollectd'
2728
2729config gps
2730 option init 'gpsd'
2731
2732config rs
2733 option init 'rs232'
2734 list affects 'firewall'
2735
2736config usb_to_serial
2737 option init 'usb_to_serial'
2738 list affects 'firewall'
2739
2740config periodic_reboot
2741 option init 'periodic_reboot'
2742
2743config vrrpd
2744 option init 'vrrpd'
2745 list affects 'vrrp_check'
2746
2747config vrrp_check
2748 option init 'vrrp_check'
2749
2750config simpin
2751 option init 'simpin'
2752
2753config simcard
2754 option init 'sim_conf_switch'
2755 list affects 'network'
2756 list affects 'sim_switch'
2757 list affects 'data_limit'
2758
2759config mosquitto
2760 option init 'mosquitto'
2761
2762config mqtt_pub
2763 option init 'mqtt_pub'
2764
2765config pptpd
2766 option init 'pptpd'
2767
2768config reregister
2769 option init 'reregister'
2770
2771config output_control
2772 option init 'output_scheduler'
2773
2774config ddns
2775 option init 'ddns'
2776
2777config logtrigger
2778 option init 'logtrigger'
2779
2780config ioman
2781 option init 'ioman'
2782
2783config sms_gateway
2784 option init 'pop3_ets'
2785
2786config sim_idle_protection
2787 option init 'sim_idle_protection'
2788
2789config smpp_config
2790 option init 'smpp_init'
2791
2792config modbus
2793 option init 'modbusd'
2794
2795config cli
2796 option init 'shellinabox'
2797
2798config easycwmp
2799 option init 'easycwmpd'
2800 list affects 'firewall'
2801
2802config load_balancing
2803 option init 'load_balancing'
2804
2805config fix_sta_ap
2806 option init 'fix_sta_ap'
2807
2808config xl2tpd
2809 option init 'xl2tpd'
2810
2811config static_arp
2812 option init 'static_arp'
2813
2814config kmod_man
2815 option init 'kmod_man'
2816
2817config wget_reboot
2818 option init 'wget_reboot'
2819
2820config hotspot_scheduler
2821 option init 'hotspot_scheduler'
2822
2823config stunnel
2824 option init 'stunnel'
2825
2826config p910nd
2827 option init 'p910nd'
2828
2829config ntpserver
2830
2831
2832##### File: /etc/config/uhttpd #####
2833package uhttpd
2834
2835config uhttpd 'main'
2836 list listen_http '0.0.0.0:80'
2837 list listen_https '0.0.0.0:443'
2838 option home '/www'
2839 option rfc1918_filter '1'
2840 option max_requests '3'
2841 option max_connections '100'
2842 option cert '/etc/uhttpd.crt'
2843 option key '/etc/uhttpd.key'
2844 option cgi_prefix '/cgi-bin'
2845 option script_timeout '600'
2846 option network_timeout '30'
2847 option http_keepalive '20'
2848 option tcp_keepalive '1'
2849 option ubus_prefix '/ubus'
2850 option enablehttp '0'
2851 option redirect_https '0'
2852 option _httpWanAccess '0'
2853 option _httpsWanAccess '1'
2854
2855config uhttpd 'hotspot'
2856 list listen_http '0.0.0.0:81'
2857 list listen_https '0.0.0.0:444'
2858 option enablehttp '1'
2859 option home '/www/hotspot'
2860 option rfc1918_filter '1'
2861 option max_requests '3'
2862 option max_connections '100'
2863 option cert '/etc/uhttpd.crt'
2864 option key '/etc/uhttpd.key'
2865 option cgi_prefix '/cgi'
2866 option script_timeout '600'
2867 option network_timeout '30'
2868 option http_keepalive '20'
2869 option tcp_keepalive '1'
2870 option no_dirlists '1'
2871 option ubus_prefix '/ubus'
2872 option disabled '1'
2873
2874config rms_uhttpd 'rms'
2875 option port '9000'
2876 option enablehttp '1'
2877 option home '/www'
2878 option rfc1918_filter '1'
2879 option max_requests '3'
2880 option max_connections '100'
2881 option cgi_prefix '/cgi-bin'
2882 option script_timeout '60'
2883 option network_timeout '30'
2884 option http_keepalive '20'
2885 option tcp_keepalive '1'
2886 option ubus_prefix '/ubus'
2887
2888config cert 'openssl'
2889 option days '730'
2890 option bits '2048'
2891 option country 'LT'
2892 option state 'Vilnius'
2893 option location 'Vilnius'
2894 option commonname 'Teltonika'
2895
2896
2897##### File: /etc/config/upnpd #####
2898package upnpd
2899
2900config upnpd 'config'
2901 option enable_natpmp '1'
2902 option enable_upnp '1'
2903 option secure_mode '1'
2904 option log_output '0'
2905 option download '1024'
2906 option upload '512'
2907 option external_iface 'wan'
2908 option internal_iface 'lan'
2909 option port '5000'
2910 option upnp_lease_file '/var/upnp.leases'
2911 option serial_number '********'
2912
2913config perm_rule
2914 option action 'allow'
2915 option ext_ports '1024-65535'
2916 option int_addr '0.0.0.0/0'
2917 option int_ports '1024-65535'
2918 option comment 'Allow high ports'
2919
2920config perm_rule
2921 option action 'deny'
2922 option ext_ports '0-65535'
2923 option int_addr '0.0.0.0/0'
2924 option int_ports '0-65535'
2925 option comment 'Default deny'
2926
2927
2928##### File: /etc/config/usb_to_serial #####
2929package usb_to_serial
2930
2931config rs232 'rs232'
2932
2933
2934##### File: /etc/config/vrrpd #####
2935package vrrpd
2936
2937config vrrpd 'vid1'
2938 option enabled '0'
2939 option interface 'lan'
2940 option virtual_id '1'
2941 list virtual_ip '192.168.1.253'
2942 option priority '100'
2943
2944config vrrpd 'ping'
2945 option enabled '0'
2946 option ping_attempts '1'
2947 option fail_counter '0'
2948
2949
2950##### File: /etc/config/wget_reboot #####
2951package wget_reboot
2952
2953config wget_reboot 'wget_reboot'
2954 option interval '2'
2955 option retry '5'
2956 option host 'http://www.google.com'
2957 option timeout '2'
2958 option enable '0'
2959 option action '1'
2960 option time '5'
2961
2962
2963##### File: /etc/config/wireless #####
2964package wireless
2965
2966config wifi-device 'radio0'
2967 option type 'mac80211'
2968 option channel 'auto'
2969 option hwmode '11ng'
2970 option country '00'
2971 option path 'platform/ar934x_wmac'
2972 list ht_capab 'LDPC'
2973 list ht_capab 'SHORT-GI-20'
2974 list ht_capab 'SHORT-GI-40'
2975 list ht_capab 'TX-STBC'
2976 list ht_capab 'RX-STBC1'
2977 list ht_capab 'DSSS_CCK-40'
2978 option htmode 'HT20'
2979
2980config wifi-iface
2981 option device 'radio0'
2982 option network 'lan'
2983 option mode 'ap'
2984 option ssid 'RUT955_C1F3'
2985 option isolate '0'
2986 option hotspotid 'hotspot1'
2987 option encryption 'none'
2988 option disabled '1'
2989 option user_enable '0'
2990
2991
2992##### File: /etc/config/xl2tpd #####
2993package xl2tpd
2994
2995config login
2996 option username 'user'
2997 option password '<secret hidden>'
2998
2999
3000##### File: /etc/default/snmpd #####
3001OPTIONS="-Lf /dev/null -p /var/run/snmpd.pid"
3002
3003##### File: /etc/dnsmasq.conf #####
3004# Change the following lines if you want dnsmasq to serve SRV
3005# records.
3006# You may add multiple srv-host lines.
3007# The fields are <name>,<target>,<port>,<priority>,<weight>
3008
3009# A SRV record sending LDAP for the example.com domain to
3010# ldapserver.example.com port 289
3011#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
3012
3013# Two SRV records for LDAP, each with different priorities
3014#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
3015#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
3016
3017# A SRV record indicating that there is no LDAP server for the domain
3018# example.com
3019#srv-host=_ldap._tcp.example.com
3020
3021# The following line shows how to make dnsmasq serve an arbitrary PTR
3022# record. This is useful for DNS-SD.
3023# The fields are <name>,<target>
3024#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
3025
3026# Change the following lines to enable dnsmasq to serve TXT records.
3027# These are used for things like SPF and zeroconf.
3028# The fields are <name>,<text>,<text>...
3029
3030#Example SPF.
3031#txt-record=example.com,"v=spf1 a -all"
3032
3033#Example zeroconf
3034#txt-record=_http._tcp.example.com,name=value,paper=A4
3035
3036# Provide an alias for a "local" DNS name. Note that this _only_ works
3037# for targets which are names from DHCP or /etc/hosts. Give host
3038# "bert" another name, bertrand
3039# The fields are <cname>,<target>
3040#cname=bertand,bert
3041
3042##### Binary file: /etc/dropbear/dropbear_rsa_host_key #####
3043#Decode using 'echo -en <data> | gzip -dc > /etc/dropbear/dropbear_rsa_host_key'
3044\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\x03\x01\x25\x03\xda\xfc\x00\x00\x00\x07\x73\x73\x68\x2d\x72\x73\x61\x00\x00\x00\x03\x01\x00\x01\x00\x00\x01\x01\x00\xaa\xf4\x93\x72\x64\x8f\xce\x80\x12\x1a\x11\x57\x4b\x23\xdd\x04\x53\x7e\xef\x5a\xa1\x7f\x0c\xf2\xb5\x70\xe3\x30\x8d\x8c\xca\x52\x02\x97\x76\xb5\xff\xfe\x4f\x2d\x5b\xab\x23\xbb\x4e\x01\x56\x12\x67\x30\xf4\x7d\xaa\xec\x86\xf0\x33\x58\xc1\x03\xe0\xab\x7e\x74\xac\x20\xc7\x02\x27\x41\x97\xe6\xd5\xe7\xe5\xee\x87\xa4\x81\x7c\xf6\xcf\x9e\x67\x41\xa5\xaa\x67\xe4\xa9\x99\x43\x6f\x48\xb2\xf9\x8c\x3e\xca\xea\x7d\x4a\x14\xb2\xa6\xab\xc9\x53\x64\x21\x1d\xa0\x73\xd6\xaf\x0b\x3c\x2f\x6d\x58\x5e\xe6\x2c\x8c\xbe\xbc\xc0\x56\x6b\x93\x6b\x2e\xcd\xf9\xaa\x6a\xd1\x2c\x95\x3c\x23\x46\x86\x9c\x9c\xca\xd1\x73\x7e\x16\xaf\xf5\xb9\x1d\x13\x94\x6f\x7f\x5a\x7b\xed\x27\xce\xe4\x76\x0d\x84\xb6\xf9\x5a\xf0\x5e\xea\x9a\x7b\x85\x12\x24\x64\xf9\xa5\xac\x22\x5e\x37\xbb\x19\xd7\x53\x53\x32\x2a\xce\x85\x0a\xfe\xd4\xa9\x4b\x26\x21\x8f\x17\x6c\x2a\x6b\xc6\xd5\xb1\x12\xd8\xf7\x73\x72\x0c\xa3\x7c\x2c\x11\xcc\x8d\x84\x00\x2c\x59\xdf\x02\x93\x39\xd5\x20\xba\x38\xec\x07\x01\x3e\xbf\x7d\x7c\x87\x7f\x2f\xc1\x23\xc0\xac\xd3\x0e\x91\x43\x5d\xca\xd3\xc1\xa7\x00\x00\x01\x00\x20\xf0\xc7\x88\x7f\x40\x06\x76\x3f\x06\xae\xd8\xb7\x2d\xcd\xe4\x8b\x82\x25\xf4\xbc\xb1\x92\x79\x21\xe5\x02\xa1\xd4\x64\x90\x87\x84\xe0\x52\x8b\x77\x2c\x35\x6d\x74\x00\x61\xfe\x31\x65\xa8\x84\x1b\x46\x1f\x96\x27\x5d\x34\x13\x0c\x91\xc9\x7f\x49\xc7\x41\xb2\x91\x88\x2f\x50\x86\xe7\xe8\xb1\x1d\xfe\x75\x1b\xa5\x1f\x59\xa4\x0e\x9a\xaa\xd7\x12\x9b\x2d\x5e\x9f\x7c\xde\x7f\x53\xee\x1a\x2e\x63\x8b\xa5\xe5\xd1\x06\x79\x3e\x83\x47\x0e\x9f\xf6\xe7\x3a\xa2\x34\x2f\xe5\xc2\xb0\x72\x23\x0b\xa8\x1d\x89\xf0\x04\xc0\xb1\xfe\xa3\x24\xef\x8e\xf5\x64\xa2\x72\xdd\x5d\x03\x7a\x14\x5b\xf6\x68\xfc\x62\xec\x52\x7c\xf7\xbe\x36\x27\xa8\xcd\x07\x92\x07\x12\xbd\x1b\x34\x49\x5f\x8a\x20\xd1\xfb\x19\xd5\x6f\x3d\x1a\x25\xa3\x2a\x86\xcc\x76\x0c\x46\xe1\x39\x09\xc3\x49\xad\x85\x9d\x72\x53\xe8\x8c\x73\xce\x90\x87\x38\x82\x5d\x81\xac\x28\xec\x30\x68\x61\x2e\x72\x90\xe7\x77\x9d\x2c\x1a\xfa\xc0\xb4\x7b\x1c\x33\xeb\x59\x25\x75\xad\xfc\xea\x71\x9b\x32\xd9\x29\x55\xff\xe0\x38\xfc\x52\xba\xd1\xfb\x0d\x76\x1c\x9c\xa8\x79\xb4\xba\x28\x9b\xd2\xbb\x11\x61\x00\x00\x00\x81\x00\xf8\x53\x09\x49\x91\x0f\x6a\xb3\x41\x43\x06\xa1\x6c\xb4\xdc\xd5\x2f\xc6\x7f\x09\x38\x57\x5d\xc7\xe8\x39\x09\xcd\x90\x71\x74\x86\xa5\xf2\x21\x06\x2a\x72\xc9\xcc\x9c\x66\xa7\x7a\xe1\x19\xcb\xa7\x8d\x03\x75\xc3\xd9\x03\xc9\xaf\x2b\x27\x9d\x95\x7b\x6a\xe9\x60\xda\xf8\xeb\x34\x52\xc9\xfe\x92\xdd\x87\x45\x5e\x5b\xa1\x7f\xd1\x50\xbf\x93\x49\x74\xed\x39\xfd\x06\xa8\x40\xed\x6b\x22\xbb\xa5\x99\xff\x2f\x9b\x64\x57\x45\x7d\xdb\xaf\x33\xa0\xb0\x34\x8e\xf8\xe1\xcd\x36\x7f\xfd\xdd\xb4\xf0\x66\x81\xfd\x24\xfe\x57\x72\x13\x00\x00\x00\x81\x00\xb0\x3d\x53\xc9\xba\xb1\x7d\x46\x33\xe0\xc8\x47\x08\x2f\x53\x8f\xbd\xdd\x77\x33\x82\xc3\x3a\xde\x25\xe4\xd5\xca\x75\x57\x44\xd4\x50\xfe\x48\x82\x83\x0f\xfb\xc9\xee\x56\x4c\xe4\xd1\xe6\x97\x0c\x6e\x5c\xec\x70\x2a\x49\x26\x1a\xba\xc4\x9b\xfa\x43\x1b\xe9\x34\xfb\x7c\xa7\xef\x0a\xe4\x89\xad\x0d\x2e\x1f\x91\x8d\x2d\x56\x34\x62\xee\xec\x4e\xf1\xb6\x5d\x94\x76\xaa\x6b\x17\x1b\x17\x4a\xd5\xc1\x2e\xd5\x79\x1e\xec\xf0\xa2\xdb\x97\x9f\x1c\x43\x09\x84\xb5\xaa\x47\x83\xa6\xa1\x54\x78\xc5\x1d\x8f\xb1\x76\x9a\x3b\x84\x9d\xf2\x50\x4a\x49\x25\x03\x00\x00
3045##### File: /etc/easy-rsa/openssl-1.0.cnf #####
3046# For use with Easy-RSA 3.0 and OpenSSL 1.0.*
3047
3048RANDFILE = $ENV::EASYRSA_PKI/.rnd
3049
3050####################################################################
3051[ ca ]
3052default_ca = CA_default # The default ca section
3053
3054####################################################################
3055[ CA_default ]
3056
3057dir = $ENV::EASYRSA_PKI # Where everything is kept
3058certs = $dir # Where the issued certs are kept
3059crl_dir = $dir # Where the issued crl are kept
3060database = $dir/index.txt # database index file.
3061new_certs_dir = $dir/certs_by_serial # default place for new certs.
3062
3063certificate = $dir/ca.crt # The CA certificate
3064serial = $dir/serial # The current serial number
3065crl = $dir/crl.pem # The current CRL
3066private_key = $dir/private/ca.key # The private key
3067RANDFILE = $dir/.rand # private random number file
3068
3069x509_extensions = basic_exts # The extentions to add to the cert
3070
3071# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
3072# is designed for will. In return, we get the Issuer attached to CRLs.
3073crl_extensions = crl_ext
3074
3075default_days = $ENV::EASYRSA_CERT_EXPIRE # how long to certify for
3076default_crl_days= $ENV::EASYRSA_CRL_DAYS # how long before next CRL
3077default_md = $ENV::EASYRSA_DIGEST # use public key default MD
3078preserve = no # keep passed DN ordering
3079
3080# A few difference way of specifying how similar the request should look
3081# For type CA, the listed attributes must be the same, and the optional
3082# and supplied fields are just that :-)
3083policy = policy_anything
3084
3085# For the 'anything' policy, which defines allowed DN fields
3086[ policy_anything ]
3087countryName = optional
3088stateOrProvinceName = optional
3089localityName = optional
3090organizationName = optional
3091organizationalUnitName = optional
3092commonName = supplied
3093name = optional
3094emailAddress = optional
3095
3096####################################################################
3097# Easy-RSA request handling
3098# We key off $DN_MODE to determine how to format the DN
3099[ req ]
3100default_bits = $ENV::EASYRSA_KEY_SIZE
3101default_keyfile = privkey.pem
3102default_md = $ENV::EASYRSA_DIGEST
3103distinguished_name = $ENV::EASYRSA_DN
3104x509_extensions = easyrsa_ca # The extentions to add to the self signed cert
3105
3106# A placeholder to handle the $EXTRA_EXTS feature:
3107#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it
3108
3109####################################################################
3110# Easy-RSA DN (Subject) handling
3111
3112# Easy-RSA DN for cn_only support:
3113[ cn_only ]
3114commonName = Common Name (eg: your user, host, or server name)
3115commonName_max = 64
3116commonName_default = $ENV::EASYRSA_REQ_CN
3117
3118# Easy-RSA DN for org support:
3119[ org ]
3120countryName = Country Name (2 letter code)
3121countryName_default = $ENV::EASYRSA_REQ_COUNTRY
3122countryName_min = 2
3123countryName_max = 2
3124
3125stateOrProvinceName = State or Province Name (full name)
3126stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
3127
3128localityName = Locality Name (eg, city)
3129localityName_default = $ENV::EASYRSA_REQ_CITY
3130
31310.organizationName = Organization Name (eg, company)
31320.organizationName_default = $ENV::EASYRSA_REQ_ORG
3133
3134organizationalUnitName = Organizational Unit Name (eg, section)
3135organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
3136
3137commonName = Common Name (eg: your user, host, or server name)
3138commonName_max = 64
3139commonName_default = $ENV::EASYRSA_REQ_CN
3140
3141emailAddress = Email Address
3142emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
3143emailAddress_max = 64
3144
3145####################################################################
3146# Easy-RSA cert extension handling
3147
3148# This section is effectively unused as the main script sets extensions
3149# dynamically. This core section is left to support the odd usecase where
3150# a user calls openssl directly.
3151[ basic_exts ]
3152basicConstraints = CA:FALSE
3153subjectKeyIdentifier = hash
3154authorityKeyIdentifier = keyid,issuer:always
3155
3156# The Easy-RSA CA extensions
3157[ easyrsa_ca ]
3158
3159# PKIX recommendations:
3160
3161subjectKeyIdentifier=hash
3162authorityKeyIdentifier=keyid:always,issuer:always
3163
3164# This could be marked critical, but it's nice to support reading by any
3165# broken clients who attempt to do so.
3166basicConstraints = CA:true
3167
3168# Limit key usage to CA tasks. If you really want to use the generated pair as
3169# a self-signed cert, comment this out.
3170keyUsage = cRLSign, keyCertSign
3171
3172# nsCertType omitted by default. Let's try to let the deprecated stuff die.
3173# nsCertType = sslCA
3174
3175# CRL extensions.
3176[ crl_ext ]
3177
3178# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
3179
3180# issuerAltName=issuer:copy
3181authorityKeyIdentifier=keyid:always,issuer:always
3182
3183
3184##### File: /etc/easy-rsa/vars #####
3185# Easy-RSA 3 parameter settings
3186
3187# NOTE: If you installed Easy-RSA from your distro's package manager, don't edit
3188# this file in place -- instead, you should copy the entire easy-rsa directory
3189# to another location so future upgrades don't wipe out your changes.
3190
3191# HOW TO USE THIS FILE
3192#
3193# vars.example contains built-in examples to Easy-RSA settings. You MUST name
3194# this file 'vars' if you want it to be used as a configuration file. If you do
3195# not, it WILL NOT be automatically read when you call easyrsa commands.
3196#
3197# It is not necessary to use this config file unless you wish to change
3198# operational defaults. These defaults should be fine for many uses without the
3199# need to copy and edit the 'vars' file.
3200#
3201# All of the editable settings are shown commented and start with the command
3202# 'set_var' -- this means any set_var command that is uncommented has been
3203# modified by the user. If you're happy with a default, there is no need to
3204# define the value to its default.
3205
3206# NOTES FOR WINDOWS USERS
3207#
3208# Paths for Windows *MUST* use forward slashes, or optionally double-esscaped
3209# backslashes (single forward slashes are recommended.) This means your path to
3210# the openssl binary might look like this:
3211# "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
3212
3213# A little housekeeping: DON'T EDIT THIS SECTION
3214#
3215# Easy-RSA 3.x doesn't source into the environment directly.
3216# Complain if a user tries to do this:
3217if [ -z "$EASYRSA_CALLER" ]; then
3218 echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2
3219 echo "This is no longer necessary and is disallowed. See the section called" >&2
3220 echo "'How to use this file' near the top comments for more details." >&2
3221 return 1
3222fi
3223
3224# DO YOUR EDITS BELOW THIS POINT
3225
3226# This variable should point to the top level of the easy-rsa tree. By default,
3227# this is taken to be the directory you are currently in.
3228
3229#set_var EASYRSA "$PWD"
3230
3231# If your OpenSSL command is not in the system PATH, you will need to define the
3232# path to it here. Normally this means a full path to the executable, otherwise
3233# you could have left it undefined here and the shown default would be used.
3234#
3235# Windows users, remember to use paths with forward-slashes (or escaped
3236# back-slashes.) Windows users should declare the full path to the openssl
3237# binary here if it is not in their system PATH.
3238
3239#set_var EASYRSA_OPENSSL "openssl"
3240#
3241# This sample is in Windows syntax -- edit it for your path if not using PATH:
3242#set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe"
3243
3244# Edit this variable to point to your soon-to-be-created key directory.
3245#
3246# WARNING: init-pki will do a rm -rf on this directory so make sure you define
3247# it correctly! (Interactive mode will prompt before acting.)
3248
3249#set_var EASYRSA_PKI "$EASYRSA/pki"
3250
3251# Define X509 DN mode.
3252# This is used to adjust what elements are included in the Subject field as the DN
3253# (this is the "Distinguished Name.")
3254# Note that in cn_only mode the Organizational fields further below aren't used.
3255#
3256# Choices are:
3257# cn_only - use just a CN value
3258# org - use the "traditional" Country/Province/City/Org/OU/email/CN format
3259
3260#set_var EASYRSA_DN "cn_only"
3261
3262# Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.)
3263# These are the default values for fields which will be placed in the
3264# certificate. Don't leave any of these fields blank, although interactively
3265# you may omit any specific field by typing the "." symbol (not valid for
3266# email.)
3267
3268#set_var EASYRSA_REQ_COUNTRY "US"
3269#set_var EASYRSA_REQ_PROVINCE "California"
3270#set_var EASYRSA_REQ_CITY "San Francisco"
3271#set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
3272#set_var EASYRSA_REQ_EMAIL "me@example.net"
3273#set_var EASYRSA_REQ_OU "My Organizational Unit"
3274
3275# Choose a size in bits for your keypairs. The recommended value is 2048. Using
3276# 2048-bit keys is considered more than sufficient for many years into the
3277# future. Larger keysizes will slow down TLS negotiation and make key/DH param
3278# generation take much longer. Values up to 4096 should be accepted by most
3279# software. Only used when the crypto alg is rsa (see below.)
3280
3281#set_var EASYRSA_KEY_SIZE 2048
3282
3283# The default crypto mode is rsa; ec can enable elliptic curve support.
3284# Note that not all software supports ECC, so use care when enabling it.
3285# Choices for crypto alg are: (each in lower-case)
3286# * rsa
3287# * ec
3288
3289#set_var EASYRSA_ALGO rsa
3290
3291# Define the named curve, used in ec mode only:
3292
3293#set_var EASYRSA_CURVE secp384r1
3294
3295# In how many days should the root CA key expire?
3296
3297#set_var EASYRSA_CA_EXPIRE 3650
3298
3299# In how many days should certificates expire?
3300
3301#set_var EASYRSA_CERT_EXPIRE 3650
3302
3303# How many days until the next CRL publish date? Note that the CRL can still be
3304# parsed after this timeframe passes. It is only used for an expected next
3305# publication date.
3306
3307#set_var EASYRSA_CRL_DAYS 180
3308
3309# Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default
3310# is "no" to discourage use of deprecated extensions. If you require this
3311# feature to use with --ns-cert-type, set this to "yes" here. This support
3312# should be replaced with the more modern --remote-cert-tls feature. If you do
3313# not use --ns-cert-type in your configs, it is safe (and recommended) to leave
3314# this defined to "no". When set to "yes", server-signed certs get the
3315# nsCertType=server attribute, and also get any NS_COMMENT defined below in the
3316# nsComment field.
3317
3318#set_var EASYRSA_NS_SUPPORT "no"
3319
3320# When NS_SUPPORT is set to "yes", this field is added as the nsComment field.
3321# Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored.
3322
3323#set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate"
3324
3325# A temp file used to stage cert extensions during signing. The default should
3326# be fine for most users; however, some users might want an alternative under a
3327# RAM-based FS, such as /dev/shm or /tmp on some systems.
3328
3329#set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp"
3330
3331# !!
3332# NOTE: ADVANCED OPTIONS BELOW THIS POINT
3333# PLAY WITH THEM AT YOUR OWN RISK
3334# !!
3335
3336# Broken shell command aliases: If you have a largely broken shell that is
3337# missing any of these POSIX-required commands used by Easy-RSA, you will need
3338# to define an alias to the proper path for the command. The symptom will be
3339# some form of a 'command not found' error from your shell. This means your
3340# shell is BROKEN, but you can hack around it here if you really need. These
3341# shown values are not defaults: it is up to you to know what you're doing if
3342# you touch these.
3343#
3344#alias awk="/alt/bin/awk"
3345#alias cat="/alt/bin/cat"
3346
3347# X509 extensions directory:
3348# If you want to customize the X509 extensions used, set the directory to look
3349# for extensions here. Each cert type you sign must have a matching filename,
3350# and an optional file named 'COMMON' is included first when present. Note that
3351# when undefined here, default behaviour is to look in $EASYRSA_PKI first, then
3352# fallback to $EASYRSA for the 'x509-types' dir. You may override this
3353# detection with an explicit dir here.
3354#
3355#set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types"
3356
3357# OpenSSL config file:
3358# If you need to use a specific openssl config file, you can reference it here.
3359# Normally this file is auto-detected from a file named openssl-1.0.cnf from the
3360# EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA
3361# specific and you cannot just use a standard config file, so this is an
3362# advanced feature.
3363
3364#set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-1.0.cnf"
3365
3366# Default CN:
3367# This is best left alone. Interactively you will set this manually, and BATCH
3368# callers are expected to set this themselves.
3369
3370#set_var EASYRSA_REQ_CN "ChangeMe"
3371
3372# Cryptographic digest to use.
3373# Do not change this default unless you understand the security implications.
3374# Valid choices include: md5, sha1, sha256, sha224, sha384, sha512
3375
3376#set_var EASYRSA_DIGEST "sha256"
3377
3378# Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly
3379# in batch mode without any user input, confirmation on dangerous operations,
3380# or most output. Setting this to any non-blank string enables batch mode.
3381
3382#set_var EASYRSA_BATCH ""
3383
3384
3385##### File: /etc/firewall.user #####
3386# This file is interpreted as shell script.
3387# Put your custom iptables rules here, they will
3388# be executed with each firewall (re-)start.
3389
3390# Internal uci firewall chains are flushed and recreated on reload, so
3391# put custom rules into the root chains e.g. INPUT or FORWARD or into the
3392# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
3393
3394##### File: /etc/freeradius2/acct_users #####
3395#
3396# $Id: fafac849a0f0519cdaf7acf2ef51c8b36a5a6255 $
3397#
3398# This is like the 'users' file, but it is processed only for
3399# accounting packets.
3400#
3401
3402# Select between different accounting methods based for example on the
3403# Realm, the Huntgroup-Name or any combinaison of the attribute/value
3404# pairs contained in an accounting packet.
3405#
3406#DEFAULT Realm == "foo.net", Acct-Type := sql_log.foo
3407#
3408#DEFAULT Huntgroup-Name == "wifi", Acct-Type := sql_log.wifi
3409#
3410#DEFAULT Client-IP-Address == 10.0.0.1, Acct-Type := sql_log.other
3411#
3412#DEFAULT Acct-Status-Type == Start, Acct-Type := sql_log.start
3413
3414# Replace the User-Name with the Stripped-User-Name, if it exists.
3415#
3416#DEFAULT
3417# User-Name := "%{Stripped-User-Name:-%{User-Name}}"
3418
3419##### File: /etc/freeradius2/clients.conf #####
3420# -*- text -*-
3421##
3422## clients.conf -- client configuration directives
3423##
3424## $Id: 729c15d3e84c6cdb54a5f3652d93a2d7f8725fd4 $
3425
3426#######################################################################
3427#
3428# Define RADIUS clients (usually a NAS, Access Point, etc.).
3429
3430#
3431# Defines a RADIUS client.
3432#
3433# '127.0.0.1' is another name for 'localhost'. It is enabled by default,
3434# to allow testing of the server after an initial installation. If you
3435# are not going to be permitting RADIUS queries from localhost, we suggest
3436# that you delete, or comment out, this entry.
3437#
3438#
3439
3440#
3441# Each client has a "short name" that is used to distinguish it from
3442# other clients.
3443#
3444# In version 1.x, the string after the word "client" was the IP
3445# address of the client. In 2.0, the IP address is configured via
3446# the "ipaddr" or "ipv6addr" fields. For compatibility, the 1.x
3447# format is still accepted.
3448#
3449client localhost {
3450 # Allowed values are:
3451 # dotted quad (1.2.3.4)
3452 # hostname (radius.example.com)
3453 ipaddr = 127.0.0.1
3454
3455 # OR, you can use an IPv6 address, but not both
3456 # at the same time.
3457# ipv6addr = :: # any. ::1 == localhost
3458
3459 #
3460 # A note on DNS: We STRONGLY recommend using IP addresses
3461 # rather than host names. Using host names means that the
3462 # server will do DNS lookups when it starts, making it
3463 # dependent on DNS. i.e. If anything goes wrong with DNS,
3464 # the server won't start!
3465 #
3466 # The server also looks up the IP address from DNS once, and
3467 # only once, when it starts. If the DNS record is later
3468 # updated, the server WILL NOT see that update.
3469 #
3470
3471 # One client definition can be applied to an entire network.
3472 # e.g. 127/8 should be defined with "ipaddr = 127.0.0.0" and
3473 # "netmask = 8"
3474 #
3475 # If not specified, the default netmask is 32 (i.e. /32)
3476 #
3477 # We do NOT recommend using anything other than 32. There
3478 # are usually other, better ways to achieve the same goal.
3479 # Using netmasks of other than 32 can cause security issues.
3480 #
3481 # You can specify overlapping networks (127/8 and 127.0/16)
3482 # In that case, the smallest possible network will be used
3483 # as the "best match" for the client.
3484 #
3485 # Clients can also be defined dynamically at run time, based
3486 # on any criteria. e.g. SQL lookups, keying off of NAS-Identifier,
3487 # etc.
3488 # See raddb/sites-available/dynamic-clients for details.
3489 #
3490
3491# netmask = 32
3492
3493 #
3494 # The shared secret use to "encrypt" and "sign" packets between
3495 # the NAS and FreeRADIUS. You MUST change this secret from the
3496 # default, otherwise it's not a secret any more!
3497 #
3498 # The secret can be any string, up to 8k characters in length.
3499 #
3500 # Control codes can be entered vi octal encoding,
3501 # e.g. "\101\102" == "AB"
3502 # Quotation marks can be entered by escaping them,
3503 # e.g. "foo\"bar"
3504 #
3505 # A note on security: The security of the RADIUS protocol
3506 # depends COMPLETELY on this secret! We recommend using a
3507 # shared secret that is composed of:
3508 #
3509 # upper case letters
3510 # lower case letters
3511 # numbers
3512 #
3513 # And is at LEAST 8 characters long, preferably 16 characters in
3514 # length. The secret MUST be random, and should not be words,
3515 # phrase, or anything else that is recognizable.
3516 #
3517 # The default secret below is only for testing, and should
3518 # not be used in any real environment.
3519 #
3520 secret = testing123
3521
3522 #
3523 # Old-style clients do not send a Message-Authenticator
3524 # in an Access-Request. RFC 5080 suggests that all clients
3525 # SHOULD include it in an Access-Request. The configuration
3526 # item below allows the server to require it. If a client
3527 # is required to include a Message-Authenticator and it does
3528 # not, then the packet will be silently discarded.
3529 #
3530 # allowed values: yes, no
3531 require_message_authenticator = no
3532
3533 #
3534 # The short name is used as an alias for the fully qualified
3535 # domain name, or the IP address.
3536 #
3537 # It is accepted for compatibility with 1.x, but it is no
3538 # longer necessary in 2.0
3539 #
3540# shortname = localhost
3541
3542 #
3543 # the following three fields are optional, but may be used by
3544 # checkrad.pl for simultaneous use checks
3545 #
3546
3547 #
3548 # The nastype tells 'checkrad.pl' which NAS-specific method to
3549 # use to query the NAS for simultaneous use.
3550 #
3551 # Permitted NAS types are:
3552 #
3553 # cisco
3554 # computone
3555 # livingston
3556 # juniper
3557 # max40xx
3558 # multitech
3559 # netserver
3560 # pathras
3561 # patton
3562 # portslave
3563 # tc
3564 # usrhiper
3565 # other # for all other types
3566
3567 #
3568 nastype = other # localhost isn't usually a NAS...
3569
3570 #
3571 # The following two configurations are for future use.
3572 # The 'naspasswd' file is currently used to store the NAS
3573 # login name and password, which is used by checkrad.pl
3574 # when querying the NAS for simultaneous use.
3575 #
3576# login = !root
3577# password = someadminpas
3578
3579 #
3580 # As of 2.0, clients can also be tied to a virtual server.
3581 # This is done by setting the "virtual_server" configuration
3582 # item, as in the example below.
3583 #
3584# virtual_server = home1
3585
3586 #
3587 # A pointer to the "home_server_pool" OR a "home_server"
3588 # section that contains the CoA configuration for this
3589 # client. For an example of a coa home server or pool,
3590 # see raddb/sites-available/originate-coa
3591# coa_server = coa
3592}
3593
3594# IPv6 Client
3595#client ::1 {
3596# secret = testing123
3597# shortname = localhost
3598#}
3599#
3600# All IPv6 Site-local clients
3601#client fe80::/16 {
3602# secret = testing123
3603# shortname = localhost
3604#}
3605
3606#client some.host.org {
3607# secret = testing123
3608# shortname = localhost
3609#}
3610
3611#
3612# You can now specify one secret for a network of clients.
3613# When a client request comes in, the BEST match is chosen.
3614# i.e. The entry from the smallest possible network.
3615#
3616#client 192.168.0.0/24 {
3617# secret = testing123-1
3618# shortname = private-network-1
3619#}
3620#
3621#client 192.168.0.0/16 {
3622# secret = testing123-2
3623# shortname = private-network-2
3624#}
3625
3626
3627#client 10.10.10.10 {
3628# # secret and password are mapped through the "secrets" file.
3629# secret = testing123
3630# shortname = liv1
3631# # the following three fields are optional, but may be used by
3632# # checkrad.pl for simultaneous usage checks
3633# nastype = livingston
3634# login = !root
3635# password = someadminpas
3636#}
3637
3638#######################################################################
3639#
3640# Per-socket client lists. The configuration entries are exactly
3641# the same as above, but they are nested inside of a section.
3642#
3643# You can have as many per-socket client lists as you have "listen"
3644# sections, or you can re-use a list among multiple "listen" sections.
3645#
3646# Un-comment this section, and edit a "listen" section to add:
3647# "clients = per_socket_clients". That IP address/port combination
3648# will then accept ONLY the clients listed in this section.
3649#
3650#clients per_socket_clients {
3651# client 192.168.3.4 {
3652# secret = testing123
3653# }
3654#}
3655
3656##### File: /etc/freeradius2/eap.conf #####
3657# -*- text -*-
3658##
3659## eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.)
3660##
3661## $Id: 95bebe4d25ef13871fb201ba540ed008078dab07 $
3662
3663#######################################################################
3664#
3665# Whatever you do, do NOT set 'Auth-Type := EAP'. The server
3666# is smart enough to figure this out on its own. The most
3667# common side effect of setting 'Auth-Type := EAP' is that the
3668# users then cannot use ANY other authentication method.
3669#
3670# EAP types NOT listed here may be supported via the "eap2" module.
3671# See experimental.conf for documentation.
3672#
3673 eap {
3674 # Invoke the default supported EAP type when
3675 # EAP-Identity response is received.
3676 #
3677 # The incoming EAP messages DO NOT specify which EAP
3678 # type they will be using, so it MUST be set here.
3679 #
3680 # For now, only one default EAP type may be used at a time.
3681 #
3682 # If the EAP-Type attribute is set by another module,
3683 # then that EAP type takes precedence over the
3684 # default type configured here.
3685 #
3686 default_eap_type = peap
3687
3688 # A list is maintained to correlate EAP-Response
3689 # packets with EAP-Request packets. After a
3690 # configurable length of time, entries in the list
3691 # expire, and are deleted.
3692 #
3693 timer_expire = 60
3694
3695 # There are many EAP types, but the server has support
3696 # for only a limited subset. If the server receives
3697 # a request for an EAP type it does not support, then
3698 # it normally rejects the request. By setting this
3699 # configuration to "yes", you can tell the server to
3700 # instead keep processing the request. Another module
3701 # MUST then be configured to proxy the request to
3702 # another RADIUS server which supports that EAP type.
3703 #
3704 # If another module is NOT configured to handle the
3705 # request, then the request will still end up being
3706 # rejected.
3707 ignore_unknown_eap_types = no
3708
3709 # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given
3710 # a User-Name attribute in an Access-Accept, it copies one
3711 # more byte than it should.
3712 #
3713 # We can work around it by configurably adding an extra
3714 # zero byte.
3715 cisco_accounting_username_bug = no
3716
3717 #
3718 # Help prevent DoS attacks by limiting the number of
3719 # sessions that the server is tracking. For simplicity,
3720 # this is taken from the "max_requests" directive in
3721 # radiusd.conf.
3722 max_sessions = ${max_requests}
3723
3724 # Supported EAP-types
3725
3726 #
3727 # We do NOT recommend using EAP-MD5 authentication
3728 # for wireless connections. It is insecure, and does
3729 # not provide for dynamic WEP keys.
3730 #
3731# md5 {
3732# }
3733
3734 # Cisco LEAP
3735 #
3736 # We do not recommend using LEAP in new deployments. See:
3737 # http://www.securiteam.com/tools/5TP012ACKE.html
3738 #
3739 # Cisco LEAP uses the MS-CHAP algorithm (but not
3740 # the MS-CHAP attributes) to perform it's authentication.
3741 #
3742 # As a result, LEAP *requires* access to the plain-text
3743 # User-Password, or the NT-Password attributes.
3744 # 'System' authentication is impossible with LEAP.
3745 #
3746# leap {
3747# }
3748
3749 # Generic Token Card.
3750 #
3751 # Currently, this is only permitted inside of EAP-TTLS,
3752 # or EAP-PEAP. The module "challenges" the user with
3753 # text, and the response from the user is taken to be
3754 # the User-Password.
3755 #
3756 # Proxying the tunneled EAP-GTC session is a bad idea,
3757 # the users password will go over the wire in plain-text,
3758 # for anyone to see.
3759 #
3760# gtc {
3761 # The default challenge, which many clients
3762 # ignore..
3763 #challenge = "Password: "
3764
3765 # The plain-text response which comes back
3766 # is put into a User-Password attribute,
3767 # and passed to another module for
3768 # authentication. This allows the EAP-GTC
3769 # response to be checked against plain-text,
3770 # or crypt'd passwords.
3771 #
3772 # If you say "Local" instead of "PAP", then
3773 # the module will look for a User-Password
3774 # configured for the request, and do the
3775 # authentication itself.
3776 #
3777# auth_type = PAP
3778# }
3779
3780 ## EAP-TLS
3781 #
3782 # See raddb/certs/README for additional comments
3783 # on certificates.
3784 #
3785 # If OpenSSL was not found at the time the server was
3786 # built, the "tls", "ttls", and "peap" sections will
3787 # be ignored.
3788 #
3789 # Otherwise, when the server first starts in debugging
3790 # mode, test certificates will be created. See the
3791 # "make_cert_command" below for details, and the README
3792 # file in raddb/certs
3793 #
3794 # These test certificates SHOULD NOT be used in a normal
3795 # deployment. They are created only to make it easier
3796 # to install the server, and to perform some simple
3797 # tests with EAP-TLS, TTLS, or PEAP.
3798 #
3799 # See also:
3800 #
3801 # http://www.dslreports.com/forum/remark,9286052~mode=flat
3802 #
3803 # Note that you should NOT use a globally known CA here!
3804 # e.g. using a Verisign cert as a "known CA" means that
3805 # ANYONE who has a certificate signed by them can
3806 # authenticate via EAP-TLS! This is likely not what you want.
3807 tls {
3808 #
3809 # These is used to simplify later configurations.
3810 #
3811 certdir = ${confdir}/certs
3812 cadir = ${confdir}/certs
3813
3814 private_key_password = whatever
3815 private_key_file = ${certdir}/server.pem
3816
3817 # If Private key & Certificate are located in
3818 # the same file, then private_key_file &
3819 # certificate_file must contain the same file
3820 # name.
3821 #
3822 # If CA_file (below) is not used, then the
3823 # certificate_file below MUST include not
3824 # only the server certificate, but ALSO all
3825 # of the CA certificates used to sign the
3826 # server certificate.
3827 certificate_file = ${certdir}/server.pem
3828
3829 # Trusted Root CA list
3830 #
3831 # ALL of the CA's in this list will be trusted
3832 # to issue client certificates for authentication.
3833 #
3834 # In general, you should use self-signed
3835 # certificates for 802.1x (EAP) authentication.
3836 # In that case, this CA file should contain
3837 # *one* CA certificate.
3838 #
3839 # This parameter is used only for EAP-TLS,
3840 # when you issue client certificates. If you do
3841 # not use client certificates, and you do not want
3842 # to permit EAP-TLS authentication, then delete
3843 # this configuration item.
3844 CA_file = ${cadir}/ca.pem
3845
3846 #
3847 # For DH cipher suites to work, you have to
3848 # run OpenSSL to create the DH file first:
3849 #
3850 # openssl dhparam -out certs/dh 1024
3851 #
3852 dh_file = ${certdir}/dh
3853
3854 #
3855 # If your system doesn't have /dev/urandom,
3856 # you will need to create this file, and
3857 # periodically change its contents.
3858 #
3859 # For security reasons, FreeRADIUS doesn't
3860 # write to files in its configuration
3861 # directory.
3862 #
3863# random_file = ${certdir}/random
3864
3865 #
3866 # This can never exceed the size of a RADIUS
3867 # packet (4096 bytes), and is preferably half
3868 # that, to accomodate other attributes in
3869 # RADIUS packet. On most APs the MAX packet
3870 # length is configured between 1500 - 1600
3871 # In these cases, fragment size should be
3872 # 1024 or less.
3873 #
3874 fragment_size = 1024
3875
3876 # include_length is a flag which is
3877 # by default set to yes If set to
3878 # yes, Total Length of the message is
3879 # included in EVERY packet we send.
3880 # If set to no, Total Length of the
3881 # message is included ONLY in the
3882 # First packet of a fragment series.
3883 #
3884 include_length = yes
3885
3886 # Check the Certificate Revocation List
3887 #
3888 # 1) Copy CA certificates and CRLs to same directory.
3889 # 2) Execute 'c_rehash <CA certs&CRLs Directory>'.
3890 # 'c_rehash' is OpenSSL's command.
3891 # 3) uncomment the line below.
3892 # 5) Restart radiusd
3893 # check_crl = yes
3894 CA_path = ${cadir}
3895
3896 #
3897 # If check_cert_issuer is set, the value will
3898 # be checked against the DN of the issuer in
3899 # the client certificate. If the values do not
3900 # match, the cerficate verification will fail,
3901 # rejecting the user.
3902 #
3903 # In 2.1.10 and later, this check can be done
3904 # more generally by checking the value of the
3905 # TLS-Client-Cert-Issuer attribute. This check
3906 # can be done via any mechanism you choose.
3907 #
3908 # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
3909
3910 #
3911 # If check_cert_cn is set, the value will
3912 # be xlat'ed and checked against the CN
3913 # in the client certificate. If the values
3914 # do not match, the certificate verification
3915 # will fail rejecting the user.
3916 #
3917 # This check is done only if the previous
3918 # "check_cert_issuer" is not set, or if
3919 # the check succeeds.
3920 #
3921 # In 2.1.10 and later, this check can be done
3922 # more generally by checking the value of the
3923 # TLS-Client-Cert-CN attribute. This check
3924 # can be done via any mechanism you choose.
3925 #
3926 # check_cert_cn = %{User-Name}
3927 #
3928 # Set this option to specify the allowed
3929 # TLS cipher suites. The format is listed
3930 # in "man 1 ciphers".
3931 cipher_list = "DEFAULT"
3932
3933 #
3934 # As part of checking a client certificate, the EAP-TLS
3935 # sets some attributes such as TLS-Client-Cert-CN. This
3936 # virtual server has access to these attributes, and can
3937 # be used to accept or reject the request.
3938 #
3939 # virtual_server = check-eap-tls
3940
3941 # This command creates the initial "snake oil"
3942 # certificates when the server is run as root,
3943 # and via "radiusd -X".
3944 #
3945 # As of 2.1.11, it *also* checks the server
3946 # certificate for validity, including expiration.
3947 # This means that radiusd will refuse to start
3948 # when the certificate has expired. The alternative
3949 # is to have the 802.1X clients refuse to connect
3950 # when they discover the certificate has expired.
3951 #
3952 # Debugging client issues is hard, so it's better
3953 # for the server to print out an error message,
3954 # and refuse to start.
3955 #
3956 # make_cert_command = "${certdir}/bootstrap"
3957
3958 #
3959 # Elliptical cryptography configuration
3960 #
3961 # Only for OpenSSL >= 0.9.8.f
3962 #
3963 ecdh_curve = "prime256v1"
3964
3965 #
3966 # Session resumption / fast reauthentication
3967 # cache.
3968 #
3969 # The cache contains the following information:
3970 #
3971 # session Id - unique identifier, managed by SSL
3972 # User-Name - from the Access-Accept
3973 # Stripped-User-Name - from the Access-Request
3974 # Cached-Session-Policy - from the Access-Accept
3975 #
3976 # The "Cached-Session-Policy" is the name of a
3977 # policy which should be applied to the cached
3978 # session. This policy can be used to assign
3979 # VLANs, IP addresses, etc. It serves as a useful
3980 # way to re-apply the policy from the original
3981 # Access-Accept to the subsequent Access-Accept
3982 # for the cached session.
3983 #
3984 # On session resumption, these attributes are
3985 # copied from the cache, and placed into the
3986 # reply list.
3987 #
3988 # You probably also want "use_tunneled_reply = yes"
3989 # when using fast session resumption.
3990 #
3991 # cache {
3992 #
3993 # Enable it. The default is "no".
3994 # Deleting the entire "cache" subsection
3995 # Also disables caching.
3996 #
3997 # You can disallow resumption for a
3998 # particular user by adding the following
3999 # attribute to the control item list:
4000 #
4001 # Allow-Session-Resumption = No
4002 #
4003 # If "enable = no" below, you CANNOT
4004 # enable resumption for just one user
4005 # by setting the above attribute to "yes".
4006 #
4007 # enable = no
4008
4009 #
4010 # Lifetime of the cached entries, in hours.
4011 # The sessions will be deleted after this
4012 # time.
4013 #
4014 # lifetime = 24 # hours
4015
4016 #
4017 # The maximum number of entries in the
4018 # cache. Set to "0" for "infinite".
4019 #
4020 # This could be set to the number of users
4021 # who are logged in... which can be a LOT.
4022 #
4023 # max_entries = 255
4024 # }
4025
4026 #
4027 # As of version 2.1.10, client certificates can be
4028 # validated via an external command. This allows
4029 # dynamic CRLs or OCSP to be used.
4030 #
4031 # This configuration is commented out in the
4032 # default configuration. Uncomment it, and configure
4033 # the correct paths below to enable it.
4034 #
4035 verify {
4036 # A temporary directory where the client
4037 # certificates are stored. This directory
4038 # MUST be owned by the UID of the server,
4039 # and MUST not be accessible by any other
4040 # users. When the server starts, it will do
4041 # "chmod go-rwx" on the directory, for
4042 # security reasons. The directory MUST
4043 # exist when the server starts.
4044 #
4045 # You should also delete all of the files
4046 # in the directory when the server starts.
4047 # tmpdir = /tmp/radiusd
4048
4049 # The command used to verify the client cert.
4050 # We recommend using the OpenSSL command-line
4051 # tool.
4052 #
4053 # The ${..CA_path} text is a reference to
4054 # the CA_path variable defined above.
4055 #
4056 # The %{TLS-Client-Cert-Filename} is the name
4057 # of the temporary file containing the cert
4058 # in PEM format. This file is automatically
4059 # deleted by the server when the command
4060 # returns.
4061 # client = "/path/to/openssl verify -CApath ${..CA_path} %{TLS-Client-Cert-Filename}"
4062 }
4063
4064 #
4065 # OCSP Configuration
4066 # Certificates can be verified against an OCSP
4067 # Responder. This makes it possible to immediately
4068 # revoke certificates without the distribution of
4069 # new Certificate Revokation Lists (CRLs).
4070 #
4071 ocsp {
4072 #
4073 # Enable it. The default is "no".
4074 # Deleting the entire "ocsp" subsection
4075 # Also disables ocsp checking
4076 #
4077 enable = no
4078
4079 #
4080 # The OCSP Responder URL can be automatically
4081 # extracted from the certificate in question.
4082 # To override the OCSP Responder URL set
4083 # "override_cert_url = yes".
4084 #
4085 override_cert_url = yes
4086
4087 #
4088 # If the OCSP Responder address is not
4089 # extracted from the certificate, the
4090 # URL can be defined here.
4091
4092 #
4093 # Limitation: Currently the HTTP
4094 # Request is not sending the "Host: "
4095 # information to the web-server. This
4096 # can be a problem if the OCSP
4097 # Responder is running as a vhost.
4098 #
4099 url = "http://127.0.0.1/ocsp/"
4100
4101 #
4102 # If the OCSP Responder can not cope with nonce
4103 # in the request, then it can be disabled here.
4104 #
4105 # For security reasons, disabling this option
4106 # is not recommended as nonce protects against
4107 # replay attacks.
4108 #
4109 # Note that Microsoft AD Certificate Services OCSP
4110 # Responder does not enable nonce by default. It is
4111 # more secure to enable nonce on the responder than
4112 # to disable it in the query here.
4113 # See http://technet.microsoft.com/en-us/library/cc770413%28WS.10%29.aspx
4114 #
4115 # use_nonce = yes
4116
4117 #
4118 # Number of seconds before giving up waiting
4119 # for OCSP response. 0 uses system default.
4120 #
4121 # timeout = 0
4122
4123 #
4124 # Normally an error in querying the OCSP
4125 # responder (no response from server, server did
4126 # not understand the request, etc) will result in
4127 # a validation failure.
4128 #
4129 # To treat these errors as 'soft' failures and
4130 # still accept the certificate, enable this
4131 # option.
4132 #
4133 # Warning: this may enable clients with revoked
4134 # certificates to connect if the OCSP responder
4135 # is not available. Use with caution.
4136 #
4137 # softfail = no
4138 }
4139 }
4140
4141 # The TTLS module implements the EAP-TTLS protocol,
4142 # which can be described as EAP inside of Diameter,
4143 # inside of TLS, inside of EAP, inside of RADIUS...
4144 #
4145 # Surprisingly, it works quite well.
4146 #
4147 # The TTLS module needs the TLS module to be installed
4148 # and configured, in order to use the TLS tunnel
4149 # inside of the EAP packet. You will still need to
4150 # configure the TLS module, even if you do not want
4151 # to deploy EAP-TLS in your network. Users will not
4152 # be able to request EAP-TLS, as it requires them to
4153 # have a client certificate. EAP-TTLS does not
4154 # require a client certificate.
4155 #
4156 # You can make TTLS require a client cert by setting
4157 #
4158 # EAP-TLS-Require-Client-Cert = Yes
4159 #
4160 # in the control items for a request.
4161 #
4162# ttls {
4163 # The tunneled EAP session needs a default
4164 # EAP type which is separate from the one for
4165 # the non-tunneled EAP module. Inside of the
4166 # TTLS tunnel, we recommend using EAP-MD5.
4167 # If the request does not contain an EAP
4168 # conversation, then this configuration entry
4169 # is ignored.
4170# default_eap_type = mschapv2
4171
4172 # The tunneled authentication request does
4173 # not usually contain useful attributes
4174 # like 'Calling-Station-Id', etc. These
4175 # attributes are outside of the tunnel,
4176 # and normally unavailable to the tunneled
4177 # authentication request.
4178 #
4179 # By setting this configuration entry to
4180 # 'yes', any attribute which NOT in the
4181 # tunneled authentication request, but
4182 # which IS available outside of the tunnel,
4183 # is copied to the tunneled request.
4184 #
4185 # allowed values: {no, yes}
4186# copy_request_to_tunnel = yes
4187
4188 # The reply attributes sent to the NAS are
4189 # usually based on the name of the user
4190 # 'outside' of the tunnel (usually
4191 # 'anonymous'). If you want to send the
4192 # reply attributes based on the user name
4193 # inside of the tunnel, then set this
4194 # configuration entry to 'yes', and the reply
4195 # to the NAS will be taken from the reply to
4196 # the tunneled request.
4197 #
4198 # allowed values: {no, yes}
4199# use_tunneled_reply = no
4200
4201 #
4202 # The inner tunneled request can be sent
4203 # through a virtual server constructed
4204 # specifically for this purpose.
4205 #
4206 # If this entry is commented out, the inner
4207 # tunneled request will be sent through
4208 # the virtual server that processed the
4209 # outer requests.
4210 #
4211# virtual_server = "inner-tunnel"
4212
4213 # This has the same meaning as the
4214 # same field in the "tls" module, above.
4215 # The default value here is "yes".
4216 # include_length = yes
4217# }
4218
4219 ##################################################
4220 #
4221 # !!!!! WARNINGS for Windows compatibility !!!!!
4222 #
4223 ##################################################
4224 #
4225 # If you see the server send an Access-Challenge,
4226 # and the client never sends another Access-Request,
4227 # then
4228 #
4229 # STOP!
4230 #
4231 # The server certificate has to have special OID's
4232 # in it, or else the Microsoft clients will silently
4233 # fail. See the "scripts/xpextensions" file for
4234 # details, and the following page:
4235 #
4236 # http://support.microsoft.com/kb/814394/en-us
4237 #
4238 # For additional Windows XP SP2 issues, see:
4239 #
4240 # http://support.microsoft.com/kb/885453/en-us
4241 #
4242 #
4243 # If is still doesn't work, and you're using Samba,
4244 # you may be encountering a Samba bug. See:
4245 #
4246 # https://bugzilla.samba.org/show_bug.cgi?id=6563
4247 #
4248 # Note that we do not necessarily agree with their
4249 # explanation... but the fix does appear to work.
4250 #
4251 ##################################################
4252
4253 #
4254 # The tunneled EAP session needs a default EAP type
4255 # which is separate from the one for the non-tunneled
4256 # EAP module. Inside of the TLS/PEAP tunnel, we
4257 # recommend using EAP-MS-CHAPv2.
4258 #
4259 # The PEAP module needs the TLS module to be installed
4260 # and configured, in order to use the TLS tunnel
4261 # inside of the EAP packet. You will still need to
4262 # configure the TLS module, even if you do not want
4263 # to deploy EAP-TLS in your network. Users will not
4264 # be able to request EAP-TLS, as it requires them to
4265 # have a client certificate. EAP-PEAP does not
4266 # require a client certificate.
4267 #
4268 #
4269 # You can make PEAP require a client cert by setting
4270 #
4271 # EAP-TLS-Require-Client-Cert = Yes
4272 #
4273 # in the control items for a request.
4274 #
4275 peap {
4276 # The tunneled EAP session needs a default
4277 # EAP type which is separate from the one for
4278 # the non-tunneled EAP module. Inside of the
4279 # PEAP tunnel, we recommend using MS-CHAPv2,
4280 # as that is the default type supported by
4281 # Windows clients.
4282 default_eap_type = mschapv2
4283
4284 # the PEAP module also has these configuration
4285 # items, which are the same as for TTLS.
4286 copy_request_to_tunnel = yes
4287 use_tunneled_reply = yes
4288
4289 # When the tunneled session is proxied, the
4290 # home server may not understand EAP-MSCHAP-V2.
