function guifi_kamikaze_common_files($dev, $zone) { list($ntp1, $ntp2) = explode(' ', guifi_get_ntp($zone, 2)); $ntp[] .= $ntp1; $ntp[] .= $ntp2; //FILE NTP _outln_comment(); _outln_comment(); _outln_comment(t('NTPClient Settings')); print '<pre>'; print 'COUNTER=0 while [ $COUNTER -lt 4 ]; do uci delete ntpclient.@ntpserver[0] > /dev/null 2>&1 let COUNTER=COUNTER+1 done '; print 'uci add ntpclient ntpserver uci set ntpclient.@ntpserver[0]=ntpserver uci set ntpclient.@ntpserver[0].hostname=' . $ntp1 . ' uci set ntpclient.@ntpserver[0].port=123 uci add ntpclient ntpserver uci set ntpclient.@ntpserver[1]=ntpserver uci set ntpclient.@ntpserver[1].hostname=' . $ntp2 . ' uci set ntpclient.@ntpserver[1].port=123 uci add ntpclient ntpserver uci set ntpclient.@ntpserver[2]=ntpserver uci set ntpclient.@ntpserver[2].hostname=1.openwrt.pool.ntp.org uci set ntpclient.@ntpserver[2].port=123 uci set ntpclient.@ntpclient[0]=ntpclient uci set ntpclient.@ntpclient[0].interval=60 uci set ntpclient.@ntpdrift[0]=ntpdrift uci set ntpclient.@ntpdrift[0].freq=0 '; print 'sleep 1</pre>'; //FILE SYSTEM _outln_comment(); _outln_comment(); _outln_comment(t('System Settings')); print '<pre>'; print 'uci set system.@system[0]=system uci set system.@system[0].hostname=' . $dev->nick . ' uci set system.@system[0].zonename=Europe/Andorra uci set system.@system[0].timezone=CET-1CEST,M3.5.0,M10.5.0/3 uci delete system.@button[0] uci delete system.@button[1] uci add system button uci set system.@button[0]=button uci set system.@button[0].button=reset uci set system.@button[0].action=released uci set system.@button[0].handler="logger reboot" uci set system.@button[0].min=0 uci set system.@button[0].max=4 uci add system button uci set system.@button[1]=button uci set system.@button[1].button=reset uci set system.@button[1].action=released uci set system.@button[1].handler="logger factory default" uci set system.@button[1].min=5 uci set system.@button[1].max=30 '; print 'sleep 1</pre>'; _outln_comment(); _outln_comment(); _outln_comment(t('SNMP Settings')); $loc = node_load(array('nid' => $dev->nid)); print '<pre>'; print 'uci set snmpd.@system[0]=system uci set snmpd.@system[0].sysLocation=' . $loc->nick . ' uci set snmpd.@system[0].sysContact=' . $loc->notification . ' uci set snmpd.@system[0].sysName=guifi.net uci set snmpd.@system[0].sysDescr="Xarxa Oberta, Lliure i Neutral" '; print 'sleep 1</pre>'; _outln_comment(); _outln_comment(); _outln_comment(t('LLDP Settings')); $loc = node_load(array('nid' => $dev->nid)); print '<pre>'; print 'uci set lldpd.config=lldpd uci set lldpd.config.enable_cdp=1 uci set lldpd.config.enable_fdp=1 uci set lldpd.config.enable_sonmp=1 uci set lldpd.config.enable_edp=1 uci set lldpd.config.lldp_class=4 uci set lldpd.config.lldp_location=2:ES:6:' . $loc->nick . ':3:guifi.net:19:' . $dev->id . ' '; print 'sleep 1</pre>'; //FILE PASSWD $file_pass = '******'; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/passwd')); openwrt_out_file($file_pass, '/etc/passwd'); print '<pre>sleep 1</pre> '; }
function unsolclic_guifistationos($dev) { $version = "1.0"; $loc = node_load(array('nid' => $dev->nid)); $zone = node_load(array('nid' => $loc->zone_id)); $wan = guifi_unsolclic_if($dev->id, 'Wan'); list($primary_dns, $secondary_dns) = explode(' ', guifi_get_dns($zone, 2)); $dns[] .= $primary_dns; $dns[] .= $secondary_dns; list($ntp1, $ntp2) = explode(' ', guifi_get_ntp($zone, 2)); $ntp[] .= $ntp1; $ntp[] .= $ntp2; foreach ($dev->radios[0]['interfaces'] as $interface_id => $interface) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if (isset($ipv4['links'])) { foreach ($ipv4['links'] as $key => $link) { $gateway = $link['interface']['ipv4']['ipv4']; } } } } $apssid = guifi_get_ap_ssid($link['interface']['device_id'], $link['interface']['radiodev_counter']); if (empty($dev->radios[0][antenna_mode])) { $dev->radios[0][antenna_mode] = 'Main'; } if ($dev->radios[0][antenna_mode] == 'Main') { $dev->radios[0][antenna_mode] = '1'; } else { $dev->radios[0][antenna_mode] = '2'; } // External on GuifiStation2 and GuifiStation5. $radiorx = $dev->radios[0][antenna_mode]; $radiotx = $dev->radios[0][antenna_mode]; switch ($dev->variable['model_id']) { case "49": // GuifiStation2 $skin = 'skin.active=guifi-station-2'; $net_mode = 'B'; $lnet_mode = 'B Only (2,4Ghz 11MB)'; $rate_max = '11M'; $txpower = '10'; $ack = '45'; $extant = 'disabled'; $mcastrate = '11'; $iface = 'eth0'; $wiface = 'ath0'; $lanip = '192.168.2.66'; $lanmask = '255.255.255.0'; $wanip = $wan->ipv4; $wanmask = $wan->netmask; $iiface = '1'; $specs = 'device.limitband.1.bands.1.band=B device.limitband.1.bands.2.band=G device.limitband.1.bands.3.band=PUREG'; break; case "50": // GuifiStation5 $skin = 'skin.active=guifi-station-5'; $net_mode = 'A'; $lnet_mode = 'A (5Ghz)'; $rate_max = '54M'; $txpower = '10'; $ack = '45'; $extant = 'disabled'; $mcastrate = '54'; $iface = 'ath0'; $wiface = 'eth0'; $lanip = $wan->ipv4; $lanmask = $wan->netmask; $wanip = '192.168.2.66'; $wanmask = '255.255.255.0'; $iiface = '2'; $specs = 'device.limitband.1.bands.1.band=A device.limitband.1.bands.1.status=enabled device.limitband.1.bands.2.band=AST'; break; } ## Create Script file $File = 'files/guifistation/' . $dev->nick . '.cfg'; $Handle = fopen($File, 'w'); $Data = "netconf.status=enabled\nnetconf.1.status=enabled\nnetconf.2.status=enabled\nradio.countrycode=es\nradio.status=enabled\nradio.1.channel=0\nradio.1.devname=ath0\nradio.1.frag=off\nradio.1.mode=managed\nradio.1.parent=wifi0\nradio.1.rate.auto=enabled\nradio.1.rts=off\nradio.1.rx_antenna_diversity=disabled\nradio.1.status=enabled\nradio.1.turbo=disabled\nradio.1.tx_antenna_diversity=disabled\nwireless.status=enabled\nwireless.1.devname=ath0\nwireless.1.fastframes=disabled\nwireless.1.frameburst=disabled\nwireless.1.l2_isolation=disabled\nwireless.1.max_clients=64\nwireless.1.ssid_broadcast=enabled\nwireless.1.status=enabled\nwireless.1.wmm=disabled\nroute.status=enabled\nroute.1.devname=ath0\nroute.1.ip=0.0.0.0\nroute.1.netmask=0\nroute.1.status=enabled\nfirewall.status=enabled\nfirewall.rule.1.chain=POSTROUTING\nfirewall.rule.1.out=ath0\nfirewall.rule.1.status=enabled\nfirewall.rule.1.table=nat\nfirewall.rule.1.target=MASQUERADE\ndhcpd.status=enabled\ndhcpd.1.devname=eth0\ndhcpd.1.dns.1.server=192.168.2.66\ndhcpd.1.end=192.168.2.254\ndhcpd.1.gateway=192.168.2.66\ndhcpd.1.lease_time=600\ndhcpd.1.netmask=255.255.255.0\ndhcpd.1.start=192.168.2.100\ndhcpd.1.status=enabled\nsyslog.file=/var/log/messages\nsyslog.file.msg.level=info\nsyslog.file.umask=077\nsyslog.status=enabled\nsnmpd.contact=guifi@guifi.net\nsnmpd.rocommunity=public\nsnmpd.status=enabled\nresolv.status=enabled\ndate.status=enabled\ndate.timezone=GMT-1\nntpd.status=enabled\nntpd.1.status=enabled\nusers.status=enabled\nusers.1.name=admin\nusers.1.password=84OZbhpCnpRZI\nusers.1.status=enabled\ndevice.mode=router\ndevice.status=enabled\ndiscoveryd.status=enabled\nhttpd.backlog=100\nhttpd.external.status=disabled\nhttpd.max.connections=50\nhttpd.max.request=51200\nhttpd.port.admin=444\nhttpd.port.http=80\nhttpd.port.https=443\nhttpd.status=enabled\nhttpd.verbose=disabled\nsshd.port=22\nsshd.status=enabled\ndnsmasq.status=enabled\ndnsmasq.1.status=enabled\ndnsmasq.1.devname=eth0\ndevice.limitband.status=enabled\ndevice.limitband.1.status=enabled\ndevice.limitband.1.devname=ath0\nwireless.1.ssid=guifi.net-{$apssid}\nnetconf.1.devname={$iface}\nnetconf.1.ip={$lanip}\nnetconf.1.netmask={$lanmask}\nnetconf.2.devname={$wiface}\nnetconf.2.ip={$wanip}\nnetconf.2.netmask={$wanmask}\nroute.1.gateway={$gateway}\nresolv.nameserver.1.ip={$primary_dns}\nresolv.nameserver.2.ip={$secondary_dns}\nsnmpd.name={$dev->nick}\nsnmpd.location={$loc->nick}\nradio.1.ieee_mode={$net_mode}\nradio.1.rate.max={$rate_max}\nradio.1.txpower={$txpower}\nradio.1.acktimeout={$ack}\nradio.1.rx_antenna={$radiorx}\nradio.1.tx_antenna={$radiotx}\nntpd.1.server={$ntp1}\nskin.active={$skin}\nnetconf.