search

Ansuel / tch-nginx-gui

Modified file to apply to a stock technicolor GUI
GNU General Public License v3.0
344 stars 52 forks source link

VPN Tab for GUI #252

Closed kevdagoat closed 5 years ago

kevdagoat commented 6 years ago

I found this repo yesterday about the tg799vac X-TREAM: https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT/

I asked about the VPN tab: https://github.com/wuseman/TG799VAC-XTREME-17.2-MINT/issues/2

Will try the listed uci commands later tonight.

Big thanks to @wuseman !

kevdagoat commented 6 years ago

If it does work, I will add it into rootdevice

Ansuel commented 6 years ago

think we should first ask permission to include it

kevdagoat commented 6 years ago

Of course!

Ansuel commented 5 years ago

waiting for a pull request to merge this

kevdagoat commented 5 years ago

Don’t have it done yet. Haven’t managed to get it to work on my TG799vac due to the lack of openvpn.

BreakSecurity commented 5 years ago

Have you made any progress on this?

kevdagoat commented 5 years ago

Nope

On 21 Oct 2018, at 5:21 am, BreakSecurity notifications@github.com wrote:

Have you made any progress on this?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

kevdagoat commented 5 years ago

Waiting for @wuseman to run opkg files openvpn

If anyone has this daemon installed, please run the above command! It will speed up intergration massively

ghost commented 5 years ago

I got a new router since my old router can't boot anymore and i need a new firmware for it so i can't run opkg files openvpn cause i do not have it installed on this latest device fyi. I will try to install openvpn again on this new device, it's not installed from default.

ghost commented 5 years ago

root@OpenWrt:~# opkg files openvpn-openssl Package openvpn-openssl (2.3.6-5) is installed on root and has the following files: /etc/config/openvpn /etc/init.d/openvpn /usr/sbin/openvpn /lib/upgrade/keep.d/openvpn

kevdagoat commented 5 years ago

Thanks for that.

Sent from Mail for Windows 10

From: wuseman Sent: Wednesday, October 31, 2018 4:17 PM To: Ansuel/tch-nginx-gui Cc: Kevdagoat; Author Subject: Re: [Ansuel/tch-nginx-gui] VPN Tab for GUI (#252)

root@OpenWrt:~# opkg files openvpn-openssl Package openvpn-openssl (2.3.6-5) is installed on root and has the following files: /etc/config/openvpn /etc/init.d/openvpn /usr/sbin/openvpn /lib/upgrade/keep.d/openvpn — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

kevdagoat commented 5 years ago

Have you tried tftp flashing?

Sent from Mail for Windows 10

From: wuseman Sent: Wednesday, October 31, 2018 4:12 PM To: Ansuel/tch-nginx-gui Cc: Kevdagoat; Author Subject: Re: [Ansuel/tch-nginx-gui] VPN Tab for GUI (#252)

I got a new router since my old router can't boot anymore and i need a new firmware for it so i can't run opkg files openvpn cause i do not have it installed on this latest device fyi. I will try to install openvpn again on this new device, it's not installed from default. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

ghost commented 5 years ago

Yes, the router receives the firmware file (tried both rbi and bin files) and the ethernet light is flashing really really fast all the time during the transfer, the power led is flashing orange with 1s interval. When transfer is done it takes around 5 seconds and then router reboots. When the router booting up again the power led will become orange immediately for about 20 seconds and after these 20 seconds ethernet led will flash green again and asking for the BOOTUP FILE again like nothing has happen. In wireshark I see router asks for a firmware filename to be VBNT-H and ofc i have tried to rename the files to VBNT-H without any luck. I can ping router for a few seconds it accepts this when it's in BOOTUP mode but the problem is that I can not connect via telnet or ssh because port 22 and 23 is filtered and i just getting connection refuse when i am trying(this is really weird). The firmware in my repo is from a tg799vac xtream v2 but i need a v3 firmware, but I'm not giving up, I've tried to get the key to the acs server on my new router for 3 days in row now :unamused:

Screenshot Screenshot

ghost commented 5 years ago

If you delete the cwmpd.db file the router will try to retrieve it again and by this way I'm close to finally get the firmware file. In current firmware the cwmpd.db don't help me much, here is output:

transfer80fae7d6eada3e729f19d63d3f145fd8TargetFileNameT8 transfer80515795b5f637b497d453873fa2d6eeStartTime transfer80515795b5f637b497d453873fa2d6eeSubState transfer80515795b5f637b497d453873fa2d6eeUsernames1 transfer80515795b5f637b497d453873fa2d6eeURLr transfer80fae7d6eada3e729f19d63d3f145fd8Password\ M%5transfer2a3aae864a48 Stransfer80515795b5f637b497d453873fa2d6eeURLhttp://192.168.21.52:7547/ACS-server/FileServlet/enCore/8f1964647015394bb7f444/w. Ctransfer80515795b5f637b497eType3AFen0ronfigurationile6p transfer80515795b5f637b497d453873fa2d6eeSubState0 transfer80515795b5f637b497d453873fa2d6eeState07n transfer80515795b5f637b497d453873fa2d6eeFailureUrl7m transfer80515795b5f637b497d453873fa2d6eeSuccessUrl;l

I have managed to figure out everything in plain text except the firmware filename ofc. I know wich folder it is stored in atleast. I also have been trying to fuzzing the acs server without any luck.

kevdagoat commented 5 years ago

If you want to disable your routers auto firmware upgrade when playing around with cwmp rename these files: /lib/upgrade/common.sh /lib/upgrade/mmpbx.sh /lib/upgrade/platform.sh /lib/upgrade/rbi_vrss.lua /sbin/sysupgrade

ghost commented 5 years ago

These files have I completely missed. Thank you very much.