4291 # Set this entry to "no" to proxy the tunneled
4292 # EAP-MSCHAP-V2 as normal MSCHAPv2.
4293 proxy_tunneled_request_as_eap = no
4294
4295 #
4296 # The inner tunneled request can be sent
4297 # through a virtual server constructed
4298 # specifically for this purpose.
4299 #
4300 # If this entry is commented out, the inner
4301 # tunneled request will be sent through
4302 # the virtual server that processed the
4303 # outer requests.
4304 #
4305 # virtual_server = "inner-tunnel"
4306 EAP-TLS-Require-Client-Cert = no
4307
4308 # This option enables support for MS-SoH
4309 # see doc/SoH.txt for more info.
4310 # It is disabled by default.
4311 #
4312# soh = yes
4313
4314 #
4315 # The SoH reply will be turned into a request which
4316 # can be sent to a specific virtual server:
4317 #
4318# soh_virtual_server = "soh-server"
4319 }
4320
4321 #
4322 # This takes no configuration.
4323 #
4324 # Note that it is the EAP MS-CHAPv2 sub-module, not
4325 # the main 'mschap' module.
4326 #
4327 # Note also that in order for this sub-module to work,
4328 # the main 'mschap' module MUST ALSO be configured.
4329 #
4330 # This module is the *Microsoft* implementation of MS-CHAPv2
4331 # in EAP. There is another (incompatible) implementation
4332 # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
4333 # currently support.
4334 #
4335 mschapv2 {
4336 # Prior to version 2.1.11, the module never
4337 # sent the MS-CHAP-Error message to the
4338 # client. This worked, but it had issues
4339 # when the cached password was wrong. The
4340 # server *should* send "E=691 R=0" to the
4341 # client, which tells it to prompt the user
4342 # for a new password.
4343 #
4344 # The default is to behave as in 2.1.10 and
4345 # earlier, which is known to work. If you
4346 # set "send_error = yes", then the error
4347 # message will be sent back to the client.
4348 # This *may* help some clients work better,
4349 # but *may* also cause other clients to stop
4350 # working.
4351 #
4352# send_error = no
4353 }
4354 }
4355
4356##### File: /etc/freeradius2/modules/chap #####
4357# -*- text -*-
4358#
4359# $Id: e2a3cd3b110ffffdbcff86c7fc65a9275ddc3379 $
4360
4361# CHAP module
4362#
4363# To authenticate requests containing a CHAP-Password attribute.
4364#
4365chap {
4366 # no configuration
4367}
4368
4369##### File: /etc/freeradius2/modules/exec #####
4370# -*- text -*-
4371#
4372# $Id: 5f21e4350f091ed51813865a31b2796c4b487f9f $
4373
4374#
4375# Execute external programs
4376#
4377# This module is useful only for 'xlat'. To use it,
4378# put 'exec' into the 'instantiate' section. You can then
4379# do dynamic translation of attributes like:
4380#
4381# Attribute-Name = `%{exec:/path/to/program args}`
4382#
4383# The value of the attribute will be replaced with the output
4384# of the program which is executed. Due to RADIUS protocol
4385# limitations, any output over 253 bytes will be ignored.
4386#
4387# The RADIUS attributes from the user request will be placed
4388# into environment variables of the executed program, as
4389# described in "man unlang" and in doc/variables.txt
4390#
4391# See also "echo" for more sample configuration.
4392#
4393exec {
4394 wait = no
4395 input_pairs = request
4396 shell_escape = yes
4397 output = none
4398 timeout = 10
4399}
4400
4401##### File: /etc/freeradius2/modules/files #####
4402# -*- text -*-
4403#
4404# $Id: e0198d85b2d14fa7b75b0e8c1bf6427c4bd89058 $
4405
4406# Livingston-style 'users' file
4407#
4408files {
4409 # The default key attribute to use for matches. The content
4410 # of this attribute is used to match the "name" of the
4411 # entry.
4412 #key = "%{%{Stripped-User-Name}:-%{User-Name}}"
4413
4414 usersfile = ${confdir}/users
4415 acctusersfile = ${confdir}/acct_users
4416 preproxy_usersfile = ${confdir}/preproxy_users
4417
4418 # If you want to use the old Cistron 'users' file
4419 # with FreeRADIUS, you should change the next line
4420 # to 'compat = cistron'. You can the copy your 'users'
4421 # file from Cistron.
4422 compat = no
4423}
4424
4425# An example which defines a second instance of the "files" module.
4426# This instance is named "second_files". In order for it to be used
4427# in a virtual server, it needs to be listed as "second_files"
4428# inside of the "authorize" section (or other section). If you just
4429# list "files", that will refer to the configuration defined above.
4430#
4431
4432# The two names here mean:
4433# "files" - this is a configuration for the "rlm_files" module
4434# "second_files" - this is a named configuration, which isn't
4435# the default configuration.
4436files second_files {
4437 #key = "%{%{Stripped-User-Name}:-%{User-Name}}"
4438
4439 # The names here don't matter. They just need to be different
4440 # from the names for the "files" configuration above. If they
4441 # are the same, then this configuration will end up being the
4442 # same as the one above.
4443 usersfile = ${confdir}/second_users
4444 acctusersfile = ${confdir}/second_acct_users
4445 preproxy_usersfile = ${confdir}/second_preproxy_users
4446}
4447
4448
4449##### File: /etc/freeradius2/modules/mschap #####
4450# -*- text -*-
4451#
4452# $Id: 9e016a09a158f55bbc9b48876f0cb2b776b4cd96 $
4453
4454# Microsoft CHAP authentication
4455#
4456# This module supports MS-CHAP and MS-CHAPv2 authentication.
4457# It also enforces the SMB-Account-Ctrl attribute.
4458#
4459mschap {
4460 #
4461 # If you are using /etc/smbpasswd, see the 'passwd'
4462 # module for an example of how to use /etc/smbpasswd
4463
4464 # if use_mppe is not set to no mschap will
4465 # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and
4466 # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2
4467 #
4468# use_mppe = no
4469
4470 # if mppe is enabled require_encryption makes
4471 # encryption moderate
4472 #
4473# require_encryption = yes
4474
4475 # require_strong always requires 128 bit key
4476 # encryption
4477 #
4478# require_strong = yes
4479
4480 # Windows sends us a username in the form of
4481 # DOMAIN\user, but sends the challenge response
4482 # based on only the user portion. This hack
4483 # corrects for that incorrect behavior.
4484 #
4485# with_ntdomain_hack = no
4486
4487 # The module can perform authentication itself, OR
4488 # use a Windows Domain Controller. This configuration
4489 # directive tells the module to call the ntlm_auth
4490 # program, which will do the authentication, and return
4491 # the NT-Key. Note that you MUST have "winbindd" and
4492 # "nmbd" running on the local machine for ntlm_auth
4493 # to work. See the ntlm_auth program documentation
4494 # for details.
4495 #
4496 # If ntlm_auth is configured below, then the mschap
4497 # module will call ntlm_auth for every MS-CHAP
4498 # authentication request. If there is a cleartext
4499 # or NT hashed password available, you can set
4500 # "MS-CHAP-Use-NTLM-Auth := No" in the control items,
4501 # and the mschap module will do the authentication itself,
4502 # without calling ntlm_auth.
4503 #
4504 # Be VERY careful when editing the following line!
4505 #
4506 # You can also try setting the user name as:
4507 #
4508 # ... --username=%{mschap:User-Name} ...
4509 #
4510 # In that case, the mschap module will look at the User-Name
4511 # attribute, and do prefix/suffix checks in order to obtain
4512 # the "best" user name for the request.
4513 #
4514# ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
4515
4516 # The default is to wait 10 seconds for ntlm_auth to
4517 # complete. This is a long time, and if it's taking that
4518 # long then you likely have other problems in your domain.
4519 # The length of time can be decreased with the following
4520 # option, which can save clients waiting if your ntlm_auth
4521 # usually finishes quicker. Range 1 to 10 seconds.
4522 #
4523# ntlm_auth_timeout = 10
4524
4525 # For Apple Server, when running on the same machine as
4526 # Open Directory. It has no effect on other systems.
4527 #
4528# use_open_directory = yes
4529
4530 # On failure, set (or not) the MS-CHAP error code saying
4531 # "retries allowed".
4532# allow_retry = yes
4533
4534 # An optional retry message.
4535# retry_msg = "Re-enter (or reset) the password"
4536}
4537
4538##### File: /etc/freeradius2/modules/pap #####
4539# -*- text -*-
4540#
4541# $Id: 5c7d29d654bea9c076d6434f32795c2b2d002757 $
4542
4543# PAP module to authenticate users based on their stored password
4544#
4545# Supports multiple encryption/hash schemes. See "man rlm_pap"
4546# for details.
4547#
4548# The "auto_header" configuration item can be set to "yes".
4549# In this case, the module will look inside of the User-Password
4550# attribute for the headers {crypt}, {clear}, etc., and will
4551# automatically create the attribute on the right-hand side,
4552# with the correct value. It will also automatically handle
4553# Base-64 encoded data, hex strings, and binary data.
4554#
4555# For instructions on creating the various types of passwords, see:
4556#
4557# http://www.openldap.org/faq/data/cache/347.html
4558pap {
4559 auto_header = yes
4560}
4561
4562##### File: /etc/freeradius2/modules/radutmp #####
4563# -*- text -*-
4564#
4565# $Id: 3ad88cde616ce041f0dcc87858950daafdd3d336 $
4566
4567# Write a 'utmp' style file, of which users are currently
4568# logged in, and where they've logged in from.
4569#
4570# This file is used mainly for Simultaneous-Use checking,
4571# and also 'radwho', to see who's currently logged in.
4572#
4573radutmp {
4574 # Where the file is stored. It's not a log file,
4575 # so it doesn't need rotating.
4576 #
4577 filename = ${radacctdir}/radutmp
4578
4579 # The field in the packet to key on for the
4580 # 'user' name, If you have other fields which you want
4581 # to use to key on to control Simultaneous-Use,
4582 # then you can use them here.
4583 #
4584 # Note, however, that the size of the field in the
4585 # 'utmp' data structure is small, around 32
4586 # characters, so that will limit the possible choices
4587 # of keys.
4588 #
4589 # You may want instead: %{Stripped-User-Name:-%{User-Name}}
4590 username = %{User-Name}
4591
4592
4593 # Whether or not we want to treat "user" the same
4594 # as "USER", or "User". Some systems have problems
4595 # with case sensitivity, so this should be set to
4596 # 'no' to enable the comparisons of the key attribute
4597 # to be case insensitive.
4598 #
4599 case_sensitive = yes
4600
4601 # Accounting information may be lost, so the user MAY
4602 # have logged off of the NAS, but we haven't noticed.
4603 # If so, we can verify this information with the NAS,
4604 #
4605 # If we want to believe the 'utmp' file, then this
4606 # configuration entry can be set to 'no'.
4607 #
4608 check_with_nas = yes
4609
4610 # Set the file permissions, as the contents of this file
4611 # are usually private.
4612 perm = 0600
4613
4614 callerid = "yes"
4615}
4616
4617##### File: /etc/freeradius2/modules/realm #####
4618# -*- text -*-
4619#
4620# $Id: 95d9f2b98de1b33346c6129aa7e88a901248cd4d $
4621
4622# Realm module, for proxying.
4623#
4624# You can have multiple instances of the realm module to
4625# support multiple realm syntaxs at the same time. The
4626# search order is defined by the order that the modules are listed
4627# in the authorize and preacct sections.
4628#
4629# Four config options:
4630# format - must be "prefix" or "suffix"
4631# The special cases of "DEFAULT"
4632# and "NULL" are allowed, too.
4633# delimiter - must be a single character
4634
4635# 'realm/username'
4636#
4637# Using this entry, IPASS users have their realm set to "IPASS".
4638realm IPASS {
4639 format = prefix
4640 delimiter = "/"
4641}
4642
4643# 'username@realm'
4644#
4645realm suffix {
4646 format = suffix
4647 delimiter = "@"
4648}
4649
4650# 'username%realm'
4651#
4652realm realmpercent {
4653 format = suffix
4654 delimiter = "%"
4655}
4656
4657#
4658# 'domain\user'
4659#
4660realm ntdomain {
4661 format = prefix
4662 delimiter = "\\"
4663}
4664
4665##### File: /etc/freeradius2/modules/sradutmp #####
4666# -*- text -*-
4667#
4668# $Id: a7700bac6aaa93940c784f1b6df08b61eb77a1a3 $
4669
4670# "Safe" radutmp - does not contain caller ID, so it can be
4671# world-readable, and radwho can work for normal users, without
4672# exposing any information that isn't already exposed by who(1).
4673#
4674# This is another 'instance' of the radutmp module, but it is given
4675# then name "sradutmp" to identify it later in the "accounting"
4676# section.
4677radutmp sradutmp {
4678 filename = ${radacctdir}/sradutmp
4679 perm = 0644
4680 callerid = "no"
4681}
4682
4683##### File: /etc/freeradius2/preproxy_users #####
4684#
4685# Configuration file for the rlm_files module.
4686# Please see rlm_files(5) manpage for more information.
4687#
4688# $Id: 0f5d15ad8b2e96a4d65808ac949793aab5c1c639 $
4689#
4690# This file is similar to the "users" file. The check items
4691# are compared against the request, but the "reply" items are
4692# used to update the proxied packet, not the reply to the NAS.
4693#
4694# You can use this file to re-write requests which are about to
4695# be sent to a home server.
4696#
4697
4698#
4699# Requests destinated to realm "extisp" are sent to a RADIUS
4700# home server hosted by an other company which doesn't know about
4701# the IP addresses of our NASes. Therefore we replace the value of
4702# the NAS-IP-Address attribute by a unique value we communicated
4703# to them.
4704#
4705#DEFAULT Realm == "extisp"
4706# NAS-IP-Address := 10.1.2.3
4707
4708#
4709# For all proxied packets, set the User-Name in the proxied packet
4710# to the Stripped-User-Name, if it exists. If not, set it to the
4711# User-Name from the original request.
4712#
4713#DEFAULT
4714# User-Name := `%{Stripped-User-Name:-%{User-Name}}`
4715
4716##### File: /etc/freeradius2/proxy.conf #####
4717# -*- text -*-
4718##
4719## proxy.conf -- proxy radius and realm configuration directives
4720##
4721## $Id: 413fc1438f266669a8e8913307f465da190c1ce8 $
4722
4723#######################################################################
4724#
4725# Proxy server configuration
4726#
4727# This entry controls the servers behaviour towards ALL other servers
4728# to which it sends proxy requests.
4729#
4730proxy server {
4731 #
4732 # Note that as of 2.0, the "synchronous", "retry_delay",
4733 # "retry_count", and "dead_time" have all been deprecated.
4734 # For backwards compatibility, they are are still accepted
4735 # by the server, but they ONLY apply to the old-style realm
4736 # configuration. i.e. realms with "authhost" and/or "accthost"
4737 # entries.
4738 #
4739 # i.e. "retry_delay" and "retry_count" have been replaced
4740 # with per-home-server configuration. See the "home_server"
4741 # example below for details.
4742 #
4743 # i.e. "dead_time" has been replaced with a per-home-server
4744 # "revive_interval". We strongly recommend that this not
4745 # be used, however. The new method is much better.
4746
4747 #
4748 # In 2.0, the server is always "synchronous", and setting
4749 # "synchronous = no" is impossible. This simplifies the
4750 # server and increases the stability of the network.
4751 # However, it means that the server (i.e. proxy) NEVER
4752 # originates packets. It proxies packets ONLY when it receives
4753 # a packet or a re-transmission from the NAS. If the NAS never
4754 # re-transmits, the proxy never re-transmits, either. This can
4755 # affect fail-over, where a packet does *not* fail over to a
4756 # second home server.. because the NAS never retransmits the
4757 # packet.
4758 #
4759 # If you need to set "synchronous = no", please send a
4760 # message to the list <freeradius-users@lists.freeradius.org>
4761 # explaining why this feature is vital for your network.
4762
4763 #
4764 # If a realm exists, but there are no live home servers for
4765 # it, we can fall back to using the "DEFAULT" realm. This is
4766 # most useful for accounting, where the server can proxy
4767 # accounting requests to home servers, but if they're down,
4768 # use a DEFAULT realm that is LOCAL (i.e. accthost = LOCAL),
4769 # and then store the packets in the "detail" file. That data
4770 # can be later proxied to the home servers by radrelay, when
4771 # those home servers come back up again.
4772
4773 # Setting this to "yes" may have issues for authentication.
4774 # i.e. If you are proxying for two different ISP's, and then
4775 # act as a general dial-up for Gric. If one of the first two
4776 # ISP's has their RADIUS server go down, you do NOT want to
4777 # proxy those requests to GRIC. Instead, you probably want
4778 # to just drop the requests on the floor. In that case, set
4779 # this value to 'no'.
4780 #
4781 # allowed values: {yes, no}
4782 #
4783 default_fallback = no
4784
4785}
4786
4787#######################################################################
4788#
4789# Configuration for the proxy realms.
4790#
4791# As of 2.0. the old-style "realms" file is deprecated, and is not
4792# used by FreeRADIUS.
4793#
4794# As of 2.0, the "realm" configuration has changed. Instead of
4795# specifying "authhost" and "accthost" in a realm section, the home
4796# servers are specified seperately in a "home_server" section. For
4797# backwards compatibility, you can still use the "authhost" and
4798# "accthost" directives. If you only have one home server for a
4799# realm, it is easier to use the old-style configuration.
4800#
4801# However, if you have multiple servers for a realm, we STRONGLY
4802# suggest moving to the new-style configuration.
4803#
4804#
4805# Load-balancing and failover between home servers is handled via
4806# a "home_server_pool" section.
4807#
4808# Finally, The "realm" section defines the realm, some options, and
4809# indicates which server pool should be used for the realm.
4810#
4811# This change means that simple configurations now require multiple
4812# sections to define a realm. However, complex configurations
4813# are much simpler than before, as multiple realms can share the same
4814# server pool.
4815#
4816# That is, realms point to server pools, and server pools point to
4817# home servers. Multiple realms can point to one server pool. One
4818# server pool can point to multiple home servers. Each home server
4819# can appear in one or more pools.
4820#
4821
4822######################################################################
4823#
4824# This section defines a "Home Server" which is another RADIUS
4825# server that gets sent proxied requests. In earlier versions
4826# of FreeRADIUS, home servers were defined in "realm" sections,
4827# which was awkward. In 2.0, they have been made independent
4828# from realms, which is better for a number of reasons.
4829#
4830home_server localhost {
4831 #
4832 # Home servers can be sent Access-Request packets
4833 # or Accounting-Request packets.
4834 #
4835 # Allowed values are:
4836 # auth - Handles Access-Request packets
4837 # acct - Handles Accounting-Request packets
4838 # auth+acct - Handles Access-Request packets at "port",
4839 # and Accounting-Request packets at "port + 1"
4840 # coa - Handles CoA-Request and Disconnect-Request packets.
4841 # See also raddb/sites-available/originate-coa
4842 type = auth
4843
4844 #
4845 # Configure ONE OF the following entries:
4846 #
4847 # IPv4 address
4848 #
4849 ipaddr = 127.0.0.1
4850
4851 # OR IPv6 address
4852 # ipv6addr = ::1
4853
4854 # OR virtual server
4855 # virtual_server = foo
4856
4857 # Note that while both ipaddr and ipv6addr will accept
4858 # both addresses and host names, we do NOT recommend
4859 # using host names. When you specify a host name, the
4860 # server has to do a DNS lookup to find the IP address
4861 # of the home server. If the DNS server is slow or
4862 # unresponsive, it means that FreeRADIUS will NOT be
4863 # able to determine the address, and will therefore NOT
4864 # start.
4865 #
4866 # Also, the mapping of host name to address is done ONCE
4867 # when the server starts. If DNS is later updated to
4868 # change the address, FreeRADIUS will NOT discover that
4869 # until after a re-start, or a HUP.
4870 #
4871 # If you specify a virtual_server here, then requests
4872 # will be proxied internally to that virtual server.
4873 # These requests CANNOT be proxied again, however. The
4874 # intent is to have the local server handle packets
4875 # when all home servers are dead.
4876 #
4877 # Requests proxied to a virtual server will be passed
4878 # through the pre-proxy and post-proxy sections, just
4879 # like any other request. See also the sample "realm"
4880 # configuration, below.
4881 #
4882 # None of the rest of the home_server configuration is used
4883 # for the "virtual_server" configuration.
4884
4885 #
4886 # The port to which packets are sent.
4887 #
4888 # Usually 1812 for type "auth", and 1813 for type "acct".
4889 # Older servers may use 1645 and 1646.
4890 # Use 3799 for type "coa"
4891 #
4892 port = 1812
4893
4894 #
4895 # The shared secret use to "encrypt" and "sign" packets between
4896 # FreeRADIUS and the home server.
4897 #
4898 # The secret can be any string, up to 8k characters in length.
4899 #
4900 # Control codes can be entered vi octal encoding,
4901 # e.g. "\101\102" == "AB"
4902 # Quotation marks can be entered by escaping them,
4903 # e.g. "foo\"bar"
4904 # Spaces or other "special" characters can be entered
4905 # by putting quotes around the string.
4906 # e.g. "foo bar"
4907 # "foo;bar"
4908 #
4909 secret = testing123
4910
4911 ############################################################
4912 #
4913 # The rest of the configuration items listed here are optional,
4914 # and do not have to appear in every home server definition.
4915 #
4916 ############################################################
4917
4918 #
4919 # You can optionally specify the source IP address used when
4920 # proxying requests to this home server. When the src_ipaddr
4921 # it set, the server will automatically create a proxy
4922 # listener for that IP address.
4923 #
4924 # If you specify this field for one home server, you will
4925 # likely need to specify it for ALL home servers.
4926 #
4927 # If you don't care about the source IP address, leave this
4928 # entry commented.
4929 #
4930# src_ipaddr = 127.0.0.1
4931
4932 # RFC 5080 suggests that all clients SHOULD include it in an
4933 # Access-Request. The configuration item below tells the
4934 # proxying server (i.e. this one) whether or not the home
4935 # server requires a Message-Authenticator attribute. If it
4936 # is required (value set to "yes"), then all Access-Request
4937 # packets sent to that home server will have a
4938 # Message-Authenticator attribute.
4939 #
4940 # We STRONGLY recommend that this flag be set to "yes"
4941 # for ALL home servers. Doing so will have no performance
4942 # impact on the proxy or on the home servers. It will,
4943 # however, allow administrators to detect problems earlier.
4944 #
4945 # allowed values: yes, no
4946 require_message_authenticator = yes
4947
4948 #
4949 # If the home server does not respond to a request within
4950 # this time, this server will initiate "zombie_period".
4951 #
4952 # The response window is large because responses MAY be slow,
4953 # especially when proxying across the Internet.
4954 #
4955 # Useful range of values: 5 to 60
4956 response_window = 20
4957
4958 #
4959 # If you want the old behavior of the server rejecting
4960 # proxied requests after "response_window" timeout, set
4961 # the following configuration item to "yes".
4962 #
4963 # This configuration WILL be removed in a future release
4964 # If you believe you need it, email the freeradius-users
4965 # list, and explain why it should stay in the server.
4966 #
4967# no_response_fail = no
4968
4969 #
4970 # If the home server does not respond to ANY packets during
4971 # the "zombie period", it will be considered to be dead.
4972 #
4973 # A home server that is marked "zombie" will be used for
4974 # proxying as a low priority. If there are live servers,
4975 # they will always be preferred to a zombie. Requests will
4976 # be proxied to a zombie server ONLY when there are no
4977 # live servers.
4978 #
4979 # Any request that is proxied to a home server will continue
4980 # to be sent to that home server until the home server is
4981 # marked dead. At that point, it will fail over to another
4982 # server, if a live server is available. If none is available,
4983 # then the "post-proxy-type fail" handler will be called.
4984 #
4985 # If "status_check" below is something other than "none", then
4986 # the server will start sending status checks at the start of
4987 # the zombie period. It will continue sending status checks
4988 # until the home server is marked "alive".
4989 #
4990 # Useful range of values: 20 to 120
4991 zombie_period = 40
4992
4993 ############################################################
4994 #
4995 # As of 2.0, FreeRADIUS supports RADIUS layer "status
4996 # checks". These are used by a proxy server to see if a home
4997 # server is alive.
4998 #
4999 # These status packets are sent ONLY if the proxying server
5000 # believes that the home server is dead. They are NOT sent
5001 # if the proxying server believes that the home server is
5002 # alive. They are NOT sent if the proxying server is not
5003 # proxying packets.
5004 #
5005 # If the home server responds to the status check packet,
5006 # then it is marked alive again, and is returned to use.
5007 #
5008 ############################################################
5009
5010 #
5011 # Some home servers do not support status checks via the
5012 # Status-Server packet. Others may not have a "test" user
5013 # configured that can be used to query the server, to see if
5014 # it is alive. For those servers, we have NO WAY of knowing
5015 # when it becomes alive again. Therefore, after the server
5016 # has been marked dead, we wait a period of time, and mark
5017 # it alive again, in the hope that it has come back to
5018 # life.
5019 #
5020 # If it has NOT come back to life, then FreeRADIUS will wait
5021 # for "zombie_period" before marking it dead again. During
5022 # the "zombie_period", ALL AUTHENTICATIONS WILL FAIL, because
5023 # the home server is still dead. There is NOTHING that can
5024 # be done about this, other than to enable the status checks,
5025 # as documented below.
5026 #
5027 # e.g. if "zombie_period" is 40 seconds, and "revive_interval"
5028 # is 300 seconds, the for 40 seconds out of every 340, or about
5029 # 10% of the time, all authentications will fail.
5030 #
5031 # If the "zombie_period" and "revive_interval" configurations
5032 # are set smaller, than it is possible for up to 50% of
5033 # authentications to fail.
5034 #
5035 # As a result, we recommend enabling status checks, and
5036 # we do NOT recommend using "revive_interval".
5037 #
5038 # The "revive_interval" is used ONLY if the "status_check"
5039 # entry below is "none". Otherwise, it will not be used,
5040 # and should be deleted.
5041 #
5042 # Useful range of values: 60 to 3600
5043 revive_interval = 120
5044
5045 #
5046 # The proxying server (i.e. this one) can do periodic status
5047 # checks to see if a dead home server has come back alive.
5048 #
5049 # If set to "none", then the other configuration items listed
5050 # below are not used, and the "revive_interval" time is used
5051 # instead.
5052 #
5053 # If set to "status-server", the Status-Server packets are
5054 # sent. Many RADIUS servers support Status-Server. If a
5055 # server does not support it, please contact the server
5056 # vendor and request that they add it.
5057 #
5058 # If set to "request", then Access-Request, or Accounting-Request
5059 # packets are sent, depending on the "type" entry above (auth/acct).
5060 #
5061 # Allowed values: none, status-server, request
5062 status_check = status-server
5063
5064 #
5065 # If the home server does not support Status-Server packets,
5066 # then the server can still send Access-Request or
5067 # Accounting-Request packets, with a pre-defined user name.
5068 #
5069 # This practice is NOT recommended, as it may potentially let
5070 # users gain network access by using these "test" accounts!
5071 #
5072 # If it is used, we recommend that the home server ALWAYS
5073 # respond to these Access-Request status checks with
5074 # Access-Reject. The status check just needs an answer, it
5075 # does not need an Access-Accept.
5076 #
5077 # For Accounting-Request status checks, only the username
5078 # needs to be set. The rest of the accounting attribute are
5079 # set to default values. The home server that receives these
5080 # accounting packets SHOULD NOT treat them like normal user
5081 # accounting packets. i.e It should probably NOT log them to
5082 # a database.
5083 #
5084 # username = "test_user_please_reject_me"
5085 # password = "this is really secret"
5086
5087 #
5088 # Configure the interval between sending status check packets.
5089 #
5090 # Setting it too low increases the probability of spurious
5091 # fail-over and fallback attempts.
5092 #
5093 # Useful range of values: 6 to 120
5094 check_interval = 30
5095
5096 #
5097 # Configure the number of status checks in a row that the
5098 # home server needs to respond to before it is marked alive.
5099 #
5100 # If you want to mark a home server as alive after a short
5101 # time period of being responsive, it is best to use a small
5102 # "check_interval", and a large value for
5103 # "num_answers_to_alive". Using a long "check_interval" and
5104 # a small number for "num_answers_to_alive" increases the
5105 # probability of spurious fail-over and fallback attempts.
5106 #
5107 # Useful range of values: 3 to 10
5108 num_answers_to_alive = 3
5109
5110 #
5111 # Limit the total number of outstanding packets to the home
5112 # server.
5113 #
5114 # if ((#request sent) - (#requests received)) > max_outstanding
5115 # then stop sending more packets to the home server
5116 #
5117 # This lets us gracefully fall over when the home server
5118 # is overloaded.
5119 max_outstanding = 65536
5120
5121 #
5122 # The configuration items in the next sub-section are used ONLY
5123 # when "type = coa". It is ignored for all other type of home
5124 # servers.
5125 #
5126 # See RFC 5080 for the definitions of the following terms.
5127 # RAND is a function (internal to FreeRADIUS) returning
5128 # random numbers between -0.1 and +0.1
5129 #
5130 # First Re-transmit occurs after:
5131 #
5132 # RT = IRT + RAND*IRT
5133 #
5134 # Subsequent Re-transmits occur after:
5135 #
5136 # RT = 2 * RTprev + RAND * RTprev
5137 #
5138 # Re-trasnmits are capped at:
5139 #
5140 # if (MRT && (RT > MRT)) RT = MRT + RAND * MRT
5141 #
5142 # For a maximum number of attempts: MRC
5143 #
5144 # For a maximum (total) period of time: MRD.
5145 #
5146 coa {
5147 # Initial retransmit interval: 1..5
5148 irt = 2
5149
5150 # Maximum Retransmit Timeout: 1..30 (0 == no maximum)
5151 mrt = 16
5152
5153 # Maximum Retransmit Count: 1..20 (0 == retransmit forever)
5154 mrc = 5
5155
5156 # Maximum Retransmit Duration: 5..60
5157 mrd = 30
5158 }
5159}
5160
5161# Sample virtual home server.
5162#
5163#
5164#home_server virtual.example.com {
5165# virtual_server = virtual.example.com
5166#}
5167
5168######################################################################
5169#
5170# This section defines a pool of home servers that is used
5171# for fail-over and load-balancing. In earlier versions of
5172# FreeRADIUS, fail-over and load-balancing were defined per-realm.
5173# As a result, if a server had 5 home servers, each of which served
5174# the same 10 realms, you would need 50 "realm" entries.
5175#
5176# In version 2.0, you would need 5 "home_server" sections,
5177# 10 'realm" sections, and one "home_server_pool" section to tie the
5178# two together.
5179#
5180home_server_pool my_auth_failover {
5181 #
5182 # The type of this pool controls how home servers are chosen.
5183 #
5184 # fail-over - the request is sent to the first live
5185 # home server in the list. i.e. If the first home server
5186 # is marked "dead", the second one is chosen, etc.
5187 #
5188 # load-balance - the least busy home server is chosen,
5189 # where "least busy" is counted by taking the number of
5190 # requests sent to that home server, and subtracting the
5191 # number of responses received from that home server.
5192 #
5193 # If there are two or more servers with the same low
5194 # load, then one of those servers is chosen at random.
5195 # This configuration is most similar to the old
5196 # "round-robin" method, though it is not exactly the same.
5197 #
5198 # Note that load balancing does not work well with EAP,
5199 # as EAP requires packets for an EAP conversation to be
5200 # sent to the same home server. The load balancing method
5201 # does not keep state in between packets, meaning that
5202 # EAP packets for the same conversation may be sent to
5203 # different home servers. This will prevent EAP from
5204 # working.
5205 #
5206 # For non-EAP authentication methods, and for accounting
5207 # packets, we recommend using "load-balance". It will
5208 # ensure the highest availability for your network.
5209 #
5210 # client-balance - the home server is chosen by hashing the
5211 # source IP address of the packet. If that home server
5212 # is down, the next one in the list is used, just as
5213 # with "fail-over".
5214 #
5215 # There is no way of predicting which source IP will map
5216 # to which home server.
5217 #
5218 # This configuration is most useful to do simple load
5219 # balancing for EAP sessions, as the EAP session will
5220 # always be sent to the same home server.
5221 #
5222 # client-port-balance - the home server is chosen by hashing
5223 # the source IP address and source port of the packet.
5224 # If that home server is down, the next one in the list
5225 # is used, just as with "fail-over".
5226 #
5227 # This method provides slightly better load balancing
5228 # for EAP sessions than "client-balance". However, it
5229 # also means that authentication and accounting packets
5230 # for the same session MAY go to different home servers.
5231 #
5232 # keyed-balance - the home server is chosen by hashing (FNV)
5233 # the contents of the Load-Balance-Key attribute from the
5234 # control items. The request is then sent to home server
5235 # chosen by taking:
5236 #
5237 # server = (hash % num_servers_in_pool).
5238 #
5239 # If there is no Load-Balance-Key in the control items,
5240 # the load balancing method is identical to "load-balance".
5241 #
5242 # For most non-EAP authentication methods, The User-Name
5243 # attribute provides a good key. An "unlang" policy can
5244 # be used to copy the User-Name to the Load-Balance-Key
5245 # attribute. This method may not work for EAP sessions,
5246 # as the User-Name outside of the TLS tunnel is often
5247 # static, e.g. "anonymous@realm".
5248 #
5249 #
5250 # The default type is fail-over.
5251 type = fail-over
5252
5253 #
5254 # A virtual_server may be specified here. If so, the
5255 # "pre-proxy" and "post-proxy" sections are called when
5256 # the request is proxied, and when a response is received.
5257 #
5258 # This lets you have one policy for all requests that are proxied
5259 # to a home server. This policy is completely independent of
5260 # any policies used to receive, or process the request.
5261 #
5262 #virtual_server = pre_post_proxy_for_pool
5263
5264 #
5265 # Next, a list of one or more home servers. The names
5266 # of the home servers are NOT the hostnames, but the names
5267 # of the sections. (e.g. home_server foo {...} has name "foo".
5268 #
5269 # Note that ALL home servers listed here have to be of the same
5270 # type. i.e. they all have to be "auth", or they all have to
5271 # be "acct", or the all have to be "auth+acct".
5272 #
5273 home_server = localhost
5274
5275 # Additional home servers can be listed.
5276 # There is NO LIMIT to the number of home servers that can
5277 # be listed, though using more than 10 or so will become
5278 # difficult to manage.
5279 #
5280 # home_server = foo.example.com
5281 # home_server = bar.example.com
5282 # home_server = baz.example.com
5283 # home_server = ...
5284
5285
5286 #
5287 # If ALL home servers are dead, then this "fallback" home server
5288 # is used. If set, it takes precedence over any realm-based
5289 # fallback, such as the DEFAULT realm.
5290 #
5291 # For reasons of stability, this home server SHOULD be a virtual
5292 # server. Otherwise, the fallback may itself be dead!
5293 #
5294 #fallback = virtual.example.com
5295}
5296
5297######################################################################
5298#
5299#
5300# This section defines a new-style "realm". Note the in version 2.0,
5301# there are many fewer configuration items than in 1.x for a realm.
5302#
5303# Automatic proxying is done via the "realms" module (see "man
5304# rlm_realm"). To manually proxy the request put this entry in the
5305# "users" file:
5306
5307#
5308#
5309#DEFAULT Proxy-To-Realm := "realm_name"
5310#
5311#
5312realm example.com {
5313 #
5314 # Realms point to pools of home servers.
5315#
5316 # For authentication, the "auth_pool" configuration item
5317 # should point to a "home_server_pool" that was previously
5318 # defined. All of the home servers in the "auth_pool" must
5319 # be of type "auth".
5320 #
5321 # For accounting, the "acct_pool" configuration item
5322 # should point to a "home_server_pool" that was previously
5323 # defined. All of the home servers in the "acct_pool" must
5324 # be of type "acct".
5325 #
5326 # If you have a "home_server_pool" where all of the home servers
5327 # are of type "auth+acct", you can just use the "pool"
5328 # configuration item, instead of specifying both "auth_pool"
5329 # and "acct_pool".
5330
5331 auth_pool = my_auth_failover
5332# acct_pool = acct
5333
5334 #
5335 # Normally, when an incoming User-Name is matched against the
5336 # realm, the realm name is "stripped" off, and the "stripped"
5337 # user name is used to perform matches.
5338 #
5339 # e.g. User-Name = "bob@example.com" will result in two new
5340 # attributes being created by the "realms" module:
5341 #
5342 # Stripped-User-Name = "bob"
5343 # Realm = "example.com"
5344 #
5345 # The Stripped-User-Name is then used as a key in the "users"
5346 # file, for example.
5347 #
5348 # If you do not want this to happen, uncomment "nostrip" below.
5349 #
5350 # nostrip
5351
5352 # There are no more configuration entries for a realm.
5353}
5354
5355
5356#
5357# This is a sample entry for iPass.
5358# Note that you have to define "ipass_auth_pool" and
5359# "ipass_acct_pool", along with home_servers for them, too.
5360#
5361#realm IPASS {
5362# nostrip
5363#
5364# auth_pool = ipass_auth_pool
5365# acct_pool = ipass_acct_pool
5366#}
5367
5368#
5369# This realm is used mainly to cancel proxying. You can have
5370# the "realm suffix" module configured to proxy all requests for
5371# a realm, and then later cancel the proxying, based on other
5372# configuration.
5373#
5374# For example, you want to terminate PEAP or EAP-TTLS locally,
5375# you can add the following to the "users" file:
5376#
5377# DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL
5378#
5379realm LOCAL {
5380 # If we do not specify a server pool, the realm is LOCAL, and
5381 # requests are not proxied to it.
5382}
5383
5384#
5385# This realm is for requests which don't have an explicit realm
5386# prefix or suffix. User names like "bob" will match this one.
5387#
5388#realm NULL {
5389# authhost = radius.company.com:1600
5390# accthost = radius.company.com:1601
5391# secret = testing123
5392#}
5393
5394#
5395# This realm is for ALL OTHER requests.
5396#
5397#realm DEFAULT {
5398# authhost = radius.company.com:1600
5399# accthost = radius.company.com:1601
5400# secret = testing123
5401#}
5402
5403
5404# This realm "proxies" requests internally to a virtual server.
5405# The pre-proxy and post-proxy sections are run just as with any
5406# other kind of home server. The virtual server then receives
5407# the request, and replies, just as with any other packet.
5408#
5409# Once proxied internally like this, the request CANNOT be proxied
5410# internally or externally.
5411#
5412#realm virtual.example.com {
5413# virtual_server = virtual.example.com
5414#}
5415#
5416
5417#
5418# Regular expressions may also be used as realm names. If these are used,
5419# then the "find matching realm" process is as follows:
5420#
5421# 1) Look for a non-regex realm with an *exact* match for the name.
5422# If found, it is used in preference to any regex matching realm.
5423#
5424# 2) Look for a regex realm, in the order that they are listed
5425# in the configuration files. Any regex match is performed in
5426# a case-insensitive fashion.
5427#
5428# 3) If no realm is found, return the DEFAULT realm, if any.
5429#
5430# The order of the realms matters in step (2). For example, defining
5431# two realms ".*\.example.net$" and ".*\.test\.example\.net$" will result in
5432# the second realm NEVER matching. This is because all of the realms
5433# which match the second regex also match the first one. Since the
5434# first regex matches, it is returned.
5435#
5436# The solution is to list the realms in the opposite order,. e.g.
5437# ".*\.test\.example.net$", followed by ".*\.example\.net$".
5438#
5439#
5440# Some helpful rules:
5441#
5442# - always place a '~' character at the start of the realm name.
5443# This signifies that it is a regex match, and not an exact match
5444# for the realm.
5445#
5446# - place the regex in double quotes. This helps the configuration
5447# file parser ignore any "special" characters in the regex.
5448# Yes, this rule is different than the normal "unlang" rules for
5449# regular expressions. That may be fixed in a future release.
5450#
5451# - use two back-slashes '\\' whenever you need one backslash in the
5452# regex. e.g. "~.*\\.example\\.net$", and not "~\.example\.net$".
5453# This is because the regex is in a double-quoted string, and normal
5454# rules apply for double-quoted strings.
5455#
5456# - If you are matching domain names, use two backslashes in front of
5457# every '.' (dot or period). This is because '.' has special meaning
5458# in a regular expression: match any character. If you do not do this,
5459# then "~.*.example.net$" will match "fooXexampleYnet", which is likely
5460# not what you want
5461#
5462# - If you are matching domain names, put a '$' at the end of the regex
5463# that matches the domain name. This tells the regex matching code
5464# that the realm ENDS with the domain name, so it does not match
5465# realms with the domain name in the middle. e.g. "~.*\\.example\\.net"
5466# will match "test.example.netFOO", which is likely not what you want.
5467# Using "~(.*\\.)example\\.net$" is better.
5468#
5469# The more regex realms that are defined, the more time it takes to
5470# process them. You should define as few regex realms as possible
5471# in order to maximize server performance.
5472#
5473#realm "~(.*\\.)*example\\.net$" {
5474# auth_pool = my_auth_failover
5475#}
5476
5477##### File: /etc/freeradius2/radiusd.conf #####
5478# -*- text -*-
5479##
5480## radiusd.conf -- FreeRADIUS server configuration file.
5481##
5482## http://www.freeradius.org/
5483## $Id: 201b70b31b5bb4c2ef98c102690daa3462d5e1e3 $
5484##
5485
5486######################################################################
5487#
5488# Read "man radiusd" before editing this file. See the section
5489# titled DEBUGGING. It outlines a method where you can quickly
5490# obtain the configuration you want, without running into
5491# trouble.
5492#
5493# Run the server in debugging mode, and READ the output.
5494#
5495# $ radiusd -X
5496#
5497# We cannot emphasize this point strongly enough. The vast
5498# majority of problems can be solved by carefully reading the
5499# debugging output, which includes warnings about common issues,
5500# and suggestions for how they may be fixed.
5501#
5502# There may be a lot of output, but look carefully for words like:
5503# "warning", "error", "reject", or "failure". The messages there
5504# will usually be enough to guide you to a solution.
5505#
5506# If you are going to ask a question on the mailing list, then
5507# explain what you are trying to do, and include the output from
5508# debugging mode (radiusd -X). Failure to do so means that all
5509# of the responses to your question will be people telling you
5510# to "post the output of radiusd -X".
5511
5512######################################################################
5513#
5514# The location of other config files and logfiles are declared
5515# in this file.
5516#
5517# Also general configuration for modules can be done in this
5518# file, it is exported through the API to modules that ask for
5519# it.
5520#
5521# See "man radiusd.conf" for documentation on the format of this
5522# file. Note that the individual configuration items are NOT
5523# documented in that "man" page. They are only documented here,
5524# in the comments.
5525#
5526# As of 2.0.0, FreeRADIUS supports a simple processing language
5527# in the "authorize", "authenticate", "accounting", etc. sections.
5528# See "man unlang" for details.
5529#
5530
5531prefix = /usr
5532exec_prefix = /usr
5533sysconfdir = /etc
5534localstatedir = /var
5535sbindir = /usr/sbin
5536logdir = /var/log
5537raddbdir = /etc/freeradius2
5538radacctdir = /var/db/radacct
5539
5540#
5541# name of the running server. See also the "-n" command-line option.
5542name = radiusd
5543
5544# Location of config and logfiles.
5545confdir = ${raddbdir}
5546run_dir = ${localstatedir}/run
5547
5548# Should likely be ${localstatedir}/lib/radiusd
5549db_dir = ${raddbdir}
5550
5551#
5552# libdir: Where to find the rlm_* modules.
5553#
5554# This should be automatically set at configuration time.
5555#
5556# If the server builds and installs, but fails at execution time
5557# with an 'undefined symbol' error, then you can use the libdir
5558# directive to work around the problem.
5559#
5560# The cause is usually that a library has been installed on your
5561# system in a place where the dynamic linker CANNOT find it. When
5562# executing as root (or another user), your personal environment MAY
5563# be set up to allow the dynamic linker to find the library. When
5564# executing as a daemon, FreeRADIUS MAY NOT have the same
5565# personalized configuration.
5566#
5567# To work around the problem, find out which library contains that symbol,
5568# and add the directory containing that library to the end of 'libdir',
5569# with a colon separating the directory names. NO spaces are allowed.
5570#
5571# e.g. libdir = /usr/local/lib:/opt/package/lib
5572#
5573# You can also try setting the LD_LIBRARY_PATH environment variable
5574# in a script which starts the server.
5575#
5576# If that does not work, then you can re-configure and re-build the
5577# server to NOT use shared libraries, via:
5578#
5579# ./configure --disable-shared
5580# make
5581# make install
5582#
5583libdir = /usr/lib/freeradius2
5584
5585# pidfile: Where to place the PID of the RADIUS server.
5586#
5587# The server may be signalled while it's running by using this
5588# file.
5589#
5590# This file is written when ONLY running in daemon mode.
5591#
5592# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
5593#
5594pidfile = ${run_dir}/${name}.pid
5595
5596# chroot: directory where the server does "chroot".
5597#
5598# The chroot is done very early in the process of starting the server.
5599# After the chroot has been performed it switches to the "user" listed
5600# below (which MUST be specified). If "group" is specified, it switchs
5601# to that group, too. Any other groups listed for the specified "user"
5602# in "/etc/group" are also added as part of this process.
5603#
5604# The current working directory (chdir / cd) is left *outside* of the
5605# chroot until all of the modules have been initialized. This allows
5606# the "raddb" directory to be left outside of the chroot. Once the
5607# modules have been initialized, it does a "chdir" to ${logdir}. This
5608# means that it should be impossible to break out of the chroot.
5609#
5610# If you are worried about security issues related to this use of chdir,
5611# then simply ensure that the "raddb" directory is inside of the chroot,
5612# end be sure to do "cd raddb" BEFORE starting the server.
5613#
5614# If the server is statically linked, then the only files that have
5615# to exist in the chroot are ${run_dir} and ${logdir}. If you do the
5616# "cd raddb" as discussed above, then the "raddb" directory has to be
5617# inside of the chroot directory, too.
5618#
5619#chroot = /path/to/chroot/directory
5620
5621# user/group: The name (or #number) of the user/group to run radiusd as.
5622#
5623# If these are commented out, the server will run as the user/group
5624# that started it. In order to change to a different user/group, you
5625# MUST be root ( or have root privleges ) to start the server.
5626#
5627# We STRONGLY recommend that you run the server with as few permissions
5628# as possible. That is, if you're not using shadow passwords, the
5629# user and group items below should be set to radius'.
5630#
5631# NOTE that some kernels refuse to setgid(group) when the value of
5632# (unsigned)group is above 60000; don't use group nobody on these systems!
5633#
5634# On systems with shadow passwords, you might have to set 'group = shadow'
5635# for the server to be able to read the shadow password file. If you can
5636# authenticate users while in debug mode, but not in daemon mode, it may be
5637# that the debugging mode server is running as a user that can read the
5638# shadow info, and the user listed below can not.
5639#
5640# The server will also try to use "initgroups" to read /etc/groups.
5641# It will join all groups where "user" is a member. This can allow
5642# for some finer-grained access controls.
5643#
5644#user = radius
5645#group = radius
5646
5647# panic_action: Command to execute if the server dies unexpectedly.
5648#
5649# FOR PRODUCTION SYSTEMS, ACTIONS SHOULD ALWAYS EXIT.
5650# AN INTERACTIVE ACTION MEANS THE SERVER IS NOT RESPONDING TO REQUESTS.
5651# AN INTERACTICE ACTION MEANS THE SERVER WILL NOT RESTART.
5652#
5653# The panic action is a command which will be executed if the server
5654# receives a fatal, non user generated signal, i.e. SIGSEGV, SIGBUS,
5655# SIGABRT or SIGFPE.
5656#
5657# This can be used to start an interactive debugging session so
5658# that information regarding the current state of the server can
5659# be acquired.
5660#
5661# The following string substitutions are available:
5662# - %e The currently executing program e.g. /sbin/radiusd
5663# - %p The PID of the currently executing program e.g. 12345
5664#
5665# Standard ${} substitutions are also allowed.
5666#
5667# An example panic action for opening an interactive session in GDB would be:
5668#
5669#panic_action = "gdb %e %p"
5670#
5671# Again, don't use that on a production system.
5672#
5673# An example panic action for opening an automated session in GDB would be:
5674#
5675#panic_action = "gdb -silent -x ${raddbdir}/panic.gdb %e %p > ${logdir}/gdb-%e-%p.log 2>&1"
5676#
5677# That command can be used on a production system.
5678#
5679
5680# max_request_time: The maximum time (in seconds) to handle a request.
5681#
5682# Requests which take more time than this to process may be killed, and
5683# a REJECT message is returned.
5684#
5685# WARNING: If you notice that requests take a long time to be handled,
5686# then this MAY INDICATE a bug in the server, in one of the modules
5687# used to handle a request, OR in your local configuration.
5688#
5689# This problem is most often seen when using an SQL database. If it takes
5690# more than a second or two to receive an answer from the SQL database,
5691# then it probably means that you haven't indexed the database. See your
5692# SQL server documentation for more information.
5693#
5694# Useful range of values: 5 to 120
5695#
5696max_request_time = 30
5697
5698# cleanup_delay: The time to wait (in seconds) before cleaning up
5699# a reply which was sent to the NAS.
5700#
5701# The RADIUS request is normally cached internally for a short period
5702# of time, after the reply is sent to the NAS. The reply packet may be
5703# lost in the network, and the NAS will not see it. The NAS will then
5704# re-send the request, and the server will respond quickly with the
5705# cached reply.
5706#
5707# If this value is set too low, then duplicate requests from the NAS
5708# MAY NOT be detected, and will instead be handled as seperate requests.
5709#
5710# If this value is set too high, then the server will cache too many
5711# requests, and some new requests may get blocked. (See 'max_requests'.)
5712#
5713# Useful range of values: 2 to 10
5714#
5715cleanup_delay = 5
5716
5717# max_requests: The maximum number of requests which the server keeps
5718# track of. This should be 256 multiplied by the number of clients.
5719# e.g. With 4 clients, this number should be 1024.
5720#
5721# If this number is too low, then when the server becomes busy,
5722# it will not respond to any new requests, until the 'cleanup_delay'
5723# time has passed, and it has removed the old requests.
5724#
5725# If this number is set too high, then the server will use a bit more
5726# memory for no real benefit.
5727#
5728# If you aren't sure what it should be set to, it's better to set it
5729# too high than too low. Setting it to 1000 per client is probably
5730# the highest it should be.
5731#
5732# Useful range of values: 256 to infinity
5733#
5734max_requests = 1024
5735
5736# listen: Make the server listen on a particular IP address, and send
5737# replies out from that address. This directive is most useful for
5738# hosts with multiple IP addresses on one interface.
5739#
5740# If you want the server to listen on additional addresses, or on
5741# additionnal ports, you can use multiple "listen" sections.
5742#
5743# Each section make the server listen for only one type of packet,
5744# therefore authentication and accounting have to be configured in
5745# different sections.
5746#
5747# The server ignore all "listen" section if you are using '-i' and '-p'
5748# on the command line.
5749#
5750listen {
5751 # Type of packets to listen for.
5752 # Allowed values are:
5753 # auth listen for authentication packets
5754 # acct listen for accounting packets
5755 # proxy IP to use for sending proxied packets
5756 # detail Read from the detail file. For examples, see
5757 # raddb/sites-available/copy-acct-to-home-server
5758 # status listen for Status-Server packets. For examples,
5759 # see raddb/sites-available/status
5760 # coa listen for CoA-Request and Disconnect-Request
5761 # packets. For examples, see the file
5762 # raddb/sites-available/coa
5763 #
5764 type = auth
5765
5766 # Note: "type = proxy" lets you control the source IP used for
5767 # proxying packets, with some limitations:
5768 #
5769 # * A proxy listener CANNOT be used in a virtual server section.
5770 # * You should probably set "port = 0".
5771 # * Any "clients" configuration will be ignored.
5772 #
5773 # See also proxy.conf, and the "src_ipaddr" configuration entry
5774 # in the sample "home_server" section. When you specify the
5775 # source IP address for packets sent to a home server, the
5776 # proxy listeners are automatically created.
5777
5778 # IP address on which to listen.
5779 # Allowed values are:
5780 # dotted quad (1.2.3.4)
5781 # hostname (radius.example.com)
5782 # wildcard (*)
5783 ipaddr = *
5784
5785 # OR, you can use an IPv6 address, but not both
5786 # at the same time.
5787# ipv6addr = :: # any. ::1 == localhost
5788
5789 # Port on which to listen.
5790 # Allowed values are:
5791 # integer port number (1812)
5792 # 0 means "use /etc/services for the proper port"
5793 port = 0
5794
5795 # Some systems support binding to an interface, in addition
5796 # to the IP address. This feature isn't strictly necessary,
5797 # but for sites with many IP addresses on one interface,
5798 # it's useful to say "listen on all addresses for eth0".
5799 #
5800 # If your system does not support this feature, you will
5801 # get an error if you try to use it.
5802 #
5803# interface = eth0
5804
5805 # Per-socket lists of clients. This is a very useful feature.
5806 #
5807 # The name here is a reference to a section elsewhere in
5808 # radiusd.conf, or clients.conf. Having the name as
5809 # a reference allows multiple sockets to use the same
5810 # set of clients.
5811 #
5812 # If this configuration is used, then the global list of clients
5813 # is IGNORED for this "listen" section. Take care configuring
5814 # this feature, to ensure you don't accidentally disable a
5815 # client you need.
5816 #
5817 # See clients.conf for the configuration of "per_socket_clients".
5818 #
5819# clients = per_socket_clients
5820}
5821
5822# This second "listen" section is for listening on the accounting
5823# port, too.
5824#
5825listen {
5826 ipaddr = *
5827# ipv6addr = ::
5828 port = 0
5829 type = acct
5830# interface = eth0
5831# clients = per_socket_clients
5832}
5833
5834# hostname_lookups: Log the names of clients or just their IP addresses
5835# e.g., www.freeradius.org (on) or 206.47.27.232 (off).
5836#
5837# The default is 'off' because it would be overall better for the net
5838# if people had to knowingly turn this feature on, since enabling it
5839# means that each client request will result in AT LEAST one lookup
5840# request to the nameserver. Enabling hostname_lookups will also
5841# mean that your server may stop randomly for 30 seconds from time
5842# to time, if the DNS requests take too long.
5843#
5844# Turning hostname lookups off also means that the server won't block
5845# for 30 seconds, if it sees an IP address which has no name associated
5846# with it.
5847#
5848# allowed values: {no, yes}
5849#
5850hostname_lookups = no
5851
5852# Core dumps are a bad thing. This should only be set to 'yes'
5853# if you're debugging a problem with the server.
5854#
5855# allowed values: {no, yes}
5856#
5857allow_core_dumps = no
5858
5859# Regular expressions
5860#
5861# These items are set at configure time. If they're set to "yes",
5862# then setting them to "no" turns off regular expression support.
5863#
5864# If they're set to "no" at configure time, then setting them to "yes"
5865# WILL NOT WORK. It will give you an error.
5866#
5867regular_expressions = yes
5868extended_expressions = yes
5869
5870#
5871# Logging section. The various "log_*" configuration items
5872# will eventually be moved here.
5873#
5874log {
5875 #
5876 # Destination for log messages. This can be one of:
5877 #
5878 # files - log to "file", as defined below.
5879 # syslog - to syslog (see also the "syslog_facility", below.
5880 # stdout - standard output
5881 # stderr - standard error.
5882 #
5883 # The command-line option "-X" over-rides this option, and forces
5884 # logging to go to stdout.
5885 #
5886 destination = files
5887
5888 #
5889 # The logging messages for the server are appended to the
5890 # tail of this file if destination == "files"
5891 #
5892 # If the server is running in debugging mode, this file is
5893 # NOT used.
5894 #
5895 file = ${logdir}/radius.log
5896
5897 #
5898 # If this configuration parameter is set, then log messages for
5899 # a *request* go to this file, rather than to radius.log.
5900 #
5901 # i.e. This is a log file per request, once the server has accepted
5902 # the request as being from a valid client. Messages that are
5903 # not associated with a request still go to radius.log.
5904 #
5905 # Not all log messages in the server core have been updated to use
5906 # this new internal API. As a result, some messages will still
5907 # go to radius.log. Please submit patches to fix this behavior.
5908 #
5909 # The file name is expanded dynamically. You should ONLY user
5910 # server-side attributes for the filename (e.g. things you control).
5911 # Using this feature MAY also slow down the server substantially,
5912 # especially if you do thinks like SQL calls as part of the
5913 # expansion of the filename.
5914 #
5915 # The name of the log file should use attributes that don't change
5916 # over the lifetime of a request, such as User-Name,
5917 # Virtual-Server or Packet-Src-IP-Address. Otherwise, the log
5918 # messages will be distributed over multiple files.
5919 #
5920 # Logging can be enabled for an individual request by a special
5921 # dynamic expansion macro: %{debug: 1}, where the debug level
5922 # for this request is set to '1' (or 2, 3, etc.). e.g.
5923 #
5924 # ...
5925 # update control {
5926 # Tmp-String-0 = "%{debug:1}"
5927 # }
5928 # ...
5929 #
5930 # The attribute that the value is assigned to is unimportant,
5931 # and should be a "throw-away" attribute with no side effects.
5932 #
5933 #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
5934
5935 #
5936 # Which syslog facility to use, if ${destination} == "syslog"
5937 #
5938 # The exact values permitted here are OS-dependent. You probably
5939 # don't want to change this.
5940 #
5941 syslog_facility = daemon
5942
5943 # Log the full User-Name attribute, as it was found in the request.
5944 #
5945 # allowed values: {no, yes}
5946 #
5947 stripped_names = no
5948
5949 # Log authentication requests to the log file.
5950 #
5951 # allowed values: {no, yes}
5952 #
5953 auth = no
5954
5955 # Log passwords with the authentication requests.
5956 # auth_badpass - logs password if it's rejected
5957 # auth_goodpass - logs password if it's correct
5958 #
5959 # allowed values: {no, yes}
5960 #
5961 auth_badpass = no
5962 auth_goodpass = no
5963
5964 # Log additional text at the end of the "Login OK" messages.
5965 # for these to work, the "auth" and "auth_goopass" or "auth_badpass"
5966 # configurations above have to be set to "yes".
