Browse Source

travelmate: update to release 2.0

- new package dependency: curl (plus one of the wpad variants)
- optional package dependencies:
  - 'msmtp' for email notification support
  - 'wireguard' or 'openvpn' for vpn support
- removed WEP support, only WPA/WPA2/WPA3 are supported!
- new, more robust setup wizard (CLI and LuCI)
- more robust captive portal detection
- randomize mac addresses with every uplnk connect
- automatic vpn handling during uplink switch (only classic/simple
  client-setups for wireguard or openvpn are supported)
- email notifications after successful uplink connections
- automatically disable uplinks after n minutes, e.g. for timed
  connections
- automatically (re-)enable uplinks after n minutes, e.g. after failed
  login attempts
- complete LuCI rewrite - migrated to client side JS (separate PR)

Signed-off-by: Dirk Brenken <dev@brenken.org>
lilik-openwrt-22.03
Dirk Brenken 4 years ago
parent
commit
dd70304ca0
No known key found for this signature in database GPG Key ID: 9D71CD547BFAE684
12 changed files with 1263 additions and 474 deletions
  1. +7
    -3
      net/travelmate/Makefile
  2. +128
    -103
      net/travelmate/files/README.md
  3. +37
    -0
      net/travelmate/files/chs-hotel.login
  4. +53
    -0
      net/travelmate/files/db-bahn.login
  5. +37
    -0
      net/travelmate/files/h-hotels.login
  6. +2
    -10
      net/travelmate/files/travelmate.conf
  7. +120
    -17
      net/travelmate/files/travelmate.init
  8. +72
    -0
      net/travelmate/files/travelmate.mail
  9. +625
    -323
      net/travelmate/files/travelmate.sh
  10. +141
    -0
      net/travelmate/files/travelmate.vpn
  11. +31
    -0
      net/travelmate/files/travelmate_ntp.hotplug
  12. +10
    -18
      net/travelmate/files/wifionice.login

+ 7
- 3
net/travelmate/Makefile View File

@ -6,8 +6,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=travelmate
PKG_VERSION:=1.5.4
PKG_RELEASE:=3
PKG_VERSION:=2.0.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
@ -17,7 +17,7 @@ define Package/travelmate
SECTION:=net
CATEGORY:=Network
TITLE:=A wlan connection manager for travel router
DEPENDS:=+iwinfo +jshn +jsonfilter +uclient-fetch +dnsmasq
DEPENDS:=+iwinfo +jshn +jsonfilter +curl +ca-bundle +dnsmasq
PKGARCH:=all
endef
@ -47,10 +47,14 @@ define Package/travelmate/install
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/travelmate.init $(1)/etc/init.d/travelmate
$(INSTALL_DIR) $(1)/etc/hotplug.d/ntp
$(INSTALL_BIN) ./files/travelmate_ntp.hotplug $(1)/etc/hotplug.d/ntp/25-travelmate_ntp
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/travelmate.conf $(1)/etc/config/travelmate
$(INSTALL_DIR) $(1)/etc/travelmate
$(INSTALL_BIN) ./files/travelmate.mail $(1)/etc/travelmate
$(INSTALL_BIN) ./files/*.login $(1)/etc/travelmate
endef


