diff --git a/doc/EN/mesh.org b/doc/EN/mesh.org
index 75587c3b..683392e8 100644
--- a/doc/EN/mesh.org
+++ b/doc/EN/mesh.org
@@ -23,7 +23,7 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected
* [[./mesh_usage.html][How to use it]]
#+BEGIN_CENTER
-[[file:images/mesh_architecture1.jpg]]
+[[file:images/mesh_logo.jpg]]
#+END_CENTER
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies.
diff --git a/doc/EN/mesh_images.org b/doc/EN/mesh_images.org
index 5f7b3aa2..ffa99cb9 100644
--- a/doc/EN/mesh_images.org
+++ b/doc/EN/mesh_images.org
@@ -82,7 +82,7 @@ wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf
wget https://freedombone.net/downloads/current/freedombone-mesh_beaglebone-armhf.img.xz.sig
gpg --verify freedombone-mesh_beaglebone-armhf.img.xz.sig
sha256sum freedombone-mesh_beaglebone-armhf.img.xz
-45f131995e2f77188e7ddaf2b42ca3d8d48d821d37c7a31a21e2e6dcceaf510d
+60017999340a6559d1de76f3d78d9771c11de5eeefb3d3b812747ce306251e67
unxz freedombone-mesh_beaglebone-armhf.img.xz
sudo dd bs=1M if=freedombone-mesh_beaglebone-armhf.img of=/dev/sdX conv=fdatasync
#+end_src
@@ -102,7 +102,7 @@ wget https://freedombone.net/downloads/current/freedombone.tar.gz
wget https://freedombone.net/downloads/current/freedombone.tar.gz.sig
gpg --verify freedombone.tar.gz.sig
sha256sum freedombone.tar.gz
-024aedd3a264e963d791daaada347aba1295bc5caebba34ad9b19dc117a8cac9
+3d2a7f2bd7a3475832756b7bb63b96ba5fc4a4f4d7bffe86e685be9a3b41b958
tar -xzvf freedombone.tar.gz
cd freedombone
git checkout stretch
diff --git a/img/mesh_logo.jpg b/img/mesh_logo.jpg
new file mode 100644
index 00000000..3c587009
Binary files /dev/null and b/img/mesh_logo.jpg differ
diff --git a/src/freedombone-app-nextcloud b/src/freedombone-app-nextcloud
index 33c1639f..3de70611 100755
--- a/src/freedombone-app-nextcloud
+++ b/src/freedombone-app-nextcloud
@@ -682,11 +682,17 @@ function install_nextcloud_main {
fi
chown -R www-data:www-data config
chown -R www-data:www-data data
- ./occ check
- ./occ status
- ./occ app:list
- ./occ app:enable encryption
- ./occ config:system:set appstoreenabled --value=false
+ sudo -u www-data ./occ check
+ sudo -u www-data ./occ status
+ sudo -u www-data ./occ app:list
+ sudo -u www-data ./occ app:enable encryption
+ sudo -u www-data ./occ encryption:enable
+ if [ ! "$?" = "0" ]; then
+ echo $'Encryption not enabled'
+ exit 73527
+ fi
+ sudo -u www-data ./occ encryption:status
+ sudo -u www-data ./occ config:system:set appstoreenabled --value=false
chmod g+w /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs/config/config.php
chown -R www-data:www-data /var/www/${NEXTCLOUD_DOMAIN_NAME}/htdocs
chmod 0644 .htaccess
diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 0d0f051b..d64e6119 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -542,6 +542,7 @@ function install_stunnel {
echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
+ echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel.conf
sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
@@ -550,6 +551,7 @@ function install_stunnel {
echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
+ echo 'protocol = socks' >> $prefix/etc/stunnel/stunnel-client.conf
echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
diff --git a/src/freedombone-controlpanel b/src/freedombone-controlpanel
index db4ae9c8..10029e06 100755
--- a/src/freedombone-controlpanel
+++ b/src/freedombone-controlpanel
@@ -2102,6 +2102,40 @@ function wifi_enable {
${PROJECT_NAME}-wifi --disable $disable_wifi
}
+function add_clacks {
+ clacks=
+
+ data=$(tempfile 2>/dev/null)
+ trap "rm -f $data" 0 1 2 5 15
+ dialog --title $"Add Clacks Overhead" \
+ --backtitle $"Freedombone Control Panel" \
+ --inputbox $"" 7 60 2>$data
+ sel=$?