5967 #
5968 # The strings below are dynamically expanded, which means that
5969 # you can put anything you want in them. However, note that
5970 # this expansion can be slow, and can negatively impact server
5971 # performance.
5972 #
5973# msg_goodpass = ""
5974# msg_badpass = ""
5975}
5976
5977# The program to execute to do concurrency checks.
5978checkrad = ${sbindir}/checkrad
5979
5980# SECURITY CONFIGURATION
5981#
5982# There may be multiple methods of attacking on the server. This
5983# section holds the configuration items which minimize the impact
5984# of those attacks
5985#
5986security {
5987 #
5988 # max_attributes: The maximum number of attributes
5989 # permitted in a RADIUS packet. Packets which have MORE
5990 # than this number of attributes in them will be dropped.
5991 #
5992 # If this number is set too low, then no RADIUS packets
5993 # will be accepted.
5994 #
5995 # If this number is set too high, then an attacker may be
5996 # able to send a small number of packets which will cause
5997 # the server to use all available memory on the machine.
5998 #
5999 # Setting this number to 0 means "allow any number of attributes"
6000 max_attributes = 200
6001
6002 #
6003 # reject_delay: When sending an Access-Reject, it can be
6004 # delayed for a few seconds. This may help slow down a DoS
6005 # attack. It also helps to slow down people trying to brute-force
6006 # crack a users password.
6007 #
6008 # Setting this number to 0 means "send rejects immediately"
6009 #
6010 # If this number is set higher than 'cleanup_delay', then the
6011 # rejects will be sent at 'cleanup_delay' time, when the request
6012 # is deleted from the internal cache of requests.
6013 #
6014 # Useful ranges: 1 to 5
6015 reject_delay = 1
6016
6017 #
6018 # status_server: Whether or not the server will respond
6019 # to Status-Server requests.
6020 #
6021 # When sent a Status-Server message, the server responds with
6022 # an Access-Accept or Accounting-Response packet.
6023 #
6024 # This is mainly useful for administrators who want to "ping"
6025 # the server, without adding test users, or creating fake
6026 # accounting packets.
6027 #
6028 # It's also useful when a NAS marks a RADIUS server "dead".
6029 # The NAS can periodically "ping" the server with a Status-Server
6030 # packet. If the server responds, it must be alive, and the
6031 # NAS can start using it for real requests.
6032 #
6033 # See also raddb/sites-available/status
6034 #
6035 status_server = yes
6036
6037 #
6038 # allow_vulnerable_openssl: Allow the server to start with
6039 # versions of OpenSSL known to have critical vulnerabilities.
6040 #
6041 # This check is based on the version number reported by libssl
6042 # and may not reflect patches applied to libssl by
6043 # distribution maintainers.
6044 #
6045 allow_vulnerable_openssl = no
6046}
6047
6048# PROXY CONFIGURATION
6049#
6050# proxy_requests: Turns proxying of RADIUS requests on or off.
6051#
6052# The server has proxying turned on by default. If your system is NOT
6053# set up to proxy requests to another server, then you can turn proxying
6054# off here. This will save a small amount of resources on the server.
6055#
6056# If you have proxying turned off, and your configuration files say
6057# to proxy a request, then an error message will be logged.
6058#
6059# To disable proxying, change the "yes" to "no", and comment the
6060# $INCLUDE line.
6061#
6062# allowed values: {no, yes}
6063#
6064proxy_requests = no
6065#$INCLUDE proxy.conf
6066
6067
6068# CLIENTS CONFIGURATION
6069#
6070# Client configuration is defined in "clients.conf".
6071#
6072
6073# The 'clients.conf' file contains all of the information from the old
6074# 'clients' and 'naslist' configuration files. We recommend that you
6075# do NOT use 'client's or 'naslist', although they are still
6076# supported.
6077#
6078# Anything listed in 'clients.conf' will take precedence over the
6079# information from the old-style configuration files.
6080#
6081$INCLUDE clients.conf
6082
6083
6084# THREAD POOL CONFIGURATION
6085#
6086# The thread pool is a long-lived group of threads which
6087# take turns (round-robin) handling any incoming requests.
6088#
6089# You probably want to have a few spare threads around,
6090# so that high-load situations can be handled immediately. If you
6091# don't have any spare threads, then the request handling will
6092# be delayed while a new thread is created, and added to the pool.
6093#
6094# You probably don't want too many spare threads around,
6095# otherwise they'll be sitting there taking up resources, and
6096# not doing anything productive.
6097#
6098# The numbers given below should be adequate for most situations.
6099#
6100thread pool {
6101 # Number of servers to start initially --- should be a reasonable
6102 # ballpark figure.
6103 start_servers = 5
6104
6105 # Limit on the total number of servers running.
6106 #
6107 # If this limit is ever reached, clients will be LOCKED OUT, so it
6108 # should NOT BE SET TOO LOW. It is intended mainly as a brake to
6109 # keep a runaway server from taking the system with it as it spirals
6110 # down...
6111 #
6112 # You may find that the server is regularly reaching the
6113 # 'max_servers' number of threads, and that increasing
6114 # 'max_servers' doesn't seem to make much difference.
6115 #
6116 # If this is the case, then the problem is MOST LIKELY that
6117 # your back-end databases are taking too long to respond, and
6118 # are preventing the server from responding in a timely manner.
6119 #
6120 # The solution is NOT do keep increasing the 'max_servers'
6121 # value, but instead to fix the underlying cause of the
6122 # problem: slow database, or 'hostname_lookups=yes'.
6123 #
6124 # For more information, see 'max_request_time', above.
6125 #
6126 max_servers = 32
6127
6128 # Server-pool size regulation. Rather than making you guess
6129 # how many servers you need, FreeRADIUS dynamically adapts to
6130 # the load it sees, that is, it tries to maintain enough
6131 # servers to handle the current load, plus a few spare
6132 # servers to handle transient load spikes.
6133 #
6134 # It does this by periodically checking how many servers are
6135 # waiting for a request. If there are fewer than
6136 # min_spare_servers, it creates a new spare. If there are
6137 # more than max_spare_servers, some of the spares die off.
6138 # The default values are probably OK for most sites.
6139 #
6140 min_spare_servers = 3
6141 max_spare_servers = 10
6142
6143 # When the server receives a packet, it places it onto an
6144 # internal queue, where the worker threads (configured above)
6145 # pick it up for processing. The maximum size of that queue
6146 # is given here.
6147 #
6148 # When the queue is full, any new packets will be silently
6149 # discarded.
6150 #
6151 # The most common cause of the queue being full is that the
6152 # server is dependent on a slow database, and it has received
6153 # a large "spike" of traffic. When that happens, there is
6154 # very little you can do other than make sure the server
6155 # receives less traffic, or make sure that the database can
6156 # handle the load.
6157 #
6158# max_queue_size = 65536
6159
6160 # There may be memory leaks or resource allocation problems with
6161 # the server. If so, set this value to 300 or so, so that the
6162 # resources will be cleaned up periodically.
6163 #
6164 # This should only be necessary if there are serious bugs in the
6165 # server which have not yet been fixed.
6166 #
6167 # '0' is a special value meaning 'infinity', or 'the servers never
6168 # exit'
6169 max_requests_per_server = 0
6170}
6171
6172# MODULE CONFIGURATION
6173#
6174# The names and configuration of each module is located in this section.
6175#
6176# After the modules are defined here, they may be referred to by name,
6177# in other sections of this configuration file.
6178#
6179modules {
6180 #
6181 # Each module has a configuration as follows:
6182 #
6183 # name [ instance ] {
6184 # config_item = value
6185 # ...
6186 # }
6187 #
6188 # The 'name' is used to load the 'rlm_name' library
6189 # which implements the functionality of the module.
6190 #
6191 # The 'instance' is optional. To have two different instances
6192 # of a module, it first must be referred to by 'name'.
6193 # The different copies of the module are then created by
6194 # inventing two 'instance' names, e.g. 'instance1' and 'instance2'
6195 #
6196 # The instance names can then be used in later configuration
6197 # INSTEAD of the original 'name'. See the 'radutmp' configuration
6198 # for an example.
6199 #
6200
6201 #
6202 # As of 2.0.5, most of the module configurations are in a
6203 # sub-directory. Files matching the regex /[a-zA-Z0-9_.]+/
6204 # are loaded. The modules are initialized ONLY if they are
6205 # referenced in a processing section, such as authorize,
6206 # authenticate, accounting, pre/post-proxy, etc.
6207 #
6208 $INCLUDE ${confdir}/modules/
6209
6210 # Extensible Authentication Protocol
6211 #
6212 # For all EAP related authentications.
6213 # Now in another file, because it is very large.
6214 #
6215 $INCLUDE eap.conf
6216
6217 # Include another file that has the SQL-related configuration.
6218 # This is another file only because it tends to be big.
6219 #
6220# $INCLUDE sql.conf
6221
6222 #
6223 # This module is an SQL enabled version of the counter module.
6224 #
6225 # Rather than maintaining seperate (GDBM) databases of
6226 # accounting info for each counter, this module uses the data
6227 # stored in the raddacct table by the sql modules. This
6228 # module NEVER does any database INSERTs or UPDATEs. It is
6229 # totally dependent on the SQL module to process Accounting
6230 # packets.
6231 #
6232# $INCLUDE sql/mysql/counter.conf
6233
6234 #
6235 # IP addresses managed in an SQL table.
6236 #
6237# $INCLUDE sqlippool.conf
6238}
6239
6240# Instantiation
6241#
6242# This section orders the loading of the modules. Modules
6243# listed here will get loaded BEFORE the later sections like
6244# authorize, authenticate, etc. get examined.
6245#
6246# This section is not strictly needed. When a section like
6247# authorize refers to a module, it's automatically loaded and
6248# initialized. However, some modules may not be listed in any
6249# of the following sections, so they can be listed here.
6250#
6251# Also, listing modules here ensures that you have control over
6252# the order in which they are initalized. If one module needs
6253# something defined by another module, you can list them in order
6254# here, and ensure that the configuration will be OK.
6255#
6256instantiate {
6257 #
6258 # Allows the execution of external scripts.
6259 # The entire command line (and output) must fit into 253 bytes.
6260 #
6261 # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
6262# exec
6263
6264 #
6265 # The expression module doesn't do authorization,
6266 # authentication, or accounting. It only does dynamic
6267 # translation, of the form:
6268 #
6269 # Session-Timeout = `%{expr:2 + 3}`
6270 #
6271 # This module needs to be instantiated, but CANNOT be
6272 # listed in any other section. See 'doc/rlm_expr' for
6273 # more information.
6274 #
6275 # rlm_expr is also responsible for registering many
6276 # other xlat functions such as md5, sha1 and lc.
6277 #
6278 # We do not recommend removing it's listing here.
6279# expr
6280
6281 #
6282 # We add the counter module here so that it registers
6283 # the check-name attribute before any module which sets
6284 # it
6285# daily
6286# expiration
6287# logintime
6288
6289 # subsections here can be thought of as "virtual" modules.
6290 #
6291 # e.g. If you have two redundant SQL servers, and you want to
6292 # use them in the authorize and accounting sections, you could
6293 # place a "redundant" block in each section, containing the
6294 # exact same text. Or, you could uncomment the following
6295 # lines, and list "redundant_sql" in the authorize and
6296 # accounting sections.
6297 #
6298 #redundant redundant_sql {
6299 # sql1
6300 # sql2
6301 #}
6302}
6303
6304######################################################################
6305#
6306# Policies that can be applied in multiple places are listed
6307# globally. That way, they can be defined once, and referred
6308# to multiple times.
6309#
6310######################################################################
6311#$INCLUDE policy.conf
6312
6313######################################################################
6314#
6315# Load virtual servers.
6316#
6317# This next $INCLUDE line loads files in the directory that
6318# match the regular expression: /[a-zA-Z0-9_.]+/
6319#
6320# It allows you to define new virtual servers simply by placing
6321# a file into the /etc/freeradius2/sites/ directory.
6322#
6323$INCLUDE sites/
6324
6325######################################################################
6326#
6327# All of the other configuration sections like "authorize {}",
6328# "authenticate {}", "accounting {}", have been moved to the
6329# the file:
6330#
6331# /etc/freeradius2/sites/default
6332#
6333# This is the "default" virtual server that has the same
6334# configuration as in version 1.0.x and 1.1.x. The default
6335# installation enables this virtual server. You should
6336# edit it to create policies for your local site.
6337#
6338# For more documentation on virtual servers, see:
6339#
6340# raddb/sites-available/README
6341#
6342######################################################################
6343
6344##### File: /etc/freeradius2/sites/default #####
6345######################################################################
6346#
6347# As of 2.0.0, FreeRADIUS supports virtual hosts using the
6348# "server" section, and configuration directives.
6349#
6350# Virtual hosts should be put into the "sites-available"
6351# directory. Soft links should be created in the "sites-enabled"
6352# directory to these files. This is done in a normal installation.
6353#
6354# If you are using 802.1X (EAP) authentication, please see also
6355# the "inner-tunnel" virtual server. You wll likely have to edit
6356# that, too, for authentication to work.
6357#
6358# $Id: 520ccbc90f3a09cd6a80e1e3b16000b7ba94d884 $
6359#
6360######################################################################
6361#
6362# Read "man radiusd" before editing this file. See the section
6363# titled DEBUGGING. It outlines a method where you can quickly
6364# obtain the configuration you want, without running into
6365# trouble. See also "man unlang", which documents the format
6366# of this file.
6367#
6368# This configuration is designed to work in the widest possible
6369# set of circumstances, with the widest possible number of
6370# authentication methods. This means that in general, you should
6371# need to make very few changes to this file.
6372#
6373# The best way to configure the server for your local system
6374# is to CAREFULLY edit this file. Most attempts to make large
6375# edits to this file will BREAK THE SERVER. Any edits should
6376# be small, and tested by running the server with "radiusd -X".
6377# Once the edits have been verified to work, save a copy of these
6378# configuration files somewhere. (e.g. as a "tar" file). Then,
6379# make more edits, and test, as above.
6380#
6381# There are many "commented out" references to modules such
6382# as ldap, sql, etc. These references serve as place-holders.
6383# If you need the functionality of that module, then configure
6384# it in radiusd.conf, and un-comment the references to it in
6385# this file. In most cases, those small changes will result
6386# in the server being able to connect to the DB, and to
6387# authenticate users.
6388#
6389######################################################################
6390
6391#
6392# In 1.x, the "authorize", etc. sections were global in
6393# radiusd.conf. As of 2.0, they SHOULD be in a server section.
6394#
6395# The server section with no virtual server name is the "default"
6396# section. It is used when no server name is specified.
6397#
6398# We don't indent the rest of this file, because doing so
6399# would make it harder to read.
6400#
6401
6402# Authorization. First preprocess (hints and huntgroups files),
6403# then realms, and finally look in the "users" file.
6404#
6405# Any changes made here should also be made to the "inner-tunnel"
6406# virtual server.
6407#
6408# The order of the realm modules will determine the order that
6409# we try to find a matching realm.
6410#
6411# Make *sure* that 'preprocess' comes before any realm if you
6412# need to setup hints for the remote radius server
6413authorize {
6414 #
6415 # Security settings. Take a User-Name, and do some simple
6416 # checks on it, for spaces and other invalid characters. If
6417 # it looks like the user is trying to play games, reject it.
6418 #
6419 # This should probably be enabled by default.
6420 #
6421 # See policy.conf for the definition of the filter_username policy.
6422 #
6423# filter_username
6424
6425 #
6426 # The preprocess module takes care of sanitizing some bizarre
6427 # attributes in the request, and turning them into attributes
6428 # which are more standard.
6429 #
6430 # It takes care of processing the 'raddb/hints' and the
6431 # 'raddb/huntgroups' files.
6432# preprocess
6433
6434 #
6435 # If you want to have a log of authentication requests,
6436 # un-comment the following line, and the 'detail auth_log'
6437 # section, above.
6438# auth_log
6439
6440 #
6441 # The chap module will set 'Auth-Type := CHAP' if we are
6442 # handling a CHAP request and Auth-Type has not already been set
6443# chap
6444
6445 #
6446 # If the users are logging in with an MS-CHAP-Challenge
6447 # attribute for authentication, the mschap module will find
6448 # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
6449 # to the request, which will cause the server to then use
6450 # the mschap module for authentication.
6451# mschap
6452
6453 #
6454 # If you have a Cisco SIP server authenticating against
6455 # FreeRADIUS, uncomment the following line, and the 'digest'
6456 # line in the 'authenticate' section.
6457# digest
6458
6459 #
6460 # The WiMAX specification says that the Calling-Station-Id
6461 # is 6 octets of the MAC. This definition conflicts with
6462 # RFC 3580, and all common RADIUS practices. Un-commenting
6463 # the "wimax" module here means that it will fix the
6464 # Calling-Station-Id attribute to the normal format as
6465 # specified in RFC 3580 Section 3.21
6466# wimax
6467
6468 #
6469 # Look for IPASS style 'realm/', and if not found, look for
6470 # '@realm', and decide whether or not to proxy, based on
6471 # that.
6472# IPASS
6473
6474 #
6475 # If you are using multiple kinds of realms, you probably
6476 # want to set "ignore_null = yes" for all of them.
6477 # Otherwise, when the first style of realm doesn't match,
6478 # the other styles won't be checked.
6479 #
6480# suffix
6481# ntdomain
6482
6483 #
6484 # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
6485 # authentication.
6486 #
6487 # It also sets the EAP-Type attribute in the request
6488 # attribute list to the EAP type from the packet.
6489 #
6490 # As of 2.0, the EAP module returns "ok" in the authorize stage
6491 # for TTLS and PEAP. In 1.x, it never returned "ok" here, so
6492 # this change is compatible with older configurations.
6493 #
6494 # The example below uses module failover to avoid querying all
6495 # of the following modules if the EAP module returns "ok".
6496 # Therefore, your LDAP and/or SQL servers will not be queried
6497 # for the many packets that go back and forth to set up TTLS
6498 # or PEAP. The load on those servers will therefore be reduced.
6499 #
6500 eap {
6501 ok = return
6502 }
6503
6504 #
6505 # Pull crypt'd passwords from /etc/passwd or /etc/shadow,
6506 # using the system API's to get the password. If you want
6507 # to read /etc/passwd or /etc/shadow directly, see the
6508 # passwd module in radiusd.conf.
6509 #
6510# unix
6511
6512 #
6513 # Read the 'users' file
6514 files
6515
6516 #
6517 # Look in an SQL database. The schema of the database
6518 # is meant to mirror the "users" file.
6519 #
6520 # See "Authorization Queries" in sql.conf
6521# sql
6522
6523 #
6524 # If you are using /etc/smbpasswd, and are also doing
6525 # mschap authentication, the un-comment this line, and
6526 # configure the 'smbpasswd' module.
6527# smbpasswd
6528
6529 #
6530 # The ldap module will set Auth-Type to LDAP if it has not
6531 # already been set
6532# ldap
6533
6534 #
6535 # Enforce daily limits on time spent logged in.
6536# daily
6537
6538 #
6539 # Use the checkval module
6540# checkval
6541
6542# expiration
6543# logintime
6544
6545 #
6546 # If no other module has claimed responsibility for
6547 # authentication, then try to use PAP. This allows the
6548 # other modules listed above to add a "known good" password
6549 # to the request, and to do nothing else. The PAP module
6550 # will then see that password, and use it to do PAP
6551 # authentication.
6552 #
6553 # This module should be listed last, so that the other modules
6554 # get a chance to set Auth-Type for themselves.
6555 #
6556 pap
6557
6558 #
6559 # If "status_server = yes", then Status-Server messages are passed
6560 # through the following section, and ONLY the following section.
6561 # This permits you to do DB queries, for example. If the modules
6562 # listed here return "fail", then NO response is sent.
6563 #
6564# Autz-Type Status-Server {
6565#
6566# }
6567}
6568
6569
6570# Authentication.
6571#
6572#
6573# This section lists which modules are available for authentication.
6574# Note that it does NOT mean 'try each module in order'. It means
6575# that a module from the 'authorize' section adds a configuration
6576# attribute 'Auth-Type := FOO'. That authentication type is then
6577# used to pick the apropriate module from the list below.
6578#
6579
6580# In general, you SHOULD NOT set the Auth-Type attribute. The server
6581# will figure it out on its own, and will do the right thing. The
6582# most common side effect of erroneously setting the Auth-Type
6583# attribute is that one authentication method will work, but the
6584# others will not.
6585#
6586# The common reasons to set the Auth-Type attribute by hand
6587# is to either forcibly reject the user (Auth-Type := Reject),
6588# or to or forcibly accept the user (Auth-Type := Accept).
6589#
6590# Note that Auth-Type := Accept will NOT work with EAP.
6591#
6592# Please do not put "unlang" configurations into the "authenticate"
6593# section. Put them in the "post-auth" section instead. That's what
6594# the post-auth section is for.
6595#
6596authenticate {
6597 #
6598 # PAP authentication, when a back-end database listed
6599 # in the 'authorize' section supplies a password. The
6600 # password can be clear-text, or encrypted.
6601 Auth-Type PAP {
6602 pap
6603 }
6604
6605 #
6606 # Most people want CHAP authentication
6607 # A back-end database listed in the 'authorize' section
6608 # MUST supply a CLEAR TEXT password. Encrypted passwords
6609 # won't work.
6610 Auth-Type CHAP {
6611 chap
6612 }
6613
6614 #
6615 # MSCHAP authentication.
6616 Auth-Type MS-CHAP {
6617 mschap
6618 }
6619
6620 #
6621 # If you have a Cisco SIP server authenticating against
6622 # FreeRADIUS, uncomment the following line, and the 'digest'
6623 # line in the 'authorize' section.
6624# digest
6625
6626 #
6627 # Pluggable Authentication Modules.
6628# pam
6629
6630 #
6631 # See 'man getpwent' for information on how the 'unix'
6632 # module checks the users password. Note that packets
6633 # containing CHAP-Password attributes CANNOT be authenticated
6634 # against /etc/passwd! See the FAQ for details.
6635 #
6636 # For normal "crypt" authentication, the "pap" module should
6637 # be used instead of the "unix" module. The "unix" module should
6638 # be used for authentication ONLY for compatibility with legacy
6639 # FreeRADIUS configurations.
6640 #
6641# unix
6642
6643 # Uncomment it if you want to use ldap for authentication
6644 #
6645 # Note that this means "check plain-text password against
6646 # the ldap database", which means that EAP won't work,
6647 # as it does not supply a plain-text password.
6648# Auth-Type LDAP {
6649# ldap
6650# }
6651
6652 #
6653 # Allow EAP authentication.
6654 eap
6655
6656 #
6657 # The older configurations sent a number of attributes in
6658 # Access-Challenge packets, which wasn't strictly correct.
6659 # If you want to filter out these attributes, uncomment
6660 # the following lines.
6661 #
6662# Auth-Type eap {
6663# eap {
6664# handled = 1
6665# }
6666# if (handled && (Response-Packet-Type == Access-Challenge)) {
6667# attr_filter.access_challenge.post-auth
6668# handled # override the "updated" code from attr_filter
6669# }
6670# }
6671}
6672
6673
6674#
6675# Pre-accounting. Decide which accounting type to use.
6676#
6677#preacct {
6678# preprocess
6679
6680 #
6681 # Session start times are *implied* in RADIUS.
6682 # The NAS never sends a "start time". Instead, it sends
6683 # a start packet, *possibly* with an Acct-Delay-Time.
6684 # The server is supposed to conclude that the start time
6685 # was "Acct-Delay-Time" seconds in the past.
6686 #
6687 # The code below creates an explicit start time, which can
6688 # then be used in other modules.
6689 #
6690 # The start time is: NOW - delay - session_length
6691 #
6692
6693# update request {
6694# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
6695# }
6696
6697
6698 #
6699 # Ensure that we have a semi-unique identifier for every
6700 # request, and many NAS boxes are broken.
6701# acct_unique
6702
6703 #
6704 # Look for IPASS-style 'realm/', and if not found, look for
6705 # '@realm', and decide whether or not to proxy, based on
6706 # that.
6707 #
6708 # Accounting requests are generally proxied to the same
6709 # home server as authentication requests.
6710# IPASS
6711# suffix
6712# ntdomain
6713
6714 #
6715 # Read the 'acct_users' file
6716# files
6717#}
6718
6719#
6720# Accounting. Log the accounting data.
6721#
6722accounting {
6723 #
6724 # Create a 'detail'ed log of the packets.
6725 # Note that accounting requests which are proxied
6726 # are also logged in the detail file.
6727# detail
6728# daily
6729
6730 # Update the wtmp file
6731 #
6732 # If you don't use "radlast", you can delete this line.
6733# unix
6734
6735 #
6736 # For Simultaneous-Use tracking.
6737 #
6738 # Due to packet losses in the network, the data here
6739 # may be incorrect. There is little we can do about it.
6740# radutmp
6741# sradutmp
6742
6743 # Return an address to the IP Pool when we see a stop record.
6744# main_pool
6745
6746 #
6747 # Log traffic to an SQL database.
6748 #
6749 # See "Accounting queries" in sql.conf
6750# sql
6751
6752 #
6753 # If you receive stop packets with zero session length,
6754 # they will NOT be logged in the database. The SQL module
6755 # will print a message (only in debugging mode), and will
6756 # return "noop".
6757 #
6758 # You can ignore these packets by uncommenting the following
6759 # three lines. Otherwise, the server will not respond to the
6760 # accounting request, and the NAS will retransmit.
6761 #
6762# if (noop) {
6763# ok
6764# }
6765
6766 #
6767 # Instead of sending the query to the SQL server,
6768 # write it into a log file.
6769 #
6770# sql_log
6771
6772 # Cisco VoIP specific bulk accounting
6773# pgsql-voip
6774
6775 # For Exec-Program and Exec-Program-Wait
6776 exec
6777
6778 # Filter attributes from the accounting response.
6779 #attr_filter.accounting_response
6780
6781 #
6782 # See "Autz-Type Status-Server" for how this works.
6783 #
6784# Acct-Type Status-Server {
6785#
6786# }
6787}
6788
6789
6790# Session database, used for checking Simultaneous-Use. Either the radutmp
6791# or rlm_sql module can handle this.
6792# The rlm_sql module is *much* faster
6793session {
6794 radutmp
6795
6796 #
6797 # See "Simultaneous Use Checking Queries" in sql.conf
6798# sql
6799}
6800
6801
6802# Post-Authentication
6803# Once we KNOW that the user has been authenticated, there are
6804# additional steps we can take.
6805#post-auth {
6806 # Get an address from the IP Pool.
6807# main_pool
6808
6809 #
6810 # If you want to have a log of authentication replies,
6811 # un-comment the following line, and the 'detail reply_log'
6812 # section, above.
6813# reply_log
6814
6815 #
6816 # After authenticating the user, do another SQL query.
6817 #
6818 # See "Authentication Logging Queries" in sql.conf
6819# sql
6820
6821 #
6822 # Instead of sending the query to the SQL server,
6823 # write it into a log file.
6824 #
6825# sql_log
6826
6827 #
6828 # Un-comment the following if you have set
6829 # 'edir_account_policy_check = yes' in the ldap module sub-section of
6830 # the 'modules' section.
6831 #
6832# ldap
6833
6834 # For Exec-Program and Exec-Program-Wait
6835# exec
6836
6837 #
6838 # Calculate the various WiMAX keys. In order for this to work,
6839 # you will need to define the WiMAX NAI, usually via
6840 #
6841 # update request {
6842 # WiMAX-MN-NAI = "%{User-Name}"
6843 # }
6844 #
6845 # If you want various keys to be calculated, you will need to
6846 # update the reply with "template" values. The module will see
6847 # this, and replace the template values with the correct ones
6848 # taken from the cryptographic calculations. e.g.
6849 #
6850 # update reply {
6851 # WiMAX-FA-RK-Key = 0x00
6852 # WiMAX-MSK = "%{EAP-MSK}"
6853 # }
6854 #
6855 # You may want to delete the MS-MPPE-*-Keys from the reply,
6856 # as some WiMAX clients behave badly when those attributes
6857 # are included. See "raddb/modules/wimax", configuration
6858 # entry "delete_mppe_keys" for more information.
6859 #
6860# wimax
6861
6862 # If there is a client certificate (EAP-TLS, sometimes PEAP
6863 # and TTLS), then some attributes are filled out after the
6864 # certificate verification has been performed. These fields
6865 # MAY be available during the authentication, or they may be
6866 # available only in the "post-auth" section.
6867 #
6868 # The first set of attributes contains information about the
6869 # issuing certificate which is being used. The second
6870 # contains information about the client certificate (if
6871 # available).
6872#
6873# update reply {
6874# Reply-Message += "%{TLS-Cert-Serial}"
6875# Reply-Message += "%{TLS-Cert-Expiration}"
6876# Reply-Message += "%{TLS-Cert-Subject}"
6877# Reply-Message += "%{TLS-Cert-Issuer}"
6878# Reply-Message += "%{TLS-Cert-Common-Name}"
6879# Reply-Message += "%{TLS-Cert-Subject-Alt-Name-Email}"
6880#
6881# Reply-Message += "%{TLS-Client-Cert-Serial}"
6882# Reply-Message += "%{TLS-Client-Cert-Expiration}"
6883# Reply-Message += "%{TLS-Client-Cert-Subject}"
6884# Reply-Message += "%{TLS-Client-Cert-Issuer}"
6885# Reply-Message += "%{TLS-Client-Cert-Common-Name}"
6886# Reply-Message += "%{TLS-Client-Cert-Subject-Alt-Name-Email}"
6887# }
6888
6889 # MacSEC requires the use of EAP-Key-Name. However, we don't
6890 # want to send it for all EAP sessions. Therefore, the EAP
6891 # modules put required data into the EAP-Session-Id attribute.
6892 # This attribute is never put into a request or reply packet.
6893 #
6894 # Uncomment the next few lines to copy the required data into
6895 # the EAP-Key-Name attribute
6896# if (reply:EAP-Session-Id) {
6897# update reply {
6898# EAP-Key-Name := "%{reply:EAP-Session-Id}"
6899# }
6900# }
6901
6902 # If the WiMAX module did it's work, you may want to do more
6903 # things here, like delete the MS-MPPE-*-Key attributes.
6904 #
6905 # if (updated) {
6906 # update reply {
6907 # MS-MPPE-Recv-Key !* 0x00
6908 # MS-MPPE-Send-Key !* 0x00
6909 # }
6910 # }
6911
6912 #
6913 # Access-Reject packets are sent through the REJECT sub-section of the
6914 # post-auth section.
6915 #
6916 # Add the ldap module name (or instance) if you have set
6917 # 'edir_account_policy_check = yes' in the ldap module configuration
6918 #
6919# Post-Auth-Type REJECT {
6920# # log failed authentications in SQL, too.
6921# sql
6922# attr_filter.access_reject
6923# }
6924#}
6925
6926#
6927# When the server decides to proxy a request to a home server,
6928# the proxied request is first passed through the pre-proxy
6929# stage. This stage can re-write the request, or decide to
6930# cancel the proxy.
6931#
6932# Only a few modules currently have this method.
6933#
6934#pre-proxy {
6935# attr_rewrite
6936
6937 # Uncomment the following line if you want to change attributes
6938 # as defined in the preproxy_users file.
6939# files
6940
6941 # Uncomment the following line if you want to filter requests
6942 # sent to remote servers based on the rules defined in the
6943 # 'attrs.pre-proxy' file.
6944# attr_filter.pre-proxy
6945
6946 # If you want to have a log of packets proxied to a home
6947 # server, un-comment the following line, and the
6948 # 'detail pre_proxy_log' section, above.
6949# pre_proxy_log
6950#}
6951
6952#
6953# When the server receives a reply to a request it proxied
6954# to a home server, the request may be massaged here, in the
6955# post-proxy stage.
6956#
6957#post-proxy {
6958
6959 # If you want to have a log of replies from a home server,
6960 # un-comment the following line, and the 'detail post_proxy_log'
6961 # section, above.
6962# post_proxy_log
6963
6964# attr_rewrite
6965
6966 # Uncomment the following line if you want to filter replies from
6967 # remote proxies based on the rules defined in the 'attrs' file.
6968# attr_filter.post-proxy
6969
6970 #
6971 # If you are proxying LEAP, you MUST configure the EAP
6972 # module, and you MUST list it here, in the post-proxy
6973 # stage.
6974 #
6975 # You MUST also use the 'nostrip' option in the 'realm'
6976 # configuration. Otherwise, the User-Name attribute
6977 # in the proxied request will not match the user name
6978 # hidden inside of the EAP packet, and the end server will
6979 # reject the EAP request.
6980 #
6981# eap
6982
6983 #
6984 # If the server tries to proxy a request and fails, then the
6985 # request is processed through the modules in this section.
6986 #
6987 # The main use of this section is to permit robust proxying
6988 # of accounting packets. The server can be configured to
6989 # proxy accounting packets as part of normal processing.
6990 # Then, if the home server goes down, accounting packets can
6991 # be logged to a local "detail" file, for processing with
6992 # radrelay. When the home server comes back up, radrelay
6993 # will read the detail file, and send the packets to the
6994 # home server.
6995 #
6996 # With this configuration, the server always responds to
6997 # Accounting-Requests from the NAS, but only writes
6998 # accounting packets to disk if the home server is down.
6999 #
7000# Post-Proxy-Type Fail {
7001# detail
7002# }
7003#}
7004
7005
7006##### File: /etc/freeradius2/users #####
7007#
7008# Please read the documentation file ../doc/processing_users_file,
7009# or 'man 5 users' (after installing the server) for more information.
7010#
7011# This file contains authentication security and configuration
7012# information for each user. Accounting requests are NOT processed
7013# through this file. Instead, see 'acct_users', in this directory.
7014#
7015# The first field is the user's name and can be up to
7016# 253 characters in length. This is followed (on the same line) with
7017# the list of authentication requirements for that user. This can
7018# include password, comm server name, comm server port number, protocol
7019# type (perhaps set by the "hints" file), and huntgroup name (set by
7020# the "huntgroups" file).
7021#
7022# If you are not sure why a particular reply is being sent by the
7023# server, then run the server in debugging mode (radiusd -X), and
7024# you will see which entries in this file are matched.
7025#
7026# When an authentication request is received from the comm server,
7027# these values are tested. Only the first match is used unless the
7028# "Fall-Through" variable is set to "Yes".
7029#
7030# A special user named "DEFAULT" matches on all usernames.
7031# You can have several DEFAULT entries. All entries are processed
7032# in the order they appear in this file. The first entry that
7033# matches the login-request will stop processing unless you use
7034# the Fall-Through variable.
7035#
7036# If you use the database support to turn this file into a .db or .dbm
7037# file, the DEFAULT entries _have_ to be at the end of this file and
7038# you can't have multiple entries for one username.
7039#
7040# Indented (with the tab character) lines following the first
7041# line indicate the configuration values to be passed back to
7042# the comm server to allow the initiation of a user session.
7043# This can include things like the PPP configuration values
7044# or the host to log the user onto.
7045#
7046# You can include another `users' file with `$INCLUDE users.other'
7047#
7048
7049#
7050# For a list of RADIUS attributes, and links to their definitions,
7051# see:
7052#
7053# http://www.freeradius.org/rfc/attributes.html
7054#
7055
7056#
7057# Deny access for a specific user. Note that this entry MUST
7058# be before any other 'Auth-Type' attribute which results in the user
7059# being authenticated.
7060#
7061# Note that there is NO 'Fall-Through' attribute, so the user will not
7062# be given any additional resources.
7063#
7064#lameuser Auth-Type := Reject
7065# Reply-Message = "Your account has been disabled."
7066
7067#
7068# Deny access for a group of users.
7069#
7070# Note that there is NO 'Fall-Through' attribute, so the user will not
7071# be given any additional resources.
7072#
7073#DEFAULT Group == "disabled", Auth-Type := Reject
7074# Reply-Message = "Your account has been disabled."
7075#
7076
7077#
7078# This is a complete entry for "steve". Note that there is no Fall-Through
7079# entry so that no DEFAULT entry will be used, and the user will NOT
7080# get any attributes in addition to the ones listed here.
7081#
7082#steve Cleartext-Password := "testing"
7083# Service-Type = Framed-User,
7084# Framed-Protocol = PPP,
7085# Framed-IP-Address = 172.16.3.33,
7086# Framed-IP-Netmask = 255.255.255.0,
7087# Framed-Routing = Broadcast-Listen,
7088# Framed-Filter-Id = "std.ppp",
7089# Framed-MTU = 1500,
7090# Framed-Compression = Van-Jacobsen-TCP-IP
7091
7092#
7093# This is an entry for a user with a space in their name.
7094# Note the double quotes surrounding the name.
7095#
7096#"John Doe" Cleartext-Password := "hello"
7097# Reply-Message = "Hello, %{User-Name}"
7098
7099#
7100# Dial user back and telnet to the default host for that port
7101#
7102#Deg Cleartext-Password := "ge55ged"
7103# Service-Type = Callback-Login-User,
7104# Login-IP-Host = 0.0.0.0,
7105# Callback-Number = "9,5551212",
7106# Login-Service = Telnet,
7107# Login-TCP-Port = Telnet
7108
7109#
7110# Another complete entry. After the user "dialbk" has logged in, the
7111# connection will be broken and the user will be dialed back after which
7112# he will get a connection to the host "timeshare1".
7113#
7114#dialbk Cleartext-Password := "callme"
7115# Service-Type = Callback-Login-User,
7116# Login-IP-Host = timeshare1,
7117# Login-Service = PortMaster,
7118# Callback-Number = "9,1-800-555-1212"
7119
7120#
7121# user "swilson" will only get a static IP number if he logs in with
7122# a framed protocol on a terminal server in Alphen (see the huntgroups file).
7123#
7124# Note that by setting "Fall-Through", other attributes will be added from
7125# the following DEFAULT entries
7126#
7127#swilson Service-Type == Framed-User, Huntgroup-Name == "alphen"
7128# Framed-IP-Address = 192.168.1.65,
7129# Fall-Through = Yes
7130
7131#
7132# If the user logs in as 'username.shell', then authenticate them
7133# using the default method, give them shell access, and stop processing
7134# the rest of the file.
7135#
7136#DEFAULT Suffix == ".shell"
7137# Service-Type = Login-User,
7138# Login-Service = Telnet,
7139# Login-IP-Host = your.shell.machine
7140
7141
7142#
7143# The rest of this file contains the several DEFAULT entries.
7144# DEFAULT entries match with all login names.
7145# Note that DEFAULT entries can also Fall-Through (see first entry).
7146# A name-value pair from a DEFAULT entry will _NEVER_ override
7147# an already existing name-value pair.
7148#
7149
7150#
7151# Set up different IP address pools for the terminal servers.
7152# Note that the "+" behind the IP address means that this is the "base"
7153# IP address. The Port-Id (S0, S1 etc) will be added to it.
7154#
7155#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen"
7156# Framed-IP-Address = 192.168.1.32+,
7157# Fall-Through = Yes
7158
7159#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft"
7160# Framed-IP-Address = 192.168.2.32+,
7161# Fall-Through = Yes
7162
7163#
7164# Sample defaults for all framed connections.
7165#
7166#DEFAULT Service-Type == Framed-User
7167# Framed-IP-Address = 255.255.255.254,
7168# Framed-MTU = 576,
7169# Service-Type = Framed-User,
7170# Fall-Through = Yes
7171
7172#
7173# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
7174# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
7175# by the terminal server in which case there may not be a "P" suffix.
7176# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
7177#
7178#DEFAULT Framed-Protocol == PPP
7179# Framed-Protocol = PPP,
7180# Framed-Compression = Van-Jacobson-TCP-IP
7181
7182#
7183# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
7184#
7185#DEFAULT Hint == "CSLIP"
7186# Framed-Protocol = SLIP,
7187# Framed-Compression = Van-Jacobson-TCP-IP
7188
7189#
7190# Default for SLIP: dynamic IP address, SLIP mode.
7191#
7192#DEFAULT Hint == "SLIP"
7193# Framed-Protocol = SLIP
7194
7195#
7196# Last default: rlogin to our main server.
7197#
7198#DEFAULT
7199# Service-Type = Login-User,
7200# Login-Service = Rlogin,
7201# Login-IP-Host = shellbox.ispdomain.com
7202
7203# #
7204# # Last default: shell on the local terminal server.
7205# #
7206# DEFAULT
7207# Service-Type = Administrative-User
7208
7209# On no match, the user is denied access.
7210
7211##### File: /etc/group #####
7212root:x:0:
7213daemon:x:1:
7214adm:x:4:
7215mail:x:8:
7216audio:x:29:
7217www-data:x:33:
7218ftp:x:55:
7219users:x:100:
7220network:x:101:
7221nogroup:x:65534:
7222
7223##### File: /etc/hosts #####
7224127.0.0.1 localhost
7225
7226##### File: /etc/init.d/luci_fixtime #####
7227#!/bin/sh /etc/rc.common
7228
7229START=05
7230STOP=95
7231
7232start() {
7233 date -s @$(date +%s -r /etc/init.d/luci_fixtime)
7234}
7235
7236stop() {
7237 [ -w /etc/init.d/luci_fixtime ] && cat /dev/null >> /etc/init.d/luci_fixtime && touch /etc/init.d/luci_fixtime
7238}
7239
7240##### File: /etc/inittab #####
7241::sysinit:/etc/init.d/rcS S boot
7242::shutdown:/etc/init.d/rcS K shutdown
7243::askconsole:/bin/login
7244
7245##### File: /etc/iproute2/rt_tables #####
7246#
7247# reserved values
7248#
7249255 local
7250254 main
7251253 default
72520 unspec
7253#
7254# local
7255#
7256#1 inr.ruhep
7257200 wan
7258201 wan2
7259202 wan3
7260
7261##### File: /etc/ipsec.user #####
7262# This file is interpreted as shell script.
7263# Put your custom ip rules here, they will
7264# be executed with each call to the script
7265# /usr/lib/ipsec/_updown which by default
7266# strongswan executes.
7267
7268
7269##### File: /etc/openvpn/auth #####
7270001e4219c1f1
72711100957932
7272
7273##### File: /etc/openvpn/auth-pam.sh #####
7274#!/bin/sh
7275
7276CONFIG=$config
7277
7278log(){
7279 logger -t "openvpn-$1" "$2"
7280}
7281
7282if [ -n $CONFIG ]; then
7283 AUTH_FILE=`echo $config | sed 's/openvpn-//g' | sed 's/.conf//g'`
7284 AUTH_FILE_PATH=/etc/openvpn/auth_$AUTH_FILE
7285
7286 userpass=`cat $1`
7287 username=`echo $userpass | awk '{print $1}'`
7288 password=`echo $userpass | awk '{print $2}'`
7289 localuserpass=`cat $AUTH_FILE_PATH`
7290 localusername=`echo $localuserpass | awk '{print $1}'`
7291 localpassword=`echo $localuserpass | awk '{print $2}'`
7292
7293 if [ "$username" = "$localusername" -a "$password" = "$localpassword" ]
7294 then
7295 log $AUTH_FILE "OpenVPN authentication successfull: $username"
7296 exit 0
7297 fi
7298
7299 log $AUTH_FILE "OpenVPN authentication failed"
7300 exit 1
7301fi
7302
7303return 1
7304
7305##### File: /etc/openvpn/tlt_ca.crt #####
7306-----BEGIN CERTIFICATE-----
7307MIID+jCCAuKgAwIBAgIJAKaXl5YY1O1IMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV
7308BAYTAkxUMRAwDgYDVQQIEwdWaWxuaXVzMRAwDgYDVQQHEwdWaWxuaXVzMRIwEAYD
7309VQQKEwlUZWx0b25pa2ExFDASBgNVBAMUC3RsdF9vcGVudnBuMB4XDTE0MDUxMzA3
7310NTMwMloXDTI0MDUxMDA3NTMwMlowWzELMAkGA1UEBhMCTFQxEDAOBgNVBAgTB1Zp
7311bG5pdXMxEDAOBgNVBAcTB1ZpbG5pdXMxEjAQBgNVBAoTCVRlbHRvbmlrYTEUMBIG
7312A1UEAxQLdGx0X29wZW52cG4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
7313AQCrg43AF+AVwXKsD77emPwzw3nhqoNIu7c17FJG8n9/JrYQdm46ixlfRTeu0Kl9
73144MR9nHTYPjCU2ii7Wf0y8ePat61jJ0PBzmgBdiuUBHufVsvYLD9L9nx+Rg1hZap/
7315znYe0CoYwxCrq/Lb9He6jwrcqvWXjMDnDzfgevxRxQKWudZrfswISXYFWXF8koxP
7316ha+eSXwmfn3EwZhhOT81H5GouJNoqad0X5gp4wm2TXH3pfce0qmH4vAMJLx1MHPV
7317s8vAlcHj9hUNWgdoe1a8tGvhBxSUV27NmSRrDuNDcTJAuOwB/ZorHIXn1xO/yXzJ
73189Ak8XQkR/LWFpaHTamIyJYvrAgMBAAGjgcAwgb0wHQYDVR0OBBYEFIlysJwfN9D+
7319xPfSWoTgX18H7MV8MIGNBgNVHSMEgYUwgYKAFIlysJwfN9D+xPfSWoTgX18H7MV8
7320oV+kXTBbMQswCQYDVQQGEwJMVDEQMA4GA1UECBMHVmlsbml1czEQMA4GA1UEBxMH
7321Vmlsbml1czESMBAGA1UEChMJVGVsdG9uaWthMRQwEgYDVQQDFAt0bHRfb3BlbnZw
7322boIJAKaXl5YY1O1IMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFH4
7323BLS6b4kq8QuBSecwADrdXw9m1BAdrGWJocsiKM9VfYBpjoj+XzgubKWy7PTv4MQ3
73241RXJYcXqupqSNIWYomle9hVjFRVklQyWMXSP25UbO6AjXKPzNK+y/Uy8JTU2MH9u
7325EhX1AZrbdbe+eP/ihm2OJ77U3dOpdOcR7MSEhl0c2tPfjEOTgyv2FMTkLb0kYEP2
7326s8eaBNEDRn9K1apJRw+3ZMfIDdNUi4DH+t6Vha3sxSXWYhnkF4tTi/VvbXEHad1/
7327xsPAhBRzwFejHaR8t9P22DTHccalfMVbxMMmNwGwa8LfcBtcRBnRI7BI/d+5clD/
7328hrj9BKni7t82/HxOqwc=
7329-----END CERTIFICATE-----
7330
7331##### File: /etc/opkg.conf #####
7332dest root /
7333dest ram /tmp
7334lists_dir ext /var/opkg-lists
7335option overlay_root /overlay
7336
7337##### File: /etc/opkg/customfeeds.conf #####
7338# add your custom package feeds here
7339#
7340# src/gz example_feed_name http://www.example.com/path/to/files
7341
7342##### File: /etc/passwd #####
7343root:x:0:0:root:/root:/bin/ash
7344daemon:*:1:1:daemon:/var:/bin/false
7345ftp:*:55:55:ftp:/home/ftp:/bin/false
7346network:*:101:101:network:/var:/bin/false
7347nobody:*:65534:65534:nobody:/var:/bin/false
7348rancid:x:2:2:Linux User,,,:/home/rancid:/bin/ash
7349
7350##### File: /etc/ppp/chap-secrets #####
7351#USERNAME PROVIDER PASSWORD IPADDRESS
7352
7353##### File: /etc/ppp/filter #####
7354#
7355# Expression: outbound and not icmp[0] != 8 and not tcp[13] & 4 != 0
7356#
735719
735848 0 0 0
735921 0 16 1
736040 0 0 2
736121 0 13 33
736248 0 0 13
736321 0 5 1
736440 0 0 10
736569 9 0 8191
7366177 0 0 4
736780 0 0 4
736821 6 7 8
736921 0 5 6
737040 0 0 10
737169 3 0 8191
7372177 0 0 4
737380 0 0 17
737469 1 0 4
73756 0 0 4
73766 0 0 0
7377
7378##### File: /etc/ppp/options #####
7379#debug
7380logfile /dev/null
7381noipdefault
7382noaccomp
7383nopcomp
7384nocrtscts
7385lock
7386maxfail 0
7387lcp-echo-failure 10
7388lcp-echo-interval 10
7389
7390##### File: /etc/ppp/options.pptpd #####
7391proxyarp
7392#debug
7393#logfile /tmp/pptp-server.log
7394ip-up-script /etc/ppp/pptpd-up
7395ifname pptp
7396encounter
7397auth
7398name "pptp-server"
7399lcp-echo-failure 3
7400lcp-echo-interval 60
7401default-asyncmap
7402mtu 1482
7403mru 1482
7404nobsdcomp
7405nodeflate
7406#noproxyarp
7407#nomppc
7408mppe required,no40,no56,stateless
7409require-mschap-v2
7410refuse-chap
7411refuse-mschap
7412refuse-eap
7413refuse-pap
7414logfd 2
7415#ms-dns 172.16.1.1
7416#plugin radius.so
7417#radius-config-file /etc/radius.conf
7418chap-secrets /var/etc/pptpd-chap-secrets
7419
7420##### File: /etc/ppp/options.xl2tpd #####
7421ipcp-accept-local
7422ipcp-accept-remote
7423ms-dns 8.8.8.8
7424# ms-dns 192.168.1.1
7425# ms-dns 192.168.1.3
7426# ms-wins 192.168.1.2
7427# ms-wins 192.168.1.4
7428noccp
7429auth
7430#crtscts
7431idle 1800
7432mtu 1410
7433mru 1410
7434nodefaultroute
7435#lock
7436proxyarp
7437connect-delay 5000
7438require-mschap-v2
7439# plugin winbind.so
7440ip-up-script /etc/ppp/xl2tpd-up
7441chap-secrets /var/etc/xl2tp-chap-secrets
7442ifname xl2tp
7443encounter
7444
7445##### File: /etc/pptpd.conf #####
7446#debug
7447option /etc/ppp/options.pptpd
7448speed 115200
7449stimeout 10
7450#localip & remoteip are not needed, ip management is done by pppd
7451
7452##### File: /etc/profile #####
7453#!/bin/sh
7454[ -f /etc/banner ] && cat /etc/banner
7455
7456export PATH=/usr/bin:/usr/sbin:/bin:/sbin
7457export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
7458export HOME=${HOME:-/root}
7459export PS1='\u@\h:\w\$ '
7460
7461[ -x /bin/more ] || alias more=less
7462[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
7463
7464[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
7465
7466[ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; }
7467[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
7468alias gsmget=gsmctl
7469##### File: /etc/quagga/bgpd.conf #####
7470cat: can't open '/etc/quagga/bgpd.conf': No such file or directory
7471
7472##### File: /etc/quagga/ospfd.conf #####
7473cat: can't open '/etc/quagga/ospfd.conf': No such file or directory
7474
7475##### File: /etc/quagga/ripd.conf #####
7476cat: can't open '/etc/quagga/ripd.conf': No such file or directory
7477
7478##### File: /etc/quagga/zebra.conf #####
7479password zebra
7480!
7481access-list vty permit 127.0.0.0/8
7482access-list vty deny any
7483!
7484line vty
7485 access-class vty
7486
7487##### File: /etc/rc.d/K10auto_update #####
7488#!/bin/sh /etc/rc.common
7489
7490# Copyright (C) 2014 Teltonika
7491
7492#. /lib/teltonika-functions.sh
7493
7494START=99
7495STOP=10
7496
7497start() {
7498 killall -9 auto_update.sh >/dev/null 2>&1
7499 /usr/sbin/auto_update.sh init&
7500}
7501
7502stop() {
7503 killall -9 auto_update.sh >/dev/null 2>&1
7504}
7505
7506##### File: /etc/rc.d/K10ddns #####
7507#!/bin/sh /etc/rc.common
7508START=95
7509STOP=10
7510USE_PROCD=1
7511./lib/functions.sh
7512IP_INTERFACE=""
7513checkifenabled() {
7514config_get_bool enabled "$1" enabled 0
7515if [ $enabled -eq 1 ]; then
7516config_get IP_INTERFACE "$1" ifname
7517fi
7518}
7519start_service() {
7520config_load network
7521config_foreach checkifenabled interface
7522/usr/lib/ddns/dynamic_dns_updater.sh -i "$IP_INTERFACE" -- start
7523}
7524stop_service() {
7525/usr/lib/ddns/dynamic_dns_updater.sh -- stop
7526}
7527reload_service() {
7528stop_service
7529sleep 1
7530start_service
7531}
7532service_triggers()
7533{
7534procd_add_reload_trigger "ddns"
7535}
7536
7537##### File: /etc/rc.d/K10port_event_checker_init #####
7538#!/bin/sh /etc/rc.common
7539# Copyright (C) 2015 Teltonika
7540
7541USE_PROCD=1
7542START=75
7543STOP=10
7544
7545command_line="/usr/sbin/port_event_checker"
7546
7547start_service() {
7548 procd_open_instance
7549 procd_set_param respawn
7550 procd_set_param command $command_line
7551 procd_close_instance
7552}
7553service_triggers()
7554{
7555 procd_add_reload_trigger "port_event_checker"
7556}
7557
7558##### File: /etc/rc.d/K10quagga #####
7559#!/bin/sh /etc/rc.common
7560# Copyright (C) 2006 OpenWrt.org
7561 . /lib/functions/network.sh
7562
7563START=60
7564STOP=10
7565
7566DEBUG_LEVEL=4
7567ZEBRA_CONFIG=/etc/quagga/zebra.conf
7568ZEBRA_USERNAME="admin"
7569ZEBRA_PASSWORD="admin01"
7570#BGP
7571BGP_CONFIG=/etc/quagga/bgpd.conf
7572BGPD_USERNAME="admin"
7573BGPD_PASSWORD="admin01"
7574FIREWALL_SEC="A_BGP"
7575#RIP
7576RIP_CONFIG=/etc/quagga/ripd.conf
7577RIPD_USERNAME="admin"
7578RIPD_PASSWORD="admin01"
7579RIP_FIREWALL_SEC="A_RIP"
7580#OSPF
7581OSPF_CONFIG=/etc/quagga/ospfd.conf
7582OSPF_USERNAME="admin"
7583OSPF_PASSWORD="admin01"
7584OSPF_FIREWALL_SEC="A_OSPF"
7585
7586debug() {
7587 if [ $DEBUG_LEVEL -ge $1 ]; then
7588 logger -t "quagga.init" "$2"
7589 fi
7590}
7591
7592writeToConfig() {
7593 echo "$1" >> $2
7594}
7595
7596BgpConfig() {
7597 writeToConfig "$1" $BGP_CONFIG
7598}
7599
7600RipConfig() {
7601 writeToConfig "$1" $RIP_CONFIG
7602}
7603
7604ZebraConfig() {
7605 writeToConfig "$1" $ZEBRA_CONFIG
7606}
7607
7608OspfConfig() {
7609 writeToConfig "$1" $OSPF_CONFIG
7610}
7611# Function: IfConfig $1 $2 $3 [$4]
7612# $1 string, $2 string, $2 string, $4 string (optional).
7613# This function checks if $3 and $4 is not empty and equals.
7614# If yes, it writes the string $2 in the $1 file.
7615# If $4 is not set, function checks if $3 is empty. If not, it writes the string $2 in the $1 file.