{$iiface}.duplex=full\nnetconf.{$iiface}.speed=100\nnetconf.{$iiface}.up=enabled\n{$specs}\n"; fwrite($Handle, $Data); _outln_comment('Unsolclic version: ' . $version); print '<br/><a href="' . base_path() . 'files/guifistation/' . $dev->nick . '.cfg"> Click here to download configuration file for: ' . $dev->nick . ' </a><br />'; print 'Put the mouse cursor over the link. Right click the link and select "Save Link/Target As..." to save to your Desktop.<br /><br />'; fclose($Handle); _outln_comment(' Method to upload/execute the file:'); _outln(' 1. Open your web browser and type the router IP address (Usually 192.168.2.66) and login'); _outln(' 2. Go to System Tab'); _outln(' 3. Press on restore button'); _outln(' 4. Select downloaded file and upload it'); _outln(' 5. When the saved new settings message appears on the screen, click on Reboot button'); _outln(' 6. Wait aproximate 2 minutes, then you can surf the network!'); _outln(); _outln_comment(' Notes:'); _outln(' The script reconfigures IP addresses, so communication can be lost.'); _outln(' -Changes are done in user passwords on the device,'); _outln(' default user and password are changed to admin/guifi.'); _outln(' -The ACK is set to 45 for 802.11b mode, and to 45 for 802.11a (600 meters aprox,)'); _outln(); _outln_comment(' Link to AP info:'); _outln(' Ap SSID = guifi.net-' . $apssid . '<br /> WAN Ip address = ' . $wan->ipv4 . '<br /> WAN Netmask = ' . $wan->netmask . '<br /> WAN Gateway = ' . $gateway . '<br /> Primary DNS Server = ' . $primary_dns . '<br /> Secondary DNS Server = ' . $secondary_dns . '<br /> Device HostName = ' . $dev->nick . '<br /> IEEE 802.11 Mode: = ' . $lnet_mode . '<br /> '); }
function guifi_unsolclic($dev, $format = 'html') { global $rc_startup; global $ospf_zone; global $otype; $paramPrefixes = array("zone", "node", "user", "device", "firmware", "radio", "interface", "ipv4", "link", "linkedto_"); $otype = $format; $dev = (object) $dev; $flattenDev = array_flatten((array) $dev, array()); if (isValidConfiguracioUSC($dev->usc_id)) { // carreguem el Twig , versió utilitzada 1.91 include_once 'contrib/Twig/Autoloader.php'; // FINAL. Treure el fitxer unsolclic resultant com a mime text/plain //drupal_set_header('Content-Type: text/plain; charset=utf-8'); // PFC passos // 1. Recuperar informacio del trasto // 1.a Recuperar el id de model del trasto (del camp extra de device) $modelId = $dev->mid; // recollir la configuracio unscolclic actual $uscId = $dev->usc_id; // 1.b recollir de la BD la informacio del model $model = guifi_get_model($modelId); // 1.c recollir les característiques del model // aixo no es fa servir per res!!!! $caractModel = guifi_get_caractmodel($modelId); // 2. Recuperar informacio del firmware // 2.a Recuperar el id del firmware del trasto(del camp extra de device) $firmwareName = $dev->variable['firmware']; $firmwareId = $dev->fid; // 2.b recollir de la BD la informacio del firmware $firmware = guifi_get_firmware($firmwareName); // 2.c recollir els parametres del firmware // tampoc es fa servir per RES!!!!!! $paramsFirmware = guifi_get_paramsFirmware($firmwareId); // 3. Recuperar la configuracióUnSolClic tq modelid i firmware:id $configuracioUSC = guifi_get_configuracioUSC($modelId, $firmwareId, $uscId); // 3.a recuperar la plantilla de la configuracio $plantilla = $configuracioUSC['plantilla']; // a plantilla hi ha el contingut de la plantilla del unsolclic // 4. recuperar TOTS els parametres variables associats al trasto //$paramsDevice = guifi_get_paramsDevice($dev->id); $paramsDevice = guifi_get_paramsClientDevice($dev->id); // 5. Indexar els els parametres variables associats al trasto $indexedParamsDevice = guifi_indexa_paramsDevice($paramsDevice, $paramPrefixes); // 6. recuperar els parametres de la plantilla $paramsconfiguracioUSC = guifi_get_paramsconfiguracioUSC($uscId); // 6.B. recuperar els la informacio de la configuracio de fabricant-model-firmware $paramsMMF = guifi_get_paramsMMF($dev->id); // 4.b Comprovacions sobre el Device $clientModeNoAPError = clientModeError($dev); if ($clientModeNoAPError) { $plantilla = $clientModeNoAPError; } $totalParameters = array_merge($indexedParamsDevice, $paramsMMF, $flattenDev); // altres parametres fixes; TODO posar-lo com a parametre fixe de la plantilla $totalParameters['ospf_name'] = 'backbone'; // proves de twig $zone = guifi_zone_load($totalParameters['zone_id']); list($primary_dns, $secondary_dns, $ternary_dns) = explode(' ', guifi_get_dns($zone, 3)); $totalParameters['zone_primary_dns'] = $primary_dns; $totalParameters['zone_secondary_dns'] = $secondary_dns; $totalParameters['zone_ternary_dns'] = $ternary_dns; list($primary_ntp, $secondary_ntp) = explode(' ', guifi_get_ntp($zone)); $totalParameters['zone_primary_ntp'] = $primary_ntp; $totalParameters['zone_secondary_ntp'] = $secondary_ntp; if ($paramsconfiguracioUSC) { // 7. substituir els parametres a la plantilla foreach ($paramsconfiguracioUSC as $tupla) { $param = $tupla['nom']; $valor = $tupla['valor']; $dinamic = $tupla['dinamic']; $origen = $tupla['origen']; if ($dinamic == true) { // DINAMIC s'ha de fer una segona passatda per buscar el origen de veritat $valor = $totalParameters[$origen]; } $totalParameters[$param] = $valor; //echo "\n<br>param '$param' $dinamic = '$valor $origen' "; } Twig_Autoloader::register(); $loader = new Twig_Loader_String(); //$loader = new Twig_Loader_Filesystem('/home/albert/workspace/guifinet/drupal-6.22/sites/all/modules/guifi/firmware'); $twig = new Twig_Environment($loader); $totalParameters['dev'] = $dev; $twig->addFunction('ip2long', new Twig_Function_Function('ip2long')); $twig->addFunction('long2ip', new Twig_Function_Function('long2ip')); $twig->addFunction('t', new Twig_Function_Function('t')); $twig->addFunction('guifi_to_7bits', new Twig_Function_Function('guifi_to_7bits')); $twig->addFunction('guifi_get_alchemy_ifs', new Twig_Function_Function('guifi_get_alchemy_ifs')); $twig->addFunction('guifi_main_ip', new Twig_Function_Function('guifi_main_ip')); $twig->addFunction('explode', new Twig_Function_Function('explode')); $escaper = new Twig_Extension_Escaper(true); $twig->addExtension($escaper); //$plantilla = $twig->render($configuracioUSC['template_file'], $twigVars); $plantilla = $twig->render($plantilla, $totalParameters); // } if ($totalParameters['manufacturer_name'] != 'Ubiquiti') { $plantilla = str_replace("\n", "\n<br />", $plantilla); } echo $plantilla; die; } if ($dev->variable['firmware'] == 'n/a') { _outln_comment(t("ERROR: I do need a firmware selected at the radio web interface: ") . '<a href="' . base_path() . '/guifi/device/' . $dev->id . '/edit">http://guifi.net/guifi/device/' . $dev->id . '/edit'); return; } else { _outln_comment(t("Generated for:")); _outln_comment($dev->variable['firmware']); } foreach (glob(drupal_get_path('module', 'guifi') . '/firmware/*.inc.php', GLOB_BRACE) as $firm_inc_php) { include_once "{$firm_inc_php}"; // echo "<br>$firm_inc_php"; } if ($dev->radios[0]['mode'] == 'client') { $links = 0; foreach ($dev->radios[0]['interfaces'] as $interface_id => $interface) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if (isset($ipv4['links'])) { foreach ($ipv4['links'] as $key => $link) { if ($link['link_type'] == 'ap/client') { $links++; break; } } } } } if ($links == 0) { _outln_comment(t("ERROR: Radio is in client mode but has no AP selected, please add a link to the AP at: ") . '<a href="' . base_path() . 