+ 128
- 103
net/travelmate/files/README.md View File

@ -9,146 +9,171 @@ To avoid these kind of deadlocks, travelmate will set all station interfaces to
* STA interfaces operating in an "always off" mode, to make sure that the AP is always accessible
* easy setup within normal OpenWrt environment
* strong LuCI-Support with builtin interface wizard and a wireless station manager
* render the QR-Code of the selected Access Point in LuCI to comfortably transfer the WLAN credentials to your mobile devices
* fast uplink connections
* support all kinds of uplinks, incl. hidden and enterprise uplinks
* support all kinds of uplinks, incl. hidden and enterprise uplinks (WEP-based uplinks are no longer supported!)
* continuously checks the existing uplink connection (quality), e.g. for conditional uplink (dis-) connections
* automatically add open uplinks to your wireless config, e.g. hotel captive portals
* captive portal detection with internet online check and a 'heartbeat' function to keep the uplink connection up & running
* captive portal auto-login hook (configured via uci/LuCI), you could reference an external script for captive portal auto-logins (see example below)
* captive portal auto-login hook (configured via uci/LuCI), you are able to reference an external script for captive portal auto-logins (see example below)
* includes a vpn hook with support for 'wireguard' or 'openvpn' client setups to handle VPN (re-) connections automatically
* includes an email hook to 'msmtp' to send notification e-mails after every succesful uplink connect
* proactively scan and switch to a higher prioritized uplink, despite of an already existing connection
* connection tracking which keeps start and end date of an uplink connection
* automatically disable the uplink after n minutes, e.g. for timed connections
* automatically (re-)enable the uplink after n minutes, e.g. after failed login attempts
* option to generate a random unicast MAC address for each uplink connection
* ntp time sync before sending emails
* support devices with multiple radios in any order
* procd init and hotplug support
* procd init and ntp-hotplug support
* runtime information available via LuCI & via 'status' init command
* status & debug logging to syslog
* optional: the LuCI frontend shows the WiFi QR codes from all configured Access Points. It allows you to connect your Android or iOS devices to your router’s WiFi using the QR code
## Prerequisites
* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest OpenWrt snapshot
* iwinfo for wlan scanning, uclient-fetch for captive portal detection, dnsmasq as dns backend
* optional: qrencode 4.x for QR code support
* optional: wpad (the full version, not wpad-mini) to use Enterprise WiFi
* optional: curl to use external scripts for captive portal auto-logins
* [OpenWrt](https://openwrt.org), only compatible with the forthcoming stable 20.x or the latest OpenWrt snapshot
* 'dnsmasq' as dns backend
* 'iwinfo' for wlan scanning
* 'curl' for connection checking and all kinds of captive portal magic, e.g. cp detection and auto-logins
* a 'wpad' variant to support various WPA encrypted networks (WEP-based uplinks are no longer supported!)
* optional: 'qrencode' for AP QR code support
* optional: 'wireguard' or 'openvpn' for vpn client connections
* optional: 'msmtp' to send out travelmate related status messages via email
## Installation & Usage
* download the package [here](https://downloads.openwrt.org/snapshots/packages/x86_64/packages)
* install 'travelmate' (_opkg install travelmate_)
* configure your network:
* recommended: use the LuCI frontend with builtin interface wizard and a wireless station manager
* manual: see detailed configuration steps below
* at least you need one configured AP and one STA interface
## LuCI travelmate companion package
* download the package [here](https://downloads.openwrt.org/snapshots/packages/x86_64/luci)
* install 'luci-app-travelmate' (_opkg install luci-app-travelmate_)
* the application is located in LuCI under 'Services' menu
* before you start with travelmate you should setup at least one Access Point, ideally on a separate radio
* download [travelmate](https://downloads.openwrt.org/snapshots/packages/x86_64/packages)
* download [luci-app-travelmate](https://downloads.openwrt.org/snapshots/packages/x86_64/luci)
* install both packages (_opkg install travelmate_, _opkg install luci-app-travelmate_)
* the LuCI application is located under the 'Services' menu
* start the travelmate 'Interface Wizard' once
* add multiple uplink stations as you like via the 'Wireless Stations' tab
* happy traveling ...
## Travelmate config options
* usually the pre-configured travelmate setup works quite well and no manual config overrides are needed, all listed options apply to the 'global' section:
* trm\_enabled => main switch to enable/disable the travelmate service (bool/default: '0', disabled)
* trm\_debug => enable/disable debug logging (bool/default: '0', disabled)
* trm\_captive => enable/disable the captive portal detection (bool/default: '1', enabled)
* trm\_proactive => enable/disable the proactive uplink switch (bool/default: '1', enabled)
* trm\_autoadd => automatically add open uplinks to your wireless config (bool/default: '0', disabled)
* trm\_minquality => minimum signal quality threshold as percent for conditional uplink (dis-) connections (int/default: '35', valid range: 20-80)
* trm\_maxwait => how long (in seconds) should travelmate wait for a successful wlan interface reload action (int/default: '30', valid range: 20-40)
* trm\_maxretry => how many times should travelmate try to connect to an uplink (int/default: '3', valid range: 1-10)
* trm\_timeout => overall retry timeout in seconds (int/default: '60', valid range: 30-300)
* trm\_radio => limit travelmate to a single radio (e.g. 'radio1') or change the overall scanning priority (e.g. 'radio1 radio2 radio0') (default: not set, use all radios 0-n)
* trm\_iface => uplink / procd trigger network interface (default: trm_wwan)
* trm\_triggerdelay => additional trigger delay in seconds before travelmate processing begins (int/default: '2')
## Captive Portal auto-logins
For automated captive portal logins you could reference external shell scripts. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. The provided 'wifionice.login' script example requires curl and automates the login to german ICE hotspots, it also explains the principle approach to extract runtime data like security tokens for a successful login. Hopefully more scripts for different captive portals will be provided by the community ...
A typical/successful captive portal login looks like this:
| Option | Default | Description/Valid Values |
| :----------------- | :--------------------------------- | :---------------------------------------------------------------------------------------------------- |
| trm_enabled | 0, disabled | set to 1 to enable the travelmate service (this will be done by the Interface Wizard as well!) |
| trm_debug | 0, disabled | set to 1 to get the full debug output (logread -e "trm-") |
| trm_iface | -, not set | uplink- and procd trigger network interface, configured by the 'Interface Wizard' |
| trm_radio | -, not set | restrict travelmate to a single radio or change the overall scanning order ('radio1 radio0') |
| trm_captive | 1, enabled | check the internet availability and handle captive portal redirections |
| trm_netcheck | 0, disabled | treat missing internet availability as an error |
| trm_proactive | 1, enabled | proactively scan and switch to a higher prioritized uplink, despite of an already existing connection |
| trm_autoadd | 0, disabled | automatically add open uplinks like hotel captive portals to your wireless config |
| trm_randomize | 0, disabled | generate a random unicast MAC address for each uplink connection |
| trm_triggerdelay | 2 | additional trigger delay in seconds before travelmate processing begins |
| trm_maxretry | 3 | retry limit to connect to an uplink |
| trm_minquality | 35 | minimum signal quality threshold as percent for conditional uplink (dis-) connections |