Ansuel commented 5 years ago

If you need the output filename the just modify the script to output it...

Il giorno Mer 31 Ott 2018, 11:10 wuseman notifications@github.com ha scritto:

These files have I completely missed. Thank you very much.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/Ansuel/tch-nginx-gui/issues/252#issuecomment-434631129, or mute the thread https://github.com/notifications/unsubscribe-auth/ATWWQi6KdtQHTKBkYF50Ctj5VJG09i8mks5uqXcQgaJpZM4XJWI_ .

kevdagoat commented 5 years ago

do not have it installed on this latest device fyi

Did you manually compile the package and install it?

ghost commented 5 years ago

do not have it installed on this latest device fyi

Did you manually compile the package and install it?

Hey again, i have setup openvpn on my technicolor router again.

Uploaded a video and commands for setup openvpn below. Actually i am working on a script for install openvpn on a very simple way but it might take some time so I will show you exactly how i did.. (THIS IS BY COMMANDLINE ONLY)

NOTICE this is only for setup openvpn as a client, not as a server on your side so you will need vpn configurations - you also can set remote.ip, ports etc manually but i prefer to just scp over the configs and then run the commands below and then all devices on localnetwork are protected by the vpn. The script in video i execute is identical as i pasted all settings below. Thats all.

Install openvpn-util )

opkg update opkg install openvpn-openssl openvpn-util # version 2.3.6-5 is installed

Configure your vpn:

uci set openvpn.wuseman.uk_client=openvpn uci set openvpn.wuseman.uk_client.enabled='1' uci set openvpn.wuseman.uk_client.client='1' uci set openvpn.wuseman.uk_client.dev='tun' uci set openvpn.wuseman.uk_client.proto='udp' uci set openvpn.wuseman.uk_client.resolv_retry='infinite' uci set openvpn.wuseman.uk_client.persist_key='1' uci set openvpn.wuseman.uk_client.persist_tun='1' uci set openvpn.wuseman.uk_client.ca='/etc/openvpn/wuseman.uk/keys/ca.crt' uci set openvpn.wuseman.uk_client.cert='/etc/openvpn/wuseman.uk/keys/wuseman.crt' uci set openvpn.wuseman.uk_client.key='/etc/openvpn/wuseman.uk/keys/wuseman.key' uci set openvpn.wuseman.uk_client.csr='/etc/openvpn/wuseman.uk/keys/wuseman.csr' uci set openvpn.wuseman.uk_client.tls_auth='/etc/openvpn/wuseman.uk/keys/tls-auth.key 1' uci set openvpn.wuseman.uk_client.config='/etc/openvpn/wuseman.uk/openvpn.conf' uci set openvpn.wuseman.uk_client.comp_lzo='yes' uci set openvpn.wuseman.uk_client.verb='3'

Network Interface For TUN (required)

uci set network.wuseman.uk_client=interface
uci set network.wuseman.uk_client.proto='dhcp' # Options: 'dhcp' 'none' uci set network.wuseman.uk_client.ifname='tun0' # Wont be listed in 'ifconfig' so dont be confused

Firewall

echo "# Generated by w-openvpn-install.sh" > w-openvpn.log uci add firewall zone >> w-openvpn.log uci set firewall.@zone[-1].name='vpn' uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].masq='1' uci set firewall.@zone[-1].mtu_fix='1' uci add_list firewall.@zone[-1].network='wuseman.uk_client'

Now we need forward our lan2vpn

uci add firewall forwarding uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpn'

REQUIRED - Set This OR You Will Be Without Internet

uci add_list dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4' uci set network.wan.peerdns='0' # Disable DNS provided by DHCP uci del network.wan.dns # Deletes the previous list of DNS if exist. uci add_list network.wan.dns='8.8.8.8' # Google Public DNS, it works perfect uci add_list network.wan.dns='8.8.4.4' # ... -:- ^

Commit Changes

uci commit

Get connected.

/etc/init.d/network start # Restart network. /etc/init.d/firewall reload # Reload firewall rules /etc/init.d/openvpn start # Starting openvpn

This is output from my syslog:

Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: OpenVPN 2.3.6 [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015 Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/wuseman.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/tls-auth.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel Authentication: using 'keys/tls-auth.key' as a OpenVPN static key file Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Socket Buffers: R=[163840->131072] S=[163840->131072] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link local: [undef] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xx:1194 Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xx:1194, sid=1f13cc12 99qqf712d Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: nsCertType=SERVER Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: [chapterhouse] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xx:1194

Video: Screenshot

kevdagoat commented 5 years ago

Thanks for that! Looks good.