'guifi/device/' . $dev->id . '/edit">http://guifi.net/guifi/device/' . $dev->id . '/edit'); return; } } switch ($dev->variable['firmware']) { case 'RouterOSv2.9': case 'RouterOSv3.x': case 'RouterOSv4.0+': case 'RouterOSv4.7+': case 'RouterOSv5.x': case 'RouterOSv6.x': unsolclic_routeros($dev); exit; break; case 'DD-guifi': case 'DD-WRTv23': case 'Alchemy': case 'Talisman': unsolclic_wrt($dev); exit; break; case 'AirOsv221': case 'AirOsv30': case 'AirOsv3.6+': unsolclic_airos($dev); exit; break; // case 'AirOsv52': // unsolclic_airos52($dev); // exit; // break; // case 'AirOsv52': // unsolclic_airos52($dev); // exit; // break; case 'GuifiStationOS1.0': unsolclic_guifistationos($dev); exit; break; // case 'qMpv1': // Use a generic one is better // case 'qMpv1': // Use a generic one is better case preg_match('/^qMp/', $dev->variable['firmware']) == 1: unsolclic_qmp($dev); exit; break; } $unsolclic = 'unsolclic_' . $dev->variable['firmware']; if (function_exists(${unsolclic})) { ${unsolclic}($dev); exit; } else { unsolclic_todo($dev); } }
function unsolclic_routeros($dev) { //Fixed testing mode $ospf_id = '0.0.0.0'; $ospf_name = 'backbone'; // $ipd = guifi_main_ip($dev->id); $ospf_routerid = $ipd['ipv4']; $defined_ips = array(); function bgp_peer($id, $ipv4, $disabled) { $peername = guifi_get_hostname($id); _outln('/ routing bgp peer'); _outln(sprintf(':foreach i in [find name=%s] do={/routing bgp peer remove $i;}', $peername)); _outln(sprintf('add name="%s" instance=default remote-address=%s remote-as=%s \\ ', $peername, $ipv4, $id)); _outln(sprintf('multihop=no route-reflect=no ttl=default in-filter=ebgp-in out-filter=ebgp-out disabled=%s', $disabled)); } function ospf_interface($iname, $netid, $maskbits, $ospf_name, $ospf_zone, $ospf_id, $disabled) { _outln('/ routing ospf interface'); _outln(sprintf(':foreach i in [/routing ospf interface find interface=%s] do={/routing ospf interface remove $i;}', $iname)); _outln(sprintf('add interface=%s', $iname)); _outln('/ routing ospf network'); _outln(sprintf(':foreach i in [/routing ospf network find network=%s/%d] do={/routing ospf network remove $i;}', $netid, $maskbits)); _outln(sprintf('add network=%s/%d area=%s disabled=%s', $netid, $maskbits, $ospf_name, $disabled)); } // Check if there's any wLan/Lan interface defined on the device $wlanlan = false; foreach ($dev->radios as $ri) { $ii = $ri['interfaces']; foreach ($ii as $iii) { if ($iii['interface_type'] == 'wLan/Lan') { $wlanlan = true; } } } $node = node_load(array('nid' => $dev->nid)); $zone = node_load(array('nid' => $node->zone_id)); _outln(sprintf(':log info "Unsolclic for %d-%s going to be executed."', $dev->id, $dev->nick)); _outln_comment(); if ($dev->variable['firmware'] == 'RouterOSv4.7+') { _outln_comment(t('Configuration for RouterOS 4.7 and newer 4.x')); } else { _outln_comment(t('Configuration for ' . $dev->variable['firmware'])); } _outln_comment(t('Device') . ': ' . $dev->id . '-' . $dev->nick); _outln_comment(); _outln_comment(t('Methods to upload/execute this script:')); _outln_comment(t('1.-As a script. Upload this output as a script either with:')); _outln_comment(' ' . t('a.Winbox (with Linux, wine required)')); _outln_comment(' ' . t('b.Terminal (telnet, ssh...)')); _outln_comment(' ' . t('Then execute the script with:')); _outln_comment(' ' . t('> /system script run script_name')); _outln_comment(t('2.-Imported file:')); _outln_comment(' ' . t('Save this output to a file, then upload it to the router')); _outln_comment(' ' . t('using ftp using a name like "script_name.rsc".')); _outln_comment(' ' . t('(note that extension ".rsc" is required)')); _outln_comment(' ' . t('Run the import file using the command:')); _outln_comment(' ' . t('> /import script_name')); _outln_comment(t('3.-Telnet cut&paste:')); _outln_comment(' ' . t('Open a terminal session, and cut&paste this output')); _outln_comment(' ' . t('directly on the terminal input.')); _outln_comment(); _outln_comment(t('Notes:')); _outln_comment(t('-routing-test package is required if you use RouterOSv2.9 , be sure you have it enabled at system packages')); _outln_comment(t('-wlans should be enabled manually, be sure to set the correct antenna (a or b)')); _outln_comment(t(' according in how did you connect the cable to the miniPCI. Keep the')); _outln_comment(t(' power at the minimum possible and check the channel.')); _outln_comment(t('-The script doesn\'t reset the router, you might have to do it manually')); _outln_comment(t('-You must have write access to the router')); _outln_comment(t('-MAC access (winbox, MAC telnet...) method is recommended')); _outln_comment(t(' (the script reconfigures some IP addresses, so communication can be lost)')); _outln_comment(t('-No changes are done in user passwords on the device')); _outln_comment(t('-A Read Only guest account with no password will be created to allow guest access')); _outln_comment(t(' to the router with no danger of damage but able to see the config.')); _outln_comment(t('-Be sure that all packages are activated.')); _outln_comment(t('-Don\'t run the script from telnet and being connected through an IP connection at')); _outln_comment(t(' the wLan/Lan interface: This interface will be destroyed during the script.')); _outln_comment(); _outln('/ system identity set name=' . $dev->nick); // DNS _outln_comment(); _outln_comment('DNS (client & server cache) zone: ' . $node->zone_id); list($primary_dns, $secondary_dns) = explode(' ', guifi_get_dns($zone, 2)); $dns[] .= $primary_dns; $dns[] .= $secondary_dns; if ($secondary_dns != null) { if ($dev->variable['firmware'] == 'RouterOSv4.7+' or $dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { _outln(sprintf('/ip dns set servers=%s,%s allow-remote-requests=yes', $primary_dns, $secondary_dns)); } else { _outln(sprintf('/ip dns set primary-dns=%s secondary-dns=%s allow-remote-requests=yes', $primary_dns, $secondary_dns)); } } else { if ($primary_dns != null) { if ($dev->variable['firmware'] == 'RouterOSv4.7+' or $dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { _outln(sprintf('/ip dns set servers=%s allow-remote-requests=yes', $primary_dns)); } else { _outln(sprintf('/ip dns set primary-dns=%s allow-remote-requests=yes', $primary_dns)); } } } _outln(':delay 1'); // NTP _outln_comment(); _outln_comment('NTP (client & server cache) zone: ' . $node->zone_id); list($primary_ntp, $secondary_ntp) = explode(' ', guifi_get_ntp($zone)); if ($secondary_ntp != null) { _outln(sprintf('/system ntp client set enabled=yes mode=unicast primary-ntp=%s secondary-ntp=%s', $primary_ntp, $secondary_ntp)); } else { if ($primary_ntp != null) { _outln(sprintf('/system ntp client set enabled=yes mode=unicast primary-ntp=%s', $primary_ntp)); } } if ($dev->variable['firmware'] == 'RouterOSv2.9') { _outln(sprintf('/system ntp server set manycast=no enabled=yes')); } _outln(':delay 1'); // Bandwidth-server _outln_comment(); _outln_comment(t('Bandwidth-server')); _outln('/ tool bandwidth-server set enabled=yes authenticate=no allocate-udp-ports-from=2000'); // SNMP _outln_comment(); _outln_comment('SNMP'); if ($dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { $community = 'trap-community=public'; _outln(sprintf('/snmp community set public addresses=0.0.0.0/0')); } else { $community = ''; } _outln(sprintf('/snmp set contact="*****@*****.