Closed kevdagoat closed 5 years ago
If it does work, I will add it into rootdevice
think we should first ask permission to include it
Of course!
waiting for a pull request to merge this
Don’t have it done yet. Haven’t managed to get it to work on my TG799vac due to the lack of openvpn.
Have you made any progress on this?
Nope
On 21 Oct 2018, at 5:21 am, BreakSecurity notifications@github.com wrote:
Have you made any progress on this?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
Waiting for @wuseman to run
opkg files openvpn
If anyone has this daemon installed, please run the above command! It will speed up intergration massively
I got a new router since my old router can't boot anymore and i need a new firmware for it so i can't run opkg files openvpn cause i do not have it installed on this latest device fyi. I will try to install openvpn again on this new device, it's not installed from default.
root@OpenWrt:~# opkg files openvpn-openssl Package openvpn-openssl (2.3.6-5) is installed on root and has the following files: /etc/config/openvpn /etc/init.d/openvpn /usr/sbin/openvpn /lib/upgrade/keep.d/openvpn
Thanks for that.
Sent from Mail for Windows 10
From: wuseman Sent: Wednesday, October 31, 2018 4:17 PM To: Ansuel/tch-nginx-gui Cc: Kevdagoat; Author Subject: Re: [Ansuel/tch-nginx-gui] VPN Tab for GUI (#252)
root@OpenWrt:~# opkg files openvpn-openssl Package openvpn-openssl (2.3.6-5) is installed on root and has the following files: /etc/config/openvpn /etc/init.d/openvpn /usr/sbin/openvpn /lib/upgrade/keep.d/openvpn — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
Have you tried tftp flashing?
Sent from Mail for Windows 10
From: wuseman Sent: Wednesday, October 31, 2018 4:12 PM To: Ansuel/tch-nginx-gui Cc: Kevdagoat; Author Subject: Re: [Ansuel/tch-nginx-gui] VPN Tab for GUI (#252)
I got a new router since my old router can't boot anymore and i need a new firmware for it so i can't run opkg files openvpn cause i do not have it installed on this latest device fyi. I will try to install openvpn again on this new device, it's not installed from default. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
Yes, the router receives the firmware file (tried both rbi and bin files) and the ethernet light is flashing really really fast all the time during the transfer, the power led is flashing orange with 1s interval. When transfer is done it takes around 5 seconds and then router reboots. When the router booting up again the power led will become orange immediately for about 20 seconds and after these 20 seconds ethernet led will flash green again and asking for the BOOTUP FILE again like nothing has happen. In wireshark I see router asks for a firmware filename to be VBNT-H and ofc i have tried to rename the files to VBNT-H without any luck. I can ping router for a few seconds it accepts this when it's in BOOTUP mode but the problem is that I can not connect via telnet or ssh because port 22 and 23 is filtered and i just getting connection refuse when i am trying(this is really weird). The firmware in my repo is from a tg799vac xtream v2 but i need a v3 firmware, but I'm not giving up, I've tried to get the key to the acs server on my new router for 3 days in row now :unamused:
If you delete the cwmpd.db file the router will try to retrieve it again and by this way I'm close to finally get the firmware file. In current firmware the cwmpd.db don't help me much, here is output:
transfer80fae7d6eada3e729f19d63d3f145fd8TargetFileNameT8 transfer80515795b5f637b497d453873fa2d6eeStartTime transfer80515795b5f637b497d453873fa2d6eeSubState transfer80515795b5f637b497d453873fa2d6eeUsernames1 transfer80515795b5f637b497d453873fa2d6eeURLr transfer80fae7d6eada3e729f19d63d3f145fd8Password\ M%5transfer2a3aae864a48 Stransfer80515795b5f637b497d453873fa2d6eeURLhttp://192.168.21.52:7547/ACS-server/FileServlet/enCore/8f1964647015394bb7f444/w. Ctransfer80515795b5f637b497eType3AFen0ronfigurationile6p transfer80515795b5f637b497d453873fa2d6eeSubState0 transfer80515795b5f637b497d453873fa2d6eeState07n transfer80515795b5f637b497d453873fa2d6eeFailureUrl7m transfer80515795b5f637b497d453873fa2d6eeSuccessUrl;l
I have managed to figure out everything in plain text except the firmware filename ofc. I know wich folder it is stored in atleast. I also have been trying to fuzzing the acs server without any luck.