| trm_maxwait | 30 | how long should travelmate wait for a successful wlan uplink connection |
| trm_timeout | 60 | overall retry timeout in seconds |
| trm_scanbuffer | 1024 | buffer size in bytes to prepare nearby scan results |
| trm_captiveurl | http://captive.apple.com | four pre-configured provider URLs that will be used for connectivity- and captive portal checks |
| trm_useragent | Mozilla/5.0 (X11; Linux x86_64... | five pre-configured user agents that will be used for connectivity- and captive portal checks |
| trm_nice | 0, normal priority | change the priority of the travelmate background processing |
| trm_vpn | 0, disabled | automatically handle VPN (re-) connections |
| trm_vpnservice | -, not set | reference the already configured 'wireguard' or 'openvpn' client instance as vpn provider |
| trm_vpniface | -, not set | the logical vpn interface, e.g. 'wg0' or 'tun0' |
| trm_laniface | -, not set | the logical lan network interface, e.g. 'br-lan' |
| trm_mail | 0, disabled | sends notification e-mails after every succesful uplink connect |
| trm_mailreceiver | -, not set | e-mail receiver address for travelmate notifications |
| trm_mailsender | no-reply@travelmate | e-mail sender address for travelmate notifications |
| trm_mailtopic | travelmate connection to '<sta>' | topic for travelmate notification E-Mails |
| trm_mailprofile | trm_notify | profile used by 'msmtp' for travelmate notification E-Mails |
* per uplink exist an additional 'uplink' section in the travelmate config, with the following options:
| Option | Default | Description/Valid Values |
| :----------------- | :--------------------------------- | :---------------------------------------------------------------------------------------------------- |
| enabled | 1, enabled | enable or disable the uplink in travelmate |
| device | -, not set | match the 'device' in the wireless config section |
| ssid | -, not set | match the 'ssid' in the wireless config section |
| bssid | -, not set | match the 'bssid' in the wireless config section |
| con_start | -, not set | connection start (will be automatically set after a successful ntp sync) |
| con_end | -, not set | connection end (will be automatically set after a successful ntp sync) |
| con_start_expiry | 0, disabled | automatically disable the uplink after n minutes, e.g. for timed connections |
| con_end_expiry | 0, disabled | automatically (re-)enable the uplink after n minutes, e.g. after failed login attempts |
| script | -, not set | reference to an external auto login script for captive portals |
| script_args | -, not set | optional runtime args for the auto login script |
## VPN client setup
Please follow one of the following guides to get a working vpn client setup on your travel router:
* [Wireguard client setup guide](https://openwrt.org/docs/guide-user/services/vpn/wireguard/client)
* [OpenVPN client setup guide](https://openwrt.org/docs/guide-user/services/vpn/openvpn/client)
Once your vpn client connection is running, you can reference to that setup in travelmate to handle VPN (re-) connections automatically.
## E-Mail setup
To use E-Mail notifications you have to setup the package 'msmtp'.
Modify the file '/etc/msmtprc', e.g. for gmail:
<pre><code>
[...]
Mon Aug 5 10:15:48 2019 user.info travelmate-1.4.10[1481]: travelmate instance started ::: action: start, pid: 1481
Mon Aug 5 10:16:17 2019 user.info travelmate-1.4.10[1481]: captive portal login '/etc/travelmate/wifionice.login' for 'www.wifionice.de' has been executed with rc '0'
Mon Aug 5 10:16:23 2019 user.info travelmate-1.4.10[1481]: connected to uplink 'radio1/WIFIonICE/-' (1/5, GL.iNet GL-AR750S, OpenWrt SNAPSHOT r10644-cb49e46a8a)
defaults
auth on
tls on
tls_certcheck off
timeout 5
syslog LOG_MAIL
[...]
account trm_notify
host smtp.gmail.com
port 587
from xxx@gmail.com
user yyy
password zzz
</code></pre>
## Runtime information
**receive travelmate runtime information:**
<pre><code>
~# /etc/init.d/travelmate status
::: travelmate runtime information
+ travelmate_status : connected (net ok/100)
+ travelmate_version : 1.4.10
+ station_id : radio1/blackhole/-
+ station_interface : trm_wwan
+ faulty_stations :
+ last_rundate : 2019.08.03-20:37:19
+ system : GL.iNet GL-AR750S, OpenWrt SNAPSHOT r10644-cb49e46a8a
</code></pre>
To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart travelmate and scan the system log (_logread -e "travelmate"_)
Finally enable E-Mail support in travelmate and add a valid E-Mail receiver address.
## Manual Setup
**1. configure the travelmate wwan interface in /etc/config/network:**
## Captive Portal auto-logins
For automated captive portal logins you can reference an external shell script per uplink. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. Currently the package ships five ready to run auto-login scripts:
* 'wifionice.login' for german ICE hotspots
* 'db-bahn.login' for german DB railway hotspots via portal login API (still WIP, only tested at Hannover central station)
* 'chs-hotel.login' for german chs hotels
* 'h-hotels.login' for Telekom hotspots in german h+hotels
* 'generic-user-pass.login' a template to demonstrate the optional parameter handling in login scripts
A typical and successful captive portal login looks like this:
<pre><code>
[...]
config interface 'trm_wwan'
option proto 'dhcp'
Thu Sep 10 13:30:16 2020 user.info trm-2.0.0[26222]: captive portal domain 'www.wifionice.de' added to to dhcp rebind whitelist
Thu Sep 10 13:30:19 2020 user.info trm-2.0.0[26222]: captive portal login '/etc/travelmate/wifionice.login ' for 'www.wifionice.de' has been executed with rc '0'
Thu Sep 10 13:30:19 2020 user.info trm-2.0.0[26222]: connected to uplink 'radio1/WIFIonICE/-' with mac 'B2:9D:F5:96:86:A4' (1/3)
[...]
</code></pre>
**2. add this interface to your firewall configuration in /etc/config/firewall:**
<pre><code>
[...]
config zone
option name 'wan'
option network 'wan wan6 trm_wwan'
[...]
</code></pre>
Hopefully more scripts for different captive portals will be provided by the community!
**3. at least add one ap and (multiple) wwan stations to your wireless configuration in etc/config/wireless:**
<pre><code>
[...]
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'example_ap'
option encryption 'psk2+ccmp'
option key 'abc'
option disabled '0'
[...]
config wifi-iface
option device 'radio0'
option network 'trm_wwan'
option mode 'sta'
option ssid 'example_usual'
option encryption 'psk2+ccmp'
option key 'abc'
option disabled '1'
[...]
config wifi-iface
option device 'radio0'
option network 'trm_wwan'
option mode 'sta'
option ssid 'example_hidden'
option bssid '00:11:22:33:44:55'
option encryption 'psk2+ccmp'
option key 'xyz'
option disabled '1'
[...]
</code></pre>
## Runtime information
**4. start travelmate:**
**receive travelmate runtime information:**
<pre><code>
edit /etc/config/travelmate and set 'trm_enabled' to '1'
/etc/init.d/travelmate restart
root@2go_ar750s:~# /etc/init.d/travelmate status
::: travelmate runtime information
+ travelmate_status : connected (net ok/100)
+ travelmate_version : 2.0.0
+ station_id : radio1/WIFIonICE/-
+ station_mac : B2:9D:F5:96:86:A4
+ station_interface : trm_wwan
+ wpa_flags : sae: ✔, owe: ✔, eap: ✔, suiteb192: ✔
+ run_flags : captive: ✔, proactive: ✔, netcheck: ✘, autoadd: ✘, randomize: ✔
+ ext_hooks : ntp: ✔, vpn: ✘, mail: ✘
+ last_run : 2020.09.10-15:21:19
+ system : GL.iNet GL-AR750S (NOR/NAND), OpenWrt SNAPSHOT r14430-2dda301d40
</code></pre>
To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart travelmate and scan the system log (_logread -e "trm-"_)
## Support
Please join the travelmate discussion in this [forum thread](https://forum.lede-project.org/t/travelmate-support-thread/5155) or contact me by [mail](mailto:dev@brenken.org)
## Removal
* stop the travelmate daemon with _/etc/init.d/travelmate stop_
* optional: remove the travelmate package (_opkg remove travelmate_)
* optional: remove the travelmate package (_opkg remove luci-app-travelmate_, _opkg remove travelmate_)
Have fun!
Dirk