7616# Example: N=""; IfConfig $BGP_CONFIG "value: $N" $N;
7617# Example 1: N="1"; IfConfig $BGP_CONFIG "value: $N" $N "1";
7618IfConfig() {
7619 if [ -n "$3" ]; then
7620 if [ -n "$4" -a "$3" = "$4" ]; then
7621 writeToConfig "$2" "$1"
7622 elif [[ -z "$4" ]]; then
7623 writeToConfig "$2" "$1"
7624 fi
7625 fi
7626}
7627
7628get() {
7629 config_get $1 $2 $1 $3
7630}
7631
7632prepare_peer() {
7633 local section="$1"
7634 local instance_name="$2"
7635 local ipaddr; local as; local instance; local port; local description; local ebgp_multihop;
7636 local default_originate; local weight; local maximum_prefix
7637 local enabled; local inbound=0; local outbound=0;
7638
7639 get instance $section
7640 [ "$instance" != "$instance_name" ] && return 2
7641 get enabled $section
7642 [ "$enabled" != "1" ] && return 1
7643
7644 get ipaddr $section
7645 get as $section
7646 get port $section
7647 get description $section
7648 get default_originate $section
7649 get weight $section
7650 get maximum_prefix $section
7651 get ebgp_multihop $section
7652 BgpConfig "! neighbor $section configuration"
7653 BgpConfig "neighbor $ipaddr remote-as $as"
7654 IfConfig $BGP_CONFIG "neighbor $ipaddr port $port" "$port"
7655 IfConfig $BGP_CONFIG "neighbor $ipaddr description $description" "$description"
7656 IfConfig $BGP_CONFIG "neighbor $ipaddr default-originate" "$default_originate" "1"
7657 IfConfig $BGP_CONFIG "neighbor $ipaddr weight" "$weight"
7658 IfConfig $BGP_CONFIG "neighbor $ipaddr maximum-prefix" "$maximum_prefix"
7659 IfConfig $BGP_CONFIG "neighbor $ipaddr ebgp-multihop $ebgp_multihop" "$ebgp_multihop"
7660 config_foreach prepare_distribute_list "access_list" "$section" "$ipaddr" "bgp"
7661
7662 inbound=0
7663 outbound=0
7664}
7665
7666prepare_networks() {
7667 local network; section="$1"
7668
7669 get network $section
7670
7671 if [ -n "$network" ]; then
7672 for net in $network
7673 do
7674 BgpConfig "network $net"
7675 done
7676 fi
7677}
7678
7679prepare_ospf_network(){
7680 local enabled; local section="$1"; local net; local authentication
7681
7682 get enabled $section
7683
7684 if [ "$enabled" == "1" ]; then
7685 get net $section
7686 get area $section
7687 OspfConfig " network $net area $area"
7688
7689 if [ "$authentication" == "pass" ]; then
7690 OspfConfig "area $area authentication"
7691 elif [ "$authentication" == "md5_hmac" ]; then
7692 OspfConfig "area $area authentication message-digest"
7693 fi
7694 fi
7695}
7696
7697prepare_instance() {
7698 local section="$1"
7699 local as; local id; local network; local enabled
7700
7701 get enabled $section
7702 [ "$enabled" != "1" ] && return 1
7703
7704 get as $section
7705 get id $section
7706 get network $section
7707
7708 BgpConfig "! Instance $as"
7709 BgpConfig "router bgp $as"
7710 IfConfig $BGP_CONFIG "bgp router-id $id" "$id"
7711 prepare_networks $section
7712 config_foreach prepare_peer "peer" $section
7713
7714}
7715
7716prepare_rip_interface() {
7717 local section="$1"
7718 local interface; local enabled; local passive_interface
7719
7720 get enabled $section
7721 [ "$enabled" != "1" ] && return 1
7722
7723 get ifname $section
7724 get passive_interface $section
7725
7726 RipConfig "! Interface $ifname"
7727 IfConfig $RIP_CONFIG "network $ifname" "$ifname"
7728 IfConfig $RIP_CONFIG "passive-interface $ifname" "$passive_interface" "1"
7729 config_foreach prepare_distribute_list "rip_access_list" "$section" "$ifname" "rip"
7730}
7731
7732prepare_interface() {
7733 local section="$1"; local enabled; local ifname
7734
7735 if [ -n "`echo $1 | grep wan`" ]; then
7736 get enabled $section
7737
7738 if [ "$enabled" != "0" ]; then
7739 get ifname $section
7740 IfConfig $ZEBRA_CONFIG "interface $ifname" "$ifname"
7741 fi
7742 fi
7743}
7744
7745prepare_ospf_interface() {
7746 local section="$1"; local enabled; local ifname; local hello_interval
7747 local dead_interval; local retransmit_interval; local cost; local priority
7748 local typ; local authentication; local password; local id
7749
7750 get enabled $section
7751
7752 [[ "$enabled" != "1" ]] && return 0
7753
7754 get ifname $section
7755 get hello_interval $section
7756 get dead_interval $section
7757 get retransmit_interval $section
7758 get cost $section
7759 get priority $section
7760 get typ $section
7761 get authentication $section
7762
7763 OspfConfig "!"
7764 OspfConfig "interface $ifname"
7765 IfConfig $OSPF_CONFIG " ip ospf cost $cost" $cost
7766 IfConfig $OSPF_CONFIG " ip ospf hello-interval $hello_interval" $hello_interval
7767 IfConfig $OSPF_CONFIG " ip ospf dead-interval $dead_interval" $dead_interval
7768 IfConfig $OSPF_CONFIG " ip ospf retransmit-interval $retransmit_interval" $retransmit_interval
7769 IfConfig $OSPF_CONFIG " ip ospf priority $priority" $priority
7770 IfConfig $OSPF_CONFIG " ip ospf network $typ" $typ
7771
7772 if [ "$authentication" == "pass" ]; then
7773 get password $section
7774 OspfConfig " ip ospf authentication"
7775 IfConfig $OSPF_CONFIG " ip ospf authentication-key $password" $password
7776 elif [ "$authentication" == "md5_hmac" ]; then
7777 get password $section
7778 get id $section "1"
7779 OspfConfig " ip ospf authentication message-digest"
7780 IfConfig $OSPF_CONFIG " ip ospf message-digest-key $id md5 $password" $password
7781 fi
7782}
7783
7784prepare_distribute_list() {
7785 local section=$1; local target_section=$2; local from=$3; local proto=$4
7786 local enabled; local target
7787 get target $section
7788
7789 [ -z "$target" -o "$target" != "$target_section" ] && return 1
7790 get enabled $section
7791 [ "$enabled" != "1" ] && return 2
7792 get direction $section
7793
7794 if [ "$direction" = "in" ]; then
7795 [ $inbound -gt 0 ] && return 3 || inbound=1
7796 elif [ "$direction" = "out" ]; then
7797 [ $outbound -gt 0 ] && return 4 || outbound=1
7798 fi
7799
7800 if [ -n "$direction" ]; then
7801 if [[ "$proto" == "bgp" ]]; then
7802 BgpConfig "neighbor $from distribute-list ${target}_${direction} $direction"
7803 elif [[ "$proto" == "rip" ]]; then
7804 RipConfig "distribute-list ${target}_${direction} $direction $from"
7805 fi
7806 fi
7807}
7808
7809prepare_access_list() {
7810 local section=$1; local config=$2; local target
7811 local enabled;
7812
7813 get enabled $section
7814
7815 [ "$enabled" != "1" ] && return 2
7816
7817 get target $section
7818 get action $section
7819 get net $section
7820 get direction $section
7821
7822 if [ -n "$target" -a -n "$action" -a -n "$net" -a -n "$direction" ]; then
7823 writeToConfig "access-list ${target}_${direction} $action $net" $config
7824 fi
7825}
7826
7827prepare_zebra() {
7828 local debug;
7829
7830 get debug "general"
7831 get enabled_vty "general"
7832
7833 echo "" > $ZEBRA_CONFIG
7834 ZebraConfig "hostname $ZEBRA_USERNAME"
7835 ZebraConfig "password $ZEBRA_PASSWORD"
7836 ZebraConfig "enable password $ZEBRA_PASSWORD"
7837 ZebraConfig "!"
7838 ZebraConfig "access-list vty permit 127.0.0.0/8"
7839
7840 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
7841 network_get_subnet net "lan"
7842 IfConfig $BGP_CONFIG "access-list vty permit $net" "$net"
7843 fi
7844
7845 ZebraConfig "access-list vty deny any"
7846 ZebraConfig "!"
7847 # config_load "network"
7848 # config_foreach prepare_interface
7849 # config_load "quagga"
7850 ZebraConfig "line vty"
7851 ZebraConfig "access-class vty"
7852 IfConfig $ZEBRA_CONFIG "log syslog" "$debug" "1"
7853}
7854
7855prepare_bgpd() {
7856 local debug; local enabled_vty; local bgpd_custom_conf
7857 local instances=`uci show quagga | grep -c =instance`
7858
7859 get bgpd_custom_conf "general"
7860
7861 if [ -n "$bgpd_custom_conf" ]; then
7862 cp "$bgpd_custom_conf" "$BGP_CONFIG"
7863 return 0
7864 fi
7865
7866 get debug "general"
7867 get enabled_vty "general"
7868
7869 echo "" > $BGP_CONFIG
7870 BgpConfig "hostname $BGPD_USERNAME"
7871 BgpConfig "password $BGPD_PASSWORD"
7872 BgpConfig "enable password $BGPD_PASSWORD"
7873 BgpConfig "!"
7874 BgpConfig "access-list vty permit 127.0.0.0/8"
7875
7876 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
7877 network_get_subnet net "lan"
7878 IfConfig $BGP_CONFIG "access-list vty permit $net" "$net"
7879 fi
7880
7881 BgpConfig "access-list vty deny any"
7882 BgpConfig "!"
7883 [ $instances -gt 1 ] && BgpConfig "bgp multiple-instance"
7884 config_foreach prepare_instance "instance"
7885 config_foreach prepare_access_list "access_list" $BGP_CONFIG
7886 BgpConfig "line vty"
7887 BgpConfig "access-class vty"
7888 IfConfig $BGP_CONFIG "log syslog" "$debug" "1"
7889}
7890
7891prepare_rip() {
7892 local debug; local enabled_vty; local custom_conf; local version
7893 local neighbors;
7894
7895 get custom_conf "rip"
7896
7897 if [ -n "$custom_conf" ]; then
7898 cp "$custom_conf" "$RIP_CONFIG"
7899 return 0
7900 fi
7901
7902 get debug "rip"
7903 get enabled_vty "rip"
7904 get neighbors "rip"
7905 get version "rip"
7906
7907 echo "" > $RIP_CONFIG
7908 RipConfig "hostname $RIPD_USERNAME"
7909 RipConfig "password $RIPD_PASSWORD"
7910 RipConfig "enable password $RIPD_PASSWORD"
7911 RipConfig "!"
7912 RipConfig "access-list vty permit 127.0.0.0/8"
7913
7914 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
7915 network_get_subnet net "lan"
7916 IfConfig $RIP_CONFIG "access-list vty permit $net" "$net"
7917 fi
7918
7919 RipConfig "access-list vty deny any"
7920 RipConfig "!"
7921 RipConfig "router rip"
7922 config_foreach prepare_rip_interface "interface"
7923
7924 for neighbor in $neighbors; do
7925 RipConfig "neighbor $neighbor"
7926 done
7927
7928 IfConfig $RIP_CONFIG "version $version" "$version"
7929 config_foreach prepare_access_list "rip_access_list" $RIP_CONFIG
7930 RipConfig "line vty"
7931 RipConfig "access-class vty"
7932 # IfConfig $RIP_CONFIG "debug rip events" "$debug" "1"
7933 # IfConfig $RIP_CONFIG "debug rip packet" "$debug" "1"
7934 # IfConfig $RIP_CONFIG "debug rip zebra" "$debug" "1"
7935 IfConfig $RIP_CONFIG "log syslog" "$debug" "1"
7936}
7937
7938prepare_ospf(){
7939 local debug enabled_vty ustom_conf version id
7940
7941 get custom_conf "ospf"
7942
7943 if [ -n "$custom_conf" ]; then
7944 cp "$custom_conf" "$OSPF_CONFIG"
7945 return 0
7946 fi
7947
7948 get debug "ospf"
7949 get enabled_vty "ospf"
7950 get id "ospf"
7951
7952 echo "" > $OSPF_CONFIG
7953 OspfConfig "hostname $OSPF_USERNAME"
7954 OspfConfig "password $OSPF_PASSWORD"
7955 OspfConfig "enable password $OSPF_PASSWORD"
7956 OspfConfig "!"
7957 OspfConfig "access-list vty permit 127.0.0.0/8"
7958
7959 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
7960 network_get_subnet net "lan"
7961 IfConfig $OSPF_CONFIG "access-list vty permit $net" "$net"
7962 fi
7963
7964 OspfConfig "access-list vty deny any"
7965 OspfConfig "!"
7966
7967 config_foreach prepare_ospf_interface "ospf_interface"
7968 OspfConfig "router ospf"
7969 OspfConfig "ospf router-id ${id}" "${id}"
7970
7971 config_foreach prepare_ospf_network "ospf_network"
7972 OspfConfig "line vty"
7973 OspfConfig "access-class vty"
7974 IfConfig $OSPF_CONFIG "log syslog" "$debug" "1"
7975
7976 if [ "$debug" == "1" ]; then
7977 get debug_inf "ospf"
7978
7979 if [ "$debug_inf" != "" ]; then
7980 for inf in $debug_inf; do
7981 OspfConfig "debug ospf $inf"
7982 done
7983 fi
7984 fi
7985}
7986
7987start() {
7988 debug 2 "start"
7989 config_load quagga
7990 local bgp_enabled; local rip_enabled; local ospf_enabled
7991
7992 config_get bgp_enabled "general" "enabled" "0"
7993 config_get rip_enabled "rip" "enabled" "0"
7994 config_get ospf_enabled "ospf" "enabled" "0"
7995
7996 if [ "$rip_enabled" == "1" ]; then
7997 prepare_rip
7998 elif [ -f "$RIP_CONFIG" ]; then #/usr/sbin/quagga.init: deleted config file means daemon is disabled
7999 rm $RIP_CONFIG
8000 fi
8001 if [ "$bgp_enabled" == "1" ]; then
8002 prepare_bgpd
8003 elif [ -f "$BGP_CONFIG" ]; then #/usr/sbin/quagga.init: deleted config file means daemon is disabled
8004 rm $BGP_CONFIG
8005 fi
8006 if [ "$ospf_enabled" == "1" ]; then
8007 prepare_ospf
8008 elif [ -f "$OSPF_CONFIG" ]; then #/usr/sbin/quagga.init: deleted config file means daemon is disabled
8009 rm $OSPF_CONFIG
8010 fi
8011
8012 if [ "$rip_enabled" == "1" -o "$bgp_enabled" == "1" -o "$ospf_enabled" == "1" ]; then
8013 prepare_zebra
8014 /usr/sbin/quagga.init start
8015 fi
8016}
8017
8018stop() {
8019 /usr/sbin/quagga.init stop
8020}
8021
8022##### File: /etc/rc.d/K39limit_guard #####
8023#!/bin/sh /etc/rc.common
8024START=76
8025STOP=39
8026USE_PROCD=1
8027
8028enabled=`uci get mdcollectd.config.datalimit`
8029ppp_enabled=`uci get network.ppp.enabled`
8030
8031start_service() {
8032 echo "start service"
8033 if [ "$enabled" = "1" ]; then
8034 command_line="/usr/bin/limit_guard start"
8035 procd_open_instance
8036 procd_set_param respawn 10
8037 procd_set_param command $command_line
8038 procd_close_instance
8039 fi
8040}
8041
8042
8043stop_service() {
8044 if [ "$enabled" = "0" ]; then
8045 if [ "$ppp_enabled" = "0" ]; then
8046 ifup ppp
8047 fi
8048 fi
8049 /usr/bin/limit_guard stop
8050}
8051
8052restart () {
8053 stop
8054 start
8055}
8056
8057reload_service() {
8058 stop
8059 start
8060}
8061
8062##### File: /etc/rc.d/K40mdcollectd #####
8063#!/bin/sh /etc/rc.common
8064
8065USE_PROCD=1
8066START=70
8067STOP=40
8068
8069start_service() {
8070 if [ "`uci -q get mdcollectd.config.traffic`" = "0" ]; then
8071 # backup mdcollect database file
8072 # to display old mobile traffic when it's disabled
8073 cp /var/mdcollectd.db /var/mdcollectd.db_old 2>/dev/null
8074 else
8075 # remove backup database file
8076 rm /var/mdcollectd.db_old 2>/dev/null
8077 fi
8078
8079 #local enabled=`uci get mdcollectd.config.enabled`
8080 #if [ "$enabled" = "1" ]; then
8081 procd_open_instance
8082 procd_set_param respawn
8083 procd_set_param command /usr/bin/mdcollectd start
8084 procd_close_instance
8085 #fi
8086}
8087
8088stop_service() {
8089 /usr/bin/mdcollectd stop
8090}
8091
8092restart () {
8093 stop
8094 start
8095}
8096
8097reload_service() {
8098 stop
8099 start
8100}
8101
8102status () {
8103 /usr/bin/mdcollectd status
8104}
8105
8106##### File: /etc/rc.d/K50dropbear #####
8107#!/bin/sh /etc/rc.common
8108# Copyright (C) 2006-2010 OpenWrt.org
8109# Copyright (C) 2006 Carlos Sobrinho
8110
8111START=50
8112STOP=50
8113
8114USE_PROCD=1
8115PROG=/usr/sbin/dropbear
8116NAME=dropbear
8117PIDCOUNT=0
8118EXTRA_COMMANDS="killclients"
8119EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself"
8120
8121append_ports()
8122{
8123 local ifname="$1"
8124 local port="$2"
8125
8126 grep -qs "^ *$ifname:" /proc/net/dev || {
8127 procd_append_param command -p "$port"
8128 return
8129 }
8130
8131 for addr in $(
8132 ifconfig "$ifname" | sed -ne '
8133 /addr: *fe[89ab][0-9a-f]:/d
8134 s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
8135 '
8136 ); do
8137 procd_append_param command -p "$addr:$port"
8138 done
8139}
8140
8141validate_section_dropbear()
8142{
8143 uci_validate_section dropbear dropbear "${1}" \
8144 'PasswordAuth:bool:1' \
8145 'enable:bool:1' \
8146 'Interface:string' \
8147 'GatewayPorts:bool:0' \
8148 'RootPasswordAuth:bool:1' \
8149 'RootLogin:bool:1' \
8150 'rsakeyfile:file' \
8151 'BannerFile:file' \
8152 'Port:list(port):22' \
8153 'SSHKeepAlive:uinteger:300' \
8154 'IdleTimeout:uinteger:0'
8155 return $?
8156}
8157
8158dropbear_instance()
8159{
8160 local PasswordAuth enable Interface GatewayPorts \
8161 RootPasswordAuth RootLogin rsakeyfile \
8162 BannerFile Port
8163
8164 validate_section_dropbear "${1}" || {
8165 echo "validation failed"
8166 return 1
8167 }
8168
8169 [ "${enable}" = "0" ] && return 1
8170 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
8171 local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
8172
8173 procd_open_instance
8174 procd_set_param command "$PROG" -F -P "$pid_file"
8175 [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
8176 [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
8177 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
8178 [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
8179 [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
8180 [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
8181 [ -n "${Interface}" ] && network_get_device Interface "${Interface}"
8182 append_ports "${Interface}" "${Port}"
8183 [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
8184 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
8185 procd_close_instance
8186}
8187
8188keygen()
8189{
8190 for keytype in rsa; do
8191 # check for keys
8192 key=dropbear/dropbear_${keytype}_host_key
8193 [ -f /tmp/$key -o -s /etc/$key ] || {
8194 # generate missing keys
8195 mkdir -p /tmp/dropbear
8196 [ -x /usr/bin/dropbearkey ] && {
8197 /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
8198 } &
8199 exit 0
8200 }
8201 done
8202
8203 lock /tmp/.switch2jffs
8204 mkdir -p /etc/dropbear
8205 mv /tmp/dropbear/dropbear_* /etc/dropbear/
8206 lock -u /tmp/.switch2jffs
8207 chown root /etc/dropbear
8208 chmod 0700 /etc/dropbear
8209}
8210
8211start_service()
8212{
8213 [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
8214
8215 . /lib/functions.sh
8216 . /lib/functions/network.sh
8217
8218 config_load "${NAME}"
8219 config_foreach dropbear_instance dropbear
8220}
8221
8222service_triggers()
8223{
8224 procd_add_reload_trigger "dropbear"
8225 procd_add_validation validate_section_dropbear
8226}
8227
8228killclients()
8229{
8230 local ignore=''
8231 local server
8232 local pid
8233
8234 # if this script is run from inside a client session, then ignore that session
8235 pid="$$"
8236 while [ "${pid}" -ne 0 ]
8237 do
8238 # get parent process id
8239 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
8240 [ "${pid}" -eq 0 ] && break
8241
8242 # check if client connection
8243 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
8244 append ignore "${pid}"
8245 break
8246 }
8247 done
8248
8249 # get all server pids that should be ignored
8250 for server in `cat /var/run/${NAME}.*.pid`
8251 do
8252 append ignore "${server}"
8253 done
8254
8255 # get all running pids and kill client connections
8256 local skip
8257 for pid in `pidof "${NAME}"`
8258 do
8259 # check if correct program, otherwise process next pid
8260 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
8261 continue
8262 }
8263
8264 # check if pid should be ignored (servers, ourself)
8265 skip=0
8266 for server in ${ignore}
8267 do
8268 if [ "${pid}" == "${server}" ]
8269 then
8270 skip=1
8271 break
8272 fi
8273 done
8274 [ "${skip}" -ne 0 ] && continue
8275
8276 # kill process
8277 echo "${initscript}: Killing ${pid}..."
8278 kill -KILL ${pid}
8279 done
8280}
8281
8282##### File: /etc/rc.d/K51gsmd #####
8283#!/bin/sh /etc/rc.common
8284
8285# Copyright (C) 2014 Teltonika
8286
8287. /lib/teltonika-functions.sh
8288
8289#START=50
8290STOP=51
8291USE_PROCD=1
8292
8293GSMD_BIN="/usr/sbin/gsmd"
8294UNIX_SOCK_PATH="/tmp/gsmd.sock"
8295
8296start_service() {
8297 local ext_vidpid=`get_ext_vidpid_tlt`
8298 #local logtype=
8299
8300 procd_open_instance
8301 procd_set_param respawn 0
8302
8303 if [ "`uci get system.system.enable_gsmd_log`" == "0" ]
8304 then
8305 logger "gsmd.init: \"gsmd\" logging disabled by uci"
8306 nolog="-n"
8307 else
8308 nolog=""
8309 fi
8310
8311 device=`uci get system.module.device 2>/dev/null`
8312 if [ -z $device ]
8313 then
8314 echo "$0: gsmd device not specified"
8315 device="ttyUSB2"
8316 fi
8317
8318 case "$ext_vidpid" in
8319 # Telit HE910-EUD, Telit LE910, Huawei EM820W, Huawei ME909u
8320 1BC7:0021 |\
8321 1BC7:1201 |\
8322 1BC7:0036 |\
8323 12D1:1404 |\
8324 12D1:1573 |\
8325 12D1:15C1 |\
8326 12D1:15C3 |\
8327 05C6:9215 |\
8328 1199:68C0 |\
8329 258D:2000 |\
8330 2C7C:0125 |\
8331 05C6:9003 |\
8332 12D1:15BB)
8333 procd_set_param command "$GSMD_BIN" -p "/dev/$device" -s 115200 $nolog
8334 ;;
8335 # unknown device
8336 *)
8337 echo "$0: unknown or no 3g device, aborting"
8338 ;;
8339 esac
8340
8341 service=`uci get network.ppp.service 2>/dev/null`
8342 [ -n "$service" ] && procd_append_param command -m "$service"
8343
8344 procd_close_instance
8345}
8346
8347reload_service() {
8348 restart
8349}
8350
8351stop_service() {
8352 local enabled=`uci -q get network.ppp.enabled`
8353 #Jei ppp enable'intas, darome ifdown, nes kitaip AT^SYSCFGEX grazina +CME ERROR: 3
8354 if [ "$enabled" == "1" ]; then
8355 ifdown ppp
8356 sleep 2
8357 fi
8358}
8359
8360##### File: /etc/rc.d/K51gsmd-usb #####
8361#!/bin/sh /etc/rc.common
8362
8363# Copyright (C) 2014 Teltonika
8364
8365. /lib/teltonika-functions.sh
8366
8367#START=50
8368STOP=51
8369USE_PROCD=1
8370
8371GSMD_BIN="/usr/sbin/gsmd"
8372UNIX_SOCK_PATH="/tmp/gsmd-usb.sock"
8373
8374start_service() {
8375 local ext_vidpid=`get_usb_ext_vidpid_tlt`
8376 #local logtype=
8377
8378 procd_open_instance
8379 procd_set_param respawn 0
8380
8381 if [ "`uci get system.system.enable_gsmd_log`" == "0" ]
8382 then
8383 logger "gsmd-usb.init: \"gsmd\" logging disabled by uci"
8384 nolog="-n"
8385 else
8386 nolog=""
8387 fi
8388
8389 device=`uci get system.module_usb.device 2>/dev/null`
8390 if [ -z $device ]
8391 then
8392 echo "$0: gsmd-usb device not specified"
8393 device="ttyUSB2"
8394 fi
8395
8396 case "$ext_vidpid" in
8397 # Telit HE910-EUD, Telit LE910, Huawei EM820W, Huawei ME909u
8398 12d1:1506)
8399 procd_set_param command "$GSMD_BIN" -p "/dev/$device" -o "$UNIX_SOCK_PATH" -s 115200 $nolog
8400 ;;
8401 # unknown device
8402 *)
8403 echo "$0: gsmd-usb unknown or no 3g device, aborting"
8404 ;;
8405 esac
8406
8407 service=`uci get network.ppp-usb.service 2>/dev/null`
8408 [ -n "$service" ] && procd_append_param command -m "$service"
8409
8410 procd_close_instance
8411}
8412
8413reload_service() {
8414 restart
8415}
8416
8417stop_service() {
8418 local enabled=`uci -q get network.ppp-usb.enabled`
8419 #Jei ppp enable'intas, darome ifdown, nes kitaip AT^SYSCFGEX grazina +CME ERROR: 3
8420 if [ "$enabled" == "1" ]; then
8421 ifdown ppp-usb
8422 sleep 2
8423 fi
8424}
8425
8426##### File: /etc/rc.d/K51ledsman #####
8427#!/bin/sh /etc/rc.common
8428
8429# Copyright (C) 2014 Teltonika
8430
8431#. /lib/teltonika-functions.sh
8432
8433STOP=51
8434SIERRA_VID="1199"
8435SIERRA_PID="68C0"
8436. /lib/led_functions.sh
8437
8438stop()
8439{
8440 /usr/sbin/statusledctrl Off
8441 all_off
8442 killall -9 statusledctrl >/dev/null 2>&1
8443 killall -9 rssileds >/dev/null 2>&1
8444}
8445
8446start()
8447{
8448 enabled=`uci get -q system.@leds[0].enable`
8449 if [ "$enabled" == "1" ]; then
8450 vid=`uci get -q system.module.vid`
8451 pid=`uci get -q system.module.pid`
8452 killall -9 statusledctrl >/dev/null 2>&1
8453 echo 1 > /proc/port-leds
8454 /usr/sbin/ledsman.sh start &
8455 if [ "$vid" == "$SIERRA_VID" ] && [ "$pid" == "$SIERRA_PID" ] ; then
8456 /usr/sbin/rssileds
8457 fi
8458 else
8459 /usr/sbin/statusledctrl Off
8460 echo 0 > /proc/port-leds
8461 all_off
8462 stop
8463 fi
8464}
8465
8466reload()
8467{
8468 stop
8469 start
8470}
8471
8472##### File: /etc/rc.d/K51ntpserver #####
8473#!/bin/sh /etc/rc.common
8474
8475# Copyright (C) 2014 Teltonika
8476
8477. /lib/teltonika-functions.sh
8478
8479START=50
8480STOP=51
8481USE_PROCD=1
8482
8483start_service() {
8484 local enabled
8485
8486 config_load ntpserver
8487 config_get enabled general enabled "0"
8488
8489 [ "$enabled" == 0 ] && return
8490
8491 logger -t "ntpd" "Starting NTP server"
8492 procd_open_instance
8493 procd_set_param respawn 0
8494 procd_set_param command "ntpd" -ln
8495 procd_close_instance
8496}
8497##### File: /etc/rc.d/K56chilli #####
8498#!/bin/sh /etc/rc.common
8499
8500START=99
8501STOP=56
8502#SERVICE_DAEMONIZE=1
8503#SERVICE_WRITE_PID=1
8504#SERVICE_PID_FILE=/var/run/chilli.pid
8505
8506PATH=/sbin:/bin:/usr/sbin:/usr/bin
8507DAEMON=/usr/sbin/chilli
8508NAME=chilli
8509DESC=chilli
8510CONFIG2=/etc/chilli/config
8511
8512RETVAL=0
8513
8514. /usr/share/libubox/jshn.sh
8515. /lib/functions.sh
8516
8517if [ -f /etc/default/chilli ] ; then
8518 . /etc/default/chilli
8519fi
8520
8521
8522# test -f $DAEMON || exit 0
8523
8524main_conf() {
8525cat <<EOF > $2
8526include /etc/chilli/$1/main.conf
8527include /etc/chilli/$1/hs.conf
8528include /etc/chilli/$1/local.conf
8529
8530ipup=/etc/chilli/up.sh
8531ipdown=/etc/chilli/down.sh
8532EOF
8533}
8534
8535wait_for_wifi() {
8536 json_load "$(/bin/ubus call network.wireless status)"
8537 json_select "radio0"
8538
8539 if json_is_a "interfaces" array; then
8540 local __idx=1
8541 json_select "interfaces"
8542 config_load wireless
8543
8544 while json_is_a "$__idx" object; do
8545 json_select "$((__idx++))"
8546 json_get_var ifname ifname
8547 json_select ".."
8548
8549 if [ -z "$ifname" ]; then
8550 return 1
8551 fi
8552 done
8553 fi
8554
8555 return 0
8556}
8557
8558make_config() {
8559 local ifname section
8560 local wifi_loaded=1
8561 local counter=0
8562 local disabled
8563 local coova_section=$1
8564 local hotspotid
8565
8566 #Laukiame kol pakils wifi
8567 while [ $wifi_loaded -eq 1 ]; do
8568 counter=$((counter+1))
8569 wait_for_wifi
8570 wifi_loaded=$?
8571 [ "$wifi_loaded" = "1" ] && logger -t "$NAME" "Waiting for wifi"
8572 [ $counter -gt 10 ] && return 1
8573 sleep 1
8574 done
8575
8576 json_load "$(/bin/ubus call network.wireless status)"
8577 json_select "radio0"
8578
8579 if json_is_a "interfaces" array; then
8580 local __idx=1
8581
8582 json_select "interfaces"
8583 config_load wireless
8584
8585 while json_is_a "$__idx" object; do
8586 json_select "$((__idx++))"
8587 json_get_var section section
8588 json_get_var ifname ifname
8589 json_select ".."
8590
8591 DHCPIF=$ifname
8592
8593 #config_get hotspotid $section "hotspotid"
8594 hotspotid=`uci -q get wireless.$section.hotspotid`
8595 if [ "$coova_section" == "$hotspotid" ]; then
8596 disabled=`uci -q get wireless.$section.disabled`
8597 #config_get disabled "$section" "disabled" "0"
8598 if [ -n "$DHCPIF" ] && [ "$disabled" != "1" ]; then
8599 export DHCPIF
8600 CONFIG=/etc/chilli/$DHCPIF/chilli.conf
8601 logger -t "$NAME" "Config: $CONFIG"
8602 if [ -e $CONFIG ]; then
8603 logger -t "$NAME" "Config file $CONFIG exists."
8604 else
8605 [ ! -d "$CONFIG" ] && mkdir /etc/chilli/$DHCPIF
8606 main_conf $DHCPIF $CONFIG
8607 fi
8608 return 0
8609 else
8610 return 1
8611 fi
8612 fi
8613 done
8614 return 1
8615 else
8616 return 1
8617 fi
8618}
8619
8620# manage_wifi_config(){
8621# local wifi_section=`uci -q show wireless | grep $2 | awk -F. '{print $2}'`
8622#
8623# if [ $wifi_section ]; then
8624# local network=`uci -q get wireless.$wifi_section.network`
8625#
8626# if [ $network -a "$1" == "1" ]; then
8627# uci -q delete wireless.$wifi_section.network
8628# uci commit
8629# wifi up
8630# sleep 4
8631# elif [ ! $network ] && [ "$1" == "0" ]; then
8632# uci -q set wireless.$wifi_section.network='lan'
8633# uci commit
8634# wifi up
8635# sleep 4
8636# fi
8637# fi
8638# }
8639
8640start_instances() {
8641 local enabled
8642
8643 config_get enabled "$1" "enabled" "0"
8644
8645 if [ "$enabled" == "1" ] ; then
8646 # manage_wifi_config "1" $1
8647 logger -t "$NAME" "Starting $DESC: "
8648 if [ ! -e "/www/hotspot/cgi" ]; then
8649 ln -s /usr/www/hotspot /www/hotspot/cgi
8650 ln -s /www/luci-static/ /www/hotspot/luci-static
8651 fi
8652 uci -q set uhttpd.hotspot.disabled='0'
8653 uci commit uhttpd
8654 # sleep 1
8655 else
8656 # manage_wifi_config "0" $1
8657 logger -t "$NAME" "$DESC disabled by UCI"
8658 return 1
8659 fi
8660
8661 make_config $1
8662 [ "$?" = "1" ] && {
8663 logger -t "$NAME" "Config not generated"
8664 return 1
8665 }
8666
8667 . /etc/chilli/functions $1
8668 check_required
8669 writeconfig
8670 radiusconfig
8671
8672 test ${HS_ADMINTERVAL:-0} -gt 0 && {
8673 (crontab -l 2>&- | grep -v $0
8674 echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
8675 ) | crontab - 2>&-
8676 }
8677
8678 start-stop-daemon -S -q -p /var/run/$NAME.$HS_LANIF.pid -x $DAEMON -- -c $CONFIG &
8679}
8680
8681start() {
8682 /usr/sbin/modprobe tun >/dev/null 2>&1
8683 echo 1 > /proc/sys/net/ipv4/ip_forward
8684 config_load coovachilli
8685 config_foreach start_instances "general"
8686 RETVAL=$?
8687}
8688
8689checkrunning() {
8690 check=`start-stop-daemon -S -x $DAEMON -t`
8691 if [ x"$check" != x"$DAEMON already running." ] ; then
8692 start
8693 fi
8694}
8695
8696check_enabled() {
8697 local enabled
8698 config_get enabled "$1" "enabled" "0"
8699 if [ "$enabled" == "1" ] ; then
8700 RETVAL=0
8701 fi
8702}
8703
8704radconfig() {
8705 [ -e $MAIN_CONF ] || writeconfig
8706 radiusconfig
8707}
8708
8709restart() {
8710 stop
8711 start
8712 RETVAL=$?
8713}
8714
8715stop() {
8716 /usr/sbin/statistics save >/dev/null 2>&1 &
8717 crontab -l 2>&- | grep -v $0 | crontab -
8718 PID_FILES=$(ls /var/run/chilli*.pid 2>/dev/null)
8719 [ -n "$PID_FILES" ] && {
8720 for pid_file in $PID_FILES;
8721 do
8722 logger -t $NAME "Found pid file $pid_file"
8723 start-stop-daemon -K -q -p $pid_file -x $DAEMON
8724 sleep 2 #Kitaip nepasalina visu firewall tisykliu
8725 [ $? = 0 ] && {
8726 rm -f $pid_file 2>/dev/null
8727 }
8728 done
8729 sleep 1
8730 }
8731 RETVAL=1
8732 config_load coovachilli
8733 config_foreach check_enabled "general"
8734 uci -q set uhttpd.hotspot.disabled="$RETVAL"
8735 uci commit uhttpd
8736 rm -f /www/hotspot/cgi
8737 logger -t $NAME "Stoping $NAME."
8738}
8739
8740reload() {
8741 logger -t $NAME "Reloading $DESC."
8742 #start-stop-daemon -K -s 1 -q -p \
8743 # /var/run/$NAME.$HS_LANIF.pid -x $DAEMON
8744 restart
8745}
8746
8747condrestart() {
8748 check=`start-stop-daemon -S -x $DAEMON -t`
8749 if [ x"$check" != x"$DAEMON already running." ] ; then
8750 restart
8751 RETVAL=$?
8752 fi
8753}
8754
8755status() {
8756 status chilli
8757 RETVAL=$?
8758}
8759
8760##### File: /etc/rc.d/K89log #####
8761#!/bin/sh /etc/rc.common
8762# Copyright (C) 2013 OpenWrt.org
8763
8764# start after and stop before networking
8765STOP=89
8766PIDCOUNT=0
8767
8768USE_PROCD=1
8769PROG=/sbin/logread
8770
8771validate_log_section()
8772{
8773 uci_validate_section system system "${1}" \
8774 'log_file:string' \
8775 'log_size:uinteger' \
8776 'log_hostname:string' \
8777 'log_ip:ipaddr' \
8778 'log_remote:bool:1' \
8779 'log_port:port:514' \
8780 'log_proto:or("tcp", "udp"):udp' \
8781 'log_trailer_null:bool:0' \
8782 'log_prefix:string'
8783}
8784
8785validate_log_daemon()
8786{
8787 uci_validate_section system system "${1}" \
8788 'log_size:uinteger:0' \
8789 'log_buffer_size:uinteger:0'
8790}
8791
8792start_service_daemon()
8793{
8794 local log_buffer_size log_size
8795 validate_log_daemon "${1}"
8796 [ $log_buffer_size -eq 0 -a $log_size -gt 0 ] && log_buffer_size=$log_size
8797 [ $log_buffer_size -eq 0 ] && log_buffer_size=16
8798 procd_open_instance
8799 procd_set_param command "/sbin/logd"
8800 procd_append_param command -S "${log_buffer_size}"
8801 procd_set_param respawn
8802 procd_close_instance
8803}
8804
8805start_service_file()
8806{
8807 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
8808 local pid_file="/var/run/logread.${PIDCOUNT}.pid"
8809 local log_file log_size
8810
8811 validate_log_section "${1}" || {
8812 echo "validation failed"
8813 return 1
8814 }
8815 [ -z "${log_file}" ] && return
8816
8817 procd_open_instance
8818 procd_set_param command "$PROG" -f -F "$log_file" -p "$pid_file"
8819 [ -n "${log_size}" ] && procd_append_param command -S "$log_size"
8820 procd_close_instance
8821}
8822
8823start_service_remote()
8824{
8825 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
8826 local pid_file="/var/run/logread.${PIDCOUNT}.pid"
8827 local log_ip log_port log_proto log_prefix log_remote log_trailer_null log_hostname
8828
8829 validate_log_section "${1}" || {
8830 echo "validation failed"
8831 return 1
8832 }
8833 [ "${log_remote}" -ne 0 ] || return
8834 [ -z "${log_ip}" ] && return
8835 [ -z "${log_hostname}" ] && log_hostname=$(cat /proc/sys/kernel/hostname)
8836
8837 procd_open_instance
8838 procd_set_param command "$PROG" -f -h "$log_hostname" -r "$log_ip" "${log_port}" -p "$pid_file"
8839 case "${log_proto}" in
8840 "udp") procd_append_param command -u;;
8841 "tcp") [ "${log_trailer_null}" -eq 1 ] && procd_append_param command -0;;
8842 esac
8843 [ -z "${log_prefix}" ] || procd_append_param command -P "${log_prefix}"
8844 procd_close_instance
8845}
8846
8847service_triggers()
8848{
8849 procd_add_reload_trigger "system"
8850 procd_add_validation validate_log_section
8851}
8852
8853start_service()
8854{
8855 config_load system
8856 config_foreach start_service_daemon system
8857 config_foreach start_service_file system
8858 config_foreach start_service_remote system
8859}
8860
8861##### File: /etc/rc.d/K90network #####
8862#!/bin/sh /etc/rc.common
8863
8864START=20
8865STOP=90
8866
8867USE_PROCD=1
8868init_switch() {
8869 setup_switch() { return 0; }
8870 include /lib/network
8871 setup_switch
8872 (sleep 10; /sbin/chroutes) &
8873}
8874
8875start_service() {
8876 # Start ioman in parallel because swconfig is mainly I/O bound
8877 # to save boot time by fully using CPU time
8878 (sleep 1 && /etc/init.d/ioman start) &
8879 init_switch
8880
8881 /sbin/wifi detect > /tmp/wireless.tmp
8882 [ -s /tmp/wireless.tmp ] && {
8883 cat /tmp/wireless.tmp >> /etc/config/wireless
8884 }
8885 rm -f /tmp/wireless.tmp
8886
8887 procd_open_instance
8888 procd_set_param command /sbin/netifd
8889 procd_set_param respawn
8890 procd_set_param watch network.interface
8891 [ -e /proc/sys/kernel/core_pattern ] && {
8892 procd_set_param limits core="unlimited"
8893 echo '/tmp/%e.%p.%s.%t.core' > /proc/sys/kernel/core_pattern
8894 }
8895 procd_close_instance
8896}
8897
8898reload_service() {
8899 local rv=0
8900 killall -s USR1 port_event_checker
8901 init_switch
8902 ubus call network reload || rv=1
8903 /sbin/wifi reload_legacy
8904 return $rv
8905}
8906
8907stop_service() {
8908 killall -s USR1 port_event_checker
8909 /sbin/wifi down
8910 ifdown -a
8911 sleep 1
8912}
8913
8914service_running() {
8915 ubus -t 30 wait_for network.interface
8916 /sbin/wifi reload_legacy
8917}
8918
8919validate_atm_bridge_section()
8920{
8921 uci_validate_section network "atm-bridge" "${1}" \
8922 'unit:uinteger:0' \
8923 'vci:range(32, 65535):35' \
8924 'vpi:range(0, 255):8' \
8925 'atmdev:uinteger:0' \
8926 'encaps:or("llc", "vc"):llc' \
8927 'payload:or("bridged", "routed"):bridged'
8928}
8929
8930validate_route_section()
8931{
8932 uci_validate_section network route "${1}" \
8933 'interface:string' \
8934 'target:cidr4' \
8935 'netmask:netmask4' \
8936 'gateway:ip4addr' \
8937 'metric:uinteger' \
8938 'mtu:uinteger' \
8939 'table:or(range(0,65535),string)'
8940}
8941
8942validate_route6_section()
8943{
8944 uci_validate_section network route6 "${1}" \
8945 'interface:string' \
8946 'target:cidr6' \
8947 'gateway:ip6addr' \
8948 'metric:uinteger' \
8949 'mtu:uinteger' \
8950 'table:or(range(0,65535),string)'
8951}
8952
8953validate_rule_section()
8954{
8955 uci_validate_section network rule "${1}" \
8956 'in:string' \
8957 'out:string' \
8958 'src:cidr4' \
8959 'dest:cidr4' \
8960 'tos:range(0,31)' \
8961 'mark:string' \
8962 'invert:bool' \
8963 'lookup:or(range(0,65535),string)' \
8964 'goto:range(0,65535)' \
8965 'action:or("prohibit", "unreachable", "blackhole", "throw")'
8966}
8967
8968validate_rule6_section()
8969{
8970 uci_validate_section network rule6 "${1}" \
8971 'in:string' \
8972 'out:string' \
8973 'src:cidr6' \
8974 'dest:cidr6' \
8975 'tos:range(0,31)' \
8976 'mark:string' \
8977 'invert:bool' \
8978 'lookup:or(range(0,65535),string)' \
8979 'goto:range(0,65535)' \
8980 'action:or("prohibit", "unreachable", "blackhole", "throw")'
8981}
8982
8983validate_switch_section()
8984{
8985 uci_validate_section network switch "${1}" \
8986 'name:string' \
8987 'enable:bool' \
8988 'enable_vlan:bool' \
8989 'reset:bool'
8990}
8991
8992validate_switch_vlan()
8993{
8994 uci_validate_section network switch_vlan "${1}" \
8995 'device:string' \
8996 'vlan:uinteger' \
8997 'ports:list(ports)'
8998}
8999
9000service_triggers()
9001{
9002 procd_add_reload_trigger network wireless
9003
9004 procd_open_validate
9005 validate_atm_bridge_section
9006 validate_route_section
9007 validate_route6_section
9008 validate_rule_section
9009 validate_rule6_section
9010 validate_switch_section
9011 validate_switch_vlan
9012 procd_close_validate
9013}
9014
9015shutdown() {
9016 ifdown -a
9017 sleep 1
9018}
9019
9020##### File: /etc/rc.d/K95luci_fixtime #####
9021#!/bin/sh /etc/rc.common
9022
9023START=05
9024STOP=95
9025
9026start() {
9027 date -s @$(date +%s -r /etc/init.d/luci_fixtime)
9028}
9029
9030stop() {
9031 [ -w /etc/init.d/luci_fixtime ] && cat /dev/null >> /etc/init.d/luci_fixtime && touch /etc/init.d/luci_fixtime
9032}
9033
9034##### File: /etc/rc.d/K97modem #####
9035#!/bin/sh /etc/rc.common
9036
9037# This script manages modem power states
9038# (some boot time modem initialization also can be done here)
9039
9040. /lib/teltonika-functions.sh
9041. /lib/functions.sh
9042
9043START=21
9044STOP=97
9045WATCHDOG_INHIBIT_FILE="/tmp/watchdog_inhibit"
9046
9047get_model()
9048{
9049 uci get hwinfo.hwinfo.mnf_code | grep -c "RUT90.0\|RUT95.G"
9050}
9051
9052boot()
9053{
9054 echo "modem: inserting USB driver"
9055 insmod ehci-platform 2>/dev/null
9056 if [ "$1" != "0" ]; then
9057 generic_start
9058 fi
9059}
9060
9061generic_start()
9062{
9063 echo "modem: starting generic 3G modem"
9064
9065 #Reset
9066 /sbin/gpio.sh set MON
9067 #Power on
9068 /sbin/gpio.sh clear MRST
9069
9070 model=`get_model`
9071 if [ "$model" == "1" ]; then
9072 sleep 8
9073 boot "0"
9074 /usr/sbin/modem_check.sh &
9075 fi
9076
9077 return 0
9078}
9079
9080generic_stop()
9081{
9082 echo "modem: stopping generic 3G modem..."
9083 model=`get_model`
9084 touch "$WATCHDOG_INHIBIT_FILE"
9085
9086 if [ "$model" == "1" ]; then
9087 # Prevent Telit startup after shutdown command
9088 /sbin/gpio.sh clear MON
9089 fi
9090
9091 if [ "$(gsmctl --shutdown 2>/dev/null)" != "OK" ]; then
9092 echo "modem: dirty modem reset or shutdown"
9093 fi
9094
9095 #Stop processes
9096 /etc/init.d/gsmd stop
9097
9098 gpsd=`uci get gps.gps.enabled`
9099 if [ "$gpsd" == "1" ]; then
9100 /etc/init.d/gpsd stop
9101 fi
9102 killall -9 operctl 2>/dev/null
9103
9104 #Init modem pins
9105 /sbin/gpio.sh "export" MON
9106 /sbin/gpio.sh "dirout" MON
9107 /sbin/gpio.sh "export" MRST
9108 /sbin/gpio.sh "dirout" MRST
9109 #/sbin/gpio.sh "export" SIM
9110 #/sbin/gpio.sh "dirout" SIM
9111
9112 if [ "$model" != "1" ]; then
9113 #Reset
9114 /sbin/gpio.sh clear MON
9115 fi
9116
9117 #Power off
9118 /sbin/gpio.sh set MRST
9119 usleep 400000
9120 #Reload USB driver for RUT900 Telit module (fw 0.226 workaround)
9121 if [ "$model" == "1" ]; then
9122 echo "modem: removing USB driver"
9123 rmmod ehci-platform
9124 killall -9 modem_check.sh 2>/dev/null
9125 fi
9126 usleep 400000
9127 echo "modem: done"
9128}
9129
9130
9131start()
9132{
9133 generic_start
9134}
9135
9136stop()
9137{
9138 generic_stop
9139}
9140
9141##### File: /etc/rc.d/K98boot #####
9142#!/bin/sh /etc/rc.common
9143# Copyright (C) 2006-2011 OpenWrt.org
9144
9145START=10
9146STOP=98
9147
9148uci_apply_defaults() {
9149 . /lib/functions/system.sh
9150
9151 cd /etc/uci-defaults || return 0
9152 files="$(ls)"
9153 [ -z "$files" ] && return 0
9154 mkdir -p /tmp/.uci
9155 for file in $files; do
9156 ( . "./$(basename $file)" ) && rm -f "$file"
9157 done
9158 uci commit
9159}
9160
9161boot() {
9162 /usr/sbin/statusledctrl LB_GYR &
9163
9164 [ -f /proc/mounts ] || /sbin/mount_root
9165 [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc
9166 [ -f /proc/net/vlan/config ] && vconfig set_name_type DEV_PLUS_VID_NO_PAD
9167
9168 mkdir -p /var/run
9169 mkdir -p /var/log
9170 mkdir -p /var/lock
9171 mkdir -p /var/state
9172 mkdir -p /tmp/.uci
9173 chmod 0700 /tmp/.uci
9174 touch /var/log/wtmp
9175 touch /var/log/lastlog
9176 touch /tmp/resolv.conf.auto
9177 ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf
9178 grep -q debugfs /proc/filesystems && /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug
9179
9180 # Start these two scripts in parallel because loading modules is mainly
9181 # I/O bound and CPU is not used 100% in that time.
9182 (/etc/init.d/i2c_gpio start; /etc/init.d/log start) &
9183
9184 /sbin/kmodloader
9185 # Only load mmc_spi when there is a uSD card reader
9186 if [ "$(uci get -q hwinfo.hwinfo.microsd)" = "1" ]; then
9187 insmod mmc_spi
9188 fi
9189
9190 uci_apply_defaults
9191
9192 # temporary hack until configd exists
9193 #/sbin/reload_config
9194
9195 start
9196
9197 # create /dev/root if it doesn't exist
9198 [ -e /dev/root -o -h /dev/root ] || {
9199 rootdev=$(awk 'BEGIN { RS=" "; FS="="; } $1 == "root" { print $2 }' < /proc/cmdline)
9200 [ -n "$rootdev" ] && ln -s "$rootdev" /dev/root
9201 }
9202
9203 # create symlink for RS485 UART
9204 [ -e /dev/ttyATH0 ] && ln -s /dev/ttyATH0 /dev/rs485
9205}
9206
9207##### File: /etc/rc.d/K98i2c_gpio #####
9208#!/bin/sh /etc/rc.common
9209
9210STOP=98
9211
9212start()
9213{
9214 #Init i2c gpio expander
9215 #Moved to mach-tlt-rut900 file
9216 #echo "pca9535 0x74" > /sys/bus/i2c/devices/i2c-0/new_device 2>/dev/null
9217 #if [ "$?" -ne 0 ]; then
9218 # logger -t $0 "i2c gpio expander init failed"
9219 #fi
9220
9221 #Init pins
9222 #SIM pin is used only when SIM2 ir requered
9223 #/sbin/gpio.sh "export" "SIM"
9224 #/sbin/gpio.sh "dirout" "SIM"
9225 /sbin/gpio.sh "export" "DOUT1"
9226 /sbin/gpio.sh "dirout" "DOUT1"
9227 /sbin/gpio.sh "export" "DOUT2"
9228 /sbin/gpio.sh "dirout" "DOUT2"
9229 /sbin/gpio.sh "export" "DIN1"
9230 /sbin/gpio.sh "dirin" "DIN1"
9231 /sbin/gpio.sh "export" "DIN2"
9232 /sbin/gpio.sh "dirin" "DIN2"
9233 #Moved to pca953x driver to speed up modem starup
9234 #/sbin/gpio.sh "export" "MON"
9235 #/sbin/gpio.sh "dirout" "MON"
9236 #/sbin/gpio.sh "export" "MRST"
9237 #/sbin/gpio.sh "dirout" "MRST"
9238 /sbin/gpio.sh "export" "SDCS"
9239 /sbin/gpio.sh "dirout" "SDCS"
9240 /sbin/gpio.sh "export" "RS485_R"
9241 #While hw is not perfect
9242 /sbin/gpio.sh "dirout" "RS485_R"
9243 echo 0 > /sys/class/gpio/gpio63/value
9244
9245 #Init RS485 driver pin
9246 echo 0 > /sys/class/gpio/export
9247 echo "out" > /sys/class/gpio/gpio0/direction
9248 echo 1 > /sys/class/gpio/gpio0/value
9249}
9250
9251stop()
9252{
9253 #Reset i2c gpio expander
9254 RESET_PIN=21
9255 . /lib/teltonika-gpio-functions.sh
9256 gpio_export_tlt $RESET_PIN
9257 gpio_setdir_tlt $RESET_PIN out
9258 gpio_write_tlt $RESET_PIN 1
9259}
9260
9261##### File: /etc/rc.d/K98logtrigger #####
9262#!/bin/sh /etc/rc.common
9263# Copyright (C) 2017 Teltonika
9264
9265USE_PROCD=1
9266START=18
9267STOP=98
9268
9269. /lib/functions.sh
9270
9271CONFIG="logtrigger"
9272BIN="logtrigger"
9273DIR=/usr/bin/
9274ENABLED=0
9275FOUND=0
9276
9277clear_block() {
9278 local section="$1"
9279 uci -q delete blocklist.$section
9280}
9281
9282reboot_clear() {
9283 local name
9284 local until_reboot
9285 local target="$2"
9286 config_get until_reboot $1 "until_reboot" "0"
9287 if [ "$until_reboot" == "1" ]; then
9288 config_get name $1 "name" "0"
9289 name=$(echo $name | awk -F '_' '{ print $1 }')
9290 if [ "$name" == "$target" ]; then
9291 FOUND=1
9292 return 1
9293 fi
9294 fi
9295}
9296
9297boot() {
9298 config_load $CONFIG
9299 config_foreach reboot_clear "rule" "SSH"
9300 if [ $FOUND -eq 1 ]; then
9301 config_load "blocklist"
9302 config_foreach clear_block "dropbear"
9303 uci commit blocklist
9304 fi
9305 FOUND=0
9306 config_load $CONFIG
9307 config_foreach reboot_clear "rule" "WebUI"
9308 if [ $FOUND -eq 1 ]; then
9309 config_load "blocklist"
9310 config_foreach clear_block "uhttpd"
9311 uci commit blocklist
9312 fi
9313 start
9314}
9315
9316rule_enabled() {
9317 local enabled
9318 config_get enabled $1 "enabled" "0"
9319 if [ "$enabled" == "1" ]; then
9320 ENABLED=1
9321 return 1
9322 fi
9323}
9324
9325start_service() {
9326 config_load $CONFIG
9327 config_foreach rule_enabled "rule"
9328
9329 [ $ENABLED -eq 0 ] && return
9330
9331 procd_open_instance
9332 procd_set_param command $DIR$BIN
9333 procd_set_param respawn
9334 procd_close_instance
9335}
9336
9337reload_service() {
9338 restart
9339}
9340
9341restart_service() {
9342 restart
9343}
9344
9345##### File: /etc/rc.d/K99bridge_arp #####
9346#!/bin/sh /etc/rc.common
9347# Workaround for Huawei LTE ARP requests in bridge mode
9348
9349START=99
9350STOP=99
9351EBTABLES="/usr/sbin/ebtables"
9352CONFIG_GET="uci get"
9353
9354start() {
9355 lan_ifname=$($CONFIG_GET -q "network.lan.ifname")
9356 ppp_ifname=$($CONFIG_GET -q "network.ppp.ifname")
9357 [ $(echo $lan_ifname | grep -c $ppp_ifname) = 1 ] || return
9358 . /lib/teltonika-functions.sh
9359 if [ $(get_vidpid_tlt) = $HUAWEI_LTE ]; then
9360 interface=eth0
9361 elif [ $(get_vidpid_tlt) = $QUECTEL ] || [ $(get_vidpid_tlt) = $QUECTEL_EC25 ] || [ $(get_vidpid_tlt) = $TELIT_LTE ] || [ $(get_vidpid_tlt) = $TELIT_LTE_V2 ]; then
9362 interface=wwan0
9363 else
9364 return
9365 fi
9366
9367 #Fix ARP issue
9368 lan_ip=$($CONFIG_GET -q "network.lan2.ipaddr")
9369 # Drop ARP requests looking for dublicated IP
9370 $EBTABLES -t nat -A PREROUTING -p arp --arp-ip-src 0.0.0.0 --arp-opcode Request -j DROP
9371 # Reply with Huawei MAC to all other requests
9372 $EBTABLES -t nat -A PREROUTING -p arp --arp-ip-dst ! ${lan_ip:-"192.168.1.1"} \
9373 --arp-opcode Request -j arpreply --arpreply-mac 02:50:f3:00:00:00
9374
9375 #Bind to MAC
9376 mac=$($CONFIG_GET -q "network.ppp.bind_mac")
9377 if [ -n "$mac" ]; then
9378 $EBTABLES -t nat -A PREROUTING -i $interface -j dnat --to-destination "$mac"
9379 fi
9380}
9381
9382stop() {
9383 $EBTABLES -t nat --flush
9384}
9385
9386##### File: /etc/rc.d/K99eventslog #####
9387#!/bin/sh /etc/rc.common
9388
9389START=41
9390STOP=99
9391USE_PROCD=1
9392
9393LOG_PART="event-log"
9394MOUNT_DIR="/log"
9395EXTRA_COMMANDS="mount_log_part"
9396
9397mount_log_part() {
9398 # Mount event-log partition
9399 ret=`grep -m 1 "\"$LOG_PART\"" /proc/mtd`
9400 log_mtd_num=${ret:3:1}
9401 if [ -z "$log_mtd_num" ]; then
9402 echo "Partition '$LOG_PART' not found"
9403 return 1
9404 fi
9405 if ! grep -qs "mtdblock$log_mtd_num" /proc/mounts; then
9406 mkdir -p /mnt/mtdblock"$log_mtd_num"
9407 # *WORKAROUND* dėl eventslog particijos po safe mode išėmimo:
9408 # Kiekvienoje JFFS2 particijos pradžioje turi būti magiška
9409 # konstanta JFFS2_MAGIC_BITMASK (iš Linux kodo) t.y. 0x1985 tad
9410 # patikrinam ar ji egzistuoja. Jeigu ne - tai bus suvaryta failų
9411 # sistema ir pats Linux jos nelies, kad nepradanginti galimai
9412 # vertingų duomenų, tad vienintelis būdas mums sugrįžti iš to,
9413 # kad gauti veikiantį eventslog yra ištrinti visą tą flasho
9414 # vietą ir pradėti gyvenimą iš naujo.