**" enabled=yes location="%s" %s', $node->nick, $community)); // User guest _outln_comment(); _outln_comment('Guest user'); _outln('/user'); _outln(':foreach i in [find group=read] do={/user remove $i;}'); _outln('add name="guest" group=read address=0.0.0.0/0 comment="" disabled=no'); // Graphing _outln_comment(); _outln_comment(t('Graphing')); _outln(sprintf('/tool graphing interface add')); // LogServer if (!empty($dev->logserver)) { $ipd = array(); $ipd = guifi_main_ip($dev->id); _outln_comment(t('Ip for ServerLogs')); _outln('/system logging'); _outln(':foreach i in [/system logging find action=remote]'); _outln('do={/system logging remove $i }'); _outln(':foreach i in [/system logging action find name=guifi]'); _outln('do=[/system logging action remove $i]'); _outln('/system logging action add name=' . $dev->nick . ' target=remote remote=' . $dev->logserver . ':514 src-address=' . $ipd['ipv4']); _outln('/system logging add action=guifi_remot topics=critical'); _outln('/system logging add action=guifi_remot topics=account'); } if ($radio[mode] != 'client') { // Define wLan/Lan bridge (main interface) _outln_comment(t('Remove current wLan/Lan bridge if exists')); _outln(':foreach i in [/interface bridge find name=wLan/Lan] \\ '); _outln('do={:foreach i in [/interface bridge port find bridge=wLan/Lan] \\ '); _outln('do={/interface bridge port remove $i; \\ '); _outln(':foreach i in [/ip address find interface=wLan/Lan] \\ '); _outln('do={/ip address remove $i;};};'); _outln('/interface bridge remove $i;}'); // Construct bridge only if exists wlan/lan interface if ($wlanlan) { _outln_comment(t('Construct main bridge on wlan1 & ether1')); _outln('/ interface bridge'); _outln('add name="wLan/Lan"'); _outln('/ interface bridge port'); _outln('add interface=ether1 bridge=wLan/Lan'); _outln('add interface=wlan1 bridge=wLan/Lan'); } _outln(':delay 1'); } $firewall = false; // Going to setup wireless interfaces if (isset($dev->radios)) { foreach ($dev->radios as $radio_id => $radio) { switch ($radio[mode]) { case 'ap': $mode = 'ap-bridge'; $ssid = $radio['ssid']; $gain = $radio['antenna_gain']; if ($radio[channel] < 5000) { if ($dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { $band = '2ghz-b'; $chwidth = 'channel-width=20mhz'; } else { $band = '2.4ghz-b'; $chwidth = ''; } } else { if ($dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { $band = '5ghz-a'; $chwidth = 'channel-width=20mhz'; } else { $band = '5ghz'; $chwidth = ''; } } break; case 'client': case 'clientrouted': $mode = 'station'; $gain = $radio['antenna_gain']; foreach ($radio['interfaces'] as $interface) { foreach ($interface['ipv4'] as $ipv4) { foreach ($ipv4['links'] as $link) { $ssid = guifi_get_ap_ssid($link['interface']['device_id'], $link['interface']['radiodev_counter']); $protocol = guifi_get_ap_protocol($link['interface']['device_id'], $link['interface']['radiodev_counter']); $channel = guifi_get_ap_channel($link['interface']['device_id'], $link['interface']['radiodev_counter']); if ($protocol == '802.11b') { if ($dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { $band = '2ghz-b'; } else { $band = '2.4ghz-b'; } } if ($protocol == '802.11a') { if ($dev->variable['firmware'] == 'RouterOSv5.x' or $dev->variable['firmware'] == 'RouterOSv6.x') { $band = '5ghz-a'; } else { $band = '5ghz'; } } if ($protocol == '802.11n' and $channel > 5000) { $band = '5ghz-a/n'; } } } } $firewall = true; break; } _outln_comment(); _outln_comment('Radio#: ' . $radio_id . ' ' . $radio[ssid]); _outln(sprintf('/interface wireless set wlan%d name="wlan%d" \\ ', $radio_id + 1, $radio_id + 1)); _outln(sprintf(' radio-name="%s" mode=%s ssid="guifi.net-%s" \\ ', $radio[ssid], $mode, $ssid)); _outln(sprintf(' band="%s" ' . $chwidth . ' \\ ', $band)); _outln(sprintf(' frequency-mode=regulatory-domain country=spain antenna-gain=%s \\ ', $gain)); if ($radio['channel'] != 0 and $radio['channel'] != 5000) { // if not auto.. set channel if ($radio['channel'] < 20) { $incr = $radio['channel'] * 5; $radio['channel'] = 2407 + $incr; } _outln(sprintf(' frequency=%d \\ ', $radio['channel'])); } if ($band == '5ghz' || '5ghz-a' and $radio['channel'] == 5000 or $band == '2.4ghz-b' || '2ghz-b' and $radio['channel'] == 0) { _outln(' dfs-mode=radar-detect \\ '); } else { _outln(' dfs-mode=none \\ '); } if (empty($radio['antenna_mode'])) { _outln(sprintf(' wds-mode=static wds-default-bridge=none wds-default-cost=100 \\ ')); } else { if ($radio['antenna_mode'] != 'Main') { $radio['antenna_mode'] = 'ant-b'; } else { $radio['antenna_mode'] = 'ant-a'; } _outln(sprintf(' antenna-mode=%s wds-mode=static wds-default-bridge=none wds-default-cost=100 \\ ', $radio['antenna_mode'])); } _outln(' wds-cost-range=50-150 wds-ignore-ssid=yes hide-ssid=no'); if (isset($radio['interfaces'])) { foreach ($radio['interfaces'] as $interface_id => $interface) { _outln(':delay 1'); _outln_comment('Type: ' . $interface['interface_type']); if ($interface['interface_class'] == 'wds/p2p' || $interface['interface_type'] == 'wds/p2p') { _outln_comment(t('Remove all existing wds interfaces')); _outln(sprintf(':foreach i in [/interface wireless wds find master-interface=wlan%s] \\ ', $radio_id + 1)); _outln('do={:foreach n in [/interface wireless wds get $i name] \\ '); _outln('do={:foreach inum in [/ip address find interface=$n] \\ '); _outln('do={/ip address remove $inum;};}; \\ '); _outln('/interface wireless wds remove $i;}'); if (isset($interface['ipv4'])) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if (isset($ipv4['links'])) { foreach ($ipv4['links'] as $link_id => $link) { if (preg_match("/(Working|Testing|Building)/", $link['flag'])) { $disabled = 'no'; } else { $disabled = 'yes'; } $wdsname = 'wds_' . guifi_get_hostname($link['device_id']); if ($link['interface']['mac'] == null) { $link['interface']['mac'] = 'FF:FF:FF:FF:FF:FF'; } _outln('/ interface wireless wds'); _outln(sprintf('add name="%s" master-interface=wlan%d wds-address=%s disabled=%s', $wdsname, $radio_id + 1, $link['interface']['mac'], $disabled)); $item = _ipcalc($ipv4['ipv4'], $ipv4['netmask']); $ospf_zone = guifi_get_ospf_zone($zone); _outln(sprintf('/ ip address add address=%s/%d network=%s broadcast=%s interface=%s disabled=%s comment="%s"', $ipv4['ipv4'], $item['maskbits'], $item['netid'], $item['broadcast'], $wdsname, $disabled, $wdsname)); if ($link['routing'] == 'OSPF') { ospf_interface($wdsname, $item['netid'], $item['maskbits'], $ospf_name, $ospf_zone, $ospf_id, 'no'); bgp_peer($link['device_id'], $link['interface']['ipv4']['ipv4'], 'yes'); } else { ospf_interface($wdsname, $item['netid'], $item['maskbits'], $ospf_name, $ospf_zone, $ospf_id, 'yes'); bgp_peer($link['device_id'], $link['interface']['ipv4']['ipv4'], 'no'); } } } } } // each wds link (ipv4) } else { // wds // wLan, wLan/Lan, Hotspot or client // Defining all networks and IP addresses at the interface if (isset($interface['ipv4'])) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if ($interface['interface_type'] == 'wLan/Lan') { $iname = $interface['interface_type']; $ospf_routerid = $ipv4['ipv4']; } else { $iname = 'wlan' . ($radio_id + 1); } $item = _ipcalc($ipv4['ipv4'], $ipv4['netmask']); _outln('/ip address'); if ($interface['interface_type'] == 'Wan') { _outln(sprintf(':foreach i in [find interface=%s] do={remove $i}', $iname)); } _outln(sprintf(':foreach i in [find address="%s/%d"] do={remove $i}', $ipv4['ipv4'], $item['maskbits'])); _outln(sprintf('/ ip address add address=%s/%d network=%s broadcast=%s interface=%s disabled=no', $ipv4['ipv4'], $item['maskbits'], $item['netid'], $item['broadcast'], $iname)); $defined_ips[$ipv4['ipv4']] = $item; $ospf_zone = guifi_get_ospf_zone($zone); _outln('/ routing bgp network'); _outln(sprintf(':foreach i in [/routing bgp network find network=%s/%d] do={/routing bgp network remove $i;}', $item['netid'], $item['maskbits'])); _outln(sprintf('add network=%s/%d synchronize=no disabled=no', $item['netid'], $item['maskbits'])); if ($radio['mode'] != 'client') { ospf_interface($iname, $item['netid'], $item['maskbits'], $ospf_name, $ospf_zone, $ospf_id, 'no'); } else { ospf_interface($iname, $item['netid'], $item['maskbits'], $ospf_name, $ospf_zone, $ospf_id, 'yes'); } } } // HotSpot if ($interface['interface_type'] == 'HotSpot') { _outln_comment(); _outln_comment('HotSpot'); _outln('/interface wireless'); _outln(sprintf(':foreach i in [find name=hotspot%d] do={remove $i}', $radio_id + 1)); _outln(sprintf('add name="hotspot%d" arp=enabled master-interface=wlan%d ssid="guifi.net-%s" disabled="no"', $radio_id + 1, $radio_id + 1, variable_get("hotspot_ssid", "HotSpot"))); _outln('/ip address'); _outln(sprintf(':foreach i in [find address="192.168.%d.1/24"] do={remove $i}', $radio_id + 100)); _outln(sprintf('/ip address add address=192.168.%d.1/24 interface=hotspot%d disabled=no', $radio_id + 100, $radio_id + 1)); _outln('/ip pool'); _outln(sprintf(':foreach i in [find name=hs-pool-%d] do={remove $i}', $radio_id + 100)); _outln(sprintf('add name="hs-pool-%d" ranges=192.168.%d.2-192.168.%d.254', $radio_id + 100, $radio_id + 100, $radio_id + 100)); _outln('/ip dhcp-server'); _outln(sprintf(':foreach i in [find name=hs-dhcp-%d] do={remove $i}', $radio_id + 100)); _outln(sprintf('add name="hs-dhcp-%d" interface=hotspot%d lease-time=1h address-pool=hs-pool-%d bootp-support=static authoritative=after-2sec-delay disabled=no', $radio_id + 100, $radio_id + 1, $radio_id + 100)); _outln('/ip dhcp-server network'); _outln(sprintf(':foreach i in [find address="192.168.%d.0/24"] do={remove $i}', $radio_id + 100)); _outln(sprintf('add address=192.168.%d.0/24 gateway=192.168.%d.1 domain=guifi.net comment=dhcp-%s', $radio_id + 100, $radio_id + 100, $radio_id)); _outln('/ip hotspot profile'); _outln(sprintf(':foreach i in [find name=hsprof%d] do={remove $i}', $radio_id + 1)); _outln(sprintf('add name="hsprof%d" hotspot-address=192.168.%d.1 dns-name="guests.guifi.net" html-directory=hotspot smtp-server=0.0.0.0 login-by=http-pap,trial split-user-domain=no trial-uptime=30m/1d trial-user-profile=default use-radius=no', $radio_id + 1, $radio_id + 100)); _outln('/ip hotspot user profile'); _outln('set default name="default" advertise-url=http://guifi.net/trespassos/'); _outln('/ip hotspot'); _outln(sprintf(':foreach i in [find name=hotspot%d] do={remove $i}', $radio_id + 1)); _outln(sprintf('add name="hotspot%d" interface=hotspot%d address-pool=hs-pool-%d profile=hsprof%d idle-timeout=5m keepalive-timeout=none addresses-per-mac=2 disabled=no', $radio_id + 1, $radio_id + 1, $radio_id + 100, $radio_id + 1)); _outln_comment('end of HotSpot'); } // HotSpot _outln(':delay 1'); if (!preg_match("/(HotSpot|Wan)/", $interface['interface_type'])) { // Not link only (AP), setting DHCP if ($mode == 'ap-bridge') { $maxip = ip2long($item['netstart']) + 1; if ($maxip + 5 > ip2long($item['netend']) - 5) { $maxip = ip2long($item['netend']); $dhcp_disabled = 'yes'; } else { $maxip = $maxip + 5; $dhcp_disabled = 'no'; } _outln_comment(); _outln_comment('DHCP'); _outln(sprintf(':foreach i in [/ip pool find name=dhcp-%s] do={/ip pool remove $i;}', $iname)); _outln(sprintf('/ip pool add name=dhcp-%s ranges=%s-%s', $iname, long2ip($maxip), $item['netend'])); _outln(sprintf(':foreach i in [/ip dhcp-server find name=dhcp-%s] do={/ip dhcp-server remove $i;}', $iname)); _outln(sprintf('/ip dhcp-server add name=dhcp-%s interface=%s address-pool=dhcp-%s disabled=%s', $iname, $iname, $iname, $dhcp_disabled)); _outln(sprintf(':foreach i in [/ip dhcp-server network find address="%s/%d"] do={/ip dhcp-server network remove $i;}', $item['netid'], $item['maskbits'])); _outln(sprintf('/ip dhcp-server network add address=%s/%d gateway=%s domain=guifi.net comment=dhcp-%s', $item['netid'], $item['maskbits'], $item['netstart'], $iname)); $dhcp = array(); $dhcp[] = '/ip dhcp-server lease'; $dhcp[] = ':foreach i in [find comment=""] do={remove $i;}'; $dhcp[] = ':delay 1'; if (isset($ipv4['links'])) { foreach ($ipv4['links'] as $link_id => $link) { if (isset($link['interface']['ipv4']['ipv4'])) { if (ip2long($link['interface']['ipv4']['ipv4']) >= $maxip) { $maxip = ip2long($link['interface']['ipv4']['ipv4']) + 1; } } if ($link['interface']['mac'] == null) { $rmac = 'ff:ff:ff:ff:ff:ff'; } else { $rmac = $link['interface']['mac']; } $dhcp[] = sprintf('add address=%s mac-address=%s client-id=%s server=dhcp-%s', $link['interface']['ipv4']['ipv4'], $rmac, guifi_get_hostname($link['device_id']), $iname); } } foreach ($dhcp as $outln) { _outln($outln); } } } } // wLan, wLan/Lan or client _outln_comment(); } } // foreach radio->interface _outln(':delay 1'); } } // foreach radio if ($firewall) { _outln_comment(); _outln_comment('Device has firewall (setting up as CPE)'); // Setting gateway _outln(sprintf('/ip route add gateway=%s', $link['interface']['ipv4']['ipv4'])); // Setting private network and DHCP _outln(':foreach i in [find address="192.168.1.1/24"] do={remove $i}'); _outln('/ip address add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether1 comment="" disabled=no'); _outln(':delay 1'); _outln('/ip pool'); _outln(':foreach i in [find name=private] do={remove $i}'); _outln('add name="private" ranges=192.168.1.100-192.168.1.200'); _outln(':delay 1'); _outln('/ip dhcp-server'); _outln(':foreach i in [find name=private] do={remove $i}'); _outln('add name="private" interface=ether1 lease-time=3d address-pool=private bootp-support=static authoritative=after-2sec-delay disabled=no'); _outln(':delay 1'); _outln('/ip dhcp-server network'); _outln(':foreach i in [find] do={remove $i}'); if ($secondary_dns != null) { _outln(sprintf('add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24 dns-server=%s,%s domain="guifi.net" comment=""', $primary_dns, $secondary_dns)); } else { if ($primary_dns != null) { _outln(sprintf('add address=192.168.1.0/24 gateway=192.168.1.1 netmask=24 dns-server=%s domain="guifi.net" comment=""', $primary_dns)); } } _outln(':delay 1'); // be sure that there is no dhcp client requests since having a static ip _outln('/ip dhcp-client'); _outln(':foreach i in [find] do={remove $i}'); _outln(':delay 1'); // NAT private network _outln('/ip firewall nat'); _outln(':foreach i in [find] do={remove $i}'); _outln(':delay 1'); _outln('add chain=srcnat out-interface=wlan1 action=masquerade comment="" disabled=no'); // Firewall enabled, allowing winbox, ssh and snmp _outln('/ip firewall filter'); _outln(':foreach i in [find] do={remove $i}'); _outln('add chain=input connection-state=established