+ case $sel in
+ 0)
+ clacks=$(<$data)
+ if [ ${#clacks} -gt 1 ]; then
+
+ WEB_FILES=/etc/nginx/sites-available/*
+ for f in $WEB_FILES
+ do
+ if grep -q "X-Clacks-Overhead" $f; then
+ sed -i "s|X-Clacks-Overhead .*|X-Clacks-Overhead \"GNU $clacks\";|g" $f
+ else
+ sed -i "/X-Content-Type-Options/a add_header X-Clacks-Overhead \"GNU $clacks\";" $f
+ fi
+ done
+
+ systemctl restart nginx
+
+ dialog --title $"Add Clacks Overhead" \
+ --msgbox $"\nAdded for $clacks" 10 60
+ fi
+ ;;
+ esac
+ rm $data
+}
+
function menu_wifi {
if [[ "$(wifi_exists)" == "0" ]]; then
dialog --title $"Wifi" \
@@ -2191,7 +2225,7 @@ function menu_top_level {
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Control Panel" \
- --radiolist $"Choose an operation:" 29 70 21 \
+ --radiolist $"Choose an operation:" 30 70 22 \
1 $"About this system" off \
2 $"Passwords" off \
3 $"Backup and Restore" off \
@@ -2209,10 +2243,11 @@ function menu_top_level {
15 $"Change the name of this system" off \
16 $"Set a static local IP address" off \
17 $"Wifi menu" off \
- 18 $"Check for updates" off \
- 19 $"Power off the system" off \
- 20 $"Restart the system" off \
- 21 $"Exit" on 2> $data
+ 18 $"Add Clacks" off \
+ 19 $"Check for updates" off \
+ 20 $"Power off the system" off \
+ 21 $"Restart the system" off \
+ 22 $"Exit" on 2> $data
sel=$?
case $sel in
1) exit 1;;
@@ -2242,10 +2277,11 @@ function menu_top_level {
15) change_system_name;;
16) set_static_IP;;
17) menu_wifi;;
- 18) check_for_updates;;
- 19) shut_down_system;;
- 20) restart_system;;
- 21) break;;
+ 18) add_clacks;;
+ 19) check_for_updates;;
+ 20) shut_down_system;;
+ 21) restart_system;;
+ 22) break;;
esac
done
}
diff --git a/src/freedombone-image b/src/freedombone-image
index 17a57ee8..d18c956a 100755
--- a/src/freedombone-image
+++ b/src/freedombone-image
@@ -533,7 +533,7 @@ if [[ $VARIANT == 'mesh' ]]; then
IMAGE_NAME=$'mesh'
# typically not much disk space is needed for a mesh node
if [ ! $IMAGE_SIZE_SPECIFIED ]; then
- IMAGE_SIZE=3G
+ IMAGE_SIZE=5G
fi
fi
diff --git a/src/freedombone-image-customise b/src/freedombone-image-customise
index bf926927..41fae403 100755
--- a/src/freedombone-image-customise
+++ b/src/freedombone-image-customise
@@ -682,6 +682,9 @@ initialise_mesh() {
chroot "$rootdir" apt-get -yq install apt-transport-https
+ # install tor as a possible way of routing traffic between internet gateways
+ chroot "$rootdir" apt-get -yq install tor
+
configure_firewall
install_avahi
install_batman
diff --git a/src/freedombone-image-mesh b/src/freedombone-image-mesh
index cb3a6183..7b5cbd63 100755
--- a/src/freedombone-image-mesh
+++ b/src/freedombone-image-mesh
@@ -990,6 +990,11 @@ if [ -f $MESH_INSTALL_SETUP ]; then
rm -rf /etc/openvpn/easy-rsa/keys/*
fi
+ # Remove hidden service
+ if [ -d /var/lib/tor/hidden_service_mesh ]; then
+ rm -rf /var/lib/tor/hidden_service_mesh
+ fi
+
# Remove any existing vpn client keys
if [ -f /home/$MY_USERNAME/vpn.tar.gz ]; then
rm /home/$MY_USERNAME/vpn.tar.gz
@@ -1012,6 +1017,10 @@ if [ -f $MESH_INSTALL_SETUP ]; then
chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/.config
fi
+ systemctl stop tor
+ systemctl disable tor
+ echo $'TOR disabled' >> $INSTALL_LOG
+
#tomb slam all
tmp_ram_disk 100
enable_predictable_device_names
diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index aa2b8e12..8152dd45 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -416,6 +416,22 @@ function start {
fi
fi
+ # if we have an ethernet connection to an internet router then create
+ # an onion address for this peer
+ if [[ "$ethernet_connected" != "0" ]]; then
+ systemctl enable tor
+ systemctl start tor
+ HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_
+ if [ ! -f ${HIDDEN_SERVICE_PATH}mesh/hostname ]; then
+ echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}mesh/" >> /etc/tor/torrc
+ echo "HiddenServicePort 653 127.0.0.1:653" >> /etc/tor/torrc
+ systemctl restart tor
+ fi
+ else
+ systemctl stop tor
+ systemctl disable tor
+ fi
+
verify
}
diff --git a/src/freedombone-mesh-connect b/src/freedombone-mesh-connect
index ab38bccb..5a9163b3 100755
--- a/src/freedombone-mesh-connect
+++ b/src/freedombone-mesh-connect
@@ -157,20 +157,16 @@ function mesh_setup_vpn {
fi
}
-function connect_to_vpn {
- dialog --title $"VPN Connect to another mesh network" \
- --backtitle $"Freedombone Mesh" \
- --defaultno \
- --yesno $"\nHave you received the vpn.tar.gz file from the other mesh administrator, uncompressed it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system?" 10 70
- sel=$?