9415 first_2_bytes="$(hexdump -e '/1 "%02X"' -n 2 /dev/mtdblock$log_mtd_num)"
9416 if [ -n "$first_2_bytes" -a "$first_2_bytes" != "1985" ]; then
9417 echo "$LOG_PART MTD partition is broken WRT the FS, fixing it by erasing" > /dev/kmsg
9418 mtd erase "$LOG_PART"
9419 fi
9420 mount -t jffs2 /dev/mtdblock"$log_mtd_num" /mnt/mtdblock"$log_mtd_num"/
9421 fi
9422}
9423
9424check_startup(){
9425 if [ -f "/tmp/first_boot" ]; then
9426 /usr/bin/eventslog -i -t EVENTS -n 'Reboot' -e 'First boot start up'
9427 uci set system.device_info.reboot=1
9428 uci commit system
9429 #setting router name and host name by router type
9430 tipo_kodas=`uci get -q hwinfo.hwinfo.mnf_code`
9431 tipas=${tipo_kodas:0:6}
9432 pradzia="Teltonika-"
9433 pabaiga=".com"
9434 #atsakymas=$pradzia$tipas$pabaiga
9435 atsakymas=$(echo "$pradzia$tipas$pabaiga" | sed 's/[^[:print:]]//g')
9436 logger "hostame set $atsakymas"
9437 if [ `which brand` ]; then
9438 brand_hostname=`brand 22`
9439 [ "$brand_hostname" != "" ] && atsakymas=`brand 22`
9440 brand_routername=`brand 24`
9441 [ "$brand_routername" != "" ] && tipas=`brand 24`
9442 fi
9443
9444 `uci set system.system.routername=$tipas`
9445 `uci set system.system.hostname="$atsakymas"`
9446
9447 #Ignore if hostname specified in branding config
9448 if [ "$brand_hostname" == "" ]; then
9449 gethost=`uci get -q system.system.hostname`
9450 checkname=${gethost:10:6}
9451 name="RUT"
9452 model=${gethost:13:3}
9453 check=$(echo $checkname | grep '[^a-zA-Z0-9]')
9454 atsakymas=$(echo "$pradzia$name$model$pabaiga" | sed 's/[^[:print:]]//g')
9455
9456 if [[ "$check" != "" ]]; then
9457 /rom/etc/uci-defaults/01_mnf_info
9458 `uci set system.system.hostname=$atsakymas`
9459 fi
9460 fi
9461 fi
9462 reboot=`uci get -q system.device_info.reboot`
9463 if [ "$reboot" == "1" ]; then
9464 uci set system.device_info.reboot=0
9465 uci commit system
9466 elif [ "$reboot" == "0" ]; then
9467 /usr/bin/eventslog -i -t EVENTS -n "Reboot" -e "Boot start up, reason unknown"
9468 fi
9469}
9470
9471#boot() {
9472# mount_log_part
9473# start_service
9474# check_startup
9475#}
9476
9477start_service()
9478{
9479 mount_log_part
9480
9481 procd_open_instance
9482 procd_set_param respawn
9483 procd_set_param command /usr/bin/eventslogd
9484 procd_close_instance
9485
9486 check_startup
9487}
9488
9489##### File: /etc/rc.d/K99fix_sta_ap #####
9490#!/bin/sh /etc/rc.common
9491. /lib/functions.sh
9492
9493USE_PROCD=1
9494START=88
9495STOP=99
9496
9497
9498STA_ENABLED=0
9499AP_DISABLED=0
9500
9501#Tikriname ar useris neisjunge sta wifi nustatymuose
9502check_wifi_enabled(){
9503 local mode
9504 config_get mode $1 "mode"
9505
9506 case "$mode" in
9507 "sta")
9508 config_get STA_ENABLED $1 "user_enable" "1"
9509 ;;
9510 "ap")
9511 config_get AP_DISABLED $1 "disabled" "0"
9512 ;;
9513 esac
9514}
9515
9516config_load "wireless"
9517config_foreach check_wifi_enabled "wifi-iface"
9518
9519if [ "$STA_ENABLED" = "1" ]; then
9520 start_service() {
9521 procd_open_instance
9522 procd_set_param command /sbin/fix_sta_ap.sh
9523 procd_set_param respawn
9524 procd_close_instance
9525 }
9526fi
9527
9528##### File: /etc/rc.d/K99hotspot_scheduler #####
9529#!/bin/sh /etc/rc.common
9530
9531START=99
9532STOP=99
9533CRONTAB_ID=aCr5E6Lm
9534SCHEDULER_SCRIPT=/sbin/hotspot_restrict.sh
9535DAYS="mon tue wed thu fri sat sun"
9536OLD_MODE=
9537COUNT=0
9538CURR_DAY=$(echo "`date +%a`" | awk '{print tolower($0)}')
9539CURR_HOUR=`date +%H`
9540
9541set_schedule(){
9542 local hour
9543 local action
9544 local schedule=$1
9545 local day=$2
9546 local id=$3
9547
9548 for hour in $(seq 0 23)
9549 do
9550 mode=${schedule:${hour}:1}
9551
9552 if [ "${OLD_MODE}" != "${mode}" ]; then
9553 if [ "${mode}" == "1" ]; then
9554 action=set
9555 COUNT=$((COUNT+1))
9556 else
9557 action=clear
9558 fi
9559
9560 (crontab -l ; echo "0 ${hour} * * ${day} ${SCHEDULER_SCRIPT} \"${action}\" \"${id}\" #$CRONTAB_ID") | crontab -
9561 fi
9562 set -x
9563 if [ "${day}" == "${CURR_DAY}" -a ${CURR_HOUR} -eq ${hour} ]; then
9564 [ "${mode}" == "1" ] && action=set || action=clear
9565
9566 ${SCHEDULER_SCRIPT} ${action} ${id}
9567 fi
9568
9569 set +x
9570 OLD_MODE=${mode}
9571 done
9572}
9573
9574perform_ap(){
9575 local section=$1
9576 local schedule
9577 OLD_MODE=
9578
9579 for day in ${DAYS}
9580 do
9581 config_get schedule ${section} ${day}
9582
9583 [ -n "${schedule}" -a -n "${day}" ] && set_schedule "${schedule}" "${day}" "${section}"
9584 done
9585}
9586
9587stop_ap(){
9588 ${SCHEDULER_SCRIPT} "clear" "$1"
9589}
9590
9591start(){
9592 config_load hotspot_scheduler
9593 config_foreach perform_ap "ap"
9594
9595 #Clean crontab if schedules is not set.
9596 [ ${COUNT} -eq 0 ] && stop
9597}
9598
9599stop(){
9600 config_load hotspot_scheduler
9601 crontab -l | grep -v "$CRONTAB_ID" | crontab -
9602 config_foreach stop_ap "ap"
9603}
9604##### File: /etc/rc.d/K99modbusd #####
9605#!/bin/sh /etc/rc.common
9606
9607APP=/usr/sbin/modbusd
9608
9609USE_PROCD=1
9610START=99
9611STOP=99
9612
9613ENABLED=`uci get modbus.modbus.enabled`
9614PORT=`uci get modbus.modbus.port`
9615MAX_CONN=8
9616
9617start_service() {
9618 if [ "$ENABLED" = "1" ]; then
9619 procd_open_instance
9620 procd_set_param command $APP -a 0.0.0.0 -p $PORT -m $MAX_CONN
9621 procd_set_param respawn
9622 procd_close_instance
9623 fi
9624}
9625##### File: /etc/rc.d/K99output_scheduler #####
9626#!/bin/sh /etc/rc.common
9627
9628START=99
9629STOP=99
9630
9631. /lib/functions.sh
9632
9633script_run()
9634{
9635 local enabled action timeout timeout_time mode days interval_time gpio create
9636 local minutes="*"
9637 local hours="*"
9638 local param=""
9639 config_get enabled $1 enabled "0"
9640 config_get gpio $1 gpio
9641 config_get action $1 action
9642 config_get mode $1 mode
9643 config_get timeout $1 timeout "0"
9644 config_get timeout_time $1 timeout_time
9645 config_get days $1 day
9646
9647 if [ "$enabled" == "1" ]; then
9648
9649 if [ "$mode" == "fixed" ]; then
9650 config_get hours $1 fixed_hour "*"
9651 config_get minutes $1 fixed_minute "*"
9652 if [ "$hours" != "*" ] || [ "$minutes" != "*" ]; then
9653 create="1"
9654 fi
9655 elif [ "$mode" == "interval" ]; then
9656 config_get interval_time $1 interval_time
9657 if [ -n "$interval_time" ]; then
9658 hours=$((interval_time / 60))
9659 minutes=$((interval_time % 60))
9660 if [ "$hours" = "0" ]; then
9661 minutes="*/$minutes"
9662 hours="*"
9663 else
9664 minutes="0"
9665 hours="*/$hours"
9666 fi
9667 create="1"
9668 fi
9669 fi
9670
9671 param="$param $gpio"
9672
9673 if [ "$action" == "on" ]; then
9674 param="$param set"
9675 elif [ "$action" == "off" ]; then
9676 param="$param clear"
9677 fi
9678
9679 if [ "$timeout" == "1" ]; then
9680 param="$param $timeout_time"
9681 fi
9682
9683 if [ -z "$days" ]; then
9684 days="*"
9685 else
9686 days=${days// /,}
9687 fi
9688
9689 if [ -n "$create" ]; then
9690 echo "$minutes $hours * * $days sh /sbin/output_control.sh $param" >> /etc/crontabs/root
9691 fi
9692 fi
9693}
9694
9695start()
9696{
9697 schd="$(cat /etc/scheduler/config | grep $(date +%a | awk '{print tolower($0)}') | cut -d':' -f 2 | head -c $(date +%H | sed 's/\b0//g'| awk '{print ($0 + 1)}') | tail -c 1)"
9698
9699 if [ $schd == "3" ]; then
9700 /sbin/gpio.sh set DOUT1 &
9701 /sbin/gpio.sh set DOUT2 &
9702 elif [ $schd == "2" ]; then
9703 /sbin/gpio.sh set DOUT2 &
9704 /sbin/gpio.sh clear DOUT1 &
9705 elif [ $schd == "1" ]; then
9706 /sbin/gpio.sh set DOUT1 &
9707 /sbin/gpio.sh clear DOUT2 &
9708 else
9709 /sbin/gpio.sh clear DOUT1 &
9710 /sbin/gpio.sh clear DOUT2 &
9711 fi
9712 chck="$(cat /etc/crontabs/root | grep /sbin/gpio.sh)"
9713
9714 if [[ -z $chck ]]; then
9715 lua /sbin/output_scheduler_cron.lua
9716 fi
9717
9718 sed -i "/output_control/d" /etc/crontabs/root
9719 config_load "output_control"
9720 config_foreach script_run 'rule'
9721 /etc/init.d/cron restart
9722}
9723
9724stop()
9725{
9726 /sbin/gpio.sh clear DOUT1 &
9727 /sbin/gpio.sh clear DOUT2 &
9728 sed -i "/output_control/d" /etc/crontabs/root
9729}
9730
9731restart(){
9732 stop
9733 start
9734}
9735
9736reload(){
9737 restart
9738}
9739
9740##### File: /etc/rc.d/K99rms_connect #####
9741#!/bin/sh /etc/rc.common
9742# Copyright (C) 2016 Teltonika
9743
9744START=85 #start before openvpn
9745STOP=99
9746
9747FUNC_NAME="/sbin/rms_connect"
9748USE_PROCD=1
9749#LOCK_FILE=/var/lock/sim_switch.lock
9750
9751start_service() {
9752 ena=`uci get rms_connect.rms_connect.enable`
9753 if [ "$ena" -eq "1" -o "$ena" -eq "2" ]; then
9754 procd_open_instance
9755 procd_set_param respawn ${respawn_threshold:-0} ${respawn_timeout:-60} ${respawn_retry:-0}
9756 procd_set_param command "$FUNC_NAME"
9757 procd_close_instance
9758 else
9759 uci set openvpn.teltonika_auth_service.enable='0'
9760 uci commit
9761 #Panaikinta, nes startuoja dvigubai su openvpn initu ir sugadina cliento konfigÄ…
9762 #/etc/init.d/openvpn restart
9763 procd_kill rms_connect
9764 procd_kill openvpn rms
9765 fi
9766}
9767
9768stop_service() {
9769 uci set openvpn.teltonika_auth_service.enable='0'
9770 uci commit
9771 procd_kill rms_connect
9772 procd_kill openvpn rms
9773 #Panaikinta, nes startuoja dvigubai su openvpn initu ir sugadina cliento konfigÄ…
9774 #/etc/init.d/openvpn stop
9775}
9776
9777##### File: /etc/rc.d/K99tcpdebug #####
9778#!/bin/sh /etc/rc.common
9779
9780
9781START=99
9782STOP=99
9783USE_PROCD=1
9784ENABLED=`uci -q get system.system.tcp_dump`
9785
9786
9787check_value(){
9788 value="$1"
9789 variable="$2"
9790
9791 if [ "$value" == "" ]; then
9792 echo "$value"
9793 else
9794 echo "$variable $value"
9795 fi
9796}
9797
9798start_service(){
9799 echo "start"
9800 if [ "$ENABLED" = "1" ]; then
9801 local options=""
9802 procd_open_instance
9803 echo "enabled"
9804 STORAGE=`uci -q get system.system.tcp_mount`
9805 FILTER=`uci -q get system.system.tcp_dump_filter`
9806 INTERFACE=`uci -q get system.system.tcp_dump_interface`
9807 if [ $STORAGE = "/tmp" ]; then
9808 options="-C 20 -W 1"
9809 fi
9810 HOST=`uci -q get system.system.tcp_host`
9811 PORT=`uci -q get system.system.tcp_port`
9812 DIRECTION=`uci -q get system.system.tcp_inout`
9813 HOST=`check_value "$HOST" "host"`
9814
9815 if [ "$HOST" == "" ]; then
9816 PORT=`check_value "$PORT" "port"`
9817 else
9818 PORT=`check_value "$PORT" "and port"`
9819 fi
9820
9821 DIRECTION=`check_value "$DIRECTION" "-Q"`
9822
9823 STORAGE=`check_value "$STORAGE" "-w"`
9824 INTERFACE=`check_value "$INTERFACE" "-i"`
9825 echo $FILTER $INTERFACE $DIRECTION $options $HOST $PORT $STORAGE"/tcpdebug.pcap"
9826 procd_set_param command /usr/sbin/tcpdump $FILTER $INTERFACE $DIRECTION $options $HOST $PORT $STORAGE"/tcpdebug.pcap"
9827 procd_set_param respawn
9828 procd_close_instance
9829 echo "paleido"
9830 fi
9831
9832}
9833
9834stop_service(){
9835 killall tcpdump
9836}
9837
9838##### File: /etc/rc.d/K99umount #####
9839#!/bin/sh /etc/rc.common
9840# Copyright (C) 2006 OpenWrt.org
9841
9842STOP=99
9843stop() {
9844 sync
9845 /bin/umount -a -d -r
9846}
9847
9848##### File: /etc/rc.d/K99usb_to_serial #####
9849#!/bin/sh /etc/rc.common
9850
9851USE_PROCD=1
9852START=14
9853STOP=99
9854
9855SERIAL=`cat /tmp/USB_to_serial_dev_path`
9856ENABLED=`uci -q get usb_to_serial.rs232.enabled`
9857
9858echo "USB_to_SERIAL init"
9859
9860check_value(){
9861 value="$1"
9862 variable="$2"
9863
9864 if [ "$value" == "" ]; then
9865 echo "$value"
9866 else
9867 echo "-$variable "$value""
9868 fi
9869}
9870
9871if [ "$ENABLED" = "1" ]; then
9872
9873 echo "enabled"
9874
9875 TYPE=`uci -q get usb_to_serial.rs232.type`
9876 SPEED=`uci -q get usb_to_serial.rs232.baudrate`
9877 DBITS=`uci -q get usb_to_serial.rs232.databits`
9878 PARITY=`uci -q get usb_to_serial.rs232.parity`
9879 SBITS=`uci -q get usb_to_serial.rs232.stopbits`
9880 FCTRL=`uci -q get usb_to_serial.rs232.flowcontrol`
9881 ECHO_ENABLED=`uci -q get usb_to_serial.rs232.echo_enabled`
9882
9883 case "$PARITY" in
9884 "none") PARITY_TMP="-parenb -parodd";;
9885 "odd") PARITY_TMP="parenb parodd";;
9886 "even") PARITY_TMP="parenb -parodd";;
9887 *) PARITY_TMP="-parenb -parodd";;
9888 esac
9889
9890 case "$SBITS" in
9891 1) SBITS_TMP="-cstopb";;
9892 2) SBITS_TMP="cstopb";;
9893 *) SBITS_TMP="-cstopb";;
9894 esac
9895
9896 case "$FCTRL" in
9897 "none") FCTRL_TMP="-crtscts -ixon -ixoff";;
9898 "rts/cts") FCTRL_TMP="crtscts -ixon -ixoff";;
9899 "xon/xoff") FCTRL_TMP="-crtscts ixon ixoff";;
9900 *) FCTRL_TMP="-crtscts -ixon -ixoff";;
9901 esac
9902
9903
9904 if [ "$TYPE" != "console" ]; then
9905 #if type is not console, check and kill all earler console processes thats left
9906 pids=`ps | grep [-]ash | awk '{print $1}'`
9907 for i in "${pids}"
9908 do
9909 kill -9 $i
9910 done
9911 fi
9912
9913 if [ "$ECHO_ENABLED" == "1" ]; then
9914 FCTRL_TMP="$FCTRL_TMP echo"
9915 else
9916 FCTRL_TMP="$FCTRL_TMP -echo"
9917 fi
9918
9919 /bin/stty -F /dev/"$SERIAL" "$SPEED" cs"$DBITS" $PARITY_TMP "$SBITS_TMP" $FCTRL_TMP
9920
9921 if [ "$TYPE" = "console" ]; then
9922 start_service() {
9923 procd_open_instance
9924 procd_set_param command /sbin/getty "$SPEED" /dev/"$SERIAL" vt100
9925 procd_set_param respawn
9926 procd_close_instance
9927 }
9928 elif [ "$TYPE" = "overip" ]; then
9929
9930 echo "overip"
9931
9932 MODE=`uci -q get usb_to_serial.rs232.mode`
9933
9934 SBITS=`check_value "$SBITS" "t"`
9935 DBITS=`check_value "$DBITS" "b"`
9936 SPEED=`check_value "$SPEED" "s"`
9937 PARITY=`check_value "$PARITY" "a"`
9938 spec_char=`uci -q get usb_to_serial.rs232.spec_char`
9939 if [ -z "$spec_char" ]; then
9940 spec_char=""
9941 spec_char_arg=""
9942 else
9943 spec_char_arg="-x "
9944 fi
9945
9946 if [ "$MODE" = "server" ]; then
9947
9948 echo "mode server"
9949
9950 MODE=`check_value "$MODE" "m"`
9951 TIMEOUT=`uci -q get usb_to_serial.rs232.timeout`
9952 TIMEOUT=`check_value "$TIMEOUT" "c"`
9953 IP_LISTEN=`uci -q get usb_to_serial.rs232.ip_listen`
9954 IP_LISTEN=`check_value "$IP_LISTEN" "i"`
9955 PORT_LISTEN=`uci -q get usb_to_serial.rs232.port_listen`
9956 PORT_LISTEN=`check_value "$PORT_LISTEN" "g"`
9957
9958 DEBUG_LEVEL=`uci -q get usb_to_serial.rs232.debug`
9959 DEBUG_LEVEL=`check_value "$DEBUG_LEVEL" "D"`
9960
9961 start_service() {
9962 procd_open_instance
9963 echo "/usr/sbin/sodog -p /dev/$SERIAL $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $TIMEOUT $IP_LISTEN $PORT_LISTEN $spec_char_arg$spec_char"
9964 procd_set_param command /usr/sbin/sodog -p "/dev/$SERIAL" $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $TIMEOUT $IP_LISTEN $PORT_LISTEN $spec_char_arg"$spec_char"
9965 procd_set_param respawn
9966 procd_close_instance
9967
9968 }
9969 elif [ "$MODE" = "client" ]; then
9970
9971 echo "mode client"
9972
9973 MODE=`check_value "$MODE" "m"`
9974 INTERVAL=`uci -q get usb_to_serial.rs232.recon_interval`
9975 INTERVAL=`check_value "$INTERVAL" "y"`
9976 IP_CONNECT=`uci -q get usb_to_serial.rs232.ip_connect`
9977 IP_CONNECT=`check_value "$IP_CONNECT" "l"`
9978 PORT_CONNECT=`uci -q get usb_to_serial.rs232.port_connect`
9979 PORT_CONNECT=`check_value "$PORT_CONNECT" "k"`
9980
9981 DEBUG_LEVEL=`uci -q get usb_to_serial.rs232.debug`
9982 DEBUG_LEVEL=`check_value "$DEBUG_LEVEL" "D"`
9983 start_service() {
9984 procd_open_instance
9985 echo "mode bidirect /usr/sbin/sodog -p /dev/$SERIAL $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $spec_char"
9986 procd_set_param command /usr/sbin/sodog -p "/dev/$SERIAL" $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $spec_char
9987 procd_set_param respawn
9988 procd_close_instance
9989 }
9990 elif [ "$MODE" = "bidirect" ]; then
9991
9992 echo "mode bidirect"
9993
9994 MODE=`check_value "$MODE" "m"`
9995 GPIO=`uci -q get usb_to_serial.rs232.gpio`
9996 GPIO=`check_value "$GPIO" "u"`
9997 GPIOSTATE=`uci -q get usb_to_serial.rs232.gpiostate`
9998 GPIOSTATE=`check_value "$GPIOSTATE" "j"`
9999
10000 TIMEOUT=`uci -q get usb_to_serial.rs232.timeout`
10001 TIMEOUT=`check_value "$TIMEOUT" "c"`
10002 IP_LISTEN=`uci -q get usb_to_serial.rs232.ip_listen`
10003 IP_LISTEN=`check_value "$IP_LISTEN" "i"`
10004 PORT_LISTEN=`uci -q get usb_to_serial.rs232.port_listen`
10005 PORT_LISTEN=`check_value "$PORT_LISTEN" "g"`
10006
10007 INTERVAL=`uci -q get usb_to_serial.rs232.recon_interval`
10008 INTERVAL=`check_value "$INTERVAL" "y"`
10009 IP_CONNECT=`uci -q get usb_to_serial.rs232.ip_connect`
10010 IP_CONNECT=`check_value "$IP_CONNECT" "l"`
10011 PORT_CONNECT=`uci -q get usb_to_serial.rs232.port_connect`
10012 PORT_CONNECT=`check_value "$PORT_CONNECT" "k"`
10013
10014 DEBUG_LEVEL=`uci -q get usb_to_serial.rs232.debug`
10015 DEBUG_LEVEL=`check_value "$DEBUG_LEVEL" "D"`
10016
10017 start_service() {
10018 procd_open_instance
10019 echo "/usr/sbin/sodog -p /dev/$SERIAL $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $TIMEOUT $IP_LISTEN $PORT_LISTEN $GPIO $GPIOSTATE"
10020 procd_set_param command /usr/sbin/sodog -p "/dev/$SERIAL" $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $TIMEOUT $IP_LISTEN $PORT_LISTEN $GPIO $GPIOSTATE
10021 procd_set_param respawn
10022 procd_close_instance
10023 }
10024 fi
10025 elif [ "$TYPE" = "modem" ]; then
10026 DCONNECT=`uci -q get usb_to_serial.rs232.direct_connect`
10027 PORT=`uci -q get usb_to_serial.rs232.modem_port`
10028 SPECIAL_CRLF=`uci -q get usb_to_serial.rs232.use_alternative_crlf`
10029 INIT_STRING=`uci -q get usb_to_serial.rs232.init_string`
10030
10031 [ -n "$DCONNECT" ] && PARAMS="$PARAMS -D $DCONNECT"
10032 [ -n "$PORT" ] && PARAMS="$PARAMS -p $PORT"
10033 [ -n "$INIT_STRING" ] && PARAMS="$PARAMS -i $INIT_STRING"
10034 [ -n "$SPECIAL_CRLF" ] && [ "$SPECIAL_CRLF" == "1" ] && PARAMS="$PARAMS -x 1"
10035 start_service() {
10036 procd_open_instance
10037 procd_set_param command /usr/bin/tcpser -s "$SPEED" -d "/dev/$SERIAL" $PARAMS
10038 procd_set_param respawn
10039 procd_close_instance
10040 }
10041 elif [ "$TYPE" = "modbus" ]; then
10042 MODBUS_IP=`uci -q get usb_to_serial.rs232.modbus_ip`
10043 MODBUS_PORT=`uci -q get usb_to_serial.rs232.modbus_port`
10044
10045 SLAVE_ID=`uci -q get usb_to_serial.rs232.slave_id`
10046 SLAVE_ID_CONFIG=`uci -q get usb_to_serial.rs232.slave_id_config`
10047 MULTI_SLAVE_ID=`uci -q get usb_to_serial.rs232.multi_slave_id`
10048 SINGLE_SLAVE_ID=`uci -q get usb_to_serial.rs232.single_slave_id`
10049
10050 start_service() {
10051 echo "$MULTI_SLAVE_ID"
10052 procd_open_instance
10053 if [ "$SLAVE_ID_CONFIG" = "single" ]; then
10054 procd_set_param command /usr/sbin/modbusgwd -p /dev/"$SERIAL" -s "$SPEED" -b "$DBITS" -a "$PARITY" -t "$SBITS" -g "$SINGLE_SLAVE_ID" -i "$MODBUS_IP" -m "$MODBUS_PORT"
10055 else
10056 procd_set_param command /usr/sbin/modbusgwd -p /dev/"$SERIAL" -s "$SPEED" -b "$DBITS" -a "$PARITY" -t "$SBITS" -r "$MULTI_SLAVE_ID" -i "$MODBUS_IP" -m "$MODBUS_PORT"
10057 fi
10058 procd_set_param respawn
10059 procd_close_instance
10060 }
10061 elif [ "$TYPE" = "ntrip" ]; then
10062 NTRIP_IP=`uci -q get usb_to_serial.rs232.ntrip_ip`
10063 NTRIP_IP=`check_value "$NTRIP_IP" "s"`
10064 NTRIP_PORT=`uci -q get usb_to_serial.rs232.ntrip_port`
10065 NTRIP_PORT=`check_value "$NTRIP_PORT" "r"`
10066 NTRIP_MOUNTPT=`uci -q get usb_to_serial.rs232.ntrip_mount_point`
10067 NTRIP_MOUNTPT=`check_value "$NTRIP_MOUNTPT" "m"`
10068 NTRIP_DATAF=`uci -q get usb_to_serial.rs232.ntrip_data_format`
10069 NTRIP_DATAF=`check_value "$NTRIP_DATAF" "M"`
10070 NTRIP_USER=`uci -q get usb_to_serial.rs232.ntrip_user`
10071 NTRIP_USER=`check_value "$NTRIP_USER" "u"`
10072 NTRIP_PSW=`uci -q get usb_to_serial.rs232.ntrip_password`
10073 NTRIP_PSW=`check_value "$NTRIP_PSW" "p"`
10074 HAVE_GPS=`uci get -q hwinfo.hwinfo.gps`
10075 USE_GPS=`uci -q get usb_to_serial.rs232.use_router_gps`
10076 GPS_FIXTIME=`gpsctl -f`
10077 NTRIP_USER_NMEA=`uci -q get usb_to_serial.rs232.user_nmea`
10078 NTRIP_NMEA=`uci -q get usb_to_serial.rs232.ntrip_nmea`
10079
10080 if [ "$HAVE_GPS" = "1" ] && [ "$USE_GPS" = "1" ] && [ -n "$GPS_FIXTIME" ] && [ "$GPS_FIXTIME" != "0" ]; then
10081 NMEA=`cat /dev/gps& sleep 3; kill $!`
10082 GPS_NMEA=`echo -n "$NMEA" | grep -m 1 GPGGA`
10083 if [ -n "$GPS_NMEA" ]; then
10084 NTRIP_NMEA_CHECKSUM=`echo -n $GPS_NMEA | tail -c 4`
10085 NTRIP_NMEA_CHECKSUM=${NTRIP_NMEA_CHECKSUM:0:2}
10086 NTRIP_NMEA=`echo -n $GPS_NMEA | cut -d '*' -f 1`
10087 NTRIP_NMEA=`echo -n "$NTRIP_NMEA*$NTRIP_NMEA_CHECKSUM"`
10088 elif [ -n "$NTRIP_USER_NMEA" ]; then
10089 NTRIP_NMEA="$NTRIP_USER_NMEA"
10090 fi
10091 elif [ -n "$NTRIP_USER_NMEA" ]; then
10092 NTRIP_NMEA="$NTRIP_USER_NMEA"
10093 fi
10094
10095 start_service() {
10096 procd_open_instance
10097 procd_set_param command /usr/bin/ntripclient $NTRIP_IP $NTRIP_PORT $NTRIP_MOUNTPT $NTRIP_DATAF $NTRIP_USER $NTRIP_PSW -n "$NTRIP_NMEA" -D /dev/"$SERIAL" -B "$SPEED" -A "$DBITS" -Y "$PARITY" -T "$SBITS"
10098 procd_set_param respawn
10099 procd_close_instance
10100 }
10101 fi
10102fi
10103
10104##### File: /etc/rc.d/K99wget_reboot #####
10105#!/bin/sh /etc/rc.common
10106
10107. /lib/functions.sh
10108
10109START=99
10110STOP=99
10111CRONTAB_FILE=/etc/crontabs/root
10112
10113start(){
10114 local enabled=0, time=0
10115
10116 config_load "wget_reboot"
10117 config_get enabled "wget_reboot" "enable" "0"
10118
10119 [ "$enabled" = "0" ] && exit 1
10120
10121 config_get time "wget_reboot" "time" "0"
10122
10123 sed -i '/check_wget_reboot.sh/d' ${CRONTAB_FILE} 2>/dev/null
10124
10125 case ${time} in
10126 "30")
10127 echo '0,30 * * * * /usr/sbin/check_wget_reboot.sh' >> ${CRONTAB_FILE}
10128 ;;
10129 "60")
10130 echo '0 */1 * * * /usr/sbin/check_wget_reboot.sh' >> ${CRONTAB_FILE}
10131 ;;
10132 "120")
10133 echo '0 */2 * * * /usr/sbin/check_wget_reboot.sh' >> ${CRONTAB_FILE}
10134 ;;
10135 *)
10136 echo "*/$time * * * * /usr/sbin/check_wget_reboot.sh" >> ${CRONTAB_FILE}
10137 ;;
10138 esac
10139}
10140
10141stop(){
10142 local pid=`pidof wget_reboot.sh`
10143
10144 sed -i '/check_wget_reboot.sh/d' ${CRONTAB_FILE} 2>/dev/null
10145
10146 [ "$pid" != "" ] && kill -9 ${pid}
10147}
10148##### File: /etc/rc.d/S05luci_fixtime #####
10149#!/bin/sh /etc/rc.common
10150
10151START=05
10152STOP=95
10153
10154start() {
10155 date -s @$(date +%s -r /etc/init.d/luci_fixtime)
10156}
10157
10158stop() {
10159 [ -w /etc/init.d/luci_fixtime ] && cat /dev/null >> /etc/init.d/luci_fixtime && touch /etc/init.d/luci_fixtime
10160}
10161
10162##### File: /etc/rc.d/S10boot #####
10163#!/bin/sh /etc/rc.common
10164# Copyright (C) 2006-2011 OpenWrt.org
10165
10166START=10
10167STOP=98
10168
10169uci_apply_defaults() {
10170 . /lib/functions/system.sh
10171
10172 cd /etc/uci-defaults || return 0
10173 files="$(ls)"
10174 [ -z "$files" ] && return 0
10175 mkdir -p /tmp/.uci
10176 for file in $files; do
10177 ( . "./$(basename $file)" ) && rm -f "$file"
10178 done
10179 uci commit
10180}
10181
10182boot() {
10183 /usr/sbin/statusledctrl LB_GYR &
10184
10185 [ -f /proc/mounts ] || /sbin/mount_root
10186 [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc
10187 [ -f /proc/net/vlan/config ] && vconfig set_name_type DEV_PLUS_VID_NO_PAD
10188
10189 mkdir -p /var/run
10190 mkdir -p /var/log
10191 mkdir -p /var/lock
10192 mkdir -p /var/state
10193 mkdir -p /tmp/.uci
10194 chmod 0700 /tmp/.uci
10195 touch /var/log/wtmp
10196 touch /var/log/lastlog
10197 touch /tmp/resolv.conf.auto
10198 ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf
10199 grep -q debugfs /proc/filesystems && /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug
10200
10201 # Start these two scripts in parallel because loading modules is mainly
10202 # I/O bound and CPU is not used 100% in that time.
10203 (/etc/init.d/i2c_gpio start; /etc/init.d/log start) &
10204
10205 /sbin/kmodloader
10206 # Only load mmc_spi when there is a uSD card reader
10207 if [ "$(uci get -q hwinfo.hwinfo.microsd)" = "1" ]; then
10208 insmod mmc_spi
10209 fi
10210
10211 uci_apply_defaults
10212
10213 # temporary hack until configd exists
10214 #/sbin/reload_config
10215
10216 start
10217
10218 # create /dev/root if it doesn't exist
10219 [ -e /dev/root -o -h /dev/root ] || {
10220 rootdev=$(awk 'BEGIN { RS=" "; FS="="; } $1 == "root" { print $2 }' < /proc/cmdline)
10221 [ -n "$rootdev" ] && ln -s "$rootdev" /dev/root
10222 }
10223
10224 # create symlink for RS485 UART
10225 [ -e /dev/ttyATH0 ] && ln -s /dev/ttyATH0 /dev/rs485
10226}
10227
10228##### File: /etc/rc.d/S10system #####
10229#!/bin/sh /etc/rc.common
10230# Copyright (C) 2014 OpenWrt.org
10231
10232START=10
10233USE_PROCD=1
10234
10235validate_system_section()
10236{
10237 uci_validate_section system system "${1}" \
10238 'hostname:string:OpenWrt' \
10239 'conloglevel:uinteger' \
10240 'buffersize:uinteger' \
10241 'timezone:string:UTC' \
10242 'zonename:string'
10243
10244 return $?
10245}
10246
10247system_config() {
10248 local cfg="$1"
10249
10250 local hostname conloglevel buffersize timezone zonename
10251
10252 validate_system_section "${1}" || {
10253 echo "validation failed"
10254 return 1
10255 }
10256 echo "$hostname" | sed 's/[^[:print:]]//g' > /proc/sys/kernel/hostname
10257 #echo "$hostname" > /proc/sys/kernel/hostname
10258 [ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize}
10259 echo "$timezone" > /tmp/TZ
10260 [ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && ln -s "/usr/share/zoneinfo/$zonename" /tmp/localtime
10261
10262 # apply timezone to kernel
10263 date -k
10264}
10265
10266reload_service() {
10267 config_load system
10268 config_foreach system_config system
10269}
10270
10271service_triggers()
10272{
10273 procd_add_reload_trigger "system"
10274 procd_add_validation validate_system_section
10275}
10276
10277start_service() {
10278 reload_service
10279}
10280
10281##### File: /etc/rc.d/S11sysctl #####
10282#!/bin/sh /etc/rc.common
10283# Copyright (C) 2006 OpenWrt.org
10284
10285START=11
10286start() {
10287 [ -f /etc/sysctl.conf ] && sysctl -p -e >&-
10288}
10289
10290##### File: /etc/rc.d/S12rpcd #####
10291#!/bin/sh /etc/rc.common
10292
10293START=12
10294
10295USE_PROCD=1
10296NAME=rpcd
10297PROG=/sbin/rpcd
10298
10299start_service() {
10300 procd_open_instance
10301 procd_set_param command "$PROG"
10302 procd_close_instance
10303}
10304
10305stop() {
10306 service_stop /sbin/rpcd
10307}
10308
10309reload() {
10310 service_reload /sbin/rpcd
10311}
10312
10313##### File: /etc/rc.d/S14operctl #####
10314#!/bin/sh /etc/rc.common
10315
10316# Copyright (C) 2014 Teltonika
10317USE_PROCD=1
10318START=14
10319
10320BIN="/usr/sbin/operctl"
10321LOCKFILE="/var/run/operctl.pid"
10322
10323start_service() {
10324 logger -t "operctl" "Deleting crontab rule"
10325 sed -i '/\/etc\/init.d\/operctl/d' /etc/crontabs/root
10326 /etc/init.d/cron restart
10327
10328 logger -t "operctl" "Starting"
10329
10330 procd_open_instance
10331
10332 procd_set_param command "$BIN"
10333
10334 procd_close_instance
10335}
10336
10337reload_service() {
10338 restart
10339}
10340
10341stop_service() {
10342 logger -t "operctl" "Stopping"
10343 rm $LOCKFILE
10344 # kill operchk watchdog
10345 ps | grep operchk.sh | awk '{print $1}' | xargs kill
10346}
10347
10348##### File: /etc/rc.d/S14usb_to_serial #####
10349#!/bin/sh /etc/rc.common
10350
10351USE_PROCD=1
10352START=14
10353STOP=99
10354
10355SERIAL=`cat /tmp/USB_to_serial_dev_path`
10356ENABLED=`uci -q get usb_to_serial.rs232.enabled`
10357
10358echo "USB_to_SERIAL init"
10359
10360check_value(){
10361 value="$1"
10362 variable="$2"
10363
10364 if [ "$value" == "" ]; then
10365 echo "$value"
10366 else
10367 echo "-$variable "$value""
10368 fi
10369}
10370
10371if [ "$ENABLED" = "1" ]; then
10372
10373 echo "enabled"
10374
10375 TYPE=`uci -q get usb_to_serial.rs232.type`
10376 SPEED=`uci -q get usb_to_serial.rs232.baudrate`
10377 DBITS=`uci -q get usb_to_serial.rs232.databits`
10378 PARITY=`uci -q get usb_to_serial.rs232.parity`
10379 SBITS=`uci -q get usb_to_serial.rs232.stopbits`
10380 FCTRL=`uci -q get usb_to_serial.rs232.flowcontrol`
10381 ECHO_ENABLED=`uci -q get usb_to_serial.rs232.echo_enabled`
10382
10383 case "$PARITY" in
10384 "none") PARITY_TMP="-parenb -parodd";;
10385 "odd") PARITY_TMP="parenb parodd";;
10386 "even") PARITY_TMP="parenb -parodd";;
10387 *) PARITY_TMP="-parenb -parodd";;
10388 esac
10389
10390 case "$SBITS" in
10391 1) SBITS_TMP="-cstopb";;
10392 2) SBITS_TMP="cstopb";;
10393 *) SBITS_TMP="-cstopb";;
10394 esac
10395
10396 case "$FCTRL" in
10397 "none") FCTRL_TMP="-crtscts -ixon -ixoff";;
10398 "rts/cts") FCTRL_TMP="crtscts -ixon -ixoff";;
10399 "xon/xoff") FCTRL_TMP="-crtscts ixon ixoff";;
10400 *) FCTRL_TMP="-crtscts -ixon -ixoff";;
10401 esac
10402
10403
10404 if [ "$TYPE" != "console" ]; then
10405 #if type is not console, check and kill all earler console processes thats left
10406 pids=`ps | grep [-]ash | awk '{print $1}'`
10407 for i in "${pids}"
10408 do
10409 kill -9 $i
10410 done
10411 fi
10412
10413 if [ "$ECHO_ENABLED" == "1" ]; then
10414 FCTRL_TMP="$FCTRL_TMP echo"
10415 else
10416 FCTRL_TMP="$FCTRL_TMP -echo"
10417 fi
10418
10419 /bin/stty -F /dev/"$SERIAL" "$SPEED" cs"$DBITS" $PARITY_TMP "$SBITS_TMP" $FCTRL_TMP
10420
10421 if [ "$TYPE" = "console" ]; then
10422 start_service() {
10423 procd_open_instance
10424 procd_set_param command /sbin/getty "$SPEED" /dev/"$SERIAL" vt100
10425 procd_set_param respawn
10426 procd_close_instance
10427 }
10428 elif [ "$TYPE" = "overip" ]; then
10429
10430 echo "overip"
10431
10432 MODE=`uci -q get usb_to_serial.rs232.mode`
10433
10434 SBITS=`check_value "$SBITS" "t"`
10435 DBITS=`check_value "$DBITS" "b"`
10436 SPEED=`check_value "$SPEED" "s"`
10437 PARITY=`check_value "$PARITY" "a"`
10438 spec_char=`uci -q get usb_to_serial.rs232.spec_char`
10439 if [ -z "$spec_char" ]; then
10440 spec_char=""
10441 spec_char_arg=""
10442 else
10443 spec_char_arg="-x "
10444 fi
10445
10446 if [ "$MODE" = "server" ]; then
10447
10448 echo "mode server"
10449
10450 MODE=`check_value "$MODE" "m"`
10451 TIMEOUT=`uci -q get usb_to_serial.rs232.timeout`
10452 TIMEOUT=`check_value "$TIMEOUT" "c"`
10453 IP_LISTEN=`uci -q get usb_to_serial.rs232.ip_listen`
10454 IP_LISTEN=`check_value "$IP_LISTEN" "i"`
10455 PORT_LISTEN=`uci -q get usb_to_serial.rs232.port_listen`
10456 PORT_LISTEN=`check_value "$PORT_LISTEN" "g"`
10457
10458 DEBUG_LEVEL=`uci -q get usb_to_serial.rs232.debug`
10459 DEBUG_LEVEL=`check_value "$DEBUG_LEVEL" "D"`
10460
10461 start_service() {
10462 procd_open_instance
10463 echo "/usr/sbin/sodog -p /dev/$SERIAL $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $TIMEOUT $IP_LISTEN $PORT_LISTEN $spec_char_arg$spec_char"
10464 procd_set_param command /usr/sbin/sodog -p "/dev/$SERIAL" $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $TIMEOUT $IP_LISTEN $PORT_LISTEN $spec_char_arg"$spec_char"
10465 procd_set_param respawn
10466 procd_close_instance
10467
10468 }
10469 elif [ "$MODE" = "client" ]; then
10470
10471 echo "mode client"
10472
10473 MODE=`check_value "$MODE" "m"`
10474 INTERVAL=`uci -q get usb_to_serial.rs232.recon_interval`
10475 INTERVAL=`check_value "$INTERVAL" "y"`
10476 IP_CONNECT=`uci -q get usb_to_serial.rs232.ip_connect`
10477 IP_CONNECT=`check_value "$IP_CONNECT" "l"`
10478 PORT_CONNECT=`uci -q get usb_to_serial.rs232.port_connect`
10479 PORT_CONNECT=`check_value "$PORT_CONNECT" "k"`
10480
10481 DEBUG_LEVEL=`uci -q get usb_to_serial.rs232.debug`
10482 DEBUG_LEVEL=`check_value "$DEBUG_LEVEL" "D"`
10483 start_service() {
10484 procd_open_instance
10485 echo "mode bidirect /usr/sbin/sodog -p /dev/$SERIAL $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $spec_char"
10486 procd_set_param command /usr/sbin/sodog -p "/dev/$SERIAL" $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $spec_char
10487 procd_set_param respawn
10488 procd_close_instance
10489 }
10490 elif [ "$MODE" = "bidirect" ]; then
10491
10492 echo "mode bidirect"
10493
10494 MODE=`check_value "$MODE" "m"`
10495 GPIO=`uci -q get usb_to_serial.rs232.gpio`
10496 GPIO=`check_value "$GPIO" "u"`
10497 GPIOSTATE=`uci -q get usb_to_serial.rs232.gpiostate`
10498 GPIOSTATE=`check_value "$GPIOSTATE" "j"`
10499
10500 TIMEOUT=`uci -q get usb_to_serial.rs232.timeout`
10501 TIMEOUT=`check_value "$TIMEOUT" "c"`
10502 IP_LISTEN=`uci -q get usb_to_serial.rs232.ip_listen`
10503 IP_LISTEN=`check_value "$IP_LISTEN" "i"`
10504 PORT_LISTEN=`uci -q get usb_to_serial.rs232.port_listen`
10505 PORT_LISTEN=`check_value "$PORT_LISTEN" "g"`
10506
10507 INTERVAL=`uci -q get usb_to_serial.rs232.recon_interval`
10508 INTERVAL=`check_value "$INTERVAL" "y"`
10509 IP_CONNECT=`uci -q get usb_to_serial.rs232.ip_connect`
10510 IP_CONNECT=`check_value "$IP_CONNECT" "l"`
10511 PORT_CONNECT=`uci -q get usb_to_serial.rs232.port_connect`
10512 PORT_CONNECT=`check_value "$PORT_CONNECT" "k"`
10513
10514 DEBUG_LEVEL=`uci -q get usb_to_serial.rs232.debug`
10515 DEBUG_LEVEL=`check_value "$DEBUG_LEVEL" "D"`
10516
10517 start_service() {
10518 procd_open_instance
10519 echo "/usr/sbin/sodog -p /dev/$SERIAL $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $TIMEOUT $IP_LISTEN $PORT_LISTEN $GPIO $GPIOSTATE"
10520 procd_set_param command /usr/sbin/sodog -p "/dev/$SERIAL" $DBITS $SPEED $PARITY $SBITS $MODE $DEBUG_LEVEL $IP_CONNECT $PORT_CONNECT $INTERVAL $TIMEOUT $IP_LISTEN $PORT_LISTEN $GPIO $GPIOSTATE
10521 procd_set_param respawn
10522 procd_close_instance
10523 }
10524 fi
10525 elif [ "$TYPE" = "modem" ]; then
10526 DCONNECT=`uci -q get usb_to_serial.rs232.direct_connect`
10527 PORT=`uci -q get usb_to_serial.rs232.modem_port`
10528 SPECIAL_CRLF=`uci -q get usb_to_serial.rs232.use_alternative_crlf`
10529 INIT_STRING=`uci -q get usb_to_serial.rs232.init_string`
10530
10531 [ -n "$DCONNECT" ] && PARAMS="$PARAMS -D $DCONNECT"
10532 [ -n "$PORT" ] && PARAMS="$PARAMS -p $PORT"
10533 [ -n "$INIT_STRING" ] && PARAMS="$PARAMS -i $INIT_STRING"
10534 [ -n "$SPECIAL_CRLF" ] && [ "$SPECIAL_CRLF" == "1" ] && PARAMS="$PARAMS -x 1"
10535 start_service() {
10536 procd_open_instance
10537 procd_set_param command /usr/bin/tcpser -s "$SPEED" -d "/dev/$SERIAL" $PARAMS
10538 procd_set_param respawn
10539 procd_close_instance
10540 }
10541 elif [ "$TYPE" = "modbus" ]; then
10542 MODBUS_IP=`uci -q get usb_to_serial.rs232.modbus_ip`
10543 MODBUS_PORT=`uci -q get usb_to_serial.rs232.modbus_port`
10544
10545 SLAVE_ID=`uci -q get usb_to_serial.rs232.slave_id`
10546 SLAVE_ID_CONFIG=`uci -q get usb_to_serial.rs232.slave_id_config`
10547 MULTI_SLAVE_ID=`uci -q get usb_to_serial.rs232.multi_slave_id`
10548 SINGLE_SLAVE_ID=`uci -q get usb_to_serial.rs232.single_slave_id`
10549
10550 start_service() {
10551 echo "$MULTI_SLAVE_ID"
10552 procd_open_instance
10553 if [ "$SLAVE_ID_CONFIG" = "single" ]; then
10554 procd_set_param command /usr/sbin/modbusgwd -p /dev/"$SERIAL" -s "$SPEED" -b "$DBITS" -a "$PARITY" -t "$SBITS" -g "$SINGLE_SLAVE_ID" -i "$MODBUS_IP" -m "$MODBUS_PORT"
10555 else
10556 procd_set_param command /usr/sbin/modbusgwd -p /dev/"$SERIAL" -s "$SPEED" -b "$DBITS" -a "$PARITY" -t "$SBITS" -r "$MULTI_SLAVE_ID" -i "$MODBUS_IP" -m "$MODBUS_PORT"
10557 fi
10558 procd_set_param respawn
10559 procd_close_instance
10560 }
10561 elif [ "$TYPE" = "ntrip" ]; then
10562 NTRIP_IP=`uci -q get usb_to_serial.rs232.ntrip_ip`
10563 NTRIP_IP=`check_value "$NTRIP_IP" "s"`
10564 NTRIP_PORT=`uci -q get usb_to_serial.rs232.ntrip_port`
10565 NTRIP_PORT=`check_value "$NTRIP_PORT" "r"`
10566 NTRIP_MOUNTPT=`uci -q get usb_to_serial.rs232.ntrip_mount_point`
10567 NTRIP_MOUNTPT=`check_value "$NTRIP_MOUNTPT" "m"`
10568 NTRIP_DATAF=`uci -q get usb_to_serial.rs232.ntrip_data_format`
10569 NTRIP_DATAF=`check_value "$NTRIP_DATAF" "M"`
10570 NTRIP_USER=`uci -q get usb_to_serial.rs232.ntrip_user`
10571 NTRIP_USER=`check_value "$NTRIP_USER" "u"`
10572 NTRIP_PSW=`uci -q get usb_to_serial.rs232.ntrip_password`
10573 NTRIP_PSW=`check_value "$NTRIP_PSW" "p"`
10574 HAVE_GPS=`uci get -q hwinfo.hwinfo.gps`
10575 USE_GPS=`uci -q get usb_to_serial.rs232.use_router_gps`
10576 GPS_FIXTIME=`gpsctl -f`
10577 NTRIP_USER_NMEA=`uci -q get usb_to_serial.rs232.user_nmea`
10578 NTRIP_NMEA=`uci -q get usb_to_serial.rs232.ntrip_nmea`
10579
10580 if [ "$HAVE_GPS" = "1" ] && [ "$USE_GPS" = "1" ] && [ -n "$GPS_FIXTIME" ] && [ "$GPS_FIXTIME" != "0" ]; then
10581 NMEA=`cat /dev/gps& sleep 3; kill $!`
10582 GPS_NMEA=`echo -n "$NMEA" | grep -m 1 GPGGA`
10583 if [ -n "$GPS_NMEA" ]; then
10584 NTRIP_NMEA_CHECKSUM=`echo -n $GPS_NMEA | tail -c 4`
10585 NTRIP_NMEA_CHECKSUM=${NTRIP_NMEA_CHECKSUM:0:2}
10586 NTRIP_NMEA=`echo -n $GPS_NMEA | cut -d '*' -f 1`
10587 NTRIP_NMEA=`echo -n "$NTRIP_NMEA*$NTRIP_NMEA_CHECKSUM"`
10588 elif [ -n "$NTRIP_USER_NMEA" ]; then
10589 NTRIP_NMEA="$NTRIP_USER_NMEA"
10590 fi
10591 elif [ -n "$NTRIP_USER_NMEA" ]; then
10592 NTRIP_NMEA="$NTRIP_USER_NMEA"
10593 fi
10594
10595 start_service() {
10596 procd_open_instance
10597 procd_set_param command /usr/bin/ntripclient $NTRIP_IP $NTRIP_PORT $NTRIP_MOUNTPT $NTRIP_DATAF $NTRIP_USER $NTRIP_PSW -n "$NTRIP_NMEA" -D /dev/"$SERIAL" -B "$SPEED" -A "$DBITS" -Y "$PARITY" -T "$SBITS"
10598 procd_set_param respawn
10599 procd_close_instance
10600 }
10601 fi
10602fi
10603
10604##### File: /etc/rc.d/S18logtrigger #####
10605#!/bin/sh /etc/rc.common
10606# Copyright (C) 2017 Teltonika
10607
10608USE_PROCD=1
10609START=18
10610STOP=98
10611
10612. /lib/functions.sh
10613
10614CONFIG="logtrigger"
10615BIN="logtrigger"
10616DIR=/usr/bin/
10617ENABLED=0
10618FOUND=0
10619
10620clear_block() {
10621 local section="$1"
10622 uci -q delete blocklist.$section
10623}
10624
10625reboot_clear() {
10626 local name
10627 local until_reboot
10628 local target="$2"
10629 config_get until_reboot $1 "until_reboot" "0"
10630 if [ "$until_reboot" == "1" ]; then
10631 config_get name $1 "name" "0"
10632 name=$(echo $name | awk -F '_' '{ print $1 }')
10633 if [ "$name" == "$target" ]; then
10634 FOUND=1
10635 return 1
10636 fi
10637 fi
10638}
10639
10640boot() {
10641 config_load $CONFIG
10642 config_foreach reboot_clear "rule" "SSH"
10643 if [ $FOUND -eq 1 ]; then
10644 config_load "blocklist"
10645 config_foreach clear_block "dropbear"
10646 uci commit blocklist
10647 fi
10648 FOUND=0
10649 config_load $CONFIG
10650 config_foreach reboot_clear "rule" "WebUI"
10651 if [ $FOUND -eq 1 ]; then
10652 config_load "blocklist"
10653 config_foreach clear_block "uhttpd"
10654 uci commit blocklist
10655 fi
10656 start
10657}
10658
10659rule_enabled() {
10660 local enabled
10661 config_get enabled $1 "enabled" "0"
10662 if [ "$enabled" == "1" ]; then
10663 ENABLED=1
10664 return 1
10665 fi
10666}
10667
10668start_service() {
10669 config_load $CONFIG
10670 config_foreach rule_enabled "rule"
10671
10672 [ $ENABLED -eq 0 ] && return
10673
10674 procd_open_instance
10675 procd_set_param command $DIR$BIN
10676 procd_set_param respawn
10677 procd_close_instance
10678}
10679
10680reload_service() {
10681 restart
10682}
10683
10684restart_service() {
10685 restart
10686}
10687
10688##### File: /etc/rc.d/S19firewall #####
10689#!/bin/sh /etc/rc.common
10690
10691START=19
10692USE_PROCD=1
10693QUIET=""
10694#DMZ taisykle nukeliame i gala, kad port forward turetu priority pries DMZ
10695dmz_to_end(){
10696 uci reorder firewall.DMZ=99; uci commit
10697}
10698
10699validate_firewall_redirect()
10700{
10701 uci_validate_section firewall redirect "${1}" \
10702 'proto:or(uinteger, string)' \
10703 'src:string' \
10704 'src_ip:cidr' \
10705 'src_dport:or(port, portrange)' \
10706 'dest:string' \
10707 'dest_ip:cidr' \
10708 'dest_port:or(port, portrange)' \
10709 'target:or("SNAT", "DNAT")'
10710
10711 return $?
10712}
10713
10714validate_firewall_rule()
10715{
10716 uci_validate_section firewall rule "${1}" \
10717 'proto:or(uinteger, string)' \
10718 'src:string' \
10719 'dest:string' \
10720 'src_port:or(port, portrange)' \
10721 'dest_port:or(port, portrange)' \
10722 'target:string'
10723
10724 return $?
10725}
10726
10727service_triggers() {
10728 procd_add_reload_trigger "firewall"
10729
10730 procd_open_validate
10731 validate_firewall_redirect
10732 validate_firewall_rule
10733 procd_close_validate
10734}
10735
10736restart() {
10737 dmz_to_end
10738 fw3 restart
10739}
10740
10741start_service() {
10742 dmz_to_end
10743 fw3 ${QUIET} start
10744}
10745
10746stop_service() {
10747 fw3 flush
10748}
10749
10750reload_service() {
10751 dmz_to_end
10752 fw3 reload
10753}
10754
10755boot() {
10756 # Be silent on boot, firewall might be started by hotplug already,
10757 # so don't complain in syslog.
10758 QUIET=1
10759 start
10760}
10761
10762##### File: /etc/rc.d/S20network #####
10763#!/bin/sh /etc/rc.common
10764
10765START=20
10766STOP=90
10767
10768USE_PROCD=1
10769init_switch() {
10770 setup_switch() { return 0; }
10771 include /lib/network
10772 setup_switch
10773 (sleep 10; /sbin/chroutes) &
10774}
10775
10776start_service() {
10777 # Start ioman in parallel because swconfig is mainly I/O bound
10778 # to save boot time by fully using CPU time
10779 (sleep 1 && /etc/init.d/ioman start) &
10780 init_switch
10781
10782 /sbin/wifi detect > /tmp/wireless.tmp
10783 [ -s /tmp/wireless.tmp ] && {
10784 cat /tmp/wireless.tmp >> /etc/config/wireless
10785 }
10786 rm -f /tmp/wireless.tmp
10787
10788 procd_open_instance
10789 procd_set_param command /sbin/netifd
10790 procd_set_param respawn
10791 procd_set_param watch network.interface
10792 [ -e /proc/sys/kernel/core_pattern ] && {
10793 procd_set_param limits core="unlimited"
10794 echo '/tmp/%e.%p.%s.%t.core' > /proc/sys/kernel/core_pattern
10795 }
10796 procd_close_instance
10797}
10798
10799reload_service() {
10800 local rv=0
10801 killall -s USR1 port_event_checker
10802 init_switch
10803 ubus call network reload || rv=1
10804 /sbin/wifi reload_legacy
10805 return $rv
10806}
10807
10808stop_service() {
10809 killall -s USR1 port_event_checker
10810 /sbin/wifi down
10811 ifdown -a
10812 sleep 1
10813}
10814
10815service_running() {
10816 ubus -t 30 wait_for network.interface
10817 /sbin/wifi reload_legacy
10818}
10819
10820validate_atm_bridge_section()
10821{
10822 uci_validate_section network "atm-bridge" "${1}" \
10823 'unit:uinteger:0' \
10824 'vci:range(32, 65535):35' \
10825 'vpi:range(0, 255):8' \
10826 'atmdev:uinteger:0' \
10827 'encaps:or("llc", "vc"):llc' \
10828 'payload:or("bridged", "routed"):bridged'
10829}
10830
10831validate_route_section()
10832{
10833 uci_validate_section network route "${1}" \
10834 'interface:string' \
10835 'target:cidr4' \
10836 'netmask:netmask4' \
10837 'gateway:ip4addr' \
10838 'metric:uinteger' \
10839 'mtu:uinteger' \
10840 'table:or(range(0,65535),string)'
10841}
10842
10843validate_route6_section()
10844{
10845 uci_validate_section network route6 "${1}" \
10846 'interface:string' \
10847 'target:cidr6' \
10848 'gateway:ip6addr' \
10849 'metric:uinteger' \
10850 'mtu:uinteger' \
10851 'table:or(range(0,65535),string)'
10852}
10853
10854validate_rule_section()
10855{
10856 uci_validate_section network rule "${1}" \
10857 'in:string' \
10858 'out:string' \
10859 'src:cidr4' \
10860 'dest:cidr4' \
10861 'tos:range(0,31)' \
10862 'mark:string' \
10863 'invert:bool' \
10864 'lookup:or(range(0,65535),string)' \
10865 'goto:range(0,65535)' \
10866 'action:or("prohibit", "unreachable", "blackhole", "throw")'
10867}
10868
10869validate_rule6_section()
10870{
10871 uci_validate_section network rule6 "${1}" \
10872 'in:string' \
10873 'out:string' \
10874 'src:cidr6' \
10875 'dest:cidr6' \
10876 'tos:range(0,31)' \
10877 'mark:string' \
10878 'invert:bool' \
10879 'lookup:or(range(0,65535),string)' \
10880 'goto:range(0,65535)' \
10881 'action:or("prohibit", "unreachable", "blackhole", "throw")'
10882}
10883
10884validate_switch_section()
10885{
10886 uci_validate_section network switch "${1}" \
10887 'name:string' \
10888 'enable:bool' \
10889 'enable_vlan:bool' \
10890 'reset:bool'
10891}
10892
10893validate_switch_vlan()
10894{
10895 uci_validate_section network switch_vlan "${1}" \
10896 'device:string' \
10897 'vlan:uinteger' \
10898 'ports:list(ports)'
10899}
10900
10901service_triggers()
10902{
10903 procd_add_reload_trigger network wireless
10904
10905 procd_open_validate
10906 validate_atm_bridge_section
10907 validate_route_section
10908 validate_route6_section
10909 validate_rule_section
10910 validate_rule6_section
10911 validate_switch_section
10912 validate_switch_vlan
10913 procd_close_validate
10914}
10915
10916shutdown() {
10917 ifdown -a
10918 sleep 1
10919}
10920
10921##### File: /etc/rc.d/S20usbmode #####
10922#!/bin/sh /etc/rc.common
10923# Copyright (C) 2013 OpenWrt.org
10924
10925START=20
10926USE_PROCD=1
10927
10928start_service()
10929{
10930 procd_open_instance
10931 procd_set_param command "/sbin/usbmode" -s
10932 procd_close_instance
10933}
10934
10935##### File: /etc/rc.d/S21modem #####
10936#!/bin/sh /etc/rc.common
10937
10938# This script manages modem power states
10939# (some boot time modem initialization also can be done here)
10940
10941. /lib/teltonika-functions.sh
10942. /lib/functions.sh
10943
10944START=21
10945STOP=97
10946WATCHDOG_INHIBIT_FILE="/tmp/watchdog_inhibit"
10947
10948get_model()
10949{
10950 uci get hwinfo.hwinfo.mnf_code | grep -c "RUT90.0\|RUT95.G"
10951}
10952
10953boot()
10954{
10955 echo "modem: inserting USB driver"
10956 insmod ehci-platform 2>/dev/null
10957 if [ "$1" != "0" ]; then
10958 generic_start
10959 fi
10960}
10961
10962generic_start()
10963{
10964 echo "modem: starting generic 3G modem"
10965
10966 #Reset
10967 /sbin/gpio.sh set MON
10968 #Power on
10969 /sbin/gpio.sh clear MRST
10970
10971 model=`get_model`
10972 if [ "$model" == "1" ]; then
10973 sleep 8
10974 boot "0"
10975 /usr/sbin/modem_check.sh &
10976 fi
10977
10978 return 0
10979}
10980
10981generic_stop()
10982{
10983 echo "modem: stopping generic 3G modem..."