action=accept comment="Allow Established connections" disabled=no'); _outln('add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no'); _outln('add chain=input src-address="192.168.1.0/24" action=accept comment="Allow access to router from known network" disabled=no'); _outln('add chain=input protocol=tcp dst-port=22 action=accept comment="Allow remote ssh" disabled=no'); _outln('add chain=input protocol=udp dst-port=161 action=accept comment="Allow snmp" disabled=no'); _outln('add chain=input protocol=tcp dst-port=8291 action=accept comment="Allow remote winbox" disabled=no'); _outln('add chain=input protocol=icmp action=accept comment="Allow ping" disabled=no'); _outln('add chain=forward connection-state=established action=accept comment="Allow already established connections" disabled=no'); _outln('add chain=forward connection-state=related action=accept comment="Allow related connections" disabled=no'); _outln('add chain=forward src-address="192.168.1.0/24" action=accept comment="Allow access to router from known network" disabled=no'); _outln('add chain=input protocol=tcp connection-state=invalid action=drop comment="" disabled=no'); _outln('add chain=forward protocol=tcp connection-state=invalid action=drop comment="Drop invalid connections" disabled=no'); _outln('add chain=forward action=drop comment="Drop anything else" disabled=no'); _outln('add chain=input action=drop comment="Drop anything else" disabled=no'); _outln(':delay 1'); // End of Unsolclic _outln_comment(); _outln(sprintf(':log info "Unsolclic for %d-%s executed."', $dev->id, $dev->nick)); _outln('/'); return; } _outln_comment(); _outln_comment('Routed device'); // Now, defining other interfaces (if they aren't yet) _outln_comment(); _outln_comment(t('Other cable connections')); if (isset($dev->interfaces)) { foreach ($dev->interfaces as $interface_id => $interface) { switch ($interface[interface_type]) { case 'vlan': $iname = 'wLan/Lan'; break; case 'vlan2': $iname = 'ether2'; break; case 'vlan3': $iname = 'ether3'; break; case 'vlan4': $iname = 'wLan/Lan'; break; case 'Wan': $iname = 'wLan/Lan'; break; default: $iname = $interface['interface_type']; break; } $ospf_intrefaces[] = $iname; if (isset($interface['ipv4'])) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if (!isset($defined_ips[$ipv4['ipv4']])) { $disabled = 'yes'; if (isset($ipv4['links'])) { unset($comments); foreach ($ipv4['links'] as $link_id => $link) { if ($disabled = 'yes' and preg_match("/(Working|Testing|Building)/", $link['flag'])) { $disabled = 'no'; } $comments[] = guifi_get_hostname($link['device_id']); $ospf_zone = guifi_get_ospf_zone($zone); $item = _ipcalc($ipv4['ipv4'], $ipv4['netmask']); if ($link['routing'] == 'OSPF') { ospf_interface($iname, $item['netid'], $item['maskbits'], $ospf_name, $ospf_zone, $ospf_id, 'no'); bgp_peer($link['device_id'], $link['interface']['ipv4']['ipv4'], 'yes'); } else { ospf_interface($iname, $item['netid'], $item['maskbits'], $ospf_name, $ospf_zone, $ospf_id, 'yes'); bgp_peer($link['device_id'], $link['interface']['ipv4']['ipv4'], 'no'); } } } else { $disabled = 'no'; } $item = _ipcalc($ipv4['ipv4'], $ipv4['netmask']); _outln(sprintf(':foreach i in [/ip address find address="%s/%d"] do={/ip address remove $i;}', $ipv4['ipv4'], $item['maskbits'])); _outln(':delay 1'); _outln(sprintf('/ ip address add address=%s/%d network=%s broadcast=%s interface=%s disabled=%s comment="%s"', $ipv4['ipv4'], $item['maskbits'], $item['netid'], $item['broadcast'], $iname, $disabled, implode(',', $comments))); $defined_ips[$ipv4['ipv4']] = $item; } } } } } // NAT for internal addresses while being used inside the router _outln_comment(); _outln_comment(t('Internal addresses NAT')); _outln(':foreach i in [/ip firewall nat find src-address="172.16.0.0/12"] do={/ip firewall nat remove $i;}'); _outln(':foreach i in [/ip firewall nat find src-address="192.168.0.0/16"] do={/ip firewall nat remove $i;}'); _outln('/ip firewall nat'); switch ($dev->variable['firmware']) { case 'RouterOSv2.9': _outln(sprintf('add chain=srcnat src-address="192.168.0.0/16" dst-address=!192.168.0.0/16 action=src-nat to-addresses=%s to-ports=0-65535 comment="" disabled=no', $ospf_routerid)); break; case 'RouterOSv3.x': case 'RouterOSv4.0+': case 'RouterOSv4.7+': case 'RouterOSv5.x': case 'RouterOSv6.x': _outln(sprintf('add chain=srcnat src-address="192.168.0.0/16" dst-address=!192.168.0.0/16 action=src-nat to-addresses=%s comment="" disabled=no', $ospf_routerid)); break; } // BGP _outln_comment(); _outln_comment(t('BGP Routing')); _outln_comment(t('BGP & OSPF Filters')); _outln(':foreach i in [/routing filter find chain=ospf-in] do={/routing filter remove $i;}'); _outln(':foreach i in [/routing filter find chain=ospf-out] do={/routing filter remove $i;}'); _outln(':foreach i in [/routing filter find chain=ebgp-in] do={/routing filter remove $i;}'); _outln(':foreach i in [/routing filter find chain=ebgp-out] do={/routing filter remove $i;}'); _outln("/ routing filter"); _outln(sprintf('add chain=ebgp-in comment="0. Set ebgp-in preferred source." set-pref-src="%s" disabled=no', $ospf_routerid)); _outln('add action=discard chain=ebgp-in comment="1. Discard insert non 10.x routes from BGP peer" disabled=no invert-match=no prefix=!10.0.0.0/8 prefix-length=8-32'); _outln('add action=discard chain=ebgp-out comment="2. Discard send non 10.x routes to BGP peer" disabled=no invert-match=no prefix=!10.0.0.0/8 prefix-length=8-32'); _outln(sprintf('add action=accept chain=ospf-in comment="3. Accept insert 10.x routes from OSPF neighbor" disabled=no invert-match=no prefix=10.0.0.0/8 prefix-length=8-32 set-pref-src="%s"', $ospf_routerid)); _outln('add action=accept chain=ospf-in comment="4. Accept insert 172.x routes from OSPF neighbor" disabled=no invert-match=no prefix=172.16.0.0/12 prefix-length=8-32'); _outln('add action=discard chain=ospf-in comment="5. Discard insert non 10.x and 172.x from OSPF neighbor" disabled=no invert-match=no'); _outln('add action=accept chain=ospf-out comment="6. Allow send 10.x routes to OSPF neighbor" disabled=no invert-match=no prefix=10.0.0.0/8 prefix-length=8-32'); _outln('add action=accept chain=ospf-out comment="7. Allow send 172.x routes to OSPF neighbor" disabled=no invert-match=no prefix=172.16.0.0/12 prefix-length=8-32'); _outln('add action=discard chain=ospf-out comment="8. Discard send non 10.x and 172.x to OSPF neighbor" disabled=no invert-match=no'); _outln_comment(); _outln_comment(t('BGP instance')); _outln("/ routing bgp instance"); _outln(sprintf('set default name="default" as=%d router-id=%s \\ ', $dev->id, $ospf_routerid)); switch ($dev->variable['firmware']) { case 'RouterOSv4.0+': case 'RouterOSv4.7+': case 'RouterOSv5.x': case 'RouterOSv6.x': _outln('redistribute-connected=no redistribute-static=no redistribute-rip=no \\ '); break; default: _outln('redistribute-connected=yes redistribute-static=yes redistribute-rip=yes \\ '); } _outln('redistribute-ospf=yes redistribute-other-bgp=yes out-filter=ebgp-out \\ '); _outln('client-to-client-reflection=yes comment="" disabled=no'); // OSPF _outln_comment(); _outln_comment(t('OSPF Routing')); switch ($dev->variable['firmware']) { case 'RouterOSv2.9': case 'RouterOSv3.x': _outln(sprintf('/routing ospf set router-id=%s distribute-default=never redistribute-connected=no \\ ', $ospf_routerid)); _outln(sprintf('redistribute-static=no redistribute-rip=no redistribute-bgp=as-type-1')); break; case 'RouterOSv4.0+': case 'RouterOSv4.7+': case 'RouterOSv5.x': case 'RouterOSv6.x': _outln(sprintf('/routing ospf instance set default name=default router-id=%s comment="" disabled=no distribute-default=never \\ ', $ospf_routerid)); _outln(sprintf('redistribute-bgp=as-type-1 redistribute-connected=no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no in-filter=ospf-in out-filter=ospf-out')); break; } // End of Unsolclic _outln_comment(); _outln(sprintf(':log info "Unsolclic for %d-%s executed."', $dev->id, $dev->nick)); _outln('/'); }