+ 37
- 0
net/travelmate/files/chs-hotel.login View File

@ -0,0 +1,37 @@
#!/bin/sh
# captive portal auto-login script for german chs hotels
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
domain="hotspot.internet-for-guests.com"
cmd="$(command -v curl)"
# curl check
#
if [ ! -x "${cmd}" ]
then
exit 1
fi
# initial get request to receive & extract valid security tokens
#
"${cmd}" "https://${domain}/logon/cgi/index.cgi" -c "/tmp/${domain}.cookie" -s -o /dev/null
if [ -r "/tmp/${domain}.cookie" ]
then
lg_id="$(awk '/LGNSID/{print $7}' "/tmp/${domain}.cookie")"
ta_id="$(awk '/ta_id/{print $7}' "/tmp/${domain}.cookie")"
cl_id="$(awk '/cl_id/{print $7}' "/tmp/${domain}.cookie")"
rm -f "/tmp/${domain}.cookie"
else
exit 2
fi
# final post request/login with valid session cookie/security token
#
if [ -n "${lg_id}" ] && [ -n "${ta_id}" ] && [ -n "${cl_id}" ]
then
"${cmd}" "https://${domain}/logon/cgi/index.cgi" -H "Referer: https://${domain}/logon/cgi/index.cgi" -H "Cookie: LGNSID=${lg_id}; lang=en_US; use_mobile_interface=0; ta_id=${ta_id}; cl_id=${cl_id}" -H 'Connection: keep-alive' --data 'accept_termsofuse=&freeperperiod=1&device_infos=1125:2048:1152:2048' -s -o /dev/null
else
exit 3
fi