10984 model=`get_model`
10985 touch "$WATCHDOG_INHIBIT_FILE"
10986
10987 if [ "$model" == "1" ]; then
10988 # Prevent Telit startup after shutdown command
10989 /sbin/gpio.sh clear MON
10990 fi
10991
10992 if [ "$(gsmctl --shutdown 2>/dev/null)" != "OK" ]; then
10993 echo "modem: dirty modem reset or shutdown"
10994 fi
10995
10996 #Stop processes
10997 /etc/init.d/gsmd stop
10998
10999 gpsd=`uci get gps.gps.enabled`
11000 if [ "$gpsd" == "1" ]; then
11001 /etc/init.d/gpsd stop
11002 fi
11003 killall -9 operctl 2>/dev/null
11004
11005 #Init modem pins
11006 /sbin/gpio.sh "export" MON
11007 /sbin/gpio.sh "dirout" MON
11008 /sbin/gpio.sh "export" MRST
11009 /sbin/gpio.sh "dirout" MRST
11010 #/sbin/gpio.sh "export" SIM
11011 #/sbin/gpio.sh "dirout" SIM
11012
11013 if [ "$model" != "1" ]; then
11014 #Reset
11015 /sbin/gpio.sh clear MON
11016 fi
11017
11018 #Power off
11019 /sbin/gpio.sh set MRST
11020 usleep 400000
11021 #Reload USB driver for RUT900 Telit module (fw 0.226 workaround)
11022 if [ "$model" == "1" ]; then
11023 echo "modem: removing USB driver"
11024 rmmod ehci-platform
11025 killall -9 modem_check.sh 2>/dev/null
11026 fi
11027 usleep 400000
11028 echo "modem: done"
11029}
11030
11031
11032start()
11033{
11034 generic_start
11035}
11036
11037stop()
11038{
11039 generic_stop
11040}
11041
11042##### File: /etc/rc.d/S40fstab #####
11043#!/bin/sh /etc/rc.common
11044# (C) 2013 openwrt.org
11045
11046START=40
11047
11048boot() {
11049 /sbin/block mount
11050}
11051
11052start() {
11053 echo "this file has been obsoleted. please call \"/sbin/block mount\" directly"
11054}
11055
11056stop() {
11057 /sbin/block umount
11058}
11059
11060##### File: /etc/rc.d/S41eventslog #####
11061#!/bin/sh /etc/rc.common
11062
11063START=41
11064STOP=99
11065USE_PROCD=1
11066
11067LOG_PART="event-log"
11068MOUNT_DIR="/log"
11069EXTRA_COMMANDS="mount_log_part"
11070
11071mount_log_part() {
11072 # Mount event-log partition
11073 ret=`grep -m 1 "\"$LOG_PART\"" /proc/mtd`
11074 log_mtd_num=${ret:3:1}
11075 if [ -z "$log_mtd_num" ]; then
11076 echo "Partition '$LOG_PART' not found"
11077 return 1
11078 fi
11079 if ! grep -qs "mtdblock$log_mtd_num" /proc/mounts; then
11080 mkdir -p /mnt/mtdblock"$log_mtd_num"
11081 # *WORKAROUND* dėl eventslog particijos po safe mode išėmimo:
11082 # Kiekvienoje JFFS2 particijos pradžioje turi būti magiška
11083 # konstanta JFFS2_MAGIC_BITMASK (iš Linux kodo) t.y. 0x1985 tad
11084 # patikrinam ar ji egzistuoja. Jeigu ne - tai bus suvaryta failų
11085 # sistema ir pats Linux jos nelies, kad nepradanginti galimai
11086 # vertingų duomenų, tad vienintelis būdas mums sugrįžti iš to,
11087 # kad gauti veikiantį eventslog yra ištrinti visą tą flasho
11088 # vietą ir pradėti gyvenimą iš naujo.
11089 first_2_bytes="$(hexdump -e '/1 "%02X"' -n 2 /dev/mtdblock$log_mtd_num)"
11090 if [ -n "$first_2_bytes" -a "$first_2_bytes" != "1985" ]; then
11091 echo "$LOG_PART MTD partition is broken WRT the FS, fixing it by erasing" > /dev/kmsg
11092 mtd erase "$LOG_PART"
11093 fi
11094 mount -t jffs2 /dev/mtdblock"$log_mtd_num" /mnt/mtdblock"$log_mtd_num"/
11095 fi
11096}
11097
11098check_startup(){
11099 if [ -f "/tmp/first_boot" ]; then
11100 /usr/bin/eventslog -i -t EVENTS -n 'Reboot' -e 'First boot start up'
11101 uci set system.device_info.reboot=1
11102 uci commit system
11103 #setting router name and host name by router type
11104 tipo_kodas=`uci get -q hwinfo.hwinfo.mnf_code`
11105 tipas=${tipo_kodas:0:6}
11106 pradzia="Teltonika-"
11107 pabaiga=".com"
11108 #atsakymas=$pradzia$tipas$pabaiga
11109 atsakymas=$(echo "$pradzia$tipas$pabaiga" | sed 's/[^[:print:]]//g')
11110 logger "hostame set $atsakymas"
11111 if [ `which brand` ]; then
11112 brand_hostname=`brand 22`
11113 [ "$brand_hostname" != "" ] && atsakymas=`brand 22`
11114 brand_routername=`brand 24`
11115 [ "$brand_routername" != "" ] && tipas=`brand 24`
11116 fi
11117
11118 `uci set system.system.routername=$tipas`
11119 `uci set system.system.hostname="$atsakymas"`
11120
11121 #Ignore if hostname specified in branding config
11122 if [ "$brand_hostname" == "" ]; then
11123 gethost=`uci get -q system.system.hostname`
11124 checkname=${gethost:10:6}
11125 name="RUT"
11126 model=${gethost:13:3}
11127 check=$(echo $checkname | grep '[^a-zA-Z0-9]')
11128 atsakymas=$(echo "$pradzia$name$model$pabaiga" | sed 's/[^[:print:]]//g')
11129
11130 if [[ "$check" != "" ]]; then
11131 /rom/etc/uci-defaults/01_mnf_info
11132 `uci set system.system.hostname=$atsakymas`
11133 fi
11134 fi
11135 fi
11136 reboot=`uci get -q system.device_info.reboot`
11137 if [ "$reboot" == "1" ]; then
11138 uci set system.device_info.reboot=0
11139 uci commit system
11140 elif [ "$reboot" == "0" ]; then
11141 /usr/bin/eventslog -i -t EVENTS -n "Reboot" -e "Boot start up, reason unknown"
11142 fi
11143}
11144
11145#boot() {
11146# mount_log_part
11147# start_service
11148# check_startup
11149#}
11150
11151start_service()
11152{
11153 mount_log_part
11154
11155 procd_open_instance
11156 procd_set_param respawn
11157 procd_set_param command /usr/bin/eventslogd
11158 procd_close_instance
11159
11160 check_startup
11161}
11162
11163##### File: /etc/rc.d/S43sim_conf_switch #####
11164#!/bin/sh /etc/rc.common
11165# Copyright (C) 2014 Teltonika
11166
11167START=43
11168
11169first=$(uci -q get teltonika.sys.first_login)
11170
11171start() {
11172 if [ "$first" != "1" ]; then
11173 /usr/sbin/sim_switch change default
11174 fi
11175}
11176
11177##### File: /etc/rc.d/S50cron #####
11178#!/bin/sh /etc/rc.common
11179# Copyright (C) 2006-2011 OpenWrt.org
11180
11181START=50
11182
11183USE_PROCD=1
11184PROG=/usr/sbin/crond
11185
11186validate_cron_section() {
11187 uci_validate_section system system "${1}" \
11188 'cronloglevel:uinteger'
11189}
11190
11191start_service () {
11192 [ -z "$(ls /etc/crontabs/)" ] && return 1
11193
11194 loglevel="$(uci_get "system.@system[0].cronloglevel")"
11195
11196 [ -z "${loglevel}" ] || {
11197 /sbin/validate_data uinteger "${loglevel}" 2>/dev/null
11198 [ "$?" -eq 0 ] || {
11199 echo "validation failed"
11200 return 1
11201 }
11202 }
11203
11204 mkdir -p /var/spool/cron
11205 ln -s /etc/crontabs /var/spool/cron/ 2>/dev/null
11206
11207 procd_open_instance
11208 procd_set_param command "$PROG" -f -c /etc/crontabs -l "${loglevel:-5}"
11209 procd_close_instance
11210}
11211
11212service_triggers()
11213{
11214 procd_add_validation validate_cron_section
11215}
11216
11217##### File: /etc/rc.d/S50dropbear #####
11218#!/bin/sh /etc/rc.common
11219# Copyright (C) 2006-2010 OpenWrt.org
11220# Copyright (C) 2006 Carlos Sobrinho
11221
11222START=50
11223STOP=50
11224
11225USE_PROCD=1
11226PROG=/usr/sbin/dropbear
11227NAME=dropbear
11228PIDCOUNT=0
11229EXTRA_COMMANDS="killclients"
11230EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself"
11231
11232append_ports()
11233{
11234 local ifname="$1"
11235 local port="$2"
11236
11237 grep -qs "^ *$ifname:" /proc/net/dev || {
11238 procd_append_param command -p "$port"
11239 return
11240 }
11241
11242 for addr in $(
11243 ifconfig "$ifname" | sed -ne '
11244 /addr: *fe[89ab][0-9a-f]:/d
11245 s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
11246 '
11247 ); do
11248 procd_append_param command -p "$addr:$port"
11249 done
11250}
11251
11252validate_section_dropbear()
11253{
11254 uci_validate_section dropbear dropbear "${1}" \
11255 'PasswordAuth:bool:1' \
11256 'enable:bool:1' \
11257 'Interface:string' \
11258 'GatewayPorts:bool:0' \
11259 'RootPasswordAuth:bool:1' \
11260 'RootLogin:bool:1' \
11261 'rsakeyfile:file' \
11262 'BannerFile:file' \
11263 'Port:list(port):22' \
11264 'SSHKeepAlive:uinteger:300' \
11265 'IdleTimeout:uinteger:0'
11266 return $?
11267}
11268
11269dropbear_instance()
11270{
11271 local PasswordAuth enable Interface GatewayPorts \
11272 RootPasswordAuth RootLogin rsakeyfile \
11273 BannerFile Port
11274
11275 validate_section_dropbear "${1}" || {
11276 echo "validation failed"
11277 return 1
11278 }
11279
11280 [ "${enable}" = "0" ] && return 1
11281 PIDCOUNT="$(( ${PIDCOUNT} + 1))"
11282 local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
11283
11284 procd_open_instance
11285 procd_set_param command "$PROG" -F -P "$pid_file"
11286 [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s
11287 [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a
11288 [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
11289 [ "${RootLogin}" -eq 0 ] && procd_append_param command -w
11290 [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
11291 [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
11292 [ -n "${Interface}" ] && network_get_device Interface "${Interface}"
11293 append_ports "${Interface}" "${Port}"
11294 [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}"
11295 [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}"
11296 procd_close_instance
11297}
11298
11299keygen()
11300{
11301 for keytype in rsa; do
11302 # check for keys
11303 key=dropbear/dropbear_${keytype}_host_key
11304 [ -f /tmp/$key -o -s /etc/$key ] || {
11305 # generate missing keys
11306 mkdir -p /tmp/dropbear
11307 [ -x /usr/bin/dropbearkey ] && {
11308 /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
11309 } &
11310 exit 0
11311 }
11312 done
11313
11314 lock /tmp/.switch2jffs
11315 mkdir -p /etc/dropbear
11316 mv /tmp/dropbear/dropbear_* /etc/dropbear/
11317 lock -u /tmp/.switch2jffs
11318 chown root /etc/dropbear
11319 chmod 0700 /etc/dropbear
11320}
11321
11322start_service()
11323{
11324 [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen
11325
11326 . /lib/functions.sh
11327 . /lib/functions/network.sh
11328
11329 config_load "${NAME}"
11330 config_foreach dropbear_instance dropbear
11331}
11332
11333service_triggers()
11334{
11335 procd_add_reload_trigger "dropbear"
11336 procd_add_validation validate_section_dropbear
11337}
11338
11339killclients()
11340{
11341 local ignore=''
11342 local server
11343 local pid
11344
11345 # if this script is run from inside a client session, then ignore that session
11346 pid="$$"
11347 while [ "${pid}" -ne 0 ]
11348 do
11349 # get parent process id
11350 pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
11351 [ "${pid}" -eq 0 ] && break
11352
11353 # check if client connection
11354 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
11355 append ignore "${pid}"
11356 break
11357 }
11358 done
11359
11360 # get all server pids that should be ignored
11361 for server in `cat /var/run/${NAME}.*.pid`
11362 do
11363 append ignore "${server}"
11364 done
11365
11366 # get all running pids and kill client connections
11367 local skip
11368 for pid in `pidof "${NAME}"`
11369 do
11370 # check if correct program, otherwise process next pid
11371 grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
11372 continue
11373 }
11374
11375 # check if pid should be ignored (servers, ourself)
11376 skip=0
11377 for server in ${ignore}
11378 do
11379 if [ "${pid}" == "${server}" ]
11380 then
11381 skip=1
11382 break
11383 fi
11384 done
11385 [ "${skip}" -ne 0 ] && continue
11386
11387 # kill process
11388 echo "${initscript}: Killing ${pid}..."
11389 kill -KILL ${pid}
11390 done
11391}
11392
11393##### File: /etc/rc.d/S50ntpserver #####
11394#!/bin/sh /etc/rc.common
11395
11396# Copyright (C) 2014 Teltonika
11397
11398. /lib/teltonika-functions.sh
11399
11400START=50
11401STOP=51
11402USE_PROCD=1
11403
11404start_service() {
11405 local enabled
11406
11407 config_load ntpserver
11408 config_get enabled general enabled "0"
11409
11410 [ "$enabled" == 0 ] && return
11411
11412 logger -t "ntpd" "Starting NTP server"
11413 procd_open_instance
11414 procd_set_param respawn 0
11415 procd_set_param command "ntpd" -ln
11416 procd_close_instance
11417}
11418##### File: /etc/rc.d/S50p910nd #####
11419#!/bin/sh /etc/rc.common
11420# Copyright (C) 2007 OpenWrt.org
11421START=50
11422USE_PROCD=1
11423
11424append_bool() {
11425 local section="$1"
11426 local option="$2"
11427 local value="$3"
11428 local _val
11429 config_get_bool _val "$section" "$option" '0'
11430 [ "$_val" -gt 0 ] && append args "$3"
11431}
11432
11433append_string() {
11434 local section="$1"
11435 local option="$2"
11436 local value="$3"
11437 local _val
11438 config_get _val "$section" "$option"
11439 [ -n "$_val" ] && append args "$3$_val"
11440}
11441
11442start_service() {
11443 config_load "p910nd"
11444 config_foreach start_p910nd p910nd
11445}
11446
11447
11448start_p910nd() {
11449 local section="$1"
11450 config_get_bool "enabled" "$section" "enabled" '1'
11451 if [ "$enabled" -gt 0 ]; then
11452 args="-d "
11453 config_get port "$section" port
11454 name=p910${port}d
11455 append_bool "$section" bidirectional "-b"
11456 append_string "$section" device "-f "
11457 append_string "$section" bind "-i "
11458 append_string "$section" port ""
11459 procd_open_instance $name
11460 procd_set_param command /usr/sbin/p910nd $args
11461 procd_close_instance
11462 fi
11463}
11464
11465##### File: /etc/rc.d/S50uhttpd #####
11466#!/bin/sh /etc/rc.common
11467# Copyright (C) 2010 Jo-Philipp Wich
11468
11469START=50
11470
11471USE_PROCD=1
11472
11473UHTTPD_BIN="/usr/sbin/uhttpd"
11474OPENSSL_BIN="/usr/bin/openssl"
11475
11476append_arg() {
11477 local cfg="$1"
11478 local var="$2"
11479 local opt="$3"
11480 local def="$4"
11481 local val
11482
11483 config_get val "$cfg" "$var"
11484 [ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
11485}
11486
11487append_bool() {
11488 local cfg="$1"
11489 local var="$2"
11490 local opt="$3"
11491 local def="$4"
11492 local val
11493
11494 config_get_bool val "$cfg" "$var" "$def"
11495 [ "$val" = 1 ] && procd_append_param command "$opt"
11496}
11497
11498generate_keys() {
11499 local cfg="$1"
11500 local key="$2"
11501 local crt="$3"
11502 local days bits country state location commonname
11503
11504 config_get days "$cfg" days
11505 config_get bits "$cfg" bits
11506 config_get country "$cfg" country
11507 config_get state "$cfg" state
11508 config_get location "$cfg" location
11509 config_get commonname "$cfg" commonname
11510
11511 # Prefer px5g for certificate generation (existence evaluated last)
11512 local GENKEY_CMD=""
11513 local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
11514 [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
11515 [ -n "$GENKEY_CMD" ] && {
11516 $GENKEY_CMD \
11517 -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
11518 -subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}"
11519 sync
11520 mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
11521 mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}"
11522 }
11523}
11524
11525create_httpauth() {
11526 local cfg="$1"
11527 local prefix username password
11528
11529 config_get prefix "$cfg" prefix
11530 config_get username "$cfg" username
11531 config_get password "$cfg" password
11532
11533 if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then
11534 return
11535 fi
11536 echo "${prefix}:${username}:${password}" >>$httpdconf
11537 haveauth=1
11538}
11539
11540start_instance()
11541{
11542 UHTTPD_CERT=""
11543 UHTTPD_KEY=""
11544
11545 local cfg="$1"
11546 local tmp="$(uci_get system.system.hostname)"
11547 local realm=$(echo "$tmp" | sed 's/[^[:print:]]//g')
11548 local listen http https interpreter indexes path handler httpdconf haveauth enb_http
11549
11550 config_get disabled "$cfg" disabled "0"
11551 if [ "$disabled" = "1" ]; then
11552 return
11553 fi
11554
11555 procd_open_instance
11556 procd_set_param respawn
11557 #procd_set_param stderr 1
11558 procd_set_param command "$UHTTPD_BIN" -f
11559
11560 config_get config "$cfg" config
11561 if [ -z "$config" ]; then
11562 mkdir -p /var/etc/uhttpd
11563 httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf"
11564 rm -f ${httpdconf}
11565 config_list_foreach "$cfg" httpauth create_httpauth
11566 if [ "$haveauth" = "1" ]; then
11567 procd_append_param command -c ${httpdconf}
11568 [ -r /etc/httpd.conf ] && cat /etc/httpd.conf >>/var/etc/uhttpd/httpd.${cfg}.conf
11569 fi
11570 fi
11571
11572 append_arg "$cfg" home "-h"
11573 append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
11574 append_arg "$cfg" config "-c"
11575 append_arg "$cfg" cgi_prefix "-x"
11576 [ -f /usr/lib/uhttpd_lua.so ] && {
11577 config_get handler "$cfg" lua_handler
11578 [ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && {
11579 procd_append_param command "-L" "$handler"
11580 }
11581 }
11582 [ -f /usr/lib/uhttpd_ubus.so ] && {
11583 append_arg "$cfg" ubus_prefix "-u"
11584 append_arg "$cfg" ubus_socket "-U"
11585 append_bool "$cfg" ubus_cors "-X" 0
11586 }
11587 append_arg "$cfg" script_timeout "-t"
11588 append_arg "$cfg" network_timeout "-T"
11589 append_arg "$cfg" http_keepalive "-k"
11590 append_arg "$cfg" tcp_keepalive "-A"
11591 append_arg "$cfg" error_page "-E"
11592 append_arg "$cfg" max_requests "-n" 3
11593 append_arg "$cfg" max_connections "-N"
11594
11595 append_bool "$cfg" no_ubusauth "-a" 0
11596 append_bool "$cfg" no_symlinks "-S" 0
11597 append_bool "$cfg" no_dirlists "-D" 0
11598 append_bool "$cfg" rfc1918_filter "-R" 0
11599 config_get enb_http "$cfg" enablehttp
11600
11601 config_get alias_list "$cfg" alias
11602 for alias in $alias_list; do
11603 procd_append_param command -y "$alias"
11604 done
11605
11606 [ "$enb_http" == "1" ] && {
11607 config_get http "$cfg" listen_http
11608 for listen in $http; do
11609 procd_append_param command -p "$listen"
11610 done
11611 }
11612
11613 config_get interpreter "$cfg" interpreter
11614 for path in $interpreter; do
11615 procd_append_param command -i "$path"
11616 done
11617
11618 config_get indexes "$cfg" index_page
11619 for path in $indexes; do
11620 procd_append_param command -I "$path"
11621 done
11622
11623 config_get https "$cfg" listen_https
11624 config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key
11625 config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt
11626
11627 [ -n "$https" ] && {
11628 [ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || {
11629 config_foreach generate_keys cert
11630 }
11631
11632 [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
11633 append_arg "$cfg" cert "-C"
11634 append_arg "$cfg" key "-K"
11635
11636 for listen in $https; do
11637 procd_append_param command -s "$listen"
11638 done
11639 }
11640
11641 append_bool "$cfg" redirect_https "-q" 0
11642 }
11643
11644 for file in /etc/uhttpd/*.json; do
11645 [ -s "$file" ] && procd_append_param command -H "$file"
11646 done
11647
11648 procd_close_instance
11649}
11650
11651service_triggers()
11652{
11653 procd_add_reload_trigger "uhttpd"
11654}
11655
11656start_service() {
11657 config_load uhttpd
11658 config_foreach start_instance uhttpd
11659}
11660
11661##### File: /etc/rc.d/S59luci_dhcp_migrate #####
11662#!/bin/sh /etc/rc.common
11663
11664START=59
11665
11666boot() {
11667 if [ -f /etc/config/luci_ethers ]; then
11668 logger -t luci_dhcp_migrate "Migrating luci_ethers configuration ..."
11669
11670 lua -lluci.model.uci -e '
11671 x=luci.model.uci.cursor()
11672 x:foreach("luci_ethers", "static_lease",
11673 function(s)
11674 x:section("dhcp", "host", nil, {mac=s.macaddr, ip=s.ipaddr})
11675 end)
11676 x:save("dhcp")
11677 x:commit("dhcp")
11678 '
11679
11680 rm -f /etc/config/luci_ethers
11681 fi
11682
11683 if [ -f /etc/config/luci_hosts ]; then
11684 logger -t luci_dhcp_migrate "Migrating luci_hosts configuration ..."
11685
11686 lua -lluci.model.uci -e '
11687 x=luci.model.uci.cursor()
11688 x:foreach("luci_hosts", "host",
11689 function(s)
11690 x:section("dhcp", "domain", nil, {name=s.hostname, ip=s.ipaddr})
11691 end)
11692 x:save("dhcp")
11693 x:commit("dhcp")
11694 '
11695
11696 rm -f /etc/config/luci_hosts
11697 fi
11698}
11699
11700start() { :; }
11701stop() { :; }
11702
11703
11704##### File: /etc/rc.d/S60dnsmasq #####
11705#!/bin/sh /etc/rc.common
11706# Copyright (C) 2007-2012 OpenWrt.org
11707
11708START=60
11709
11710USE_PROCD=1
11711PROG=/usr/sbin/dnsmasq
11712
11713DNS_SERVERS=""
11714DOMAIN=""
11715
11716ADD_LOCAL_DOMAIN=1
11717ADD_LOCAL_HOSTNAME=1
11718
11719CONFIGFILE="/var/etc/dnsmasq.conf"
11720DNS_TC="/tmp/tmp_file/dnsmasq_pbridge.conf"
11721lanaddr=""
11722
11723xappend() {
11724 local value="$1"
11725
11726 echo "${value#--}" >> $CONFIGFILE
11727}
11728
11729dhcp_calc() {
11730 local ip="$1"
11731 local res=0
11732
11733 while [ -n "$ip" ]; do
11734 part="${ip%%.*}"
11735 res="$(($res * 256))"
11736 res="$(($res + $part))"
11737 [ "${ip%.*}" != "$ip" ] && ip="${ip#*.}" || ip=
11738 done
11739 echo "$res"
11740}
11741
11742dhcp_check() {
11743 local ifname="$1"
11744 local stamp="/var/run/dnsmasq.$ifname.dhcp"
11745 local rv=0
11746
11747 [ -s "$stamp" ] && return $(cat "$stamp")
11748
11749 udhcpc -n -q -s /sbin/get_dhcp_gateway.sh -t 1 -i "$ifname" >&- && rv=1 || rv=0
11750
11751 if [ $rv -eq 1 ]; then
11752 logger -t dnsmasq \
11753 "found already running DHCP-server on interface '$ifname'" \
11754 "refusing to start, use 'option force 1' to override"
11755 gateway=`cat /tmp/dhcp_gateway`
11756 /usr/bin/eventslog -i -t EVENTS -n "DHCP" -e "Found already running DHCP-server with $gateway gateway"
11757 fi
11758
11759 echo $rv > "$stamp"
11760 return $rv
11761}
11762
11763log_once() {
11764 pidof dnsmasq >/dev/null || \
11765 logger -t dnsmasq "$@"
11766}
11767
11768append_bool() {
11769 local section="$1"
11770 local option="$2"
11771 local value="$3"
11772 local _loctmp
11773 config_get_bool _loctmp "$section" "$option" 0
11774 [ $_loctmp -gt 0 ] && xappend "$value"
11775}
11776
11777append_parm() {
11778 local section="$1"
11779 local option="$2"
11780 local switch="$3"
11781 local _loctmp
11782 config_get _loctmp "$section" "$option"
11783 [ -z "$_loctmp" ] && return 0
11784 xappend "$switch=$_loctmp"
11785}
11786
11787append_server() {
11788 xappend "--server=$1"
11789}
11790
11791append_address() {
11792 xappend "--address=$1"
11793}
11794
11795append_interface() {
11796 local ifname=$(uci_get_state network "$1" ifname "$1")
11797 xappend "--interface=$ifname"
11798}
11799
11800append_notinterface() {
11801 local ifname=$(uci_get_state network "$1" ifname "$1")
11802 xappend "--except-interface=$ifname"
11803}
11804
11805append_addnhosts() {
11806 xappend "--addn-hosts=$1"
11807}
11808
11809append_bogusnxdomain() {
11810 xappend "--bogus-nxdomain=$1"
11811}
11812
11813dnsmasq() {
11814 local cfg="$1"
11815 append_bool "$cfg" authoritative "--dhcp-authoritative"
11816 append_bool "$cfg" nodaemon "--no-daemon"
11817 append_bool "$cfg" domainneeded "--domain-needed"
11818 append_bool "$cfg" filterwin2k "--filterwin2k"
11819 append_bool "$cfg" nohosts "--no-hosts"
11820 append_bool "$cfg" nonegcache "--no-negcache"
11821 append_bool "$cfg" strictorder "--strict-order"
11822 append_bool "$cfg" logqueries "--log-queries"
11823 append_bool "$cfg" noresolv "--no-resolv"
11824 append_bool "$cfg" localise_queries "--localise-queries"
11825 append_bool "$cfg" readethers "--read-ethers"
11826 append_bool "$cfg" dbus "--enable-dbus"
11827 append_bool "$cfg" boguspriv "--bogus-priv"
11828 append_bool "$cfg" expandhosts "--expand-hosts"
11829 append_bool "$cfg" enable_tftp "--enable-tftp"
11830 append_bool "$cfg" nonwildcard "--bind-interfaces"
11831 append_bool "$cfg" fqdn "--dhcp-fqdn"
11832 append_bool "$cfg" proxydnssec "--proxy-dnssec"
11833
11834 append_parm "$cfg" dhcpscript "--dhcp-script"
11835 append_parm "$cfg" cachesize "--cache-size"
11836 append_parm "$cfg" dnsforwardmax "--dns-forward-max"
11837 append_parm "$cfg" port "--port"
11838 append_parm "$cfg" ednspacket_max "--edns-packet-max"
11839 append_parm "$cfg" dhcpleasemax "--dhcp-lease-max"
11840 append_parm "$cfg" "queryport" "--query-port"
11841 append_parm "$cfg" "domain" "--domain"
11842 append_parm "$cfg" "local" "--server"
11843 config_list_foreach "$cfg" "server" append_server
11844 config_list_foreach "$cfg" "address" append_address
11845 config_list_foreach "$cfg" "interface" append_interface
11846 config_list_foreach "$cfg" "notinterface" append_notinterface
11847 config_list_foreach "$cfg" "addnhosts" append_addnhosts
11848 config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain
11849 append_parm "$cfg" "leasefile" "--dhcp-leasefile"
11850 append_parm "$cfg" "resolvfile" "--resolv-file"
11851 append_parm "$cfg" "serversfile" "--servers-file"
11852 append_parm "$cfg" "tftp_root" "--tftp-root"
11853 append_parm "$cfg" "dhcp_boot" "--dhcp-boot"
11854 append_parm "$cfg" "local_ttl" "--local-ttl"
11855
11856 config_get DOMAIN "$cfg" domain
11857
11858 config_get_bool ADD_LOCAL_DOMAIN "$cfg" add_local_domain 1
11859 config_get_bool ADD_LOCAL_HOSTNAME "$cfg" add_local_hostname 1
11860
11861 config_get_bool readethers "$cfg" readethers
11862 [ "$readethers" = "1" -a \! -e "/etc/ethers" ] && touch /etc/ethers
11863
11864 config_get leasefile $cfg leasefile
11865 [ -n "$leasefile" -a \! -e "$leasefile" ] && touch "$leasefile"
11866 config_get_bool cachelocal "$cfg" cachelocal 1
11867
11868 config_get hostsfile "$cfg" dhcphostsfile
11869 [ -e "$hostsfile" ] && xappend "--dhcp-hostsfile=$hostsfile"
11870
11871 mkdir -p /tmp/hosts /tmp/dnsmasq.d
11872 xappend "--addn-hosts=/tmp/hosts"
11873 xappend "--conf-dir=/tmp/dnsmasq.d"
11874
11875 local rebind
11876 config_get_bool rebind "$cfg" rebind_protection 1
11877 [ $rebind -gt 0 ] && {
11878 log_once \
11879 "DNS rebinding protection is active," \
11880 "will discard upstream RFC1918 responses!"
11881 xappend "--stop-dns-rebind"
11882
11883 local rebind_localhost
11884 config_get_bool rebind_localhost "$cfg" rebind_localhost 0
11885 [ $rebind_localhost -gt 0 ] && {
11886 log_once "Allowing 127.0.0.0/8 responses"
11887 xappend "--rebind-localhost-ok"
11888 }
11889
11890 append_rebind_domain() {
11891 log_once "Allowing RFC1918 responses for domain $1"
11892 xappend "--rebind-domain-ok=$1"
11893 }
11894
11895 config_list_foreach "$cfg" rebind_domain append_rebind_domain
11896 }
11897
11898 dhcp_option_add "$cfg" "" 0
11899
11900 xappend "--dhcp-broadcast=tag:needs-broadcast"
11901
11902 echo >> $CONFIGFILE
11903}
11904
11905dhcp_subscrid_add() {
11906 local cfg="$1"
11907
11908 config_get networkid "$cfg" networkid
11909 [ -n "$networkid" ] || return 0
11910
11911 config_get subscriberid "$cfg" subscriberid
11912 [ -n "$subscriberid" ] || return 0
11913
11914 xappend "--dhcp-subscrid=$networkid,$subscriberid"
11915
11916 config_get_bool force "$cfg" force 0
11917
11918 dhcp_option_add "$cfg" "$networkid" "$force"
11919}
11920
11921dhcp_remoteid_add() {
11922 local cfg="$1"
11923
11924 config_get networkid "$cfg" networkid
11925 [ -n "$networkid" ] || return 0
11926
11927 config_get remoteid "$cfg" remoteid
11928 [ -n "$remoteid" ] || return 0
11929
11930 xappend "--dhcp-remoteid=$networkid,$remoteid"
11931
11932 config_get_bool force "$cfg" force 0
11933
11934 dhcp_option_add "$cfg" "$networkid" "$force"
11935}
11936
11937dhcp_circuitid_add() {
11938 local cfg="$1"
11939
11940 config_get networkid "$cfg" networkid
11941 [ -n "$networkid" ] || return 0
11942
11943 config_get circuitid "$cfg" circuitid
11944 [ -n "$circuitid" ] || return 0
11945
11946 xappend "--dhcp-circuitid=$networkid,$circuitid"
11947
11948 config_get_bool force "$cfg" force 0
11949
11950 dhcp_option_add "$cfg" "$networkid" "$force"
11951}
11952
11953dhcp_userclass_add() {
11954 local cfg="$1"
11955
11956 config_get networkid "$cfg" networkid
11957 [ -n "$networkid" ] || return 0
11958
11959 config_get userclass "$cfg" userclass
11960 [ -n "$userclass" ] || return 0
11961
11962 xappend "--dhcp-userclass=$networkid,$userclass"
11963
11964 config_get_bool force "$cfg" force 0
11965
11966 dhcp_option_add "$cfg" "$networkid" "$force"
11967}
11968
11969dhcp_vendorclass_add() {
11970 local cfg="$1"
11971
11972 config_get networkid "$cfg" networkid
11973 [ -n "$networkid" ] || return 0
11974
11975 config_get vendorclass "$cfg" vendorclass
11976 [ -n "$vendorclass" ] || return 0
11977
11978 xappend "--dhcp-vendorclass=$networkid,$vendorclass"
11979
11980 config_get_bool force "$cfg" force 0
11981
11982 dhcp_option_add "$cfg" "$networkid" "$force"
11983}
11984
11985dhcp_host_add() {
11986 local cfg="$1"
11987
11988 config_get_bool force "$cfg" force 0
11989
11990 config_get networkid "$cfg" networkid
11991 [ -n "$networkid" ] && dhcp_option_add "$cfg" "$networkid" "$force"
11992
11993 config_get name "$cfg" name
11994 config_get ip "$cfg" ip
11995 [ -n "$ip" -o -n "$name" ] || return 0
11996
11997 config_get mac "$cfg" mac
11998 [ -z "$mac" ] && {
11999 [ -n "$name" ] || return 0
12000 mac="$name"
12001 name=""
12002 }
12003
12004 macs=""
12005 for m in $mac; do append macs "$m" ","; done
12006
12007 config_get tag "$cfg" tag
12008
12009 config_get_bool broadcast "$cfg" broadcast 0
12010 [ "$broadcast" = "0" ] && broadcast=
12011
12012 xappend "--dhcp-host=$macs${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip}${name:+,$name}"
12013}
12014
12015dhcp_tag_add() {
12016 local cfg="$1"
12017
12018 tag="$cfg"
12019
12020 [ -n "$tag" ] || return 0
12021
12022 config_get_bool force "$cfg" force 0
12023 [ "$force" = "0" ] && force=
12024
12025 config_get option "$cfg" dhcp_option
12026 for o in $option; do
12027 xappend "--dhcp-option${force:+-force}=tag:$tag,$o"
12028 done
12029}
12030
12031dhcp_mac_add() {
12032 local cfg="$1"
12033
12034 config_get networkid "$cfg" networkid
12035 [ -n "$networkid" ] || return 0
12036
12037 config_get mac "$cfg" mac
12038 [ -n "$mac" ] || return 0
12039
12040 xappend "--dhcp-mac=$networkid,$mac"
12041
12042 dhcp_option_add "$cfg" "$networkid"
12043}
12044
12045dhcp_boot_add() {
12046 local cfg="$1"
12047
12048 config_get networkid "$cfg" networkid
12049
12050 config_get filename "$cfg" filename
12051 [ -n "$filename" ] || return 0
12052
12053 config_get servername "$cfg" servername
12054 [ -n "$servername" ] || return 0
12055
12056 config_get serveraddress "$cfg" serveraddress
12057 [ -n "$serveraddress" ] || return 0
12058
12059 xappend "--dhcp-boot=${networkid:+net:$networkid,}$filename,$servername,$serveraddress"
12060
12061 config_get_bool force "$cfg" force 0
12062
12063 dhcp_option_add "$cfg" "$networkid" "$force"
12064}
12065
12066
12067dhcp_add() {
12068 local cfg="$1"
12069 config_get net "$cfg" interface
12070 [ -n "$net" ] || return 0
12071
12072 config_get networkid "$cfg" networkid
12073 [ -n "$networkid" ] || networkid="$net"
12074
12075 network_get_subnet subnet "$net" || return 0
12076 network_get_device ifname "$net" || return 0
12077 network_get_protocol proto "$net" || return 0
12078
12079 [ "$cachelocal" = "0" ] && network_get_dnsserver dnsserver "$net" && {
12080 DNS_SERVERS="$DNS_SERVERS $dnsserver"
12081 }
12082
12083 config_get ignore "$cfg" ignore 0
12084 if [ "$ignore" -eq 1 ]; then
12085 if [ "$ifname" == "br-lan" ]; then
12086 pmethod=`uci get -q network.ppp.method`
12087 ppp_enabled=`uci get -q network.ppp.enabled`
12088 if [ "$pmethod" == "pbridge" ]; then
12089 if [ "$ppp_enabled" == "0" ]; then
12090 xappend "no-dhcp-interface=$ifname"
12091 fi
12092 else
12093 config_get dhcp_relay_enabled dhcp_relay enabled 0
12094 if [ "$dhcp_relay_enabled" -eq 0 ]; then
12095 xappend "no-dhcp-interface=$ifname"
12096 fi
12097 fi
12098 else
12099 xappend "no-dhcp-interface=$ifname"
12100 fi
12101 return 0
12102 fi
12103 #append_bool "$cfg" ignore "--no-dhcp-interface=$ifname" && return 0
12104
12105 # Do not support non-static interfaces for now
12106 [ static = "$proto" ] || return 0
12107
12108 # Override interface netmask with dhcp config if applicable
12109 config_get netmask "$cfg" netmask "${subnet##*/}"
12110
12111 #check for an already active dhcp server on the interface, unless 'force' is set
12112 config_get_bool force "$cfg" force 0
12113 [ $force -gt 0 ] || dhcp_check "$ifname" || return 0
12114
12115 config_get start "$cfg" start
12116 config_get limit "$cfg" limit
12117 config_get leasetime "$cfg" leasetime
12118 config_get options "$cfg" options
12119 config_get_bool dynamicdhcp "$cfg" dynamicdhcp 1
12120
12121 leasetime="${leasetime:-12h}"
12122 start="$(dhcp_calc "${start:-100}")"
12123 limit="${limit:-150}"
12124 [ "$limit" -gt 0 ] && limit=$((limit-1))
12125 eval "$(ipcalc.sh "${subnet%%/*}" $netmask $start $limit)"
12126 if [ "$dynamicdhcp" = "0" ]; then END="static"; fi
12127 xappend "--dhcp-range=$networkid,$START,$END,$NETMASK,$leasetime${options:+ $options}"
12128
12129 config_get_bool enable_ra "$cfg" enable_ra
12130 [ "$enable_ra" = "1" ] && xappend "--dhcp-range=::1,constructor:br-lan,ra-only,12h" && xappend "--enable-ra"
12131
12132 dhcp_option_add "$cfg" "$networkid"
12133}
12134
12135dhcp_option_add() {
12136 local cfg="$1"
12137 local networkid="$2"
12138 local force="$3"
12139
12140 [ "$force" = "0" ] && force=
12141
12142 config_get dhcp_option "$cfg" dhcp_option
12143 for o in $dhcp_option; do
12144 xappend "--dhcp-option${force:+-force}=${networkid:+$networkid,}$o"
12145 done
12146
12147}
12148
12149dhcp_domain_add() {
12150 local cfg="$1"
12151 local ip name names record
12152
12153 config_get names "$cfg" name "$2"
12154 [ -n "$names" ] || return 0
12155
12156 config_get ip "$cfg" ip "$3"
12157 [ -n "$ip" ] || return 0
12158
12159 for name in $names; do
12160 [ "${name%.*}" == "$name" ] && \
12161 name="$name${DOMAIN:+.$DOMAIN}"
12162
12163 record="${record:+$record/}$name"
12164 done
12165
12166 xappend "--address=/$record/$ip"
12167}
12168
12169dhcp_srv_add() {
12170 local cfg="$1"
12171
12172 config_get srv "$cfg" srv
12173 [ -n "$srv" ] || return 0
12174
12175 config_get target "$cfg" target
12176 [ -n "$target" ] || return 0
12177
12178 config_get port "$cfg" port
12179 [ -n "$port" ] || return 0
12180
12181 config_get class "$cfg" class
12182 config_get weight "$cfg" weight
12183
12184 local service="$srv,$target,$port${class:+,$class${weight:+,$weight}}"
12185
12186 xappend "--srv-host=$service"
12187}
12188
12189dhcp_mx_add() {
12190 local cfg="$1"
12191 local domain relay pref
12192
12193 config_get domain "$cfg" domain
12194 [ -n "$domain" ] || return 0
12195
12196 config_get relay "$cfg" relay
12197 [ -n "$relay" ] || return 0
12198
12199 config_get pref "$cfg" pref 0
12200
12201 local service="$domain,$relay,$pref"
12202
12203 xappend "--mx-host=$service"
12204}
12205
12206dhcp_cname_add() {
12207 local cfg="$1"
12208 local cname target
12209
12210 config_get cname "$cfg" cname
12211 [ -n "$cname" ] || return 0
12212
12213 config_get target "$cfg" target
12214 [ -n "$target" ] || return 0
12215
12216 xappend "--cname=${cname},${target}"
12217}
12218
12219dhcp_hostrecord_add() {
12220 local cfg="$1"
12221 local names addresses record val
12222
12223 config_get names "$cfg" name "$2"
12224 if [ -z "$names" ]; then
12225 return 0
12226 fi
12227
12228 config_get addresses "$cfg" ip "$3"
12229 if [ -z "$addresses" ]; then
12230 return 0
12231 fi
12232
12233 for val in $names $addresses; do
12234 record="${record:+$record,}$val"
12235 done
12236
12237 xappend "--host-record=$record"
12238}
12239
12240dhcp_relay_add() {
12241 local cfg="$1"
12242 local server interface
12243
12244 config_get enabled_srv "$cfg" enabled
12245 config_get server "$cfg" server
12246 [ -n "$server" ] && [ "$enabled_srv" = "1" ] || return 0
12247
12248 config_get interface "$cfg" interface
12249 if [ -z "$interface" ]; then
12250 xappend "--dhcp-relay=$lanaddr,$server"
12251 else
12252 xappend "--dhcp-relay=$lanaddr,$server,$interface"
12253 fi
12254}
12255
12256service_triggers()
12257{
12258 procd_add_reload_trigger "dhcp"
12259}
12260
12261boot() {
12262 # Will be launched through hotplug
12263 return 0
12264}
12265
12266start_service() {
12267 include /lib/functions
12268
12269 config_load demand
12270
12271 local demand
12272 config_get demand "ppp" demand
12273 if [ -z "$demand" ]; then
12274 demand=0
12275 fi
12276
12277 config_load multiwan
12278 local multiwan
12279 config_get multiwan "config" enabled
12280 if [ -z "$multiwan" ]; then
12281 multiwan=0
12282 fi
12283
12284 config_load dhcp
12285
12286 procd_open_instance
12287 procd_set_param command $PROG -C $CONFIGFILE -k
12288 procd_set_param file $CONFIGFILE
12289 procd_close_instance
12290
12291 # before we can call xappend
12292 mkdir -p $(dirname $CONFIGFILE)
12293
12294 echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE
12295
12296 # if we did this last, we could override auto-generated config
12297 ppp_method=`uci get -q network.ppp.method`
12298 ppp_enabled=`uci get -q network.ppp.enabled`
12299 if [ "$ppp_method" == "pbridge" ] && [ "$ppp_enabled" != "0" ]; then
12300 [ -f $DNS_TC ] && {
12301 xappend "--conf-file=$DNS_TC"
12302 }
12303 fi
12304 if [ "$ppp_method" == "bridge" ] && [ "$ppp_enabled" != "0" ]; then
12305 [ -f $DNS_TC ] && {
12306 xappend "--conf-file=$DNS_TC"
12307 }
12308 fi
12309
12310
12311 args=""
12312 config_foreach dnsmasq dnsmasq
12313 config_foreach dhcp_host_add host
12314 echo >> $CONFIGFILE
12315 config_foreach dhcp_boot_add boot
12316 config_foreach dhcp_mac_add mac
12317 config_foreach dhcp_tag_add tag
12318 config_foreach dhcp_vendorclass_add vendorclass
12319 config_foreach dhcp_userclass_add userclass
12320 config_foreach dhcp_circuitid_add circuitid
12321 config_foreach dhcp_remoteid_add remoteid
12322 config_foreach dhcp_subscrid_add subscrid
12323 config_foreach dhcp_domain_add domain
12324 config_foreach dhcp_hostrecord_add hostrecord
12325
12326 # add own hostname
12327 [ $ADD_LOCAL_HOSTNAME -eq 1 ] && network_get_ipaddr lanaddr "lan" && {
12328 local hostname="$(uci_get system system hostname OpenWrt)"
12329 local host=$(echo "$hostname" | sed 's/[^[:print:]]//g')
12330 dhcp_hostrecord_add "" "${host%.$DOMAIN}${DOMAIN:+.$DOMAIN ${host%.$DOMAIN}}" "$lanaddr"
12331 }
12332 dhcp_relay_add dhcp_relay
12333
12334 echo >> $CONFIGFILE
12335 config_foreach dhcp_srv_add srvhost
12336 config_foreach dhcp_mx_add mxhost
12337 echo >> $CONFIGFILE
12338
12339 config_get odhcpd_is_active odhcpd maindhcp
12340 if [ "$odhcpd_is_active" != "1" ]; then
12341 config_foreach dhcp_add dhcp
12342 fi
12343
12344 echo >> $CONFIGFILE
12345 config_foreach dhcp_cname_add cname
12346 echo >> $CONFIGFILE
12347
12348 rm -f /tmp/resolv.conf
12349 [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && {
12350 echo "search $DOMAIN" >> /tmp/resolv.conf
12351 }
12352
12353 if [ "$demand" -gt 0 -a "$multiwan" -eq 0 ]; then
12354 DNS_SERVERS="$DNS_SERVERS 127.0.0.1 ::1 8.8.8.8"
12355 else
12356 DNS_SERVERS="$DNS_SERVERS 127.0.0.1 ::1"
12357 fi
12358
12359 for DNS_SERVER in $DNS_SERVERS ; do
12360 echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
12361 done
12362}
12363
12364reload_service() {
12365 rc_procd start_service "$@"
12366 return 0
12367}
12368
12369stop_service() {
12370 [ -f /tmp/resolv.conf ] && {
12371 rm -f /tmp/resolv.conf
12372 ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
12373 }
12374 rm -f /var/run/dnsmasq.*.dhcp
12375}
12376
12377##### File: /etc/rc.d/S60quagga #####
12378#!/bin/sh /etc/rc.common
12379# Copyright (C) 2006 OpenWrt.org
12380 . /lib/functions/network.sh
12381
12382START=60
12383STOP=10
12384
12385DEBUG_LEVEL=4
12386ZEBRA_CONFIG=/etc/quagga/zebra.conf
12387ZEBRA_USERNAME="admin"
12388ZEBRA_PASSWORD="admin01"
12389#BGP
12390BGP_CONFIG=/etc/quagga/bgpd.conf
12391BGPD_USERNAME="admin"
12392BGPD_PASSWORD="admin01"
12393FIREWALL_SEC="A_BGP"
12394#RIP
12395RIP_CONFIG=/etc/quagga/ripd.conf
12396RIPD_USERNAME="admin"
12397RIPD_PASSWORD="admin01"
12398RIP_FIREWALL_SEC="A_RIP"
12399#OSPF
12400OSPF_CONFIG=/etc/quagga/ospfd.conf
12401OSPF_USERNAME="admin"
12402OSPF_PASSWORD="admin01"
12403OSPF_FIREWALL_SEC="A_OSPF"
12404
12405debug() {
12406 if [ $DEBUG_LEVEL -ge $1 ]; then
12407 logger -t "quagga.init" "$2"
12408 fi
12409}
12410
12411writeToConfig() {
12412 echo "$1" >> $2
12413}
12414
12415BgpConfig() {
12416 writeToConfig "$1" $BGP_CONFIG
12417}
12418
12419RipConfig() {
12420 writeToConfig "$1" $RIP_CONFIG
12421}
12422
12423ZebraConfig() {
12424 writeToConfig "$1" $ZEBRA_CONFIG
12425}
12426
12427OspfConfig() {
12428 writeToConfig "$1" $OSPF_CONFIG
12429}
12430# Function: IfConfig $1 $2 $3 [$4]
12431# $1 string, $2 string, $2 string, $4 string (optional).
12432# This function checks if $3 and $4 is not empty and equals.
12433# If yes, it writes the string $2 in the $1 file.
12434# If $4 is not set, function checks if $3 is empty. If not, it writes the string $2 in the $1 file.
12435# Example: N=""; IfConfig $BGP_CONFIG "value: $N" $N;
12436# Example 1: N="1"; IfConfig $BGP_CONFIG "value: $N" $N "1";
12437IfConfig() {
12438 if [ -n "$3" ]; then
12439 if [ -n "$4" -a "$3" = "$4" ]; then
12440 writeToConfig "$2" "$1"
12441 elif [[ -z "$4" ]]; then
12442 writeToConfig "$2" "$1"
12443 fi
12444 fi
12445}
12446
12447get() {
12448 config_get $1 $2 $1 $3
12449}
12450
12451prepare_peer() {
12452 local section="$1"
12453 local instance_name="$2"
12454 local ipaddr; local as; local instance; local port; local description; local ebgp_multihop;
12455 local default_originate; local weight; local maximum_prefix
12456 local enabled; local inbound=0; local outbound=0;
12457
12458 get instance $section
12459 [ "$instance" != "$instance_name" ] && return 2
12460 get enabled $section
12461 [ "$enabled" != "1" ] && return 1
12462
12463 get ipaddr $section
12464 get as $section
12465 get port $section
12466 get description $section
12467 get default_originate $section
12468 get weight $section
12469 get maximum_prefix $section
12470 get ebgp_multihop $section
12471 BgpConfig "! neighbor $section configuration"
12472 BgpConfig "neighbor $ipaddr remote-as $as"
12473 IfConfig $BGP_CONFIG "neighbor $ipaddr port $port" "$port"
12474 IfConfig $BGP_CONFIG "neighbor $ipaddr description $description" "$description"
12475 IfConfig $BGP_CONFIG "neighbor $ipaddr default-originate" "$default_originate" "1"
12476 IfConfig $BGP_CONFIG "neighbor $ipaddr weight" "$weight"
12477 IfConfig $BGP_CONFIG "neighbor $ipaddr maximum-prefix" "$maximum_prefix"
12478 IfConfig $BGP_CONFIG "neighbor $ipaddr ebgp-multihop $ebgp_multihop" "$ebgp_multihop"
12479 config_foreach prepare_distribute_list "access_list" "$section" "$ipaddr" "bgp"
12480
12481 inbound=0
12482 outbound=0
12483}
12484
12485prepare_networks() {
12486 local network; section="$1"
12487
12488 get network $section
12489
12490 if [ -n "$network" ]; then
12491 for net in $network
12492 do
12493 BgpConfig "network $net"
12494 done
12495 fi
12496}
12497
12498prepare_ospf_network(){
12499 local enabled; local section="$1"; local net; local authentication
12500
12501 get enabled $section
12502
12503 if [ "$enabled" == "1" ]; then
12504 get net $section
12505 get area $section
12506 OspfConfig " network $net area $area"
12507
12508 if [ "$authentication" == "pass" ]; then
12509 OspfConfig "area $area authentication"
12510 elif [ "$authentication" == "md5_hmac" ]; then
12511 OspfConfig "area $area authentication message-digest"
12512 fi
12513 fi
12514}
12515
12516prepare_instance() {
12517 local section="$1"
12518 local as; local id; local network; local enabled
12519
12520 get enabled $section
12521 [ "$enabled" != "1" ] && return 1
12522
12523 get as $section
12524 get id $section
12525 get network $section
12526
12527 BgpConfig "! Instance $as"
12528 BgpConfig "router bgp $as"
12529 IfConfig $BGP_CONFIG "bgp router-id $id" "$id"
12530 prepare_networks $section
12531 config_foreach prepare_peer "peer" $section
12532
12533}
12534
12535prepare_rip_interface() {
12536 local section="$1"
12537 local interface; local enabled; local passive_interface
12538
12539 get enabled $section
12540 [ "$enabled" != "1" ] && return 1
12541
12542 get ifname $section
12543 get passive_interface $section
12544
12545 RipConfig "! Interface $ifname"
12546 IfConfig $RIP_CONFIG "network $ifname" "$ifname"
12547 IfConfig $RIP_CONFIG "passive-interface $ifname" "$passive_interface" "1"
12548 config_foreach prepare_distribute_list "rip_access_list" "$section" "$ifname" "rip"
12549}
12550
12551prepare_interface() {
12552 local section="$1"; local enabled; local ifname
12553
12554 if [ -n "`echo $1 | grep wan`" ]; then
12555 get enabled $section
12556
12557 if [ "$enabled" != "0" ]; then
12558 get ifname $section
12559 IfConfig $ZEBRA_CONFIG "interface $ifname" "$ifname"
12560 fi
12561 fi
12562}
12563
12564prepare_ospf_interface() {
12565 local section="$1"; local enabled; local ifname; local hello_interval
12566 local dead_interval; local retransmit_interval; local cost; local priority
12567 local typ; local authentication; local password; local id
12568
12569 get enabled $section
12570
12571 [[ "$enabled" != "1" ]] && return 0
12572
12573 get ifname $section
12574 get hello_interval $section
12575 get dead_interval $section
12576 get retransmit_interval $section
12577 get cost $section
12578 get priority $section
12579 get typ $section
12580 get authentication $section
12581
12582 OspfConfig "!"
12583 OspfConfig "interface $ifname"
12584 IfConfig $OSPF_CONFIG " ip ospf cost $cost" $cost
12585 IfConfig $OSPF_CONFIG " ip ospf hello-interval $hello_interval" $hello_interval
12586 IfConfig $OSPF_CONFIG " ip ospf dead-interval $dead_interval" $dead_interval
12587 IfConfig $OSPF_CONFIG " ip ospf retransmit-interval $retransmit_interval" $retransmit_interval
12588 IfConfig $OSPF_CONFIG " ip ospf priority $priority" $priority
12589 IfConfig $OSPF_CONFIG " ip ospf network $typ" $typ
12590
12591 if [ "$authentication" == "pass" ]; then
12592 get password $section
12593 OspfConfig " ip ospf authentication"
12594 IfConfig $OSPF_CONFIG " ip ospf authentication-key $password" $password
12595 elif [ "$authentication" == "md5_hmac" ]; then
12596 get password $section
12597 get id $section "1"
12598 OspfConfig " ip ospf authentication message-digest"
12599 IfConfig $OSPF_CONFIG " ip ospf message-digest-key $id md5 $password" $password
12600 fi
12601}
12602
12603prepare_distribute_list() {
12604 local section=$1; local target_section=$2; local from=$3; local proto=$4
12605 local enabled; local target
12606 get target $section
12607
12608 [ -z "$target" -o "$target" != "$target_section" ] && return 1
12609 get enabled $section
12610 [ "$enabled" != "1" ] && return 2
12611 get direction $section
12612
12613 if [ "$direction" = "in" ]; then
12614 [ $inbound -gt 0 ] && return 3 || inbound=1
12615 elif [ "$direction" = "out" ]; then
12616 [ $outbound -gt 0 ] && return 4 || outbound=1
12617 fi
12618
12619 if [ -n "$direction" ]; then
12620 if [[ "$proto" == "bgp" ]]; then
12621 BgpConfig "neighbor $from distribute-list ${target}_${direction} $direction"
12622 elif [[ "$proto" == "rip" ]]; then
12623 RipConfig "distribute-list ${target}_${direction} $direction $from"
12624 fi
12625 fi
12626}
12627
12628prepare_access_list() {
12629 local section=$1; local config=$2; local target
12630 local enabled;
12631
12632 get enabled $section
12633
12634 [ "$enabled" != "1" ] && return 2
12635
12636 get target $section
12637 get action $section
12638 get net $section
12639 get direction $section
12640
12641 if [ -n "$target" -a -n "$action" -a -n "$net" -a -n "$direction" ]; then
12642 writeToConfig "access-list ${target}_${direction} $action $net" $config
12643 fi
12644}
12645
12646prepare_zebra() {
12647 local debug;
12648
12649 get debug "general"
12650 get enabled_vty "general"
12651
12652 echo "" > $ZEBRA_CONFIG
12653 ZebraConfig "hostname $ZEBRA_USERNAME"
12654 ZebraConfig "password $ZEBRA_PASSWORD"
12655 ZebraConfig "enable password $ZEBRA_PASSWORD"
12656 ZebraConfig "!"
12657 ZebraConfig "access-list vty permit 127.0.0.0/8"
12658
12659 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
12660 network_get_subnet net "lan"
12661 IfConfig $BGP_CONFIG "access-list vty permit $net" "$net"
12662 fi
12663
12664 ZebraConfig "access-list vty deny any"
12665 ZebraConfig "!"
12666 # config_load "network"
12667 # config_foreach prepare_interface
12668 # config_load "quagga"
12669 ZebraConfig "line vty"
12670 ZebraConfig "access-class vty"
12671 IfConfig $ZEBRA_CONFIG "log syslog" "$debug" "1"
12672}
12673
12674prepare_bgpd() {
12675 local debug; local enabled_vty; local bgpd_custom_conf
12676 local instances=`uci show quagga | grep -c =instance`
12677
12678 get bgpd_custom_conf "general"
12679
12680 if [ -n "$bgpd_custom_conf" ]; then
12681 cp "$bgpd_custom_conf" "$BGP_CONFIG"
12682 return 0
12683 fi
12684
12685 get debug "general"
12686 get enabled_vty "general"