function guifi_kamikaze_files($dev, $zone) { //SOME VARIABLES foreach ($dev->radios[0]['interfaces'] as $interface_id => $interface) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if (isset($ipv4['links'])) { foreach ($ipv4['links'] as $key => $link) { if ($link['link_type'] == 'ap/client') { $gateway = $link['interface']['ipv4']['ipv4']; } } } } } $wan = guifi_unsolclic_if($dev->id, 'Wan'); $dns = guifi_get_dns($zone, 2); list($ntp1, $ntp2) = explode(' ', guifi_get_ntp($zone, 2)); $ntp[] .= $ntp1; $ntp[] .= $ntp2; $apssid = 'guifi.net-' . guifi_get_ap_ssid($link['interface']['device_id'], $link['interface']['radiodev_counter']); $wireless_model = 0; $wireless_iface = 0; switch ($dev->variable['model_id']) { case "25": case "26": case "32": case "33": case "34": case "35": case "36": case "37": // NanoStationX, LiteStationX, NanoStation LocoX, Bullet $wireless_model = 'atheros'; $wireless_iface = 'wifi0'; $vlans = NULL; $mode = NULL; if ($dev->variable['model_id'] == 25 || $dev->variable['model_id'] == 32 || $dev->variable['model_id'] == 34 || $dev->variable['model_id'] == 36) { $mode = 'option \'hwmode\' \'11b\''; } else { $mode = 'option \'hwmode\' \'11a\''; } $lan_iface = 'eth0'; $wan_iface = 'ath0'; $txant = 'txantenna'; $rxant = 'rxantenna'; $packages = 'atheros/packages'; break; default: _outln_comment('model id not supported'); exit; } if (empty($dev->radios[0][antenna_mode])) { $dev->radios[0][antenna_mode] = 'Main'; } if ($dev->radios[0][antenna_mode] != 'Main') { $dev->radios[0][antenna_mode] = '1'; } else { $dev->radios[0][antenna_mode] = '0'; } // SECTION FILES // FILE NETWORK $file_network = ' ' . $vlans . ' config interface loopback option \'ifname\' \'lo\' option \'proto\' \'static\' option \'ipaddr\' \'127.0.0.1\' option \'netmask\' \'255.0.0.0\' config interface lan option \'ifname\' \'' . $lan_iface . '\' option \'type\' \'bridge\' option \'proto\' \'static\' option \'ipaddr\' \'192.168.1.1\' option \'netmask\' \'255.255.255.0\' option \'dns\' \'' . $dns . '\' config interface wan option \'ifname\' \'' . $wan_iface . '\' option \'proto\' \'static\' option \'ipaddr\' \'' . $wan->ipv4 . '\' option \'netmask\' \'' . $wan->netmask . '\' option \'gateway\' \'' . $gateway . '\' option \'dns\' \'' . $dns . '\' '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/config/network')); _out_file($file_network, '/etc/config/network'); // FILE WIRELESS $file_wireless = ' config \'wifi-device\' \'' . $wireless_iface . '\' option \'type\' \'' . $wireless_model . '\' option \'disabled\' \'0\' option \'diversity\' \'0\' option \'' . $txant . '\' \'' . $dev->radios[0][antenna_mode] . '\' option \'' . $rxant . '\' \'' . $dev->radios[0][antenna_mode] . '\' ' . $mode . ' option \'txpower\' \'16\' config wifi-iface option \'device\' \'' . $wireless_iface . '\' option \'network\' \'wan\' option \'mode\' \'sta\' option \'ssid\' \'' . $apssid . '\' option \'encryption\' \'none\' '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/config/wireless')); _out_file($file_wireless, '/etc/config/wireless'); //FILE FIREWALL $firewall = ' config defaults option \'syn_flood\' \'1\' option \'input\' \'ACCEPT\' option \'output\' \'ACCEPT\' option \'forward\' \'REJECT\' config zone option \'name\' \'lan\' option \'input\' \'ACCEPT\' option \'output\' \'ACCEPT\' option \'forward\' \'REJECT\' config zone option \'name\' \'wan\' option \'output\' \'ACCEPT\' option \'input\' \'ACCEPT\' option \'forward\' \'REJECT\' option \'masq\' \'1\' config forwarding option \'src\' \'lan\' option \'dest\' \'wan\' config rule option \'dst\' \'wan\' option \'src_dport\' \'22\' option \'target\' \'ACCEPT\' option \'protocol\' \'tcp\' config rule option \'dst\' \'wan\' option \'src_dport\' \'80\' option \'target\' \'ACCEPT\' option \'protocol\' \'tcp\' config rule option \'dst\' \'wan\' option \'src_dport\' \'161\' option \'target\' \'ACCEPT\' option \'protocol\' \'udp\' '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/config/firewall')); _out_file($firewall, '/etc/config/firewall'); //FILE OPKG $opkg_conf = ' src/gz snapshots http://downloads.openwrt.org/snapshots/' . $packages . ' dest root / dest ram /tmp lists_dir ext /var/opkg-lists option overlay_root /jffs '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/opkg.conf')); _out_file($opkg_conf, '/etc/opkg.conf'); }
function guifi_kamikaze_files($dev, $zone) { //SOME VARIABLES foreach ($dev->radios[0]['interfaces'] as $interface_id => $interface) { foreach ($interface['ipv4'] as $ipv4_id => $ipv4) { if (isset($ipv4['links'])) { foreach ($ipv4['links'] as $key => $link) { if ($link['link_type'] == 'ap/client') { $gateway = $link['interface']['ipv4']['ipv4']; } } } } } $wan = guifi_unsolclic_if($dev->id, 'Wan'); $dns = guifi_get_dns($zone, 2); list($ntp1, $ntp2) = explode(' ', guifi_get_ntp($zone, 2)); $ntp[] .= $ntp1; $ntp[] .= $ntp2; $apssid = 'guifi.net-' . guifi_get_ap_ssid($link['interface']['device_id'], $link['interface']['radiodev_counter']); $wireless_model = 0; $wireless_iface = 0; switch ($dev->variable['model_id']) { case "1": case "15": case "16": case "17": case "18": // WRT54Gv1-4, WHR-HP-G54, WHR-G54S (BUFFALO), WRT54GL, WRT54GSv1-2, WRT54GSv4 $wireless_model = 'broadcom'; $wireless_iface = 'wl0'; $vlans = 'config switch eth0 option vlan0 \\"1 2 3 4 5*\\" option vlan1 \\"0 5\\" '; $mode = NULL; $lan_iface = 'eth0.0'; $wan_iface = 'eth0.1'; $txant = 'txant'; $rxant = 'rxant'; $packages = 'broadcom/packages'; break; default: _outln_comment('model id not supported'); exit; } if (empty($dev->radios[0][antenna_mode])) { $dev->radios[0][antenna_mode] = 'Main'; } if ($dev->radios[0][antenna_mode] != 'Main') { $dev->radios[0][antenna_mode] = '1'; } else { $dev->radios[0][antenna_mode] = '0'; } // SECTION FILES // FILE NETWORK $file_network = ' ' . $vlans . ' config interface loopback option \'ifname\' \'lo\' option \'proto\' \'static\' option \'ipaddr\' \'127.0.0.1\' option \'netmask\' \'255.0.0.0\' config interface lan option \'ifname\' \'' . $lan_iface . '\' option \'type\' \'bridge\' option \'proto\' \'static\' option \'ipaddr\' \'192.168.1.1\' option \'netmask\' \'255.255.255.0\' option \'dns\' \'' . $dns . '\' config interface wan option \'ifname\' \'' . $wan_iface . '\' option \'proto\' \'static\' option \'ipaddr\' \'' . $wan->ipv4 . '\' option \'netmask\' \'' . $wan->netmask . '\' option \'gateway\' \'' . $gateway . '\' option \'dns\' \'' . $dns . '\' '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/config/network')); _out_file($file_network, '/etc/config/network'); // FILE WIRELESS $file_wireless = ' config \'wifi-device\' \'' . $wireless_iface . '\' option \'type\' \'' . $wireless_model . '\' option \'disabled\' \'0\' option \'' . $txant . '\' \'' . $dev->radios[0][antenna_mode] . '\' option \'' . $rxant . '\' \'' . $dev->radios[0][antenna_mode] . '\' ' . $mode . ' config wifi-iface option \'device\' \'' . $wireless_iface . '\' option \'network\' \'wan\' option \'mode\' \'sta\' option \'ssid\' \'' . $apssid . '\' option \'encryption \'none\' '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/config/wireless')); _out_file($file_wireless, '/etc/config/wireless'); //FILE FIREWALL $firewall = ' config defaults option \'syn_flood\' \'1\' option \'input\' \'ACCEPT\' option \'output\' \'ACCEPT\' option \'forward\' \'REJECT\' config zone option \'name\' \'lan\' option \'input\' \'ACCEPT\' option \'output\' \'ACCEPT\' option \'forward\' \'REJECT\' config zone option \'name\' \'wan\' option \'output\' \'ACCEPT\' option \'input\' \'ACCEPT\' option \'forward\' \'REJECT\' option \'masq\' \'1\' config forwarding option \'src\' \'lan\' option \'dest\' \'wan\' config rule option \'dst\' \'wan\' option \'src_dport\' \'22\' option \'target\' \'ACCEPT\' option \'protocol\' \'tcp\' config rule option \'dst\' \'wan\' option \'src_dport\' \'80\' option \'target\' \'ACCEPT\' option \'protocol\' \'tcp\' config rule option \'dst\' \'wan\' option \'src_dport\' \'161\' option \'target\' \'ACCEPT\' option \'protocol\' \'udp\' '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/config/firewall')); _out_file($firewall, '/etc/config/firewall'); //FILE OPKG $opkg_conf = ' src/gz guifi http://ausa.guifi.net/drupal/files/openwrt/client/' . $packages . ' dest root / dest ram /tmp lists_dir ext /var/opkg-lists '; _outln_comment(); _outln_comment(); _outln_comment(t('File /etc/opkg.conf')); _out_file($opkg_conf, '/etc/opkg.conf'); }
function guifi_unsolclic_network_vars($dev, $zone) { _outln_comment($dev->nick); _outln_comment(t('Global network parameters')); _outln_nvram('router_name', $dev->nick); _outln_nvram('wan_hostname', $dev->nick); $wlan_lan = guifi_unsolclic_if($dev->id, 'wLan/Lan'); if ($wlan_lan->ipv4 != '') { _outln_nvram('lan_ipaddr', $wlan_lan->ipv4); _outln_nvram('lan_gateway', '0.0.0.0'); _outln_nvram('lan_netmask', $wlan_lan->netmask); } $lan = guifi_unsolclic_if($dev->id, 'Lan'); if ($lan->ipv4 != '') { _outln_nvram('lan_ipaddr', $lan->ipv4); $item = _ipcalc($lan->ipv4, $lan->netmask); _outln_nvram('lan_gateway', $item['netstart']); _outln_nvram('lan_netmask', $lan->netmask); } $wan = guifi_unsolclic_if($dev->id, 'Wan'); if ($wan) { if (empty($wan->ipv4)) { _outln_nvram('wan_proto', 'dhcp'); } else { _outln_nvram('wan_proto', 'static'); _outln_nvram('wan_ipaddr', $wan->ipv4); _outln_nvram('wan_netmask', $wan->netmask); if ($dev->variable['firmware'] == 'DD-WRTv23' or $dev->variable['firmware'] == 'DD-guifi') { _outln_nvram('fullswitch', '1'); _outln_nvram('wan_dns', guifi_get_dns($zone, 3)); } } } else { _outln_nvram('wan_proto', 'disabled'); } _outln_nvram('lan_domain', 'guifi.net'); _outln_nvram('wan_domain', 'guifi.net'); _outln_nvram('http_passwd', 'guifi'); _outln_nvram('time_zone', $zone->time_zone); _outln_nvram('sv_localdns', guifi_get_dns($zone, 1)); if ($dev->variable['firmware'] == 'Alchemy') { _outln_nvram('wan_dns', guifi_get_dns($zone, 3)); } if ($dev->variable['firmware'] == 'Talisman') { foreach (explode(' ', guifi_get_dns($zone, 3)) as $key => $dns) { _outln_nvram('wan_dns' . $key, $dns); } } _outln_nvram('wl_net_mode', 'b-only'); _outln_nvram('wl0_net_mode', 'b-only'); _outln_nvram('wl_afterburner', 'on'); _outln_nvram('wl_frameburst', 'on'); // Setting outpur power (mW) _outln_nvram('txpwr', '28'); if (empty($dev->radios[0][antenna_mode])) { $dev->radios[0][antenna_mode] = 'Main'; } if ($dev->radios[0][antenna_mode] != 'Main') { $dev->radios[0][antenna_mode] = '1'; } else { $dev->radios[0][antenna_mode] = '0'; } _outln_nvram('txant', $dev->radios[0][antenna_mode]); _outln_nvram('wl0_antdiv', '0'); _outln_nvram('wl_antdiv', '0'); _outln_nvram('block_wan', '0'); if ($dev->variable['firmware'] == 'Talisman') { _outln_nvram('ident_pass', '0'); _outln_nvram('multicast_pass', '0'); _outln_nvram('wl_closed', '0'); _outln_nvram('block_loopback', '0'); } _outln_comment(); _outln_comment(t('Management')); _outln_nvram('telnetd_enable', '1'); _outln_nvram('sshd_enable', '1'); _outln_nvram('sshd_passwd_auth', '1'); _outln_nvram('remote_management', '1'); _outln_nvram('remote_mgt_https', '1'); _outln_nvram('snmpd_enable', '1'); _outln_nvram('snmpd_sysname', 'guifi.net'); _outln_nvram('snmpd_syscontact', 'guifi_at_guifi.net'); _outln_nvram('boot_wait', 'on'); _outln_comment(t('This is just a fake key. You must install a trusted key if you like to have you router managed externally')); _outln_nvram('sshd_authorized_keys', 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwWNX4942fQExw4Hph2M/sxOAWVE9PB1I4JnNyhoWuF9vid0XcU34kwWqBBlI+LjDErCQyaR4ysFgDX61V4kUuCKwBOMp+UGxhL648VTv5Qji/YwvIzt7nguUOZ5AGPISqsC0717hc0Aja1mvHkQqg9aXKznmszmyKZGhcm2+SU8= root@bandoler.guifi.net'); // For DD-WRTv23 _outln_nvram('http_enable', '1'); _outln_nvram('https_enable', '1'); _outln_comment(); _outln_comment('NTP Network time protocol'); $ntp = guifi_get_ntp($zone, 1); if (empty($ntp)) { _outln_nvram('ntp_enable', '0'); } else { _outln_nvram('ntp_enable', '1'); _outln_nvram('ntp_server', $ntp); } _outln_comment(); switch ($dev->radios[0][mode]) { case "ap": case "AP": _outln_comment(t('AP mode')); _outln_nvram('wl_mode', 'ap'); _outln_nvram('wl0_mode', 'ap'); _outln_nvram('wl_channel', $dev->radios[0][channel]); _outln_nvram('wl_ssid', 'guifi.net-' . guifi_to_7bits($dev->radios[0][ssid])); _outln_nvram('wl_macmode', 'disable'); _outln_nvram('wl0_macmode', 'disable'); _outln_nvram('wl_macmode1', 'disable'); _outln_nvram('wl0_macmode1', 'disable'); guifi_unsolclic_ospf($dev, $zone); guifi_unsolclic_dhcp($dev); guifi_unsolclic_wds_vars($dev); break; case 'client': _outln_comment(t('Client mode')); $ap_macs = array(); foreach ($dev->radios[0]['interfaces'] as $interface_id => $interface) { foreach ($interface[ipv4] as $ipv4_id => $ipv4) { if (isset($ipv4[links])) { foreach ($ipv4[links] as $key => $link) { if ($link['link_type'] == 'ap/client') { $ap_macs[] = $link['interface']['mac']; $gateway = $link['interface']['ipv4']['ipv4']; if ($dev->variable['firmware'] == 'Alchemy' or $dev->variable['firmware'] == 'Talisman') { _outln_nvram('wl_mode', 'wet'); _outln_nvram('wl0_mode', 'wet'); _outln_nvram('wl_ssid', 'guifi.net-' . guifi_get_ap_ssid($link['interface']['device_id'], $link['interface']['radiodev_counter'])); } if ($dev->variable['firmware'] == 'DD-WRTv23' or $dev->variable['firmware'] == 'DD-guifi') { _outln_nvram('wl_mode', 'sta'); _outln_nvram('wl0_mode', 'sta'); _outln_nvram('wl_ssid', 'guifi.net-' . guifi_get_ap_ssid($link['interface']['device_id'], $link['interface']['radiodev_counter'])); } _outln_nvram('wan_gateway', $gateway); } } } } } if ($dev->variable['firmware'] == 'Alchemy') { $filter = implode(" ", $ap_macs); if ($filter == "") { _outln_comment(t('WARNING: AP MAC not set')); $filter = "FF:FF:FF:FF:FF:FF"; } _outln_nvram('wl_macmode', 'allow'); _outln_nvram('wl0_macmode', 'allow'); _outln_nvram('wl_macmode1', 'other'); _outln_nvram('wl0_macmode1', 'other'); _outln_nvram('wl_maclist', $filter); _outln_nvram('wl0_maclist', $filter); _outln_nvram('wl_mac_list', $filter); _outln_nvram('wl0_mac_list', $filter); } else { _outln_nvram('wl_macmode', 'disabled'); _outln_nvram('wl0_macmode', 'disabled'); _outln_nvram('wl_macmode1', 'disabled'); _outln_nvram('wl0_macmode1', 'disabled'); } $lan = guifi_unsolclic_if($dev->id, 'Lan'); if ($lan) { guifi_unsolclic_ospf($dev, $zone); break; } else { guifi_unsolclic_gateway($dev); break; } } _outln_comment(); }