+ 53
- 0
net/travelmate/files/db-bahn.login View File

@ -0,0 +1,53 @@
#!/bin/sh
# captive portal auto-login script for german DB hotspots via portal login API
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
trm_fetch="$(command -v curl)"
trm_domain="wifi.bahn.de"
trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
# initial get request to receive all header information
#
"${trm_fetch}" -A "${trm_useragent}" "https://${trm_domain}" -si > "/tmp/${trm_domain}.cookie"
# extract the session cookie and the hotspot location
#
if [ -s "/tmp/${trm_domain}.cookie" ]
then
php_token="$(awk 'BEGIN{FS="[ ;]"}/^Set-Cookie:/{print $2}' "/tmp/${trm_domain}.cookie")"
location="$(awk '/^Location:/{print $2}' "/tmp/${trm_domain}.cookie")"
rm -f "/tmp/${trm_domain}.cookie"
else
exit 2
fi
# post request to subscribe to the portal API
#
if [ -n "${php_token}" ] && [ -n "${location}" ]
then
"${trm_fetch}" -A "${trm_useragent}" "https://${trm_domain}/portal_api.php" -H "Connection: keep-alive" -H "Referer: ${location}" -H "Cookie: ${php_token}" --data "action=subscribe&type=one&connect_policy_accept=false&user_login=&user_password=&user_password_confirm=&email_address=&prefix=&phone=&policy_accept=false&gender=&interests=" -si > "/tmp/${trm_domain}.cookie"
else
exit 3
fi
# extract additional login and password information from the portal API
#
if [ -s "/tmp/${trm_domain}.cookie" ]
then
login="$(awk 'BEGIN{FS="[\"]"}/^\{\"info/{print $12}' "/tmp/${trm_domain}.cookie")"
password="$(awk 'BEGIN{FS="[\"]"}/^\{\"info/{print $16}' "/tmp/${trm_domain}.cookie")"
rm -f "/tmp/${trm_domain}.cookie"
else
exit 4
fi
# final post request to authenticate to the portal API
#
if [ -n "${login}" ] && [ -n "${password}" ]
then
"${trm_fetch}" -A "${trm_useragent}" "https://${trm_domain}/portal_api.php" -H "Connection: keep-alive" -H "Referer: ${location}" -H "Cookie: ${php_token}" --data "action=authenticate&login=${login}&password=${password}&policy_accept=false&from_ajax=true&wispr_mode=false"
else
exit 5
fi

+ 37
- 0
net/travelmate/files/h-hotels.login View File

@ -0,0 +1,37 @@
#!/bin/sh
# captive portal auto-login script for Telekom hotspots in german h+hotels
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
domain="hotspot.t-mobile.net"
cmd="$(command -v curl)"
# curl check
#
if [ ! -x "${cmd}" ]
then
exit 1
fi
# initial get request to receive & extract valid security tokens
#
"${cmd}" "https://${domain}/wlan/rest/freeLogin" -c "/tmp/${domain}.cookie" -s -o /dev/null
if [ -r "/tmp/${domain}.cookie" ]
then
ses_id="$(awk '/JSESSIONID/{print $7}' "/tmp/${domain}.cookie")"
sec_id="$(awk '/DT_H/{print $7}' "/tmp/${domain}.cookie")"
dev_id="$(sha256sum /etc/config/wireless | awk '{printf "%s",substr($1,1,13)}')"
rm -f "/tmp/${domain}.cookie"
else
exit 2
fi
# final post request/login with valid session cookie/security token
#
if [ -n "${ses_id}" ] && [ -n "${sec_id}" ] && [ -n "${dev_id}" ]
then
"${cmd}" "https://${domain}/wlan/rest/freeLogin" -H "Referer: https://${domain}/TD/hotspot/H_Hotels/en_GB/index.html" -H "Cookie: JSESSIONID=${ses_id}; DT_DEV_ID=${dev_id}; DT_H=${sec_id}" -H 'Connection: keep-alive' --data "rememberMe=true" -s -o /dev/null
else
exit 3
fi

+ 2
- 10
net/travelmate/files/travelmate.conf View File

@ -1,5 +1,3 @@
# travelmate configuration, for further information
# see 'https://github.com/openwrt/packages/blob/master/net/travelmate/files/README.md'
config travelmate 'global'
option trm_enabled '0'
@ -7,12 +5,6 @@ config travelmate 'global'
option trm_proactive '1'
option trm_netcheck '0'
option trm_autoadd '0'
option trm_iface 'trm_wwan'
option trm_triggerdelay '2'
option trm_mail '0'
option trm_vpn '0'
option trm_debug '0'
option trm_maxretry '5'
option trm_listexpiry '0'
option trm_minquality '35'
option trm_maxwait '30'
option trm_timeout '60'
option trm_rtfile '/tmp/trm_runtime.json'