If you want to disable your routers auto firmware upgrade when playing around with cwmp rename these files: /lib/upgrade/common.sh /lib/upgrade/mmpbx.sh /lib/upgrade/platform.sh /lib/upgrade/rbi_vrss.lua /sbin/sysupgrade
These files have I completely missed. Thank you very much.
If you need the output filename the just modify the script to output it...
Il giorno Mer 31 Ott 2018, 11:10 wuseman notifications@github.com ha scritto:
These files have I completely missed. Thank you very much.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Ansuel/tch-nginx-gui/issues/252#issuecomment-434631129, or mute the thread https://github.com/notifications/unsubscribe-auth/ATWWQi6KdtQHTKBkYF50Ctj5VJG09i8mks5uqXcQgaJpZM4XJWI_ .
do not have it installed on this latest device fyi
Did you manually compile the package and install it?
do not have it installed on this latest device fyi
Did you manually compile the package and install it?
Hey again, i have setup openvpn on my technicolor router again.
Uploaded a video and commands for setup openvpn below. Actually i am working on a script for install openvpn on a very simple way but it might take some time so I will show you exactly how i did.. (THIS IS BY COMMANDLINE ONLY)
NOTICE this is only for setup openvpn as a client, not as a server on your side so you will need vpn configurations - you also can set remote.ip, ports etc manually but i prefer to just scp over the configs and then run the commands below and then all devices on localnetwork are protected by the vpn. The script in video i execute is identical as i pasted all settings below. Thats all.
opkg update opkg install openvpn-openssl openvpn-util # version 2.3.6-5 is installed
uci set openvpn.wuseman.uk_client=openvpn uci set openvpn.wuseman.uk_client.enabled='1' uci set openvpn.wuseman.uk_client.client='1' uci set openvpn.wuseman.uk_client.dev='tun' uci set openvpn.wuseman.uk_client.proto='udp' uci set openvpn.wuseman.uk_client.resolv_retry='infinite' uci set openvpn.wuseman.uk_client.persist_key='1' uci set openvpn.wuseman.uk_client.persist_tun='1' uci set openvpn.wuseman.uk_client.ca='/etc/openvpn/wuseman.uk/keys/ca.crt' uci set openvpn.wuseman.uk_client.cert='/etc/openvpn/wuseman.uk/keys/wuseman.crt' uci set openvpn.wuseman.uk_client.key='/etc/openvpn/wuseman.uk/keys/wuseman.key' uci set openvpn.wuseman.uk_client.csr='/etc/openvpn/wuseman.uk/keys/wuseman.csr' uci set openvpn.wuseman.uk_client.tls_auth='/etc/openvpn/wuseman.uk/keys/tls-auth.key 1' uci set openvpn.wuseman.uk_client.config='/etc/openvpn/wuseman.uk/openvpn.conf' uci set openvpn.wuseman.uk_client.comp_lzo='yes' uci set openvpn.wuseman.uk_client.verb='3'
uci set network.wuseman.uk_client=interface
uci set network.wuseman.uk_client.proto='dhcp' # Options: 'dhcp' 'none'
uci set network.wuseman.uk_client.ifname='tun0' # Wont be listed in 'ifconfig' so dont be confused
echo "# Generated by w-openvpn-install.sh" > w-openvpn.log uci add firewall zone >> w-openvpn.log uci set firewall.@zone[-1].name='vpn' uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].masq='1' uci set firewall.@zone[-1].mtu_fix='1' uci add_list firewall.@zone[-1].network='wuseman.uk_client'
uci add firewall forwarding uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpn'
uci add_list dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4' uci set network.wan.peerdns='0' # Disable DNS provided by DHCP uci del network.wan.dns # Deletes the previous list of DNS if exist. uci add_list network.wan.dns='8.8.8.8' # Google Public DNS, it works perfect uci add_list network.wan.dns='8.8.4.4' # ... -:- ^
uci commit
/etc/init.d/network start # Restart network. /etc/init.d/firewall reload # Reload firewall rules /etc/init.d/openvpn start # Starting openvpn
Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: OpenVPN 2.3.6 [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015 Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/wuseman.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/tls-auth.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel Authentication: using 'keys/tls-auth.key' as a OpenVPN static key file Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Socket Buffers: R=[163840->131072] S=[163840->131072] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link local: [undef] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xx:1194 Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xx:1194, sid=1f13cc12 99qqf712d Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: nsCertType=SERVER Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: [chapterhouse] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xx:1194
Video:
Thanks for that! Looks good.