- case $sel in
- 1) return;;
- 255) return;;
- esac
+function connect_to_mesh {
+ connect_title=$"Connect to another mesh network"
+ HIDDEN_SERVICE_PATH=/var/lib/tor/hidden_service_mesh/hostname
+ if [ -f ${HIDDEN_SERVICE_PATH} ]; then
+ connect_title=$"Connect from $(cat $HIDDEN_SERVICE_PATH) to another mesh network"
+ fi
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
- dialog --title $"VPN Connect to another mesh network" \
+ dialog --title "$connect_title" \
--backtitle $"Freedombone Mesh" \
--inputbox $'Enter the IP address or domain name of the other mesh.' 10 60 2>$data
sel=$?
@@ -180,15 +176,20 @@ function connect_to_vpn {
if [ ${#ip_or_domain} -gt 1 ]; then
if [[ "$ip_or_domain" == *'.'* ]]; then
+ connect_failed=
if [ ! -f ~/client.ovpn ]; then
- rm $data
- exit 1
+ connect_failed=1
fi
if [ ! -f ~/stunnel.pem ]; then
- rm $data
- exit 1
+ connect_failed=1
fi
if [ ! -f ~/stunnel.p12 ]; then
+ connect_failed=1
+ fi
+
+ if [ $connect_failed ]; then
+ dialog --title $"Connect to another mesh network" \
+ --msgbox $"\nObtain the vpn.tar.gz file from the other mesh administrator, uncompress it into the /home/fbone directory and also forwarded port $VPN_MESH_TLS_PORT from your internet router to this system." 10 50
rm $data
exit 1
fi
@@ -221,7 +222,7 @@ case $sel in
esac
case $(cat $data) in
1) rm $data
- connect_to_vpn;;
+ connect_to_mesh;;
2) rm $data
mesh_setup_vpn;;
esac
diff --git a/src/freedombone-utils-nodejs b/src/freedombone-utils-nodejs
index 6ec4451c..eab687bc 100755
--- a/src/freedombone-utils-nodejs
+++ b/src/freedombone-utils-nodejs
@@ -63,9 +63,6 @@ function get_npm_arch {
function mesh_install_nodejs {
mesh_install_nodejs_prefix=
if [ $rootdir ]; then
- if [[ $VARIANT == "mesh" ]]; then
- return
- fi
mesh_install_nodejs_prefix="chroot $rootdir"
fi
diff --git a/src/freedombone-utils-onion b/src/freedombone-utils-onion
index 409820ba..e90a3ab5 100755
--- a/src/freedombone-utils-onion
+++ b/src/freedombone-utils-onion
@@ -124,6 +124,7 @@ function add_onion_service {
fi
if ! grep -q "hidden_service_${onion_service_name}" /etc/tor/torrc; then
echo "HiddenServiceDir ${HIDDEN_SERVICE_PATH}${onion_service_name}/" >> /etc/tor/torrc
+ #echo 'HiddenServiceVersion 3' >> /etc/tor/torrc
echo "HiddenServicePort ${onion_service_port_from} 127.0.0.1:${onion_service_port_to}" >> /etc/tor/torrc
if [ ${#onion_stealth_name} -gt 0 ]; then
echo "HiddenServiceAuthorizeClient stealth ${onion_stealth_name}" >> /etc/tor/torrc
diff --git a/website/EN/mesh.html b/website/EN/mesh.html
index 86a2369c..779ea1c4 100644
--- a/website/EN/mesh.html
+++ b/website/EN/mesh.html
@@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-
+
@@ -261,7 +261,7 @@ The Freedombone Mesh is a wireless solution for autonomous or internet connected
+