+ 120
- 17
net/travelmate/files/travelmate.init View File

@ -1,9 +1,14 @@
#!/bin/sh /etc/rc.common
# set (s)hellcheck exceptions
# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
START=25
USE_PROCD=1
EXTRA_COMMANDS="status_service"
EXTRA_COMMANDS="scan setup"
EXTRA_HELP=" scan <radio> Scan for available nearby uplinks
setup [<iface>] [<zone>] [<metric>] Setup the travelmate uplink interface, by default 'trm_wwan' with firewall zone 'wan' and metric '100'"
trm_init="/etc/init.d/travelmate"
trm_script="/usr/bin/travelmate.sh"
@ -11,20 +16,21 @@ trm_pidfile="/var/run/travelmate.pid"
boot()
{
local iface="$(uci_get travelmate global trm_iface)"
ubus -t 30 wait_for network.wireless network.interface."${iface:-"trm_wwan"}" 2>/dev/null
if [ -s "${trm_pidfile}" ]
then
> "${trm_pidfile}"
fi
rc_procd start_service
}
start_service()
{
if [ $("${trm_init}" enabled; printf "%u" ${?}) -eq 0 ]
if [ "$("${trm_init}" enabled; printf "%u" ${?})" -eq "0" ]
then
procd_open_instance "travelmate"
procd_set_param command "${trm_script}" "${@}"
procd_set_param pidfile "${trm_pidfile}"
procd_set_param nice "$(uci_get travelmate extra trm_nice "0")"
procd_set_param nice "$(uci_get travelmate global trm_nice "0")"
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
@ -33,7 +39,9 @@ start_service()
reload_service()
{
local ppid pid timeout="$(uci_get travelmate global trm_timeout)"
local ppid pid timeout
timeout="$(uci_get travelmate global trm_timeout)"
if [ -s "${trm_pidfile}" ]
then
@ -56,9 +64,9 @@ stop_service()
status_service()
{
local key keylist value rtfile="$(uci_get travelmate global trm_rtfile)"
local key keylist value rtfile
rtfile="${rtfile:-"/tmp/trm_runtime.json"}"
rtfile="$(uci_get travelmate global trm_rtfile "/tmp/trm_runtime.json")"
json_load_file "${rtfile}" >/dev/null 2>&1
json_select data >/dev/null 2>&1
if [ ${?} -eq 0 ]
@ -75,18 +83,113 @@ status_service()
fi
}
service_triggers()
scan()
{
local trigger="$(uci_get travelmate global trm_iface)"
local delay="$(uci_get travelmate global trm_triggerdelay)"
local result scan_dev radio="${1:-"radio0"}"
PROCD_RELOAD_DELAY=$((${delay:-2} * 1000))
if [ -n "${trigger}" ]
scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -l1 -e "@.${radio}.interfaces[0].ifname")"
result="$(iwinfo "${scan_dev:-${radio}}" scan 2>/dev/null | \
awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";
for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}}/Channel:/{var3=$NF}/Quality:/{split($NF,var0,"/")}/Encryption:/{var4="";
for(j=12;j<=NF;j++)if(var4==""){var4=$j}else{var4=var4" "$j};printf " %-11i%-10s%-35s%-20s%s\n",(var0[1]*100/var0[2]),var3,var2,var1,var4}' | \
sort -rn)"
printf "%s\\n" "::: Available nearby uplinks on '${scan_dev:-${radio}}'"
printf "%s\\n" ":::"
if [ -n "${result}" ]
then
procd_add_interface_trigger "interface.*.down" "${trigger}" "${trm_init}" reload
printf "%-15s%-10s%-35s%-20s%s\\n" " Strength" "Channel" "ESSID" "BSSID" "Encryption"
printf "%s\\n" " --------------------------------------------------------------------------------------"
printf "%s\\n" "${result}"
else
procd_add_raw_trigger "interface.*.down" ${PROCD_RELOAD_DELAY} "${trm_init}" reload
printf "%s\\n" "::: No scan results"
fi
}
setup()
{
local iface cnt=0 input="${1:-"trm_wwan"}" zone="${2:-"wan"}" metric="${3:-"100"}"
iface="$(uci_get travelmate global trm_iface)"
input="${input//[+*~%&\$@\"\' ]/}"
zone="${zone//[+*~%&\$@\"\' ]/}"
metric="${metric//[^0-9]/}"
if [ -n "${iface}" ] && [ "${iface}" = "${input}" ]
then
printf "%s\n" "The uplink interface '${input}' has been already configured"
elif [ -n "${input}" ]
then
if [ -n "${iface}" ]
then
uci -q batch <<-EOC
del network."${iface}"
del network."${iface}6"
EOC
fi
uci -q batch <<-EOC
set travelmate.global.trm_enabled="1"
set travelmate.global.trm_iface="${input}"
set network."${input}"="interface"
set network."${input}".proto="dhcp"
set network."${input}".metric="${metric}"
set network."${input}6"=interface
set network."${input}6".ifname="@${input}"
set network."${input}6".proto="dhcpv6"
commit travelmate
commit network
EOC
while [ -n "$(uci -q get firewall.@zone["${cnt}"].name)" ]
do
if [ "$(uci -q get firewall.@zone["${cnt}"].name)" = "${zone}" ]
then
if [ -n "${iface}" ]
then
uci -q batch <<-EOC
del_list firewall.@zone["${cnt}"].network="${iface}"
del_list firewall.@zone["${cnt}"].network="${iface}6"
EOC
fi
uci -q batch <<-EOC
add_list firewall.@zone["${cnt}"].network="${input}"
add_list firewall.@zone["${cnt}"].network="${input}6"
commit firewall
EOC
break
fi
cnt=$((cnt+1))
done
if [ -n "${iface}" ]
then
cnt=0
while [ -n "$(uci -q get wireless.@wifi-iface["${cnt}"].network)" ]
do
if [ "$(uci -q get wireless.@wifi-iface["${cnt}"].network)" = "${iface}" ]
then
uci -q set wireless.@wifi-iface["${cnt}"].network="${input}"
fi
cnt=$((cnt+1))
done
uci -q commit wireless
fi
/etc/init.d/network reload >/dev/null 2>&1
/etc/init.d/firewall reload >/dev/null 2>&1
"${trm_init}" restart
fi
}
service_triggers()
{
local iface delay
iface="$(uci_get travelmate global trm_iface)"
delay="$(uci_get travelmate global trm_triggerdelay "2")"
PROCD_RELOAD_DELAY=$((delay * 1000))
if [ -n "${iface}" ]
then
procd_add_interface_trigger "interface.*.down" "${iface}" "${trm_init}" reload
fi
procd_add_config_trigger "config.change" "wireless" "${trm_init}" reload
procd_add_config_trigger "config.change" "travelmate" "${trm_init}" restart
}