Will go ahead and integrate this into the GUI.

On 6 Nov 2018, at 5:43 am, wuseman notifications@github.com wrote:

do not have it installed on this latest device fyi

Did you manually compile the package and install it?

Hey again, i have setup openvpn on my technicolor router again.

Uploaded a video and commands for setup openvpn below. Actually i am working on a script for install openvpn on a very simple way but it might take some time so I will show you exactly how i did.. (THIS IS BY COMMANDLINE ONLY)

NOTICE this is only for setup openvpn as a client, not as a server on your side so you will need vpn configurations - you also can set remote.ip, ports etc manually but i prefer to just scp over the configs and then set the settings below.

Install openvpn-util )

opkg update opkg install openvpn-openssl openvpn-util # version 2.3.6-5 is installed

Configure your vpn:

uci set openvpn.wuseman.uk_client=openvpn uci set openvpn.wuseman.uk_client.enabled='1' uci set openvpn.wuseman.uk_client.client='1' uci set openvpn.wuseman.uk_client.dev='tun' uci set openvpn.wuseman.uk_client.proto='udp' uci set openvpn.wuseman.uk_client.resolv_retry='infinite' uci set openvpn.wuseman.uk_client.persist_key='1' uci set openvpn.wuseman.uk_client.persist_tun='1' uci set openvpn.wuseman.uk_client.ca='/etc/openvpn/wuseman.uk/keys/ca.crt' uci set openvpn.wuseman.uk_client.cert='/etc/openvpn/wuseman.uk/keys/wuseman.crt' uci set openvpn.wuseman.uk_client.key='/etc/openvpn/wuseman.uk/keys/wuseman.key' uci set openvpn.wuseman.uk_client.csr='/etc/openvpn/wuseman.uk/keys/wuseman.csr' uci set openvpn.wuseman.uk_client.tls_auth='/etc/openvpn/wuseman.uk/keys/tls-auth.key 1' uci set openvpn.wuseman.uk_client.config='/etc/openvpn/wuseman.uk/openvpn.conf' uci set openvpn.wuseman.uk_client.comp_lzo='yes' uci set openvpn.wuseman.uk_client.verb='3'

Network Interface For TUN (required)

uci set network.wuseman.uk_client=interface uci set network.wuseman.uk_client.proto='dhcp' # Options: 'dhcp' 'none' uci set network.wuseman.uk_client.ifname='tun0' # Wont be listed in 'ifconfig' so dont be confused

Firewall

echo "# Generated by w-openvpn-install.sh" > w-openvpn.log uci add firewall zone >> w-openvpn.log uci set firewall.@zone[-1].name='vpn' uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].masq='1' uci set firewall.@zone[-1].mtu_fix='1' uci add_list firewall.@zone[-1].network='wuseman.uk_client'

Now we need forward our lan2vpn

uci add firewall forwarding uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].dest='vpn'

REQUIRED - Set This OR You Will Be Without Internet

uci add_list dhcp.lan.dhcp_option='6,8.8.8.8,8.8.4.4' uci set network.wan.peerdns='0' # Disable DNS provided by DHCP uci del network.wan.dns # Deletes the previous list of DNS if exist. uci add_list network.wan.dns='8.8.8.8' # Google Public DNS, it works perfect uci add_list network.wan.dns='8.8.4.4' # ... -:- ^

Commit Changes

uci commit

Get connected.

/etc/init.d/network start # Restart network. /etc/init.d/firewall reload # Reload firewall rules /etc/init.d/openvpn start # Starting openvpn

This is output from my syslog:

Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: OpenVPN 2.3.6 [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 25 2015 Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/wuseman.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.warn openvpn(wuseman.uk_client)[3313]: WARNING: file 'keys/tls-auth.key' is group or others accessible Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel Authentication: using 'keys/tls-auth.key' as a OpenVPN static key file Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:33 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Socket Buffers: R=[163840->131072] S=[163840->131072] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link local: [undef] Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xx:1194 Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xx:1194, sid=1f13cc12 99qqf712d Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=1, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: nsCertType=SERVER Mon Nov 5 17:38:34 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: VERIFY OK: depth=0, C=UK, ST=Ceredigion, L=Aberystwyth, O=wuseman.uk, OU=MyOrganizationalUnit, CN=chapterhouse, name=chapterhouse, emailAddress=xxxxxx@xxxx.com Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: Control Channel: TLSv1, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2048 bit RSA Mon Nov 5 17:38:39 2018 daemon.notice openvpn(wuseman.uk_client)[3313]: [chapterhouse] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xx:1194

Video:

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

BreakSecurity commented 5 years ago

Any news on this? @kevdagoat @Ansuel

BreakSecurity commented 5 years ago

So no news on this?

kevdagoat commented 5 years ago

Currently not as my SSD has failed with all of my code work on it :(

Hence why I haven’t been contributing

On 16 Dec 2018, at 11:41 pm, BreakSecurity notifications@github.com wrote:

So no news on this?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

kevdagoat commented 5 years ago

This is on my list todo