12687
12688 echo "" > $BGP_CONFIG
12689 BgpConfig "hostname $BGPD_USERNAME"
12690 BgpConfig "password $BGPD_PASSWORD"
12691 BgpConfig "enable password $BGPD_PASSWORD"
12692 BgpConfig "!"
12693 BgpConfig "access-list vty permit 127.0.0.0/8"
12694
12695 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
12696 network_get_subnet net "lan"
12697 IfConfig $BGP_CONFIG "access-list vty permit $net" "$net"
12698 fi
12699
12700 BgpConfig "access-list vty deny any"
12701 BgpConfig "!"
12702 [ $instances -gt 1 ] && BgpConfig "bgp multiple-instance"
12703 config_foreach prepare_instance "instance"
12704 config_foreach prepare_access_list "access_list" $BGP_CONFIG
12705 BgpConfig "line vty"
12706 BgpConfig "access-class vty"
12707 IfConfig $BGP_CONFIG "log syslog" "$debug" "1"
12708}
12709
12710prepare_rip() {
12711 local debug; local enabled_vty; local custom_conf; local version
12712 local neighbors;
12713
12714 get custom_conf "rip"
12715
12716 if [ -n "$custom_conf" ]; then
12717 cp "$custom_conf" "$RIP_CONFIG"
12718 return 0
12719 fi
12720
12721 get debug "rip"
12722 get enabled_vty "rip"
12723 get neighbors "rip"
12724 get version "rip"
12725
12726 echo "" > $RIP_CONFIG
12727 RipConfig "hostname $RIPD_USERNAME"
12728 RipConfig "password $RIPD_PASSWORD"
12729 RipConfig "enable password $RIPD_PASSWORD"
12730 RipConfig "!"
12731 RipConfig "access-list vty permit 127.0.0.0/8"
12732
12733 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
12734 network_get_subnet net "lan"
12735 IfConfig $RIP_CONFIG "access-list vty permit $net" "$net"
12736 fi
12737
12738 RipConfig "access-list vty deny any"
12739 RipConfig "!"
12740 RipConfig "router rip"
12741 config_foreach prepare_rip_interface "interface"
12742
12743 for neighbor in $neighbors; do
12744 RipConfig "neighbor $neighbor"
12745 done
12746
12747 IfConfig $RIP_CONFIG "version $version" "$version"
12748 config_foreach prepare_access_list "rip_access_list" $RIP_CONFIG
12749 RipConfig "line vty"
12750 RipConfig "access-class vty"
12751 # IfConfig $RIP_CONFIG "debug rip events" "$debug" "1"
12752 # IfConfig $RIP_CONFIG "debug rip packet" "$debug" "1"
12753 # IfConfig $RIP_CONFIG "debug rip zebra" "$debug" "1"
12754 IfConfig $RIP_CONFIG "log syslog" "$debug" "1"
12755}
12756
12757prepare_ospf(){
12758 local debug enabled_vty ustom_conf version id
12759
12760 get custom_conf "ospf"
12761
12762 if [ -n "$custom_conf" ]; then
12763 cp "$custom_conf" "$OSPF_CONFIG"
12764 return 0
12765 fi
12766
12767 get debug "ospf"
12768 get enabled_vty "ospf"
12769 get id "ospf"
12770
12771 echo "" > $OSPF_CONFIG
12772 OspfConfig "hostname $OSPF_USERNAME"
12773 OspfConfig "password $OSPF_PASSWORD"
12774 OspfConfig "enable password $OSPF_PASSWORD"
12775 OspfConfig "!"
12776 OspfConfig "access-list vty permit 127.0.0.0/8"
12777
12778 if [ -n "$enabled_vty" -a "$enabled_vty" = "1" ]; then
12779 network_get_subnet net "lan"
12780 IfConfig $OSPF_CONFIG "access-list vty permit $net" "$net"
12781 fi
12782
12783 OspfConfig "access-list vty deny any"
12784 OspfConfig "!"
12785
12786 config_foreach prepare_ospf_interface "ospf_interface"
12787 OspfConfig "router ospf"
12788 OspfConfig "ospf router-id ${id}" "${id}"
12789
12790 config_foreach prepare_ospf_network "ospf_network"
12791 OspfConfig "line vty"
12792 OspfConfig "access-class vty"
12793 IfConfig $OSPF_CONFIG "log syslog" "$debug" "1"
12794
12795 if [ "$debug" == "1" ]; then
12796 get debug_inf "ospf"
12797
12798 if [ "$debug_inf" != "" ]; then
12799 for inf in $debug_inf; do
12800 OspfConfig "debug ospf $inf"
12801 done
12802 fi
12803 fi
12804}
12805
12806start() {
12807 debug 2 "start"
12808 config_load quagga
12809 local bgp_enabled; local rip_enabled; local ospf_enabled
12810
12811 config_get bgp_enabled "general" "enabled" "0"
12812 config_get rip_enabled "rip" "enabled" "0"
12813 config_get ospf_enabled "ospf" "enabled" "0"
12814
12815 if [ "$rip_enabled" == "1" ]; then
12816 prepare_rip
12817 elif [ -f "$RIP_CONFIG" ]; then #/usr/sbin/quagga.init: deleted config file means daemon is disabled
12818 rm $RIP_CONFIG
12819 fi
12820 if [ "$bgp_enabled" == "1" ]; then
12821 prepare_bgpd
12822 elif [ -f "$BGP_CONFIG" ]; then #/usr/sbin/quagga.init: deleted config file means daemon is disabled
12823 rm $BGP_CONFIG
12824 fi
12825 if [ "$ospf_enabled" == "1" ]; then
12826 prepare_ospf
12827 elif [ -f "$OSPF_CONFIG" ]; then #/usr/sbin/quagga.init: deleted config file means daemon is disabled
12828 rm $OSPF_CONFIG
12829 fi
12830
12831 if [ "$rip_enabled" == "1" -o "$bgp_enabled" == "1" -o "$ospf_enabled" == "1" ]; then
12832 prepare_zebra
12833 /usr/sbin/quagga.init start
12834 fi
12835}
12836
12837stop() {
12838 /usr/sbin/quagga.init stop
12839}
12840
12841##### File: /etc/rc.d/S62qos #####
12842#!/bin/sh /etc/rc.common
12843# Copyright (C) 2006 OpenWrt.org
12844
12845START=62
12846USE_PROCD=1
12847
12848validate_qos_section()
12849{
12850 uci_validate_section qos interface "${1}" \
12851 'enabled:bool' \
12852 'upload:uinteger' \
12853 'download:uinteger'
12854}
12855
12856service_triggers()
12857{
12858 procd_add_reload_trigger "qos"
12859 procd_add_validation validate_qos_section
12860 qos-start
12861}
12862
12863start_service() {
12864 qos-start
12865}
12866
12867reload_service() {
12868 qos-start
12869}
12870
12871##### File: /etc/rc.d/S70mdcollectd #####
12872#!/bin/sh /etc/rc.common
12873
12874USE_PROCD=1
12875START=70
12876STOP=40
12877
12878start_service() {
12879 if [ "`uci -q get mdcollectd.config.traffic`" = "0" ]; then
12880 # backup mdcollect database file
12881 # to display old mobile traffic when it's disabled
12882 cp /var/mdcollectd.db /var/mdcollectd.db_old 2>/dev/null
12883 else
12884 # remove backup database file
12885 rm /var/mdcollectd.db_old 2>/dev/null
12886 fi
12887
12888 #local enabled=`uci get mdcollectd.config.enabled`
12889 #if [ "$enabled" = "1" ]; then
12890 procd_open_instance
12891 procd_set_param respawn
12892 procd_set_param command /usr/bin/mdcollectd start
12893 procd_close_instance
12894 #fi
12895}
12896
12897stop_service() {
12898 /usr/bin/mdcollectd stop
12899}
12900
12901restart () {
12902 stop
12903 start
12904}
12905
12906reload_service() {
12907 stop
12908 start
12909}
12910
12911status () {
12912 /usr/bin/mdcollectd status
12913}
12914
12915##### File: /etc/rc.d/S75port_event_checker_init #####
12916#!/bin/sh /etc/rc.common
12917# Copyright (C) 2015 Teltonika
12918
12919USE_PROCD=1
12920START=75
12921STOP=10
12922
12923command_line="/usr/sbin/port_event_checker"
12924
12925start_service() {
12926 procd_open_instance
12927 procd_set_param respawn
12928 procd_set_param command $command_line
12929 procd_close_instance
12930}
12931service_triggers()
12932{
12933 procd_add_reload_trigger "port_event_checker"
12934}
12935
12936##### File: /etc/rc.d/S76limit_guard #####
12937#!/bin/sh /etc/rc.common
12938START=76
12939STOP=39
12940USE_PROCD=1
12941
12942enabled=`uci get mdcollectd.config.datalimit`
12943ppp_enabled=`uci get network.ppp.enabled`
12944
12945start_service() {
12946 echo "start service"
12947 if [ "$enabled" = "1" ]; then
12948 command_line="/usr/bin/limit_guard start"
12949 procd_open_instance
12950 procd_set_param respawn 10
12951 procd_set_param command $command_line
12952 procd_close_instance
12953 fi
12954}
12955
12956
12957stop_service() {
12958 if [ "$enabled" = "0" ]; then
12959 if [ "$ppp_enabled" = "0" ]; then
12960 ifup ppp
12961 fi
12962 fi
12963 /usr/bin/limit_guard stop
12964}
12965
12966restart () {
12967 stop
12968 start
12969}
12970
12971reload_service() {
12972 stop
12973 start
12974}
12975
12976##### File: /etc/rc.d/S80relayd #####
12977#!/bin/sh /etc/rc.common
12978# Copyright (c) 2011-2012 OpenWrt.org
12979
12980START=80
12981
12982USE_PROCD=1
12983PROG=/usr/sbin/relayd
12984
12985validate_proto_relayd()
12986{
12987 uci_validate_section network "interface" "${1}" \
12988 'network:list(string)' \
12989 'expiry:uinteger:30' \
12990 'retry:uinteger:5' \
12991 'table:range(0, 65535):16800' \
12992 'forward_bcast:bool:1' \
12993 'forward_dhcp:bool:1'
12994
12995 return $?
12996}
12997
12998resolve_ifname() {
12999 grep -qs "^ *$1:" /proc/net/dev && {
13000 append resolved_ifnames "$1"
13001 }
13002}
13003
13004resolve_network() {
13005 local ifn
13006 fixup_interface "$1"
13007 config_get ifn "$1" ifname
13008 [ -z "$ifn" ] && return 1
13009 resolve_ifname "$ifn"
13010}
13011
13012start_relay() {
13013 local cfg="$1"
13014 local proto enabled
13015
13016 config_get proto "$cfg" proto
13017 [ "$proto" = "relay" ] || return 0
13018
13019 config_get_bool enabled "$cfg" enabled 0
13020 [ "$enabled" -eq 0 ] && return 0
13021
13022 local resolved_ifnames
13023 local net networks
13024 config_get networks "$cfg" network
13025 for net in $networks; do
13026 resolve_network "$net" || {
13027 return 1
13028 }
13029 done
13030
13031 local ifn ifnames
13032 config_get ifnames "$cfg" ifname
13033 for ifn in $ifnames; do
13034 resolve_ifname "$ifn" || {
13035 return 1
13036 }
13037 done
13038
13039 procd_open_instance
13040 procd_set_param command "$PROG"
13041
13042 for ifn in $resolved_ifnames; do
13043 procd_append_param command -I "$ifn"
13044 procd_append_param netdev "$ifn"
13045 done
13046 local ipaddr
13047 config_get ipaddr "$cfg" ipaddr
13048 [ -n "$ipaddr" ] && procd_append_param command -L "$ipaddr"
13049
13050 local gateway
13051 config_get gateway "$cfg" gateway
13052 [ -n "$gateway" ] && procd_append_param command -G "$gateway"
13053
13054 local expiry # = 30
13055 config_get expiry "$cfg" expiry
13056 [ -n "$expiry" ] && procd_append_param command -t "$expiry"
13057
13058 local retry # = 5
13059 config_get retry "$cfg" retry
13060 [ -n "$retry" ] && procd_append_param command -p "$retry"
13061
13062 local table # = 16800
13063 config_get table "$cfg" table
13064 [ -n "$table" ] && procd_append_param command -T "$table"
13065
13066 local fwd_bcast # = 1
13067 config_get_bool fwd_bcast "$cfg" forward_bcast 1
13068 [ $fwd_bcast -eq 1 ] && procd_append_param command "-B"
13069
13070 local fwd_dhcp # = 1
13071 config_get_bool fwd_dhcp "$cfg" forward_dhcp 1
13072 [ $fwd_dhcp -eq 1 ] && procd_append_param command "-D"
13073
13074 procd_close_instance
13075}
13076
13077service_triggers()
13078{
13079 procd_add_reload_trigger "network"
13080 procd_add_raw_trigger "interface.*" 2000 /etc/init.d/relayd reload
13081}
13082
13083start_service() {
13084 include /lib/network
13085 config_load network
13086 config_foreach start_relay interface
13087}
13088
13089##### File: /etc/rc.d/S85rms_connect #####
13090#!/bin/sh /etc/rc.common
13091# Copyright (C) 2016 Teltonika
13092
13093START=85 #start before openvpn
13094STOP=99
13095
13096FUNC_NAME="/sbin/rms_connect"
13097USE_PROCD=1
13098#LOCK_FILE=/var/lock/sim_switch.lock
13099
13100start_service() {
13101 ena=`uci get rms_connect.rms_connect.enable`
13102 if [ "$ena" -eq "1" -o "$ena" -eq "2" ]; then
13103 procd_open_instance
13104 procd_set_param respawn ${respawn_threshold:-0} ${respawn_timeout:-60} ${respawn_retry:-0}
13105 procd_set_param command "$FUNC_NAME"
13106 procd_close_instance
13107 else
13108 uci set openvpn.teltonika_auth_service.enable='0'
13109 uci commit
13110 #Panaikinta, nes startuoja dvigubai su openvpn initu ir sugadina cliento konfigÄ…
13111 #/etc/init.d/openvpn restart
13112 procd_kill rms_connect
13113 procd_kill openvpn rms
13114 fi
13115}
13116
13117stop_service() {
13118 uci set openvpn.teltonika_auth_service.enable='0'
13119 uci commit
13120 procd_kill rms_connect
13121 procd_kill openvpn rms
13122 #Panaikinta, nes startuoja dvigubai su openvpn initu ir sugadina cliento konfigÄ…
13123 #/etc/init.d/openvpn stop
13124}
13125
13126##### File: /etc/rc.d/S88fix_sta_ap #####
13127#!/bin/sh /etc/rc.common
13128. /lib/functions.sh
13129
13130USE_PROCD=1
13131START=88
13132STOP=99
13133
13134
13135STA_ENABLED=0
13136AP_DISABLED=0
13137
13138#Tikriname ar useris neisjunge sta wifi nustatymuose
13139check_wifi_enabled(){
13140 local mode
13141 config_get mode $1 "mode"
13142
13143 case "$mode" in
13144 "sta")
13145 config_get STA_ENABLED $1 "user_enable" "1"
13146 ;;
13147 "ap")
13148 config_get AP_DISABLED $1 "disabled" "0"
13149 ;;
13150 esac
13151}
13152
13153config_load "wireless"
13154config_foreach check_wifi_enabled "wifi-iface"
13155
13156if [ "$STA_ENABLED" = "1" ]; then
13157 start_service() {
13158 procd_open_instance
13159 procd_set_param command /sbin/fix_sta_ap.sh
13160 procd_set_param respawn
13161 procd_close_instance
13162 }
13163fi
13164
13165##### File: /etc/rc.d/S89stunnel #####
13166#!/bin/sh /etc/rc.common
13167# Copyright (C) 2006-2008 OpenWrt.org
13168
13169START=89
13170USE_PROCD=1
13171
13172PID_FILE="/var/run/stunnel.pid"
13173CONF_FILE="/tmp/stunnel.conf"
13174BIN="/usr/bin/stunnel"
13175SERVICE_SECTION_FOUND=0
13176GLOBAL_ENABLED=0
13177
13178global_defs() {
13179 local debug compression use_alt
13180
13181 # Set default settings
13182 printf "foreground = yes\n" >> "$CONF_FILE"
13183 printf "pid = %s\n" "$PID_FILE" >> "$CONF_FILE"
13184 printf "syslog = yes\n" >> "$CONF_FILE"
13185
13186 config_get debug 'globals' debug '5'
13187 printf "debug = %s\n" "$debug" >> "$CONF_FILE"
13188
13189 config_get compression 'globals' compression
13190 [ -z "$compression" ] || printf "compression = %s\n" "$compression" >> "$CONF_FILE"
13191
13192 config_get_bool GLOBAL_ENABLED 'globals' enabled 0
13193 [ $GLOBAL_ENABLED == 0 ] && return 0
13194
13195 config_get_bool use_alt 'globals' use_alt 0
13196 [ $use_alt == 0 ] && return 0
13197
13198 config_get alt_config_file 'globals' alt_config_file
13199 [ -z "$alt_config_file" ] || return 0
13200
13201}
13202
13203print_options() {
13204 local config=$1
13205 shift
13206 for opt in "$@"; do
13207 local $opt
13208 local value
13209 local is_boolean=0
13210
13211 if [ "${opt:0:5}" == "bool_" ]; then
13212 opt="${opt:5}"
13213 is_boolean=1
13214 fi
13215
13216 config_get "value" "$config" "$opt"
13217 [ -z "$value" ] || {
13218 if [ "$value" = '1' ] && [ "$is_boolean" -eq "1" ]; then
13219 value="yes"
13220 elif [ "$value" = '0' ] && [ "$is_boolean" -eq "1" ] ; then
13221 value="no"
13222 fi
13223 printf "%s = %s\n" "$opt" "$value" >> "$CONF_FILE"
13224 }
13225 done
13226}
13227
13228print_list() {
13229 local config=$1
13230 shift
13231 for opt in "$@"; do
13232 local $opt
13233 local elements
13234 config_get "elements" "$config" "$opt"
13235 for element in $elements; do
13236 printf "%s = %s\n" "$opt" "$element" >> "$CONF_FILE"
13237 done
13238 done
13239}
13240
13241print_list_colon() {
13242 local config=$1
13243 local value
13244 shift
13245 for opt in "$@"; do
13246 local $opt
13247 local elements
13248 config_get "elements" "$config" "$opt"
13249 for element in $elements; do
13250 value="${value}:${element}"
13251 done
13252 if [ ! -z "$value" ]; then
13253 printf "%s = %s\n" "$opt" "${value#*:}" >> "$CONF_FILE"
13254 fi
13255 done
13256}
13257
13258service_section() {
13259 local cfg="$1"
13260 local accept_host accept_port enabled
13261
13262 config_get_bool enabled "$cfg" 'enabled' '0'
13263 [ ${enabled} -gt 0 ] || return 0
13264
13265 SERVICE_SECTION_FOUND=1
13266 printf "\n" >> "$CONF_FILE"
13267 printf "[%s]\n" "$cfg" >> "$CONF_FILE"
13268
13269 config_get accept_host "$cfg" accept_host 'localhost'
13270 config_get accept_port "$cfg" accept_port
13271 printf "accept = %s:%s\n" "$accept_host" "$accept_port" >> "$CONF_FILE"
13272
13273 print_options "$cfg" CApath \
13274 CAfile \
13275 cert \
13276 CRLpath \
13277 CRLfile \
13278 curve \
13279 logId \
13280 debug \
13281 engineId \
13282 engineNum \
13283 failover \
13284 ident \
13285 key \
13286 local \
13287 PSKidentity \
13288 PSKsecrets \
13289 sslVersion \
13290 TIMEOUTbusy \
13291 TIMEOUTclose \
13292 TIMEOUTconnect \
13293 TIMEOUTidle \
13294 bool_delay \
13295 bool_libwrap \
13296 bool_reset \
13297 bool_requireCert \
13298 bool_verifyChain \
13299 bool_verifyPeer \
13300 bool_client \
13301 protocol \
13302 protocolAuthentication \
13303 protocolDomain \
13304 protocolHost \
13305 protocolPassword \
13306 protocolUsername
13307
13308
13309 print_list "$cfg" checkEmail \
13310 checkHost \
13311 checkIP \
13312 connect \
13313 options
13314
13315 if [ ! -z "$value" ]; then
13316 print_list_colon "$cfg" ciphers
13317 fi
13318
13319}
13320
13321process_config() {
13322 local alt_config_file
13323
13324 rm -f "$CONF_FILE"
13325
13326 # First line
13327 printf "; STunnel configuration file generated by uci\n" > "$CONF_FILE"
13328 printf "; Written %s\n\n" "$(date +'%c')" >> "$CONF_FILE"
13329
13330 [ -f /etc/config/stunnel ] || return 0
13331
13332 config_load stunnel
13333 global_defs
13334
13335 # If "alt_config_file" specified, use that instead
13336 [ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && {
13337 rm -f "$CONF_FILE"
13338 # Symlink "alt_config_file" since it's a bit easier and safer
13339 ln -s "$alt_config_file" "$CONF_FILE"
13340 # Set section found to start service user hopfully knows what you does
13341 SERVICE_SECTION_FOUND=1
13342 return 0
13343 }
13344
13345 config_foreach service_section service
13346}
13347
13348service_triggers() {
13349 procd_add_reload_trigger "stunnel"
13350}
13351
13352start_service() {
13353 process_config
13354
13355 if [ "$SERVICE_SECTION_FOUND" = 1 -a $GLOBAL_ENABLED = 1 ]; then
13356 procd_open_instance
13357 procd_set_param command "$BIN"
13358 procd_append_param command "$CONF_FILE"
13359 procd_set_param respawn
13360 procd_set_param file "$CONF_FILE"
13361 procd_close_instance
13362 else
13363 logger -t stunnel -p daemon.info "No uci service section enabled or found!"
13364 fi
13365}
13366
13367stop_service() {
13368 if [ -f "$PID_FILE" ]; then
13369 PID=`cat "$PID_FILE"`
13370 kill -9 $PID
13371 fi
13372}
13373
13374reload_service() {
13375 stop_service
13376 start_service
13377}
13378
13379##### File: /etc/rc.d/S95ddns #####
13380#!/bin/sh /etc/rc.common
13381START=95
13382STOP=10
13383USE_PROCD=1
13384./lib/functions.sh
13385IP_INTERFACE=""
13386checkifenabled() {
13387config_get_bool enabled "$1" enabled 0
13388if [ $enabled -eq 1 ]; then
13389config_get IP_INTERFACE "$1" ifname
13390fi
13391}
13392start_service() {
13393config_load network
13394config_foreach checkifenabled interface
13395/usr/lib/ddns/dynamic_dns_updater.sh -i "$IP_INTERFACE" -- start
13396}
13397stop_service() {
13398/usr/lib/ddns/dynamic_dns_updater.sh -- stop
13399}
13400reload_service() {
13401stop_service
13402sleep 1
13403start_service
13404}
13405service_triggers()
13406{
13407procd_add_reload_trigger "ddns"
13408}
13409
13410##### File: /etc/rc.d/S95done #####
13411#!/bin/sh /etc/rc.common
13412# Copyright (C) 2006 OpenWrt.org
13413
13414START=95
13415
13416check_modem() {
13417 . /lib/teltonika-functions.sh
13418 vidpid=`get_ext_vidpid_tlt`
13419 if [ -z "$vidpid" ]; then
13420 err1=`dmesg | grep -c "device descriptor read"`
13421 err2=`dmesg | grep -c "device not accepting address"`
13422 if [ "$err1" -ne 0 ] || [ "$err2" -ne 0 ]; then
13423 echo "Modem error. Restarting modem"
13424 /etc/init.d/modem restart
13425 fi
13426 fi
13427}
13428
13429boot() {
13430 mount_root done
13431
13432 # process user commands
13433 [ -f /etc/rc.local ] && {
13434 sh /etc/rc.local
13435 }
13436
13437 # set leds to normal state
13438 . /etc/diag.sh
13439
13440 # check for modem startup error
13441 check_modem
13442
13443 # set kernel warning output level
13444 /sbin/klogd -c 4
13445
13446 # reloading configs for uci (moved from wifid.init)
13447 /sbin/reload_config
13448
13449 set_state done
13450}
13451
13452##### File: /etc/rc.d/S96led #####
13453#!/bin/sh /etc/rc.common
13454# (C) 2008 openwrt.org
13455
13456START=96
13457
13458load_led() {
13459 local name
13460 local sysfs
13461 local trigger
13462 local dev
13463 local mode
13464 local default
13465 local delayon
13466 local delayoff
13467 local interval
13468
13469 config_get sysfs $1 sysfs
13470 config_get name $1 name "$sysfs"
13471 config_get trigger $1 trigger "none"
13472 config_get dev $1 dev
13473 config_get mode $1 mode "link"
13474 config_get_bool default $1 default "nil"
13475 config_get delayon $1 delayon
13476 config_get delayoff $1 delayoff
13477 config_get interval $1 interval "50"
13478 config_get port_state $1 port_state
13479 config_get delay $1 delay "150"
13480 config_get message $1 message ""
13481
13482 if [ "$trigger" = "rssi" ]; then
13483 # handled by rssileds userspace process
13484 return
13485 fi
13486
13487 [ -e /sys/class/leds/${sysfs}/brightness ] && {
13488 echo "setting up led ${name}"
13489 [ "$default" != nil ] && {
13490 [ $default -eq 1 ] &&
13491 echo 1 >/sys/class/leds/${sysfs}/brightness
13492 [ $default -eq 1 ] ||
13493 echo 0 >/sys/class/leds/${sysfs}/brightness
13494 }
13495 echo $trigger > /sys/class/leds/${sysfs}/trigger
13496 case "$trigger" in
13497 "netdev")
13498 [ -n "$dev" ] && {
13499 echo $dev > /sys/class/leds/${sysfs}/device_name
13500 echo $mode > /sys/class/leds/${sysfs}/mode
13501 }
13502 ;;
13503
13504 "timer")
13505 [ -n "$delayon" ] && \
13506 echo $delayon > /sys/class/leds/${sysfs}/delay_on
13507 [ -n "$delayoff" ] && \
13508 echo $delayoff > /sys/class/leds/${sysfs}/delay_off
13509 ;;
13510
13511 "usbdev")
13512 [ -n "$dev" ] && {
13513 echo $dev > /sys/class/leds/${sysfs}/device_name
13514 echo $interval > /sys/class/leds/${sysfs}/activity_interval
13515 }
13516 ;;
13517
13518 "port_state")
13519 [ -n "$port_state" ] && \
13520 echo $port_state > /sys/class/leds/${sysfs}/port_state
13521 ;;
13522
13523 "morse")
13524 echo $message > /sys/class/leds/${sysfs}/message
13525 echo $delay > /sys/class/leds/${sysfs}/delay
13526 ;;
13527
13528 switch[0-9]*)
13529 local port_mask
13530
13531 config_get port_mask $1 port_mask
13532 [ -n "$port_mask" ] && \
13533 echo $port_mask > /sys/class/leds/${sysfs}/port_mask
13534 ;;
13535 esac
13536 }
13537}
13538
13539start() {
13540 [ -e /sys/class/leds/ ] && {
13541 config_load system
13542 config_foreach load_led led
13543 }
13544}
13545
13546##### File: /etc/rc.d/S96xl2tpd #####
13547#!/bin/sh /etc/rc.common
13548# Copyright (C) 2006-2010 OpenWrt.org
13549
13550START=96
13551USE_PROCD=1
13552DAEMON=xl2tpd
13553BIN=/usr/sbin/$DAEMON
13554DEFAULT=/etc/default/$DAEMON
13555RUN_D=/var/run
13556PID_F=$RUN_D/$DAEMON.pid
13557CONFIG=/var/etc/xl2tpd.conf
13558CHAP_SECRETS=/var/etc/xl2tp-chap-secrets
13559client_started=0
13560
13561setup_login() {
13562 local section="$1"
13563
13564 config_get username "$section" username
13565 config_get password "$section" password
13566 config_get remoteip "$section" remoteip
13567
13568 [ -n "$username" ] || return 0
13569 [ -n "$password" ] || return 0
13570
13571 echo "$username xl2tp-server $password ${remoteip:-*}" >> $CHAP_SECRETS
13572}
13573
13574setup_config() {
13575 local section="$1"
13576
13577 config_get enabled "$section" enabled 0
13578 [ "$enabled" -eq 0 ] && return 1
13579
13580 mkdir -p /var/etc
13581 cp /etc/xl2tpd/xl2tpd.conf $CONFIG
13582
13583 config_get localip "$section" localip
13584 config_get remoteipstart "$section" start
13585 config_get remoteipend "$section" limit
13586
13587 if [ -n "$remoteipstart" ] && [ -n "$remoteipend" ]; then
13588 remoteip="${remoteipstart}-${remoteipend}"
13589 else
13590 config_get remoteip "$section" remoteip
13591 fi
13592
13593 [ -n "$localip" ] && echo "local ip = $localip" >> $CONFIG
13594 [ -n "$remoteip" ] && echo "ip range = $remoteip" >> $CONFIG
13595 return 0
13596}
13597
13598start_xl2tpd_for_client() {
13599 logger "l2tp: starting $DAEMON for clients"
13600 #[ -f $DEFAULT ] && . $DEFAULT
13601 mkdir -p "$RUN_D/$DAEMON"
13602 for m in arc4 sha1_generic slhc crc-ccitt ppp_generic ppp_async ppp_mppe; do
13603 insmod $m >/dev/null 2>&1
13604 done
13605 procd_open_instance
13606 procd_set_param command $BIN -D -l
13607 procd_set_param respawn
13608 procd_close_instance
13609}
13610
13611start_xl2tpd() {
13612 #[ -f $DEFAULT ] && . $DEFAULT
13613 mkdir -p "$RUN_D/$DAEMON"
13614 for m in arc4 sha1_generic slhc crc-ccitt ppp_generic ppp_async ppp_mppe; do
13615 insmod $m >/dev/null 2>&1
13616 done
13617
13618 procd_open_instance
13619 procd_set_param command $BIN -D -l -c $CONFIG
13620 procd_set_param respawn
13621 procd_close_instance
13622}
13623
13624check_clients() {
13625 local section="$1"
13626 [ "$client_started" = "1" ] && return 1
13627
13628 config_get proto "$section" proto
13629 config_get enabled "$section" enabled
13630 config_get name "$section" _name
13631 if [ "$proto" = "l2tp" -a "$enabled" != 0 ]; then
13632 start_xl2tpd_for_client
13633 ifup $name
13634 client_started=1
13635 fi
13636}
13637
13638start_service() {
13639 [ -e "$CHAP_SECRETS" ] && rm -f $CHAP_SECRETS 2>/dev/null
13640
13641 config_load xl2tpd
13642 #setup_config xl2tpd || return
13643 if setup_config xl2tpd; then
13644 config_foreach setup_login login
13645 start_xl2tpd
13646 else
13647 config_load network
13648 config_foreach check_clients interface
13649 fi
13650}
13651
13652reload_service(){
13653 stop
13654 start
13655}
13656
13657##### File: /etc/rc.d/S97messaged #####
13658#!/bin/sh /etc/rc.common
13659# Copyright (C) 2015 Teltonika
13660. /lib/teltonika-functions.sh
13661. /lib/functions.sh
13662
13663START=97
13664#STOP=19
13665#count=0
13666
13667process_start()
13668{
13669 /usr/sbin/messaged status reboot
13670}
13671
13672start()
13673{
13674 process_start
13675}
13676
13677##### File: /etc/rc.d/S97sms-utils #####
13678#!/bin/sh /etc/rc.common
13679# Copyright (C) 2014 Teltonika
13680
13681START=97
13682#STOP=19
13683#count=0
13684
13685process_start()
13686{
13687 /sbin/sms_utils/sms_utils -s &
13688}
13689
13690boot()
13691{
13692 process_start
13693}
13694
13695start()
13696{
13697 process_start
13698}
13699
13700##### File: /etc/rc.d/S98sysntpd #####
13701#!/bin/sh /etc/rc.common
13702# Copyright (C) 2011 OpenWrt.org
13703
13704START=98
13705
13706USE_PROCD=1
13707PROG=/usr/sbin/ntpd
13708HOTPLUG_SCRIPT=/usr/sbin/ntpd-hotplug
13709
13710get_dhcp_ntp_servers() {
13711 local interfaces="$1"
13712 local filter="*"
13713 local interface ntpservers ntpserver
13714
13715 for interface in $interfaces; do
13716 [ "$filter" = "*" ] && filter="@.interface='$interface'" || filter="$filter,@.interface='$interface'"
13717 done
13718
13719 ntpservers=$(ubus call network.interface dump | jsonfilter -e "@.interface[$filter]['data']['ntpserver']")
13720
13721 for ntpserver in $ntpservers; do
13722 local duplicate=0
13723 local entry
13724 for entry in $server; do
13725 [ "$ntpserver" = "$entry" ] && duplicate=1
13726 done
13727 [ "$duplicate" = 0 ] && server="$server $ntpserver"
13728 done
13729}
13730
13731validate_ntp_section() {
13732 uci_validate_section system timeserver "${1}" \
13733 'server:list(host)' 'enabled:bool:1' 'enable_server:bool:0' 'use_dhcp:bool:1' 'dhcp_interface:list(string)'
13734}
13735
13736start_service() {
13737 local server enabled enable_server use_dhcp dhcp_interface peer
13738
13739 validate_ntp_section ntp || {
13740 echo "validation failed"
13741 return 1
13742 }
13743
13744 [ $enabled = 0 ] && return
13745
13746 [ $use_dhcp = 1 ] && get_dhcp_ntp_servers "$dhcp_interface"
13747
13748 [ -z "$server" -a "$enable_server" = "0" ] && return
13749
13750 procd_open_instance
13751 procd_set_param command "$PROG" -n -N
13752 [ "$enable_server" = "1" ] && procd_append_param command -l
13753 [ -x "$HOTPLUG_SCRIPT" ] && procd_append_param command -S "$HOTPLUG_SCRIPT"
13754 for peer in $server; do
13755 procd_append_param command -p $peer
13756 done
13757 procd_set_param respawn
13758 procd_close_instance
13759}
13760
13761service_triggers() {
13762 local script name use_dhcp
13763
13764 script=$(readlink -f "$initscript")
13765 name=$(basename ${script:-$initscript})
13766
13767 procd_add_config_trigger "config.change" "system" /etc/init.d/$name reload
13768
13769 config_load system
13770 config_get use_dhcp ntp use_dhcp 1
13771
13772 [ $use_dhcp = 1 ] && {
13773 local dhcp_interface
13774 config_get dhcp_interface ntp dhcp_interface
13775
13776 if [ -n "$dhcp_interface" ]; then
13777 for n in $dhcp_interface; do
13778 procd_add_interface_trigger "interface.*" $n /etc/init.d/$name reload
13779 done
13780 else
13781 procd_add_raw_trigger "interface.*" 1000 /etc/init.d/$name reload
13782 fi
13783 }
13784
13785 procd_add_validation validate_ntp_section
13786}
13787
13788##### File: /etc/rc.d/S99auto_update #####
13789#!/bin/sh /etc/rc.common
13790
13791# Copyright (C) 2014 Teltonika
13792
13793#. /lib/teltonika-functions.sh
13794
13795START=99
13796STOP=10
13797
13798start() {
13799 killall -9 auto_update.sh >/dev/null 2>&1
13800 /usr/sbin/auto_update.sh init&
13801}
13802
13803stop() {
13804 killall -9 auto_update.sh >/dev/null 2>&1
13805}
13806
13807##### File: /etc/rc.d/S99bridge_arp #####
13808#!/bin/sh /etc/rc.common
13809# Workaround for Huawei LTE ARP requests in bridge mode
13810
13811START=99
13812STOP=99
13813EBTABLES="/usr/sbin/ebtables"
13814CONFIG_GET="uci get"
13815
13816start() {
13817 lan_ifname=$($CONFIG_GET -q "network.lan.ifname")
13818 ppp_ifname=$($CONFIG_GET -q "network.ppp.ifname")
13819 [ $(echo $lan_ifname | grep -c $ppp_ifname) = 1 ] || return
13820 . /lib/teltonika-functions.sh
13821 if [ $(get_vidpid_tlt) = $HUAWEI_LTE ]; then
13822 interface=eth0
13823 elif [ $(get_vidpid_tlt) = $QUECTEL ] || [ $(get_vidpid_tlt) = $QUECTEL_EC25 ] || [ $(get_vidpid_tlt) = $TELIT_LTE ] || [ $(get_vidpid_tlt) = $TELIT_LTE_V2 ]; then
13824 interface=wwan0
13825 else
13826 return
13827 fi
13828
13829 #Fix ARP issue
13830 lan_ip=$($CONFIG_GET -q "network.lan2.ipaddr")
13831 # Drop ARP requests looking for dublicated IP
13832 $EBTABLES -t nat -A PREROUTING -p arp --arp-ip-src 0.0.0.0 --arp-opcode Request -j DROP
13833 # Reply with Huawei MAC to all other requests
13834 $EBTABLES -t nat -A PREROUTING -p arp --arp-ip-dst ! ${lan_ip:-"192.168.1.1"} \
13835 --arp-opcode Request -j arpreply --arpreply-mac 02:50:f3:00:00:00
13836
13837 #Bind to MAC
13838 mac=$($CONFIG_GET -q "network.ppp.bind_mac")
13839 if [ -n "$mac" ]; then
13840 $EBTABLES -t nat -A PREROUTING -i $interface -j dnat --to-destination "$mac"
13841 fi
13842}
13843
13844stop() {
13845 $EBTABLES -t nat --flush
13846}
13847
13848##### File: /etc/rc.d/S99chilli #####
13849#!/bin/sh /etc/rc.common
13850
13851START=99
13852STOP=56
13853#SERVICE_DAEMONIZE=1
13854#SERVICE_WRITE_PID=1
13855#SERVICE_PID_FILE=/var/run/chilli.pid
13856
13857PATH=/sbin:/bin:/usr/sbin:/usr/bin
13858DAEMON=/usr/sbin/chilli
13859NAME=chilli
13860DESC=chilli
13861CONFIG2=/etc/chilli/config
13862
13863RETVAL=0
13864
13865. /usr/share/libubox/jshn.sh
13866. /lib/functions.sh
13867
13868if [ -f /etc/default/chilli ] ; then
13869 . /etc/default/chilli
13870fi
13871
13872
13873# test -f $DAEMON || exit 0
13874
13875main_conf() {
13876cat <<EOF > $2
13877include /etc/chilli/$1/main.conf
13878include /etc/chilli/$1/hs.conf
13879include /etc/chilli/$1/local.conf
13880
13881ipup=/etc/chilli/up.sh
13882ipdown=/etc/chilli/down.sh
13883EOF
13884}
13885
13886wait_for_wifi() {
13887 json_load "$(/bin/ubus call network.wireless status)"
13888 json_select "radio0"
13889
13890 if json_is_a "interfaces" array; then
13891 local __idx=1
13892 json_select "interfaces"
13893 config_load wireless
13894
13895 while json_is_a "$__idx" object; do
13896 json_select "$((__idx++))"
13897 json_get_var ifname ifname
13898 json_select ".."
13899
13900 if [ -z "$ifname" ]; then
13901 return 1
13902 fi
13903 done
13904 fi
13905
13906 return 0
13907}
13908
13909make_config() {
13910 local ifname section
13911 local wifi_loaded=1
13912 local counter=0
13913 local disabled
13914 local coova_section=$1
13915 local hotspotid
13916
13917 #Laukiame kol pakils wifi
13918 while [ $wifi_loaded -eq 1 ]; do
13919 counter=$((counter+1))
13920 wait_for_wifi
13921 wifi_loaded=$?
13922 [ "$wifi_loaded" = "1" ] && logger -t "$NAME" "Waiting for wifi"
13923 [ $counter -gt 10 ] && return 1
13924 sleep 1
13925 done
13926
13927 json_load "$(/bin/ubus call network.wireless status)"
13928 json_select "radio0"
13929
13930 if json_is_a "interfaces" array; then
13931 local __idx=1
13932
13933 json_select "interfaces"
13934 config_load wireless
13935
13936 while json_is_a "$__idx" object; do
13937 json_select "$((__idx++))"
13938 json_get_var section section
13939 json_get_var ifname ifname
13940 json_select ".."
13941
13942 DHCPIF=$ifname
13943
13944 #config_get hotspotid $section "hotspotid"
13945 hotspotid=`uci -q get wireless.$section.hotspotid`
13946 if [ "$coova_section" == "$hotspotid" ]; then
13947 disabled=`uci -q get wireless.$section.disabled`
13948 #config_get disabled "$section" "disabled" "0"
13949 if [ -n "$DHCPIF" ] && [ "$disabled" != "1" ]; then
13950 export DHCPIF
13951 CONFIG=/etc/chilli/$DHCPIF/chilli.conf
13952 logger -t "$NAME" "Config: $CONFIG"
13953 if [ -e $CONFIG ]; then
13954 logger -t "$NAME" "Config file $CONFIG exists."
13955 else
13956 [ ! -d "$CONFIG" ] && mkdir /etc/chilli/$DHCPIF
13957 main_conf $DHCPIF $CONFIG
13958 fi
13959 return 0
13960 else
13961 return 1
13962 fi
13963 fi
13964 done
13965 return 1
13966 else
13967 return 1
13968 fi
13969}
13970
13971# manage_wifi_config(){
13972# local wifi_section=`uci -q show wireless | grep $2 | awk -F. '{print $2}'`
13973#
13974# if [ $wifi_section ]; then
13975# local network=`uci -q get wireless.$wifi_section.network`
13976#
13977# if [ $network -a "$1" == "1" ]; then
13978# uci -q delete wireless.$wifi_section.network
13979# uci commit
13980# wifi up
13981# sleep 4
13982# elif [ ! $network ] && [ "$1" == "0" ]; then
13983# uci -q set wireless.$wifi_section.network='lan'
13984# uci commit
13985# wifi up
13986# sleep 4
13987# fi
13988# fi
13989# }
13990
13991start_instances() {
13992 local enabled
13993
13994 config_get enabled "$1" "enabled" "0"
13995
13996 if [ "$enabled" == "1" ] ; then
13997 # manage_wifi_config "1" $1
13998 logger -t "$NAME" "Starting $DESC: "
13999 if [ ! -e "/www/hotspot/cgi" ]; then
14000 ln -s /usr/www/hotspot /www/hotspot/cgi
14001 ln -s /www/luci-static/ /www/hotspot/luci-static
14002 fi
14003 uci -q set uhttpd.hotspot.disabled='0'
14004 uci commit uhttpd
14005 # sleep 1
14006 else
14007 # manage_wifi_config "0" $1
14008 logger -t "$NAME" "$DESC disabled by UCI"
14009 return 1
14010 fi
14011
14012 make_config $1
14013 [ "$?" = "1" ] && {
14014 logger -t "$NAME" "Config not generated"
14015 return 1
14016 }
14017
14018 . /etc/chilli/functions $1
14019 check_required
14020 writeconfig
14021 radiusconfig
14022
14023 test ${HS_ADMINTERVAL:-0} -gt 0 && {
14024 (crontab -l 2>&- | grep -v $0
14025 echo "*/$HS_ADMINTERVAL * * * * $0 radconfig"
14026 ) | crontab - 2>&-
14027 }
14028
14029 start-stop-daemon -S -q -p /var/run/$NAME.$HS_LANIF.pid -x $DAEMON -- -c $CONFIG &
14030}
14031
14032start() {
14033 /usr/sbin/modprobe tun >/dev/null 2>&1
14034 echo 1 > /proc/sys/net/ipv4/ip_forward
14035 config_load coovachilli
14036 config_foreach start_instances "general"
14037 RETVAL=$?
14038}
14039
14040checkrunning() {
14041 check=`start-stop-daemon -S -x $DAEMON -t`
14042 if [ x"$check" != x"$DAEMON already running." ] ; then
14043 start
14044 fi
14045}
14046
14047check_enabled() {
14048 local enabled
14049 config_get enabled "$1" "enabled" "0"
14050 if [ "$enabled" == "1" ] ; then
14051 RETVAL=0
14052 fi
14053}
14054
14055radconfig() {
14056 [ -e $MAIN_CONF ] || writeconfig
14057 radiusconfig
14058}
14059
14060restart() {
14061 stop
14062 start
14063 RETVAL=$?
14064}
14065
14066stop() {
14067 /usr/sbin/statistics save >/dev/null 2>&1 &
14068 crontab -l 2>&- | grep -v $0 | crontab -
14069 PID_FILES=$(ls /var/run/chilli*.pid 2>/dev/null)
14070 [ -n "$PID_FILES" ] && {
14071 for pid_file in $PID_FILES;
14072 do
14073 logger -t $NAME "Found pid file $pid_file"
14074 start-stop-daemon -K -q -p $pid_file -x $DAEMON
14075 sleep 2 #Kitaip nepasalina visu firewall tisykliu
14076 [ $? = 0 ] && {
14077 rm -f $pid_file 2>/dev/null
14078 }
14079 done
14080 sleep 1
14081 }
14082 RETVAL=1
14083 config_load coovachilli
14084 config_foreach check_enabled "general"
14085 uci -q set uhttpd.hotspot.disabled="$RETVAL"
14086 uci commit uhttpd
14087 rm -f /www/hotspot/cgi
14088 logger -t $NAME "Stoping $NAME."
14089}
14090
14091reload() {
14092 logger -t $NAME "Reloading $DESC."
14093 #start-stop-daemon -K -s 1 -q -p \
14094 # /var/run/$NAME.$HS_LANIF.pid -x $DAEMON
14095 restart
14096}
14097
14098condrestart() {
14099 check=`start-stop-daemon -S -x $DAEMON -t`
14100 if [ x"$check" != x"$DAEMON already running." ] ; then
14101 restart
14102 RETVAL=$?
14103 fi
14104}
14105
14106status() {
14107 status chilli
14108 RETVAL=$?
14109}
14110
14111##### File: /etc/rc.d/S99hotspot_scheduler #####
14112#!/bin/sh /etc/rc.common
14113
14114START=99
14115STOP=99
14116CRONTAB_ID=aCr5E6Lm
14117SCHEDULER_SCRIPT=/sbin/hotspot_restrict.sh
14118DAYS="mon tue wed thu fri sat sun"
14119OLD_MODE=
14120COUNT=0
14121CURR_DAY=$(echo "`date +%a`" | awk '{print tolower($0)}')
14122CURR_HOUR=`date +%H`
14123
14124set_schedule(){
14125 local hour
14126 local action
14127 local schedule=$1
14128 local day=$2
14129 local id=$3
14130
14131 for hour in $(seq 0 23)
14132 do
14133 mode=${schedule:${hour}:1}
14134
14135 if [ "${OLD_MODE}" != "${mode}" ]; then
14136 if [ "${mode}" == "1" ]; then
14137 action=set
14138 COUNT=$((COUNT+1))
14139 else
14140 action=clear
14141 fi
14142
14143 (crontab -l ; echo "0 ${hour} * * ${day} ${SCHEDULER_SCRIPT} \"${action}\" \"${id}\" #$CRONTAB_ID") | crontab -
14144 fi
14145 set -x
14146 if [ "${day}" == "${CURR_DAY}" -a ${CURR_HOUR} -eq ${hour} ]; then
14147 [ "${mode}" == "1" ] && action=set || action=clear
14148
14149 ${SCHEDULER_SCRIPT} ${action} ${id}
14150 fi
14151
14152 set +x
14153 OLD_MODE=${mode}
14154 done
14155}
14156
14157perform_ap(){
14158 local section=$1
14159 local schedule
14160 OLD_MODE=
14161
14162 for day in ${DAYS}
14163 do
14164 config_get schedule ${section} ${day}
14165
14166 [ -n "${schedule}" -a -n "${day}" ] && set_schedule "${schedule}" "${day}" "${section}"
14167 done
14168}
14169
14170stop_ap(){
14171 ${SCHEDULER_SCRIPT} "clear" "$1"
14172}
14173
14174start(){
14175 config_load hotspot_scheduler
14176 config_foreach perform_ap "ap"
14177
14178 #Clean crontab if schedules is not set.
14179 [ ${COUNT} -eq 0 ] && stop
14180}
14181
14182stop(){
14183 config_load hotspot_scheduler
14184 crontab -l | grep -v "$CRONTAB_ID" | crontab -
14185 config_foreach stop_ap "ap"
14186}
14187##### File: /etc/rc.d/S99kmod_man #####
14188#!/bin/sh /etc/rc.common
14189
14190START=99
14191USE_PROCD=1
14192
14193PROC_BIN="/usr/sbin/kmod_man.sh"
14194
14195start_service() {
14196 procd_open_instance
14197 procd_set_param command "$PROC_BIN"
14198 procd_close_instance
14199}
14200
14201stop_service() {
14202 killall -q kmod_man.sh
14203}
14204
14205reload_service() {
14206 restart
14207}
14208
14209restart_service() {
14210 restart
14211}
14212
14213##### File: /etc/rc.d/S99load_balancing #####
14214#!/bin/sh /etc/rc.common
14215START=99
14216
14217start() {
14218 /usr/sbin/load_balancing start
14219}
14220
14221stop() {
14222 /usr/sbin/load_balancing stop
14223}
14224
14225restart() {
14226 stop
14227 start
14228}
14229
14230##### File: /etc/rc.d/S99modbusd #####
14231#!/bin/sh /etc/rc.common
14232
14233APP=/usr/sbin/modbusd
14234
14235USE_PROCD=1
14236START=99
14237STOP=99
14238
14239ENABLED=`uci get modbus.modbus.enabled`
14240PORT=`uci get modbus.modbus.port`
14241MAX_CONN=8
14242
14243start_service() {
14244 if [ "$ENABLED" = "1" ]; then
14245 procd_open_instance
14246 procd_set_param command $APP -a 0.0.0.0 -p $PORT -m $MAX_CONN
14247 procd_set_param respawn
14248 procd_close_instance
14249 fi
14250}
14251##### File: /etc/rc.d/S99output_scheduler #####
14252#!/bin/sh /etc/rc.common
14253
14254START=99
14255STOP=99
14256
14257. /lib/functions.sh
14258
14259script_run()
14260{
14261 local enabled action timeout timeout_time mode days interval_time gpio create
14262 local minutes="*"
14263 local hours="*"
14264 local param=""
14265 config_get enabled $1 enabled "0"
14266 config_get gpio $1 gpio
14267 config_get action $1 action
14268 config_get mode $1 mode
14269 config_get timeout $1 timeout "0"
14270 config_get timeout_time $1 timeout_time
14271 config_get days $1 day
14272
14273 if [ "$enabled" == "1" ]; then
14274
14275 if [ "$mode" == "fixed" ]; then
14276 config_get hours $1 fixed_hour "*"
14277 config_get minutes $1 fixed_minute "*"
14278 if [ "$hours" != "*" ] || [ "$minutes" != "*" ]; then
14279 create="1"
14280 fi
14281 elif [ "$mode" == "interval" ]; then
14282 config_get interval_time $1 interval_time
14283 if [ -n "$interval_time" ]; then
14284 hours=$((interval_time / 60))
14285 minutes=$((interval_time % 60))
14286 if [ "$hours" = "0" ]; then
14287 minutes="*/$minutes"
14288 hours="*"
14289 else
14290 minutes="0"
14291 hours="*/$hours"
14292 fi
14293 create="1"
14294 fi
14295 fi
14296
14297 param="$param $gpio"
14298
14299 if [ "$action" == "on" ]; then
14300 param="$param set"
14301 elif [ "$action" == "off" ]; then
14302 param="$param clear"
14303 fi
14304
14305 if [ "$timeout" == "1" ]; then
14306 param="$param $timeout_time"
14307 fi
14308
14309 if [ -z "$days" ]; then
14310 days="*"
14311 else
14312 days=${days// /,}
14313 fi
14314
14315 if [ -n "$create" ]; then
14316 echo "$minutes $hours * * $days sh /sbin/output_control.sh $param" >> /etc/crontabs/root
14317 fi
14318 fi
14319}
14320
14321start()
14322{
14323 schd="$(cat /etc/scheduler/config | grep $(date +%a | awk '{print tolower($0)}') | cut -d':' -f 2 | head -c $(date +%H | sed 's/\b0//g'| awk '{print ($0 + 1)}') | tail -c 1)"
14324
14325 if [ $schd == "3" ]; then
14326 /sbin/gpio.sh set DOUT1 &
14327 /sbin/gpio.sh set DOUT2 &
14328 elif [ $schd == "2" ]; then
14329 /sbin/gpio.sh set DOUT2 &
14330 /sbin/gpio.sh clear DOUT1 &
14331 elif [ $schd == "1" ]; then
14332 /sbin/gpio.sh set DOUT1 &
14333 /sbin/gpio.sh clear DOUT2 &
14334 else
14335 /sbin/gpio.sh clear DOUT1 &
14336 /sbin/gpio.sh clear DOUT2 &
14337 fi
14338 chck="$(cat /etc/crontabs/root | grep /sbin/gpio.sh)"
14339
14340 if [[ -z $chck ]]; then
14341 lua /sbin/output_scheduler_cron.lua
14342 fi
14343
14344 sed -i "/output_control/d" /etc/crontabs/root
14345 config_load "output_control"
14346 config_foreach script_run 'rule'
14347 /etc/init.d/cron restart
14348}
14349
14350stop()
14351{
14352 /sbin/gpio.sh clear DOUT1 &
14353 /sbin/gpio.sh clear DOUT2 &
14354 sed -i "/output_control/d" /etc/crontabs/root
14355}
14356
14357restart(){
14358 stop
14359 start
14360}
14361
14362reload(){
14363 restart
14364}
14365
14366##### File: /etc/rc.d/S99shellinabox #####
14367#!/bin/sh /etc/rc.common
14368# Copyright (C) 2018 Teltonika
14369#. /lib/teltonika-functions.sh
14370#. /lib/functions.sh
14371START=99
14372
14373USE_PROCD=1
14374enable=$(uci get cli.status.enable)
14375uhttpd_cert=$(uci get uhttpd.main.cert)
14376uhttpd_key=$(uci get uhttpd.main.key)
14377shell_cert="/tmp/certificate.pem"
14378
14379start_service()
14380{
14381 if [ "$enable" == "1" ]; then
14382 if [ ! -s "$shell_cert" ]; then
14383 openssl x509 -inform DER -in "$uhttpd_cert" -outform PEM | cat "$uhttpd_key" - > /tmp/shellinabox.tmp
14384 mv /tmp/shellinabox.tmp "$shell_cert"
14385 fi
14386 fi
14387}
14388
14389stop_service()
14390{
14391 rm -f "$shell_cert"
14392 killall shellinaboxd
14393}
14394
14395restart_service()
14396{
14397 rm -f "$shell_cert"
14398 killall shellinaboxd
14399 if [ "$enable" == "1" ]; then
14400 openssl x509 -inform DER -in "$uhttpd_cert" -outform PEM | cat "$uhttpd_key" - > /tmp/shellinabox.tmp
14401 mv /tmp/shellinabox.tmp "$shell_cert"
14402 fi
14403}
14404
14405reload_service()
14406{
14407 restart_service
14408}
14409
14410##### File: /etc/rc.d/S99snmpd #####
14411#!/bin/sh /etc/rc.common
14412# Copyright (C) 2008 OpenWrt.org
14413START=99
14414
14415DEFAULT=/etc/default/snmpd
14416LIB_D=/var/lib/snmp
14417LOG_D=/var/log
14418RUN_D=/var/run
14419PID_F=$RUN_D/snmpd.pid
14420RUN_C=$RUN_D/snmpd.conf
14421
14422en="0"
14423
14424snmpd_agent_add() {
14425 local cfg="$1"
14426 config_get enabled "$cfg" enabled
14427 trap_enabled=`uci -q get snmpd.@trap[0].trap_enabled`
14428 if [ "$enabled" != "1" ] && [ "$trap_enabled" != "1" ]
14429 then
14430 return
14431 fi
14432 en="1"
14433 config_get agentaddress "$cfg" agentaddress
14434 [ -n "$agentaddress" ] || return 0
14435 echo "agentaddress $agentaddress" >> $RUN_C
14436}
14437snmpd_system_add() {
14438 local cfg="$1"
14439 config_get syslocation "$cfg" sysLocation
14440 [ -n "$syslocation" ] && echo "sysLocation $syslocation" >> $RUN_C
14441 config_get syscontact "$cfg" sysContact
14442 [ -n "$syscontact" ] && echo "sysContact $syscontact" >> $RUN_C
14443 config_get sysname "$cfg" sysName
14444 [ -n "$sysname" ] && echo "sysName $sysname" >> $RUN_C
14445 config_get sysservice "$cfg" sysService
14446 [ -n "$sysservice" ] && echo "sysService $sysservice" >> $RUN_C
14447 config_get sysdescr "$cfg" sysDescr
14448 [ -n "$sysdescr" ] && echo "sysDescr $sysdescr" >> $RUN_C
14449 config_get sysobjectid "$cfg" sysObjectID
14450 [ -n "$sysobjectid" ] && echo "sysObjectID $sysobjectid" >> $RUN_C
14451}
14452snmpd_com2sec_add() {
14453 local cfg="$1"
14454 config_get secname "$cfg" secname
14455 [ -n "$secname" ] || return 0
14456 config_get source "$cfg" source
14457 [ -n "$source" ] || return 0
14458 config_get community "$cfg" community
14459 [ -n "$community" ] || return 0
14460 echo "com2sec $secname $source $community" >> $RUN_C
14461}
14462
14463snmpd_trap2sink_add() {
14464 local cfg="$1"
14465
14466 config_get trap_enabled "$cfg" trap_enabled
14467 [ "$trap_enabled" == "1" ] || return 0
14468 config_get trap_host "$cfg" trap_host
14469 [ -n "$trap_host" ] || return 0
14470 config_get trap_community "$cfg" trap_community
14471 [ -n "$trap_community" ] || return 0
14472 config_get trap_port "$cfg" trap_port
14473 [ -n "$trap_port" ] || return 0
14474 echo "trap2sink $trap_host:$trap_port $trap_community " >> $RUN_C
14475}
14476
14477snmpd_group_add() {
14478 local cfg="$1"
14479 config_get group "$cfg" group
14480 [ -n "$group" ] || return 0
14481 config_get version "$cfg" version
14482 [ -n "$version" ] || return 0
14483 config_get secname "$cfg" secname
14484 [ -n "$secname" ] || return 0
14485 echo "group $group $version $secname" >> $RUN_C
14486}
14487snmpd_view_add() {
14488 local cfg="$1"
14489 config_get viewname "$cfg" viewname
14490 [ -n "$viewname" ] || return 0
14491 config_get type "$cfg" type
14492 [ -n "$type" ] || return 0
14493 config_get oid "$cfg" oid
14494 [ -n "$oid" ] || return 0
14495 # optional mask
14496 config_get mask "$cfg" mask
14497 echo "view $viewname $type $oid $mask" >> $RUN_C
14498}
14499snmpd_access_add() {
14500 local cfg="$1"
14501 config_get group "$cfg" group
14502 [ -n "$group" ] || return 0
14503 config_get context "$cfg" context
14504 [ -n $context ] || return 0
14505 [ "$context" == "none" ] && context='""'
14506 config_get version "$cfg" version
14507 [ -n "$version" ] || return 0
14508 config_get level "$cfg" level
14509 [ -n "$level" ] || return 0
14510 config_get prefix "$cfg" prefix
14511 [ -n "$prefix" ] || return 0
14512 config_get read "$cfg" read
14513 [ -n "$read" ] || return 0
14514 config_get write "$cfg" write
14515 [ -n "$write" ] || return 0
14516 config_get notify "$cfg" notify
14517 [ -n "$notify" ] || return 0
14518 echo "access $group $context $version $level $prefix $read $write $notify" >> $RUN_C
14519}
14520snmpd_pass_add() {
14521 local cfg="$1"
14522 local pass='pass'
14523
14524 config_get miboid "$cfg" miboid
14525 [ -n "$miboid" ] || return 0
14526 config_get prog "$cfg" prog
14527 [ -n "$prog" ] || return 0
14528 config_get_bool persist "$cfg" persist 0
14529 [ $persist -ne 0 ] && pass='pass_persist'
14530 config_get priority "$cfg" priority
14531 priority=${priority:+-p $priority}
14532 echo "$pass $priority $miboid $prog" >> $RUN_C
14533}
14534snmpd_exec_add() {
14535 local cfg="$1"
14536
14537 config_get name "$cfg" name
14538 [ -n "$name" ] || return 0
14539 config_get prog "$cfg" prog
14540 [ -n "$prog" ] || return 0
14541 config_get args "$cfg" args
14542 config_get miboid "$cfg" miboid
14543 echo "exec $miboid $name $prog $args" >> $RUN_C
14544}
14545snmpd_snmpv3_add() {
14546 local cfg="$1"
14547
14548 config_get version "$cfg" version
14549 [ -n "$version" -a "$version" != "v1/v2" ] || return 0
14550 if [ "$version" != "v1/v2/v3" -a "$version" != "v3" ]; then
14551 return 0
14552 fi
14553 config_get user_name "$cfg" user_name
14554 [ -n "$user_name" ] || return 0
14555 config_get auth_type "$cfg" auth_type
14556 config_get auth_pass "$cfg" auth_pass
14557 config_get encryption_type "$cfg" encryption_type
14558 config_get encryption_pass "$cfg" encryption_pass
14559 echo "CreateUser $user_name $auth_type \"$auth_pass\" $encryption_type \"$encryption_pass\"" >> $RUN_C
14560 echo "Rouser $user_name priv" >> $RUN_C
14561}
14562start() {
14563 [ -d $LIB_D ] || mkdir -p $LIB_D
14564 [ -d $LOG_D ] || mkdir -p $LOG_D
14565 [ -d $RUN_D ] || mkdir -p $RUN_D
14566 [ -f $RUN_C ] && rm -f $RUN_C
14567
14568 config_load snmpd
14569
14570 config_foreach snmpd_agent_add agent
14571 config_foreach snmpd_agent_add snmpd
14572 if [ "$en" == "0" ]; then
14573 exit 0
14574 fi
14575 config_foreach snmpd_system_add system
14576 config_foreach snmpd_com2sec_add com2sec
14577 config_foreach snmpd_group_add group
14578 config_foreach snmpd_view_add view
14579 config_foreach snmpd_access_add access
14580 config_foreach snmpd_pass_add pass
14581 config_foreach snmpd_exec_add exec
14582 config_foreach snmpd_trap2sink_add trap
14583 config_foreach snmpd_snmpv3_add agent
14584
14585 [ -f $DEFAULT ] && . $DEFAULT
14586 $DEBUG /usr/sbin/snmpd $OPTIONS
14587}
14588stop() {
14589 [ -f $PID_F ] && kill $(cat $PID_F)
14590 [ -f $RUN_C ] && rm -f $RUN_C
14591}
14592
14593##### File: /etc/rc.d/S99tcpdebug #####
14594#!/bin/sh /etc/rc.common
14595
14596
14597START=99
14598STOP=99
14599USE_PROCD=1
14600ENABLED=`uci -q get system.system.tcp_dump`
14601
14602
14603check_value(){
14604 value="$1"
14605 variable="$2"
14606
14607 if [ "$value" == "" ]; then
14608 echo "$value"
14609 else
14610 echo "$variable $value"
14611 fi
14612}
14613
14614start_service(){
14615 echo "start"
14616 if [ "$ENABLED" = "1" ]; then
14617 local options=""
14618 procd_open_instance
14619 echo "enabled"
14620 STORAGE=`uci -q get system.system.tcp_mount`
14621 FILTER=`uci -q get system.system.tcp_dump_filter`
14622 INTERFACE=`uci -q get system.system.tcp_dump_interface`
14623 if [ $STORAGE = "/tmp" ]; then
14624 options="-C 20 -W 1"
14625 fi
14626 HOST=`uci -q get system.system.tcp_host`
14627 PORT=`uci -q get system.system.tcp_port`
14628 DIRECTION=`uci -q get system.system.tcp_inout`
14629 HOST=`check_value "$HOST" "host"`
14630
14631 if [ "$HOST" == "" ]; then
14632 PORT=`check_value "$PORT" "port"`
14633 else
14634 PORT=`check_value "$PORT" "and port"`
14635 fi
14636
14637 DIRECTION=`check_value "$DIRECTION" "-Q"`
14638
14639 STORAGE=`check_value "$STORAGE" "-w"`
14640 INTERFACE=`check_value "$INTERFACE" "-i"`
14641 echo $FILTER $INTERFACE $DIRECTION $options $HOST $PORT $STORAGE"/tcpdebug.pcap"
14642 procd_set_param command /usr/sbin/tcpdump $FILTER $INTERFACE $DIRECTION $options $HOST $PORT $STORAGE"/tcpdebug.pcap"
14643 procd_set_param respawn
14644 procd_close_instance
14645 echo "paleido"
14646 fi
14647
14648}
14649
14650stop_service(){
14651 killall tcpdump
14652}
14653
14654##### File: /etc/rc.d/S99wget_reboot #####
14655#!/bin/sh /etc/rc.common
14656
14657. /lib/functions.sh
14658
14659START=99
14660STOP=99
14661CRONTAB_FILE=/etc/crontabs/root
14662
14663start(){
14664 local enabled=0, time=0
14665
14666 config_load "wget_reboot"
14667 config_get enabled "wget_reboot" "enable" "0"
14668
14669 [ "$enabled" = "0" ] && exit 1
14670
14671 config_get time "wget_reboot" "time" "0"
14672
14673 sed -i '/check_wget_reboot.sh/d' ${CRONTAB_FILE} 2>/dev/null
14674
14675 case ${time} in
14676 "30")
14677 echo '0,30 * * * * /usr/sbin/check_wget_reboot.sh' >> ${CRONTAB_FILE}
14678 ;;
14679 "60")
14680 echo '0 */1 * * * /usr/sbin/check_wget_reboot.sh' >> ${CRONTAB_FILE}
14681 ;;
14682 "120")
14683 echo '0 */2 * * * /usr/sbin/check_wget_reboot.sh' >> ${CRONTAB_FILE}
14684 ;;
14685 *)
14686 echo "*/$time * * * * /usr/sbin/check_wget_reboot.sh" >> ${CRONTAB_FILE}
14687 ;;
14688 esac
14689}
14690
14691stop(){
14692 local pid=`pidof wget_reboot.sh`
14693
14694 sed -i '/check_wget_reboot.sh/d' ${CRONTAB_FILE} 2>/dev/null
14695
14696 [ "$pid" != "" ] && kill -9 ${pid}
14697}
14698##### File: /etc/rc.local #####
14699# Put your custom commands here that should be executed once
14700# the system init finished. By default this file does nothing.