+ 72
- 0
net/travelmate/files/travelmate.mail View File

@ -0,0 +1,72 @@
#!/bin/sh
# send mail script for travelmate notifications
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# set (s)hellcheck exceptions
# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
# Please note: you have to setup the package 'msmtp' before using this script
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
. "/lib/functions.sh"
trm_debug="$(uci_get travelmate global trm_debug "0")"
trm_mailsender="$(uci_get travelmate global trm_mailsender "no-reply@travelmate")"
trm_mailreceiver="$(uci_get travelmate global trm_mailreceiver)"
trm_mailprofile="$(uci_get travelmate global trm_mailprofile "trm_notify")"
trm_mail="$(command -v msmtp)"
trm_rtfile="$(uci_get travelmate global trm_rtfile "/tmp/trm_runtime.json")"
trm_logger="$(command -v logger)"
trm_rc=1
f_log()
{
local class="${1}" log_msg="${2}"
if [ -x "${trm_logger}" ]
then
"${trm_logger}" -p "${class}" -t "trm-mail [${$}]" "${log_msg}"
else
printf "%s %s %s\\n" "${class}" "trm-mail [${$}]" "${log_msg}"
fi
}
if [ -z "${trm_mailreceiver}" ]
then
f_log "err" "please set the mail receiver with the 'trm_mailreceiver' option"
exit ${trm_rc}
fi
if [ "${trm_debug}" -eq 1 ]
then
debug="--debug"
fi
# info preparation
#
sys_info="$(strings /etc/banner 2>/dev/null; ubus call system board | sed -e 's/\"release\": {//' | sed -e 's/^[ \t]*//' | sed -e 's/[{}\",]//g' | sed -e 's/[ ]/ \t/' | sed '/^$/d' 2>/dev/null)"
trm_info="$(/etc/init.d/travelmate status 2>/dev/null)"
sta_info="$(jsonfilter -i "${trm_rtfile}" -l1 -e '@.data.station_id')"
trm_mailtopic="$(uci_get travelmate global trm_mailtopic "travelmate connection to '${sta_info}'")"
trm_mailhead="From: ${trm_mailsender}\\nTo: ${trm_mailreceiver}\\nSubject: ${trm_mailtopic}\\nReply-to: ${trm_mailsender}\\nMime-Version: 1.0\\nContent-Type: text/html; charset=UTF-8\\nContent-Disposition: inline\\n\\n"
# mail body
#
trm_mailtext="<html><body><pre style='display:block;font-family:monospace;font-size:1rem;padding:20;background-color:#f3eee5;white-space:pre'>"
trm_mailtext="${trm_mailtext}\\n<strong>++\\n++ System Information ++\\n++</strong>\\n${sys_info}"
trm_mailtext="${trm_mailtext}\\n\\n<strong>++\\n++ Travelmate Information ++\\n++</strong>\\n${trm_info}"
trm_mailtext="${trm_mailtext}</pre></body></html>"
# send mail
#
if [ -x "${trm_mail}" ]
then
printf "%b" "${trm_mailhead}${trm_mailtext}" 2>/dev/null | "${trm_mail}" ${debug} -a "${trm_mailprofile}" "${trm_mailreceiver}" >/dev/null 2>&1
trm_rc=${?}
f_log "info" "mail sent to '${trm_mailreceiver}' with rc '${trm_rc}'"
else
f_log "err" "msmtp mail daemon not found"
fi
exit ${trm_rc}

+ 625
- 323
net/travelmate/files/travelmate.sh
File diff suppressed because it is too large
View File