Will go ahead and integrate this into the GUI.
On 6 Nov 2018, at 5:43 am, wuseman notifications@github.com wrote:
do not have it installed on this latest device fyi
Did you manually compile the package and install it?
Hey again, i have setup openvpn on my technicolor router again.
Uploaded a video and commands for setup openvpn below. Actually i am working on a script for install openvpn on a very simple way but it might take some time so I will show you exactly how i did.. (THIS IS BY COMMANDLINE ONLY)
NOTICE this is only for setup openvpn as a client, not as a server on your side so you will need vpn configurations - you also can set remote.ip, ports etc manually but i prefer to just scp over the configs and then set the settings below.
Install openvpn-util )
opkg update opkg install openvpn-openssl openvpn-util # version 2.3.6-5 is installed
Configure your vpn:
uci set openvpn.wuseman.uk_client=openvpn uci set openvpn.wuseman.uk_client.enabled='1' uci set openvpn.wuseman.uk_client.client='1' uci set openvpn.wuseman.uk_client.dev='tun' uci set openvpn.wuseman.uk_client.proto='udp' uci set openvpn.wuseman.uk_client.resolv_retry='infinite' uci set openvpn.wuseman.uk_client.persist_key='1' uci set openvpn.wuseman.uk_client.persist_tun='1' uci set openvpn.wuseman.uk_client.ca='/etc/openvpn/wuseman.uk/keys/ca.crt' uci set openvpn.wuseman.uk_client.cert='/etc/openvpn/wuseman.uk/keys/wuseman.crt' uci set openvpn.wuseman.uk_client.key='/etc/openvpn/wuseman.uk/keys/wuseman.key' uci set openvpn.wuseman.uk_client.csr='/etc/openvpn/wuseman.uk/keys/wuseman.csr' uci set openvpn.wuseman.uk_client.tls_auth='/etc/openvpn/wuseman.uk/keys/tls-auth.key 1' uci set openvpn.wuseman.uk_client.config='/etc/openvpn/wuseman.uk/openvpn.conf' uci set openvpn.wuseman.uk_client.comp_lzo='yes' uci set openvpn.wuseman.uk_client.verb='3'
Network Interface For TUN (required)
uci set network.wuseman.uk_client=interface uci set network.wuseman.uk_client.proto='dhcp' # Options: 'dhcp' 'none' uci set network.wuseman.uk_client.ifname='tun0' # Wont be listed in 'ifconfig' so dont be confused
Firewall
echo "# Generated by w-openvpn-install.sh" > w-openvpn.log uci add firewall zone >> w-openvpn.log uci set firewall.@zone[-1].name='vpn' uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].masq='1' uci set firewall.@zone[-1].mtu_fix='1' uci add_list firewall.@zone[-1].network='wuseman.uk_client'
Now we need forward our lan2vpn
uci add firewall forwarding uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpn'
REQUIRED - Set This OR You Will Be Without Internet
uci add_list dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4' uci set network.wan.peerdns='0' # Disable DNS provided by DHCP uci del network.wan.dns # Deletes the previous list of DNS if exist. uci add_list network.wan.dns='8.8.8.8' # Google Public DNS, it works perfect uci add_list network.wan.dns='8.8.4.4' # ... -:- ^
Commit Changes
uci commit
Get connected.
/etc/init.d/network start # Restart network. /etc/init.d/firewall reload # Reload firewall rules /etc/init.d/openvpn start # Starting openvpn
This is output from my syslog:
Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: OpenVPN 2.3.6 [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015 Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/wuseman.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/tls-auth.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel Authentication: using 'keys/tls-auth.key' as a OpenVPN static key file Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Socket Buffers: R=[163840->131072] S=[163840->131072] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link local: [undef] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xx:1194 Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xx:1194, sid=1f13cc12 99qqf712d Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: nsCertType=SERVER Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: [chapterhouse] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xx:1194
Video:
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
Any news on this? @kevdagoat @Ansuel
So no news on this?
Currently not as my SSD has failed with all of my code work on it :(
Hence why I haven’t been contributing
On 16 Dec 2018, at 11:41 pm, BreakSecurity notifications@github.com wrote:
So no news on this?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
This is on my list todo
I found this repo yesterday about the tg799vac X-TREAM: https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT/
I asked about the VPN tab: https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT/issues/2
Will try the listed uci commands later tonight.
Big thanks to @wuseman !