14701
14702exit 0
14703
14704##### File: /etc/samba/smb.conf.template #####
14705[global]
14706 netbios name = |NAME|
14707 display charset = |CHARSET|
14708 interfaces = |INTERFACES|
14709 server string = |DESCRIPTION|
14710 unix charset = |CHARSET|
14711 workgroup = |WORKGROUP|
14712 browseable = yes
14713 deadtime = 30
14714 domain master = yes
14715 encrypt passwords = true
14716 enable core files = no
14717 guest account = nobody
14718 guest ok = yes
14719 invalid users = root
14720 local master = yes
14721 load printers = no
14722 map to guest = Bad User
14723 max protocol = SMB2
14724 min receivefile size = 16384
14725 null passwords = yes
14726 obey pam restrictions = yes
14727 os level = 20
14728 passdb backend = smbpasswd
14729 preferred master = yes
14730 printable = no
14731 security = user
14732 smb encrypt = disabled
14733 smb passwd file = /etc/samba/smbpasswd
14734 socket options = TCP_NODELAY IPTOS_LOWDELAY
14735 syslog = 2
14736 use sendfile = yes
14737 writeable = yes
14738
14739
14740##### File: /etc/scheduler/config #####
14741
14742
14743##### File: /etc/shadow #####
14744root::17910:0:99999:7:::
14745daemon::0:0:99999:7:::
14746ftp::0:0:99999:7:::
14747network::0:0:99999:7:::
14748nobody::0:0:99999:7:::
14749rancid::17920:0:99999:7:::
14750
14751##### File: /etc/shells #####
14752/bin/ash
14753
14754##### File: /etc/ssl/openssl.cnf #####
14755#
14756# OpenSSL example configuration file.
14757# This is mostly being used for generation of certificate requests.
14758#
14759
14760# This definition stops the following lines choking if HOME isn't
14761# defined.
14762HOME = .
14763RANDFILE = $ENV::HOME/.rnd
14764
14765# Extra OBJECT IDENTIFIER info:
14766#oid_file = $ENV::HOME/.oid
14767oid_section = new_oids
14768
14769# To use this configuration file with the "-extfile" option of the
14770# "openssl x509" utility, name here the section containing the
14771# X.509v3 extensions to use:
14772# extensions =
14773# (Alternatively, use a configuration file that has only
14774# X.509v3 extensions in its main [= default] section.)
14775
14776[ new_oids ]
14777
14778# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
14779# Add a simple OID like this:
14780# testoid1=1.2.3.4
14781# Or use config file substitution like this:
14782# testoid2=${testoid1}.5.6
14783
14784# Policies used by the TSA examples.
14785tsa_policy1 = 1.2.3.4.1
14786tsa_policy2 = 1.2.3.4.5.6
14787tsa_policy3 = 1.2.3.4.5.7
14788
14789####################################################################
14790[ ca ]
14791default_ca = CA_default # The default ca section
14792
14793####################################################################
14794[ CA_default ]
14795
14796dir = ./demoCA # Where everything is kept
14797certs = $dir/certs # Where the issued certs are kept
14798crl_dir = $dir/crl # Where the issued crl are kept
14799database = $dir/index.txt # database index file.
14800#unique_subject = no # Set to 'no' to allow creation of
14801 # several ctificates with same subject.
14802new_certs_dir = $dir/newcerts # default place for new certs.
14803
14804certificate = $dir/cacert.pem # The CA certificate
14805serial = $dir/serial # The current serial number
14806crlnumber = $dir/crlnumber # the current crl number
14807 # must be commented out to leave a V1 CRL
14808crl = $dir/crl.pem # The current CRL
14809private_key = $dir/private/cakey.pem# The private key
14810RANDFILE = $dir/private/.rand # private random number file
14811
14812x509_extensions = usr_cert # The extentions to add to the cert
14813
14814# Comment out the following two lines for the "traditional"
14815# (and highly broken) format.
14816name_opt = ca_default # Subject Name options
14817cert_opt = ca_default # Certificate field options
14818
14819# Extension copying option: use with caution.
14820# copy_extensions = copy
14821
14822# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
14823# so this is commented out by default to leave a V1 CRL.
14824# crlnumber must also be commented out to leave a V1 CRL.
14825# crl_extensions = crl_ext
14826
14827default_days = 365 # how long to certify for
14828default_crl_days= 30 # how long before next CRL
14829default_md = default # use public key default MD
14830preserve = no # keep passed DN ordering
14831
14832# A few difference way of specifying how similar the request should look
14833# For type CA, the listed attributes must be the same, and the optional
14834# and supplied fields are just that :-)
14835policy = policy_match
14836
14837# For the CA policy
14838[ policy_match ]
14839countryName = match
14840stateOrProvinceName = match
14841organizationName = match
14842organizationalUnitName = optional
14843commonName = supplied
14844emailAddress = optional
14845
14846# For the 'anything' policy
14847# At this point in time, you must list all acceptable 'object'
14848# types.
14849[ policy_anything ]
14850countryName = optional
14851stateOrProvinceName = optional
14852localityName = optional
14853organizationName = optional
14854organizationalUnitName = optional
14855commonName = supplied
14856emailAddress = optional
14857
14858####################################################################
14859[ req ]
14860default_bits = 2048
14861default_keyfile = privkey.pem
14862distinguished_name = req_distinguished_name
14863attributes = req_attributes
14864x509_extensions = v3_ca # The extentions to add to the self signed cert
14865
14866# Passwords for private keys if not present they will be prompted for
14867# input_password = secret
14868# output_password = secret
14869
14870# This sets a mask for permitted string types. There are several options.
14871# default: PrintableString, T61String, BMPString.
14872# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
14873# utf8only: only UTF8Strings (PKIX recommendation after 2004).
14874# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
14875# MASK:XXXX a literal mask value.
14876# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
14877string_mask = utf8only
14878
14879# req_extensions = v3_req # The extensions to add to a certificate request
14880
14881[ req_distinguished_name ]
14882countryName = Country Name (2 letter code)
14883countryName_default = AU
14884countryName_min = 2
14885countryName_max = 2
14886
14887stateOrProvinceName = State or Province Name (full name)
14888stateOrProvinceName_default = Some-State
14889
14890localityName = Locality Name (eg, city)
14891
148920.organizationName = Organization Name (eg, company)
148930.organizationName_default = Internet Widgits Pty Ltd
14894
14895# we can do this but it is not needed normally :-)
14896#1.organizationName = Second Organization Name (eg, company)
14897#1.organizationName_default = World Wide Web Pty Ltd
14898
14899organizationalUnitName = Organizational Unit Name (eg, section)
14900#organizationalUnitName_default =
14901
14902commonName = Common Name (e.g. server FQDN or YOUR name)
14903commonName_max = 64
14904
14905emailAddress = Email Address
14906emailAddress_max = 64
14907
14908# SET-ex3 = SET extension number 3
14909
14910[ req_attributes ]
14911challengePassword = A challenge password
14912challengePassword_min = 4
14913challengePassword_max = 20
14914
14915unstructuredName = An optional company name
14916
14917[ usr_cert ]
14918
14919# These extensions are added when 'ca' signs a request.
14920
14921# This goes against PKIX guidelines but some CAs do it and some software
14922# requires this to avoid interpreting an end user certificate as a CA.
14923
14924basicConstraints=CA:FALSE
14925
14926# Here are some examples of the usage of nsCertType. If it is omitted
14927# the certificate can be used for anything *except* object signing.
14928
14929# This is OK for an SSL server.
14930# nsCertType = server
14931
14932# For an object signing certificate this would be used.
14933# nsCertType = objsign
14934
14935# For normal client use this is typical
14936# nsCertType = client, email
14937
14938# and for everything including object signing:
14939# nsCertType = client, email, objsign
14940
14941# This is typical in keyUsage for a client certificate.
14942# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
14943
14944# This will be displayed in Netscape's comment listbox.
14945nsComment = "OpenSSL Generated Certificate"
14946
14947# PKIX recommendations harmless if included in all certificates.
14948subjectKeyIdentifier=hash
14949authorityKeyIdentifier=keyid,issuer
14950
14951# This stuff is for subjectAltName and issuerAltname.
14952# Import the email address.
14953# subjectAltName=email:copy
14954# An alternative to produce certificates that aren't
14955# deprecated according to PKIX.
14956# subjectAltName=email:move
14957
14958# Copy subject details
14959# issuerAltName=issuer:copy
14960
14961#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
14962#nsBaseUrl
14963#nsRevocationUrl
14964#nsRenewalUrl
14965#nsCaPolicyUrl
14966#nsSslServerName
14967
14968# This is required for TSA certificates.
14969# extendedKeyUsage = critical,timeStamping
14970
14971[ v3_req ]
14972
14973# Extensions to add to a certificate request
14974
14975basicConstraints = CA:FALSE
14976keyUsage = nonRepudiation, digitalSignature, keyEncipherment
14977
14978[ v3_ca ]
14979
14980
14981# Extensions for a typical CA
14982
14983
14984# PKIX recommendation.
14985
14986subjectKeyIdentifier=hash
14987
14988authorityKeyIdentifier=keyid:always,issuer
14989
14990# This is what PKIX recommends but some broken software chokes on critical
14991# extensions.
14992#basicConstraints = critical,CA:true
14993# So we do this instead.
14994basicConstraints = CA:true
14995
14996# Key usage: this is typical for a CA certificate. However since it will
14997# prevent it being used as an test self-signed certificate it is best
14998# left out by default.
14999# keyUsage = cRLSign, keyCertSign
15000
15001# Some might want this also
15002# nsCertType = sslCA, emailCA
15003
15004# Include email address in subject alt name: another PKIX recommendation
15005# subjectAltName=email:copy
15006# Copy issuer details
15007# issuerAltName=issuer:copy
15008
15009# DER hex encoding of an extension: beware experts only!
15010# obj=DER:02:03
15011# Where 'obj' is a standard or added object
15012# You can even override a supported extension:
15013# basicConstraints= critical, DER:30:03:01:01:FF
15014
15015[ crl_ext ]
15016
15017# CRL extensions.
15018# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
15019
15020# issuerAltName=issuer:copy
15021authorityKeyIdentifier=keyid:always
15022
15023[ proxy_cert_ext ]
15024# These extensions should be added when creating a proxy certificate
15025
15026# This goes against PKIX guidelines but some CAs do it and some software
15027# requires this to avoid interpreting an end user certificate as a CA.
15028
15029basicConstraints=CA:FALSE
15030
15031# Here are some examples of the usage of nsCertType. If it is omitted
15032# the certificate can be used for anything *except* object signing.
15033
15034# This is OK for an SSL server.
15035# nsCertType = server
15036
15037# For an object signing certificate this would be used.
15038# nsCertType = objsign
15039
15040# For normal client use this is typical
15041# nsCertType = client, email
15042
15043# and for everything including object signing:
15044# nsCertType = client, email, objsign
15045
15046# This is typical in keyUsage for a client certificate.
15047# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
15048
15049# This will be displayed in Netscape's comment listbox.
15050nsComment = "OpenSSL Generated Certificate"
15051
15052# PKIX recommendations harmless if included in all certificates.
15053subjectKeyIdentifier=hash
15054authorityKeyIdentifier=keyid,issuer
15055
15056# This stuff is for subjectAltName and issuerAltname.
15057# Import the email address.
15058# subjectAltName=email:copy
15059# An alternative to produce certificates that aren't
15060# deprecated according to PKIX.
15061# subjectAltName=email:move
15062
15063# Copy subject details
15064# issuerAltName=issuer:copy
15065
15066#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
15067#nsBaseUrl
15068#nsRevocationUrl
15069#nsRenewalUrl
15070#nsCaPolicyUrl
15071#nsSslServerName
15072
15073# This really needs to be in place for it to be a proxy certificate.
15074proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
15075
15076####################################################################
15077[ tsa ]
15078
15079default_tsa = tsa_config1 # the default TSA section
15080
15081[ tsa_config1 ]
15082
15083# These are used by the TSA reply generation only.
15084dir = ./demoCA # TSA root directory
15085serial = $dir/tsaserial # The current serial number (mandatory)
15086crypto_device = builtin # OpenSSL engine to use for signing
15087signer_cert = $dir/tsacert.pem # The TSA signing certificate
15088 # (optional)
15089certs = $dir/cacert.pem # Certificate chain to include in reply
15090 # (optional)
15091signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
15092
15093default_policy = tsa_policy1 # Policy if request did not specify it
15094 # (optional)
15095other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
15096digests = md5, sha1 # Acceptable message digests (mandatory)
15097accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
15098clock_precision_digits = 0 # number of digits after dot. (optional)
15099ordering = yes # Is ordering defined for timestamps?
15100 # (optional, default: no)
15101tsa_name = yes # Must the TSA name be included in the reply?
15102 # (optional, default: no)
15103ess_cert_id_chain = no # Must the ESS cert id chain be included?
15104 # (optional, default: no)
15105
15106##### File: /etc/strongswan.d/charon-logging.conf #####
15107charon {
15108
15109 # Section to define file loggers, see LOGGER CONFIGURATION in
15110 # strongswan.conf(5).
15111 filelog {
15112
15113 # <filename> is the full path to the log file.
15114 # <filename> {
15115
15116 # Loglevel for a specific subsystem.
15117 # <subsystem> = <default>
15118
15119 # If this option is enabled log entries are appended to the existing
15120 # file.
15121 # append = yes
15122
15123 # Default loglevel.
15124 # default = 1
15125
15126 # Enabling this option disables block buffering and enables line
15127 # buffering.
15128 # flush_line = no
15129
15130 # Prefix each log entry with the connection name and a unique
15131 # numerical identifier for each IKE_SA.
15132 # ike_name = no
15133
15134 # Adds the milliseconds within the current second after the
15135 # timestamp (separated by a dot, so time_format should end with %S
15136 # or %T).
15137 # time_add_ms = no
15138
15139 # Prefix each log entry with a timestamp. The option accepts a
15140 # format string as passed to strftime(3).
15141 # time_format =
15142
15143 # }
15144
15145 }
15146
15147 # Section to define syslog loggers, see LOGGER CONFIGURATION in
15148 # strongswan.conf(5).
15149 syslog {
15150
15151 # Identifier for use with openlog(3).
15152 # identifier =
15153
15154 # <facility> is one of the supported syslog facilities, see LOGGER
15155 # CONFIGURATION in strongswan.conf(5).
15156 # <facility> {
15157
15158 # Loglevel for a specific subsystem.
15159 # <subsystem> = <default>
15160
15161 # Default loglevel.
15162 # default = 1
15163
15164 # Prefix each log entry with the connection name and a unique
15165 # numerical identifier for each IKE_SA.
15166 # ike_name = no
15167
15168 # }
15169
15170 }
15171
15172}
15173
15174
15175##### File: /etc/strongswan.d/charon.conf #####
15176# Options for the charon IKE daemon.
15177charon {
15178
15179 # Accept unencrypted ID and HASH payloads in IKEv1 Main Mode.
15180 # accept_unencrypted_mainmode_messages = no
15181
15182 # Maximum number of half-open IKE_SAs for a single peer IP.
15183 # block_threshold = 5
15184
15185 # Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP
15186 # should be saved under a unique file name derived from the public key of
15187 # the Certification Authority (CA) to /etc/ipsec.d/crls (stroke) or
15188 # /etc/swanctl/x509crl (vici), respectively.
15189 # cache_crls = no
15190
15191 # Whether relations in validated certificate chains should be cached in
15192 # memory.
15193 # cert_cache = yes
15194
15195 # Send Cisco Unity vendor ID payload (IKEv1 only).
15196 # cisco_unity = no
15197
15198 # Close the IKE_SA if setup of the CHILD_SA along with IKE_AUTH failed.
15199 # close_ike_on_child_failure = no
15200
15201 # Number of half-open IKE_SAs that activate the cookie mechanism.
15202 # cookie_threshold = 10
15203
15204 # Delete CHILD_SAs right after they got successfully rekeyed (IKEv1 only).
15205 # delete_rekeyed = no
15206
15207 # Delay in seconds until inbound IPsec SAs are deleted after rekeyings
15208 # (IKEv2 only).
15209 # delete_rekeyed_delay = 5
15210
15211 # Use ANSI X9.42 DH exponent size or optimum size matched to cryptographic
15212 # strength.
15213 # dh_exponent_ansi_x9_42 = yes
15214
15215 # Use RTLD_NOW with dlopen when loading plugins and IMV/IMCs to reveal
15216 # missing symbols immediately.
15217 # dlopen_use_rtld_now = no
15218
15219 # DNS server assigned to peer via configuration payload (CP).
15220 # dns1 =
15221
15222 # DNS server assigned to peer via configuration payload (CP).
15223 # dns2 =
15224
15225 # Enable Denial of Service protection using cookies and aggressiveness
15226 # checks.
15227 # dos_protection = yes
15228
15229 # Compliance with the errata for RFC 4753.
15230 # ecp_x_coordinate_only = yes
15231
15232 # Free objects during authentication (might conflict with plugins).
15233 # flush_auth_cfg = no
15234
15235 # Whether to follow IKEv2 redirects (RFC 5685).
15236 # follow_redirects = yes
15237
15238 # Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
15239 # when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
15240 # to 1280 (use 0 for address family specific default values, which uses a
15241 # lower value for IPv4). If specified this limit is used for both IPv4 and
15242 # IPv6.
15243 # fragment_size = 1280
15244
15245 # Name of the group the daemon changes to after startup.
15246 # group =
15247
15248 # Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
15249 # half_open_timeout = 30
15250
15251 # Enable hash and URL support.
15252 # hash_and_url = no
15253
15254 # Allow IKEv1 Aggressive Mode with pre-shared keys as responder.
15255 # i_dont_care_about_security_and_use_aggressive_mode_psk = no
15256
15257 # Whether to ignore the traffic selectors from the kernel's acquire events
15258 # for IKEv2 connections (they are not used for IKEv1).
15259 # ignore_acquire_ts = no
15260
15261 # A space-separated list of routing tables to be excluded from route
15262 # lookups.
15263 # ignore_routing_tables =
15264
15265 # Maximum number of IKE_SAs that can be established at the same time before
15266 # new connection attempts are blocked.
15267 # ikesa_limit = 0
15268
15269 # Number of exclusively locked segments in the hash table.
15270 # ikesa_table_segments = 1
15271
15272 # Size of the IKE_SA hash table.
15273 # ikesa_table_size = 1
15274
15275 # Whether to close IKE_SA if the only CHILD_SA closed due to inactivity.
15276 # inactivity_close_ike = no
15277
15278 # Limit new connections based on the current number of half open IKE_SAs,
15279 # see IKE_SA_INIT DROPPING in strongswan.conf(5).
15280 # init_limit_half_open = 0
15281
15282 # Limit new connections based on the number of queued jobs.
15283 # init_limit_job_load = 0
15284
15285 # Causes charon daemon to ignore IKE initiation requests.
15286 # initiator_only = no
15287
15288 # Install routes into a separate routing table for established IPsec
15289 # tunnels.
15290 # install_routes = yes
15291
15292 # Install virtual IP addresses.
15293 # install_virtual_ip = yes
15294
15295 # The name of the interface on which virtual IP addresses should be
15296 # installed.
15297 # install_virtual_ip_on =
15298
15299 # Check daemon, libstrongswan and plugin integrity at startup.
15300 # integrity_test = no
15301
15302 # A comma-separated list of network interfaces that should be ignored, if
15303 # interfaces_use is specified this option has no effect.
15304 # interfaces_ignore =
15305
15306 # A comma-separated list of network interfaces that should be used by
15307 # charon. All other interfaces are ignored.
15308 # interfaces_use =
15309
15310 # NAT keep alive interval.
15311 # keep_alive = 20s
15312
15313 # Plugins to load in the IKE daemon charon.
15314 # load =
15315
15316 # Determine plugins to load via each plugin's load option.
15317 # load_modular = no
15318
15319 # Initiate IKEv2 reauthentication with a make-before-break scheme.
15320 # make_before_break = no
15321
15322 # Maximum number of IKEv1 phase 2 exchanges per IKE_SA to keep state about
15323 # and track concurrently.
15324 # max_ikev1_exchanges = 3
15325
15326 # Maximum packet size accepted by charon.
15327 # max_packet = 10000
15328
15329 # Enable multiple authentication exchanges (RFC 4739).
15330 # multiple_authentication = yes
15331
15332 # WINS servers assigned to peer via configuration payload (CP).
15333 # nbns1 =
15334
15335 # WINS servers assigned to peer via configuration payload (CP).
15336 # nbns2 =
15337
15338 # UDP port used locally. If set to 0 a random port will be allocated.
15339 # port = 500
15340
15341 # UDP port used locally in case of NAT-T. If set to 0 a random port will be
15342 # allocated. Has to be different from charon.port, otherwise a random port
15343 # will be allocated.
15344 # port_nat_t = 4500
15345
15346 # Whether to prefer updating SAs to the path with the best route.
15347 # prefer_best_path = no
15348
15349 # Prefer locally configured proposals for IKE/IPsec over supplied ones as
15350 # responder (disabling this can avoid keying retries due to
15351 # INVALID_KE_PAYLOAD notifies).
15352 # prefer_configured_proposals = yes
15353
15354 # By default public IPv6 addresses are preferred over temporary ones (RFC
15355 # 4941), to make connections more stable. Enable this option to reverse
15356 # this.
15357 # prefer_temporary_addrs = no
15358
15359 # Process RTM_NEWROUTE and RTM_DELROUTE events.
15360 # process_route = yes
15361
15362 # Delay in ms for receiving packets, to simulate larger RTT.
15363 # receive_delay = 0
15364
15365 # Delay request messages.
15366 # receive_delay_request = yes
15367
15368 # Delay response messages.
15369 # receive_delay_response = yes
15370
15371 # Specific IKEv2 message type to delay, 0 for any.
15372 # receive_delay_type = 0
15373
15374 # Size of the AH/ESP replay window, in packets.
15375 # replay_window = 32
15376
15377 # Base to use for calculating exponential back off, see IKEv2 RETRANSMISSION
15378 # in strongswan.conf(5).
15379 # retransmit_base = 1.8
15380
15381 # Maximum jitter in percent to apply randomly to calculated retransmission
15382 # timeout (0 to disable).
15383 # retransmit_jitter = 0
15384
15385 # Upper limit in seconds for calculated retransmission timeout (0 to
15386 # disable).
15387 # retransmit_limit = 0
15388
15389 # Timeout in seconds before sending first retransmit.
15390 # retransmit_timeout = 4.0
15391
15392 # Number of times to retransmit a packet before giving up.
15393 # retransmit_tries = 5
15394
15395 # Interval in seconds to use when retrying to initiate an IKE_SA (e.g. if
15396 # DNS resolution failed), 0 to disable retries.
15397 # retry_initiate_interval = 0
15398
15399 # Initiate CHILD_SA within existing IKE_SAs (always enabled for IKEv1).
15400 # reuse_ikesa = yes
15401
15402 # Numerical routing table to install routes to.
15403 # routing_table =
15404
15405 # Priority of the routing table.
15406 # routing_table_prio =
15407
15408 # Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
15409 # rsa_pss = no
15410
15411 # Delay in ms for sending packets, to simulate larger RTT.
15412 # send_delay = 0
15413
15414 # Delay request messages.
15415 # send_delay_request = yes
15416
15417 # Delay response messages.
15418 # send_delay_response = yes
15419
15420 # Specific IKEv2 message type to delay, 0 for any.
15421 # send_delay_type = 0
15422
15423 # Send strongSwan vendor ID payload
15424 # send_vendor_id = no
15425
15426 # Whether to enable Signature Authentication as per RFC 7427.
15427 # signature_authentication = yes
15428
15429 # Whether to enable constraints against IKEv2 signature schemes.
15430 # signature_authentication_constraints = yes
15431
15432 # The upper limit for SPIs requested from the kernel for IPsec SAs.
15433 # spi_max = 0xcfffffff
15434
15435 # The lower limit for SPIs requested from the kernel for IPsec SAs.
15436 # spi_min = 0xc0000000
15437
15438 # Number of worker threads in charon.
15439 # threads = 16
15440
15441 # Name of the user the daemon changes to after startup.
15442 # user =
15443
15444 crypto_test {
15445
15446 # Benchmark crypto algorithms and order them by efficiency.
15447 # bench = no
15448
15449 # Buffer size used for crypto benchmark.
15450 # bench_size = 1024
15451
15452 # Number of iterations to test each algorithm.
15453 # bench_time = 50
15454
15455 # Test crypto algorithms during registration (requires test vectors
15456 # provided by the test-vectors plugin).
15457 # on_add = no
15458
15459 # Test crypto algorithms on each crypto primitive instantiation.
15460 # on_create = no
15461
15462 # Strictly require at least one test vector to enable an algorithm.
15463 # required = no
15464
15465 # Whether to test RNG with TRUE quality; requires a lot of entropy.
15466 # rng_true = no
15467
15468 }
15469
15470 host_resolver {
15471
15472 # Maximum number of concurrent resolver threads (they are terminated if
15473 # unused).
15474 # max_threads = 3
15475
15476 # Minimum number of resolver threads to keep around.
15477 # min_threads = 0
15478
15479 }
15480
15481 leak_detective {
15482
15483 # Includes source file names and line numbers in leak detective output.
15484 # detailed = yes
15485
15486 # Threshold in bytes for leaks to be reported (0 to report all).
15487 # usage_threshold = 10240
15488
15489 # Threshold in number of allocations for leaks to be reported (0 to
15490 # report all).
15491 # usage_threshold_count = 0
15492
15493 }
15494
15495 processor {
15496
15497 # Section to configure the number of reserved threads per priority class
15498 # see JOB PRIORITY MANAGEMENT in strongswan.conf(5).
15499 priority_threads {
15500
15501 }
15502
15503 }
15504
15505 # Section containing a list of scripts (name = path) that are executed when
15506 # the daemon is started.
15507 start-scripts {
15508
15509 }
15510
15511 # Section containing a list of scripts (name = path) that are executed when
15512 # the daemon is terminated.
15513 stop-scripts {
15514
15515 }
15516
15517 tls {
15518
15519 # List of TLS encryption ciphers.
15520 # cipher =
15521
15522 # List of TLS key exchange methods.
15523 # key_exchange =
15524
15525 # List of TLS MAC algorithms.
15526 # mac =
15527
15528 # List of TLS cipher suites.
15529 # suites =
15530
15531 }
15532
15533 x509 {
15534
15535 # Discard certificates with unsupported or unknown critical extensions.
15536 # enforce_critical = yes
15537
15538 }
15539
15540}
15541
15542
15543##### File: /etc/strongswan.d/charon/aes.conf #####
15544aes {
15545
15546 # Whether to load the plugin. Can also be an integer to increase the
15547 # priority of this plugin.
15548 load = yes
15549
15550}
15551
15552
15553##### File: /etc/strongswan.d/charon/attr.conf #####
15554# Section to specify arbitrary attributes that are assigned to a peer via
15555# configuration payload (CP).
15556attr {
15557
15558 # <attr> is an attribute name or an integer, values can be an IP address,
15559 # subnet or arbitrary value.
15560 # <attr> =
15561
15562 # Whether to load the plugin. Can also be an integer to increase the
15563 # priority of this plugin.
15564 load = yes
15565
15566}
15567
15568
15569##### File: /etc/strongswan.d/charon/connmark.conf #####
15570connmark {
15571
15572 # Whether to load the plugin. Can also be an integer to increase the
15573 # priority of this plugin.
15574 load = yes
15575
15576}
15577
15578
15579##### File: /etc/strongswan.d/charon/constraints.conf #####
15580constraints {
15581
15582 # Whether to load the plugin. Can also be an integer to increase the
15583 # priority of this plugin.
15584 load = yes
15585
15586}
15587
15588
15589##### File: /etc/strongswan.d/charon/des.conf #####
15590des {
15591
15592 # Whether to load the plugin. Can also be an integer to increase the
15593 # priority of this plugin.
15594 load = yes
15595
15596}
15597
15598
15599##### File: /etc/strongswan.d/charon/dnskey.conf #####
15600dnskey {
15601
15602 # Whether to load the plugin. Can also be an integer to increase the
15603 # priority of this plugin.
15604 load = yes
15605
15606}
15607
15608
15609##### File: /etc/strongswan.d/charon/fips-prf.conf #####
15610fips-prf {
15611
15612 # Whether to load the plugin. Can also be an integer to increase the
15613 # priority of this plugin.
15614 load = yes
15615
15616}
15617
15618
15619##### File: /etc/strongswan.d/charon/gmp.conf #####
15620gmp {
15621
15622 # Whether to load the plugin. Can also be an integer to increase the
15623 # priority of this plugin.
15624 load = yes
15625
15626}
15627
15628
15629##### File: /etc/strongswan.d/charon/hmac.conf #####
15630hmac {
15631
15632 # Whether to load the plugin. Can also be an integer to increase the
15633 # priority of this plugin.
15634 load = yes
15635
15636}
15637
15638
15639##### File: /etc/strongswan.d/charon/kernel-libipsec.conf #####
15640kernel-libipsec {
15641
15642 # Allow that the remote traffic selector equals the IKE peer.
15643 # allow_peer_ts = no
15644
15645 # Whether to load the plugin. Can also be an integer to increase the
15646 # priority of this plugin.
15647 load = yes
15648
15649}
15650
15651
15652##### File: /etc/strongswan.d/charon/kernel-netlink.conf #####
15653kernel-netlink {
15654
15655 # Buffer size for received Netlink messages.
15656 # buflen = <min(PAGE_SIZE, 8192)>
15657
15658 # Force maximum Netlink receive buffer on Netlink socket.
15659 # force_receive_buffer_size = no
15660
15661 # Firewall mark to set on the routing rule that directs traffic to our
15662 # routing table.
15663 # fwmark =
15664
15665 # Whether to ignore errors potentially resulting from a retransmission.
15666 # ignore_retransmit_errors = no
15667
15668 # Whether to load the plugin. Can also be an integer to increase the
15669 # priority of this plugin.
15670 load = yes
15671
15672 # MSS to set on installed routes, 0 to disable.
15673 # mss = 0
15674
15675 # MTU to set on installed routes, 0 to disable.
15676 # mtu = 0
15677
15678 # Whether to perform concurrent Netlink ROUTE queries on a single socket.
15679 # parallel_route = no
15680
15681 # Whether to perform concurrent Netlink XFRM queries on a single socket.
15682 # parallel_xfrm = no
15683
15684 # Whether to always use XFRM_MSG_UPDPOLICY to install policies.
15685 # policy_update = no
15686
15687 # Whether to use port or socket based IKE XFRM bypass policies.
15688 # port_bypass = no
15689
15690 # Whether to process changes in routing rules to trigger roam events.
15691 # process_rules = no
15692
15693 # Maximum Netlink socket receive buffer in bytes.
15694 # receive_buffer_size = 0
15695
15696 # Number of Netlink message retransmissions to send on timeout.
15697 # retries = 0
15698
15699 # Whether to trigger roam events when interfaces, addresses or routes
15700 # change.
15701 # roam_events = yes
15702
15703 # Whether to set protocol and ports in the selector installed on transport
15704 # mode IPsec SAs in the kernel.
15705 # set_proto_port_transport_sa = no
15706
15707 # Netlink message retransmission timeout, 0 to disable retransmissions.
15708 # timeout = 0
15709
15710 # Lifetime of XFRM acquire state and allocated SPIs in kernel.
15711 # xfrm_acq_expires = 165
15712
15713 # XFRM policy hashing threshold configuration for IPv4 and IPv6.
15714 spdh_thresh {
15715
15716 ipv4 {
15717
15718 # Local subnet XFRM policy hashing threshold for IPv4.
15719 # lbits = 32
15720
15721 # Remote subnet XFRM policy hashing threshold for IPv4.
15722 # rbits = 32
15723
15724 }
15725
15726 ipv6 {
15727
15728 # Local subnet XFRM policy hashing threshold for IPv6.
15729 # lbits = 128
15730
15731 # Remote subnet XFRM policy hashing threshold for IPv6.
15732 # rbits = 128
15733
15734 }
15735
15736 }
15737
15738}
15739
15740
15741##### File: /etc/strongswan.d/charon/md5.conf #####
15742md5 {
15743
15744 # Whether to load the plugin. Can also be an integer to increase the
15745 # priority of this plugin.
15746 load = yes
15747
15748}
15749
15750
15751##### File: /etc/strongswan.d/charon/nonce.conf #####
15752nonce {
15753
15754 # Whether to load the plugin. Can also be an integer to increase the
15755 # priority of this plugin.
15756 load = yes
15757
15758}
15759
15760
15761##### File: /etc/strongswan.d/charon/pem.conf #####
15762pem {
15763
15764 # Whether to load the plugin. Can also be an integer to increase the
15765 # priority of this plugin.
15766 load = yes
15767
15768}
15769
15770
15771##### File: /etc/strongswan.d/charon/pgp.conf #####
15772pgp {
15773
15774 # Whether to load the plugin. Can also be an integer to increase the
15775 # priority of this plugin.
15776 load = yes
15777
15778}
15779
15780
15781##### File: /etc/strongswan.d/charon/pkcs1.conf #####
15782pkcs1 {
15783
15784 # Whether to load the plugin. Can also be an integer to increase the
15785 # priority of this plugin.
15786 load = yes
15787
15788}
15789
15790
15791##### File: /etc/strongswan.d/charon/pubkey.conf #####
15792pubkey {
15793
15794 # Whether to load the plugin. Can also be an integer to increase the
15795 # priority of this plugin.
15796 load = yes
15797
15798}
15799
15800
15801##### File: /etc/strongswan.d/charon/random.conf #####
15802random {
15803
15804 # Whether to load the plugin. Can also be an integer to increase the
15805 # priority of this plugin.
15806 load = yes
15807
15808 # File to read random bytes from.
15809 # random = ${random_device}
15810
15811 # If set to yes the RNG_STRONG class reads random bytes from the same source
15812 # as the RNG_TRUE class.
15813 # strong_equals_true = no
15814
15815 # File to read pseudo random bytes from.
15816 # urandom = ${urandom_device}
15817
15818}
15819
15820
15821##### File: /etc/strongswan.d/charon/rc2.conf #####
15822rc2 {
15823
15824 # Whether to load the plugin. Can also be an integer to increase the
15825 # priority of this plugin.
15826 load = yes
15827
15828}
15829
15830
15831##### File: /etc/strongswan.d/charon/resolve.conf #####
15832resolve {
15833
15834 # File where to add DNS server entries.
15835 # file = /etc/resolv.conf
15836
15837 # Whether to load the plugin. Can also be an integer to increase the
15838 # priority of this plugin.
15839 load = yes
15840
15841 resolvconf {
15842
15843 # Prefix used for interface names sent to resolvconf(8).
15844 # iface_prefix = lo.inet.ipsec.
15845
15846 }
15847
15848}
15849
15850
15851##### File: /etc/strongswan.d/charon/revocation.conf #####
15852revocation {
15853
15854 # Whether CRL validation should be enabled.
15855 # enable_crl = yes
15856
15857 # Whether OCSP validation should be enabled.
15858 # enable_ocsp = yes
15859
15860 # Whether to load the plugin. Can also be an integer to increase the
15861 # priority of this plugin.
15862 load = yes
15863
15864}
15865
15866
15867##### File: /etc/strongswan.d/charon/sha1.conf #####
15868sha1 {
15869
15870 # Whether to load the plugin. Can also be an integer to increase the
15871 # priority of this plugin.
15872 load = yes
15873
15874}
15875
15876
15877##### File: /etc/strongswan.d/charon/sha2.conf #####
15878sha2 {
15879
15880 # Whether to load the plugin. Can also be an integer to increase the
15881 # priority of this plugin.
15882 load = yes
15883
15884}
15885
15886
15887##### File: /etc/strongswan.d/charon/socket-default.conf #####
15888socket-default {
15889
15890 # Firewall mark to set on outbound packets.
15891 # fwmark =
15892
15893 # Whether to load the plugin. Can also be an integer to increase the
15894 # priority of this plugin.
15895 load = yes
15896
15897 # Set source address on outbound packets, if possible.
15898 # set_source = yes
15899
15900 # Force sending interface on outbound packets, if possible.
15901 # set_sourceif = no
15902
15903 # Listen on IPv4, if possible.
15904 # use_ipv4 = yes
15905
15906 # Listen on IPv6, if possible.
15907 # use_ipv6 = yes
15908
15909}
15910
15911
15912##### File: /etc/strongswan.d/charon/sshkey.conf #####
15913sshkey {
15914
15915 # Whether to load the plugin. Can also be an integer to increase the
15916 # priority of this plugin.
15917 load = yes
15918
15919}
15920
15921
15922##### File: /etc/strongswan.d/charon/stroke.conf #####
15923stroke {
15924
15925 # Analyze addresses/hostnames in left|right to detect which side is local
15926 # and swap configuration options if necessary. If disabled left is always
15927 # local.
15928 # allow_swap = yes
15929
15930 # Treat certificates in ipsec.d/cacerts and ipsec.conf ca sections as CA
15931 # certificates even if they don't contain a CA basic constraint.
15932 # ignore_missing_ca_basic_constraint = no
15933
15934 # Whether to load the plugin. Can also be an integer to increase the
15935 # priority of this plugin.
15936 load = yes
15937
15938 # Maximum number of stroke messages handled concurrently.
15939 # max_concurrent = 4
15940
15941 # If enabled log level changes via stroke socket are not allowed.
15942 # prevent_loglevel_changes = no
15943
15944 # Location of the ipsec.secrets file
15945 # secrets_file = ${sysconfdir}/ipsec.secrets
15946
15947 # Socket provided by the stroke plugin.
15948 # socket = unix://${piddir}/charon.ctl
15949
15950 # Timeout in ms for any stroke command. Use 0 to disable the timeout.
15951 # timeout = 0
15952
15953}
15954
15955
15956##### File: /etc/strongswan.d/charon/updown.conf #####
15957updown {
15958
15959 # Whether the updown script should handle assigned DNS servers (if enabled
15960 # they can't be handled by other plugins, like resolve).
15961 # dns_handler = no
15962
15963 # Whether to load the plugin. Can also be an integer to increase the
15964 # priority of this plugin.
15965 load = yes
15966
15967}
15968
15969
15970##### File: /etc/strongswan.d/charon/x509.conf #####
15971x509 {
15972
15973 # Whether to load the plugin. Can also be an integer to increase the
15974 # priority of this plugin.
15975 load = yes
15976
15977}
15978
15979
15980##### File: /etc/strongswan.d/charon/xauth-generic.conf #####
15981xauth-generic {
15982
15983 # Whether to load the plugin. Can also be an integer to increase the
15984 # priority of this plugin.
15985 load = yes
15986
15987}
15988
15989
15990##### File: /etc/strongswan.d/charon/xcbc.conf #####
15991xcbc {
15992
15993 # Whether to load the plugin. Can also be an integer to increase the
15994 # priority of this plugin.
15995 load = yes
15996
15997}
15998
15999
16000##### File: /etc/strongswan.d/pki.conf #####
16001pki {
16002
16003 # Plugins to load in ipsec pki tool.
16004 # load =
16005
16006}
16007
16008
16009##### File: /etc/strongswan.d/scepclient.conf #####
16010scepclient {
16011
16012 # Plugins to load in ipsec scepclient tool.
16013 # load =
16014
16015}
16016
16017
16018##### File: /etc/stunnel/stunnel.conf #####
16019; Drop privileges
16020setuid = nobody
16021setgid = nogroup
16022
16023; When running under procd, stay in foreground
16024foreground = yes
16025
16026; Don't log to stderr, use syslog
16027syslog = yes
16028
16029; 1-7. Use 7 for greatest verbosity
16030;debug = 5
16031
16032; Starting here, enter your services or uncomment the examples
16033
16034; Example:
16035; If your local httpd does not support HTTPS, use stunnel in remote
16036; mode to forward TLS connections coming in on port 443 to non-TLS
16037; on port 80.
16038; Make sure that the cert is available.
16039;[httpd]
16040;accept = 443
16041;connect = 127.0.0.1:80
16042;cert = /etc/stunnel/stunnel.pem
16043
16044; Example:
16045; If your local email client does not support TLS,
16046; use stunnel in client mode to forward non-TLS connections on
16047; port 143 to TLS-enabled servername:993.
16048;[imap]
16049;client = yes
16050;accept = 143
16051;connect = servername:993
16052; Disable peer verification - be sure to understand the limitations of peer
16053; verification in stunnel when enabling.
16054;verify = 0
16055
16056; Default client section:
16057; stunnel requires at least one section to start successfully.
16058; You can safely remove this section once you have configured
16059; your own. We use client mode here as server requires a certificate.
16060[dummy]
16061client = yes
16062accept = localhost:6000
16063connect = localhost:6001
16064
16065##### File: /etc/sysctl.conf #####
16066kernel.panic=3
16067net.ipv4.conf.default.arp_ignore=1
16068net.ipv4.conf.all.arp_ignore=1
16069net.ipv4.ip_forward=1
16070net.ipv4.icmp_echo_ignore_broadcasts=1
16071net.ipv4.icmp_ignore_bogus_error_responses=1
16072net.ipv4.tcp_ecn=0
16073net.ipv4.tcp_fin_timeout=30
16074net.ipv4.tcp_keepalive_time=120
16075net.ipv4.tcp_syncookies=1
16076net.ipv4.tcp_timestamps=1
16077net.ipv4.tcp_sack=1
16078net.ipv4.tcp_dsack=1
16079
16080net.ipv6.conf.default.forwarding=1
16081net.ipv6.conf.all.forwarding=1
16082net.ipv6.conf.default.disable_ipv6=1
16083net.ipv6.conf.all.disable_ipv6=1
16084net.ipv6.conf.lo.disable_ipv6=0
16085
16086net.netfilter.nf_conntrack_acct=1
16087net.netfilter.nf_conntrack_checksum=0
16088net.netfilter.nf_conntrack_max=16384
16089net.netfilter.nf_conntrack_tcp_timeout_established=3600
16090net.netfilter.nf_conntrack_udp_timeout=60
16091net.netfilter.nf_conntrack_udp_timeout_stream=180
16092
16093# disable bridge firewalling by default
16094net.bridge.bridge-nf-call-arptables=0
16095net.bridge.bridge-nf-call-ip6tables=0
16096net.bridge.bridge-nf-call-iptables=0
16097
16098# non raw icmp sockets
16099net.ipv4.ping_group_range=0 0
16100
16101#socket size
16102net.core.rmem_max=8388608
16103net.core.wmem_max=8388608
16104net.core.rmem_default=8388608
16105net.core.wmem_default=8388608
16106
16107
16108##### File: /etc/sysupgrade.conf #####
16109## This file contains files and directories that should
16110## be preserved during an upgrade.
16111
16112# /etc/example.conf
16113# /etc/openvpn/
16114/etc/rc.d
16115/var/mdcollectd.db
16116##### File: /etc/uhttpd.crt #####
161170��0�}� �Ӓ��/�� 0
16118 *�H��
16119
�0a1
0 ULT10U
Vilnius10U
Vilnius10U
16120
Teltonikaf022bb6910U
Teltonika0
16121190114074621Z
16122210113074621Z0a1
0 ULT10U
Vilnius10U
Vilnius10U
16123
Teltonikaf022bb6910U
Teltonika0�"0
16124 *�H��
16125���0�
16126���{�A
16127m�n���D��sųZ,G_y}���O�*`i�+�%��
16128���x
�3 �X/Ŏ{�)1N�Hj����ӻC����Y$T�ejo�?B_�jK��p��!E�K�>
�Y�B���Þ7�,t�u�8�
w%Ñ>�I>k���7+��T��[4(,nv��.�[�Ϙ�{+G�;~*h��'}����:�������Nm�U�FL
����'�m�f)h2%3�X�˫ }��?(��rL1�W}����c��f��ހc#b����I��P0N0
U
��~��5=ス,�q��y�4o�0 U
#0���~��5=ス,�q��y�4o�0
U
0�0
16129 *�H��
16130
���P�J�ݬ��1�fy�!��r�g:�b��Z�Ý#�1����?V�~�+��i��r�f�����vc�eqVr��«HH��ؕYxn��
x��[�,��6�g��
16131˃�������B�y�S ?4��2����Ay1�:y6'�
��u�s����q��e�Tj��+s*Y!�.ǮF0�)� m����`�e�
�M��讵���_z�L��>���7g�b_{bx������_\j<�Ђ���Aqm����*��-
16132##### File: /etc/uhttpd.key #####
16133-----BEGIN PRIVATE KEY-----
16134MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDuCHv8QQoabfdu
16135qv/eRNXjFXPFs1osRxBfeX26gwPdT64qYGkAK7IVJZPpCqCn23gJHrUzH51YL8WO
16136e4kpMU7oSGqTgoXI07tD6u/79VkkVL9lam8b1D9CX5BqS6eHcPLnrSFFk0v4PgQc
16137xFnwQp+t8d6dN/AsdBngdZ845h53JdGQPu9JPmu9uBgTozcrp5QCVMPnWzQbKCxu
16138do/yLqpbjM+Y3nsrR48CO34qaJqRJ332xtP8OqL0rIiz2+x/Tm3lVc1GTB6I+uri
16139J90DbbFmKWgPMiUzwwhYz8urCX3rwT8ovsdyTDGCV32l4KDO9GOh1Gbz9t6AYyNi
161402eWj5O9JAgMBAAECggEBALnUbdc1f4m6qB0B6te/raunJ8cEijVfFW00D+/4MKAq
16141gLIcqlyzwEe6Goso/NuO/1s/Wf8bg19BjF38G8zI7e1x+6JFl+R9SAlx9QEjPgCb
16142GQE34p47SVer+7bAcX3PtBMimoMSx5B5+gPrVru3h6no1f6vmRVbXohZy4BERyyE
16143HHHr290rAsDSsGqUdUrnGYdMx270oq/1xvM+UYGoXNsnLHftrk0bhh+M2rZj+yl4
16144rKtEUk++Fu7BLg+uNq3Ff7da6iqT00cE5XB4OCfrx3P2xvrsuISX1ZqPmyOSOHwI
16145nO5jzogOpmBU8Es1528F1Yqr1ZxtddFehzlpZQtvjsECgYEA+CYSDMRAff4YdVvS
161469BRkOfEuy+3+OlwMdd8TN2kIgY08vnqeBOTkoiHgIUk5fYE0G9BB+Ckr5DQXHyEL
16147qIgMGr2y/be/FrCrqyrmRSHOY33NR8API8Yh9DR4+p1g8PFPPJtrOMW3WXxj1h8P
16148B4bmv5oGFFOlF5m1wBbGv/MgWfUCgYEA9ZB7EiXZw3/pXHt3evQObrWh5vGEb2Lh
16149jsRb5ZhUlFgMqU9GiP6BuxYFDQHagZsRwQmX+/d7MCC17mHwE3jKDYWHYkXFD45g
16150cE2dGDDbut2UxXTswA5CqUt7CJi1mX7u2llJPta0g5GnRw7dCJhX6P8XywJz/WKf
16151akMqWexOh4UCgYEA3IMIOywSm2O3XGLS3W9ZeVvn1/SPnFC8CerH6s99bZKSzjms
16152PnEg8yrjPvERE4RDSAwS83GyvUHE4ja9Y3AyQXkdm/Uy6/jnNF4U7o4SF7ttNjtn
16153uMSS263da+d6g+IMJbF+4J5iRjURiu9ira+lUdKPYHTMGmLPbflPeLeWohkCgYBq
161544NNv9qFtAYMkCWjbTtXpQYyR45RslnDtnnEQ4NgPKLN6DVL51SvJra/NFX1w43k6
16155t147AF/Rdqs4cc/36Z6ne/KMxykZuDIpLt6s5Lb+Aer6dgWFIa/J11xZRX3krOZw
16156imPiwbgXe5F+z+1MDGJWupA0f4DUS9Ruf4UzVjJnsQKBgCH/OJv1NV8Yeg7ySuyY
16157rGvWnvki/zCR5pfPuVcjHYn41McJo8GKfWQYh6pBksQ0vIiTmZtgLZb6h0ePuqNK
16158xbPgY54csEJnF9VlT72/kCdcDCsgNaTb6p/zVjlhFY/ikcu35mY1/u/amVgWETbh
16159fCybqUaSIJXlcwTg9DyxrOKO
16160-----END PRIVATE KEY-----
16161
16162##### File: /etc/xl2tpd/xl2tp-secrets #####
16163# Secrets for authenticating l2tp tunnels
16164# us them secret
16165# * marko blah2
16166# zeus marko blah
16167# * * interop
16168
16169##### File: /etc/xl2tpd/xl2tpd.conf #####
16170[global]
16171port = 1701
16172access control = no
16173auth file = /etc/xl2tpd/xl2tp-secrets
16174
16175[lns default]
16176require chap = yes
16177refuse pap = yes
16178name = xl2tp-server
16179pppoptfile = /etc/ppp/options.xl2tpd
16180length bit = yes
16181
16182##### File: /usr/share/easycwmp/defaults #####
16183#!/bin/sh
16184# Copyright (C) 2012-2016 PIVA Software <www.pivasoftware.com>
16185# Author: MOHAMED Kallel <mohamed.kallel@pivasoftware.com>
16186# Author: ANIS ELLOUZE <anis.ellouze@pivasoftware.com>
16187
16188# set these to appropriate values and remove comment if you want to use them
16189
16190##### File: /var/mdcollectd.db #####
16191SQLite format 3���@ ��9���������������������������������������������������������������9��-�
16192���%��%���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������g�1tabledaysdaysCREATE TABLE days (time TIMESTAMP, sim INT, interface VARCHAR(50), rx INT, tx INT)p�7tablecurrentcurrentCREATE TABLE current (time TIMESTAMP, sim INT, interface VARCHAR(50), rx INT, tx INT)
16193����������u^E-������kS;#
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� \J� wwan02D_�' \J�wwan0�0I%�8 \J��wwan0��W1,�I� \J��wwan0i���s� \J��wwan0,� �zC \J��wwan0?�� <;� \J��wwan0F�&
16194y+ \J{�wwan0D�E
16195!"� \Jm�wwan0M|W
��� \J_�wwan0Rd�
k�r \JQ�wwan03��� \JCpwwan0J�: HN, \J5`wwan0����% ,�
16196 \J'Pwwan0����=��
\J@wwan0��*��=
\J
0wwan0-��u&
16197 \I� wwan0
16198k�! \I�wwan0==Q��: \I��wwan0!m~%;b� \I��wwan0��
x* \I��wwan0��̾Ka� \I��wwan0,�E \I��wwan0W�� \I��wwan0DB�M \I��wwan0
16199�$[$ \I~�wwan04�}D��
16200������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� \J� wwan0kl�����_ \I��wwan0�Shx�9