+ 141
- 0
net/travelmate/files/travelmate.vpn View File

@ -0,0 +1,141 @@
#!/bin/sh
# vpn switch for travelmate
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# set (s)hellcheck exceptions
# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
# Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
. "/lib/functions.sh"
trm_action="${1}"
trm_vpnservice="$(uci_get travelmate global trm_vpnservice)"
trm_vpniface="$(uci_get travelmate global trm_vpniface)"
trm_landevice="$(uci_get travelmate global trm_landevice)"
trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://captive.apple.com")"
trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
trm_iptrule_accept="FORWARD -i ${trm_landevice} -p tcp --match multiport --dports 80,443 -j ACCEPT"
trm_iptrule_drop="FORWARD -i ${trm_landevice} -j DROP"
trm_iptables="$(command -v iptables)"
trm_logger="$(command -v logger)"
trm_fetch="$(command -v curl)"
f_log()
{
local class="${1}" log_msg="${2}"
if [ -x "${trm_logger}" ]
then
"${trm_logger}" -p "${class}" -t "trm-vpn [${$}]" "${log_msg}"
else
printf "%s %s %s\\n" "${class}" "trm-vpn [${$}]" "${log_msg}"
fi
}
f_net()
{
local IFS json_raw json_rc result="net nok"
json_raw="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --write-out "%{json}" --silent --show-error --connect-timeout $((trm_maxwait/10)) "${trm_captiveurl}" 2>/dev/null)"
json_raw="${json_raw#*\{}"
if [ -n "${json_raw}" ]
then
json_rc="$(printf "%s" "{${json_raw}" | jsonfilter -l1 -e '@.response_code' 2>/dev/null)"
if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]
then
result="net ok"
fi
fi
printf "%s" "${result}"
}
if [ -n "${trm_vpnservice}" ] && [ -n "${trm_vpniface}" ] && [ -n "${trm_landevice}" ] && [ -f "/tmp/trm_runtime.json" ]
then
status="$(jsonfilter -i "/tmp/trm_runtime.json" -l1 -e '@.data.travelmate_status' 2>/dev/null)"
vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
if [ "${trm_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
then
if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
then
"${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_drop} 2>&1
f_log "info" "lan forward blocked for device '${trm_landevice}'"
fi
if [ "${status%% (net cp *}" = "connected" ]
then
if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
then
"${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_accept} 2>&1
f_log "info" "lan forward on ports 80/443 freed for device '${trm_landevice}'"
fi
fi
fi
case "${trm_vpnservice}" in
"wireguard")
if [ "${trm_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
then
ubus call network.interface."${trm_vpniface}" up
elif [ "${trm_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
then
ubus call network.interface."${trm_vpniface}" down
f_log "info" "${trm_vpnservice} client connection disabled"
fi
;;
"openvpn")
if [ "${trm_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
then
ubus call network.interface."${trm_vpniface}" up
/etc/init.d/openvpn restart >/dev/null 2>&1
elif [ "${trm_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
then
ubus call network.interface."${trm_vpniface}" down
/etc/init.d/openvpn stop >/dev/null 2>&1
f_log "info" "${trm_vpnservice} client connection disabled"
fi
;;
esac
if [ "${trm_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
then
cnt=0
while true
do
vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
if [ "${vpn_status}" = "true" ]
then
net_status="$(f_net)"
if [ "${net_status}" = "net ok" ]
then
f_log "info" "${trm_vpnservice} client connection enabled"
if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
then
"${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_drop} 2>&1
if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
then
"${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_accept} 2>&1
fi
f_log "info" "lan forward freed for device '${trm_landevice}'"
fi
if [ -f "/etc/init.d/sysntpd" ]
then
/etc/init.d/sysntpd restart >/dev/null 2>&1
fi
break
fi
fi
if [ "${cnt}" -ge "$((trm_maxwait/6))" ]
then
f_log "info" "${trm_vpnservice} restart failed, lan forward for device '${trm_landevice}' still blocked"
ubus call network.interface."${trm_vpniface}" down
break
fi
sleep 1
cnt="$((cnt+1))"
done
fi
fi

+ 31
- 0
net/travelmate/files/travelmate_ntp.hotplug View File

@ -0,0 +1,31 @@
#!/bin/sh
# ntp hotplug script for travelmate
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# set (s)hellcheck exceptions
# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
trm_init="/etc/init.d/travelmate"
trm_ntpfile="/var/state/travelmate.ntp"
trm_logger="$(command -v logger)"
f_log()
{
local class="${1}" log_msg="${2}"
if [ -x "${trm_logger}" ]
then
"${trm_logger}" -p "${class}" -t "trm-ntp [${$}]" "${log_msg}"
else
printf "%s %s %s\\n" "${class}" "trm-ntp [${$}]" "${log_msg}"
fi
}
if [ "${ACTION}" = "stratum" ] && [ ! -f "${trm_ntpfile}" ] && \
[ "$("${trm_init}" enabled; printf "%u" ${?})" -eq "0" ]
then
> "${trm_ntpfile}"
f_log "info" "get ntp time sync"
"${trm_init}" restart
fi

+ 10
- 18
net/travelmate/files/wifionice.login View File

@ -1,28 +1,20 @@
#!/bin/sh
# captive portal auto-login script for german ICE hotspots
# written by Dirk Brenken (dev@brenken.org)
# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
domain="www.wifionice.de"
cmd="$(command -v curl)"
# curl check
#
if [ ! -x "${cmd}" ]
then
exit 1
fi
trm_fetch="$(command -v curl)"
trm_domain="www.wifionice.de"
trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
# initial get request to receive & extract a valid security token
#
"${cmd}" "http://${domain}/en/" -s -o /dev/null -c "/tmp/${domain}.cookie"
if [ -f "/tmp/${domain}.cookie" ]
"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait/6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "http://${trm_domain}/en/"
if [ -f "/tmp/${trm_domain}.cookie" ]
then
sec_token="$(awk '/csrf/{print $7}' "/tmp/${domain}.cookie")"
rm -f "/tmp/${domain}.cookie"
sec_token="$(awk '/csrf/{print $7}' "/tmp/${trm_domain}.cookie")"
rm -f "/tmp/${trm_domain}.cookie"
else
exit 2
fi
@ -31,7 +23,7 @@ fi
#
if [ -n "${sec_token}" ]
then
"${cmd}" "http://${domain}/en/" -H "Cookie: csrf=${sec_token}" --data "login=true&CSRFToken=${sec_token}&connect=" -s -o /dev/null
"${trm_fetch}" --user-agent "${trm_useragent}" --silent --connect-timeout $((trm_maxwait/6)) --header "Cookie: csrf=${sec_token}" --data "login=true&CSRFToken=${sec_token}&connect=" --output /dev/null "http://${trm_domain}/en/"
else
exit 3
fi

Loading…
Cancel
Save