free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'stretch' of https://github.com/bashrc/freedombone

This commit is contained in:
Bob Mottram 2017-10-06 10:52:05 +01:00
parent 0c7e4e499e 5865f2633d
commit 84c96334bc
23 changed files with 1400 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/EN/app_vpn.org
View File

@ -50,7 +50,7 @@ scp -P 2222 myusername@mydomainname:/home/myusername/stunnel* .
You will need to ensure that the /openvpn/ and /stunnel/ packages are installed. On an Arch based system:
#+begin_src bash
sudp pacman -S openvpn stunnel4
sudo pacman -S openvpn stunnel4
#+end_src
Or on a Debian based system:

2
doc/EN/index.org
View File

@ -33,7 +33,7 @@ Or you can install [[./debianinstall.html][onto an existing Debian system]].
If you have a single board ARM computer which isn't one of the officially supported ones, such as Raspberry Pi, then you may still be able to install [[./armbian.html][Freedombone with Armbian]].
Want to make a community mesh network which doesn't depend upon the internet? The [[./mesh.html][Freedombone Mesh]] is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
Want to make a community mesh network which can either be fully autonomous or connected to the internet? The [[./mesh.html][Freedombone Mesh]] is a wireless solution for networked communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised, or used as an infrastructural community service similar to [[https://en.wikipedia.org/wiki/Freifunk][Freifunk]].
After installation it's possible that you might want some advice on how to run your system and set up apps to work nicely with it.

60
doc/EN/mesh.org
View File

@ -26,9 +26,13 @@
"/I see mesh networks naturally evolving to become the dominant form of network over the next few decades, because its the most practical solution to a number of problems that will have to be solved in order to build the VR web as well as to connect the entire world to the internet. Centralized networks are only possible in highly developed countries with existing infrastructures like power and telephone grids, as well as roads. You cant build a tower where you dont have either power or access. For vast areas of the world, mesh networks will be the only feasible solution./" -- Valkyrie Ice
#+end_quote
The Freedombone Mesh is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
The Freedombone Mesh is a wireless solution for autonomous or internet connected communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small business internal office communications, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. The down side is that you can't access any internet content. The upside is that you can securely communicate with anyone on the local mesh. No ISPs. No payments or subscriptions beyond the cost of obtaining the hardware. Systems need to be within wifi range of each other for the mesh to be created. It can be an ultra-convenient way to do purely local communications.
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies.
If an internet connection is available then it can make use of that, but otherwise it can still work regardless of whether the internet exists. So it's not dependent upon ISPs and additional infrastructure other than USB drives isn't required.
Systems only need to be within wifi range of each other for the mesh to be created, so it can be an very convenient way to create a local communications network.
The Freedombone mesh roughly follows MondoNet's ten social specifications:
@ -47,18 +51,20 @@ The Freedombone mesh roughly follows MondoNet's ten social specifications:
- Discovery of other users on the network
- Text based chat, one-to-one and in groups
- Voice chat (VoIP)
- Voice chat (VoIP) and video calls
- Private and public sharing of files
- Blogging
- Creating and broadcasting audio media/podcasts
- Social network stream. Follow/unfollow other peers
- No network administration required
- No servers, internet connection or cabling is needed
- No servers
- Internet connection is optional
- Works from bootable USB drives or microSD drives
- Data is mesh routed between systems
- Private communications is end-to-end secured and forward secret
- Publicly shared data is /content addressable/
This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Gossiping between SSB peers may be slower, but the [[https://en.wikipedia.org/wiki/Small-world_network][small world effect]] will presumably still make for quite efficient delivery in a large network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
* Disk Images
** Writing many images quickly
@ -222,7 +228,51 @@ Select the wifi icon on the desktop and enter the password '/freedombone/'. The
#+END_CENTER
When you are finished close the window and then select the /Network Restart/ desktop icon, which will restart the B.A.T.M.A.N. network. You can also use the restart icon if you are within range of the mesh network but the /Chat/ and /Other Users/ icons do not automatically appear after a few minutes.
** Connecting to the internet
If you need to be able to access the internet from the mesh then connect one of the peers to an internet router using an ethernet cable, then reboot it. Other peers in the mesh, including any attached mobile devices, will then be able to access the internet using the ethernet attached peer as a gateway. [[https://en.wikipedia.org/wiki/Freifunk][Freifunk]] works in a similar way.
After connecting one peer to the internet you may need to reboot other peers in order to update their network configurations.
If for legal reasons you need to connect to the internet via a VPN then openvpn is preinstalled and you can run the command:
#+begin_src bash
sudo openvpn myclient.ovpn
#+end_src
Where /myclient.ovpn/ comes from your VPN provider and with the password "/freedombone/".
** Connecting two meshes over the internet via a VPN tunnel
Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. VPN configuration, pem and stunnel files exist within the home directory. Edit the configuration with:
#+begin_src bash
nano ~/client.ovpn
#+end_src
Edit the IP address or domain for the mesh that you wish to connect to within the /route/ command:
#+begin_src bash
route [mesh IP or domain] 255.255.255.255 net_gateway
#+end_src
Then you can connect to the other mesh with:
#+begin_src bash
cd /home/fbone
sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn
#+end_src
Using the password "/freedombone/". From a deep packet inspection point of view the traffic going over the internet will just look like any other TLS connection to a server.
** Mobile devices (phones, etc)
To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "/mesh-192.168.1.83/").
On a typical Android device go to *Settings* then *Security* and ensure that *Unknown sources* is enabled. Also within *Wifi* from the *Settings* screen select the mesh hotspot. The password is "/freedombone/". Open a non-Tor browser and navigate to the IP address showing in the hotspot name. You can then download and install mesh apps.
#+BEGIN_CENTER
[[file:images/mesh_mobileapps.jpg]]
#+END_CENTER
On some android devices you may need to move the downloaded APK file from the *Downloads* directory to your *home* directory before you can install it.
** Chat System
Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the /Chat/ and /Other Users/ icons appear. Select the users icon and you should see a list of users on the mesh. Select the /Chat/ icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then copy and paste in a Tox ID from the users list.

30
doc/EN/meshindex.org Normal file
View File

@ -0,0 +1,30 @@
#+TITLE:
#+AUTHOR: Bob Mottram
#+EMAIL: bob@freedombone.net
#+KEYWORDS: mesh, freedombone, apps
#+DESCRIPTION: Download apps for use on the mesh
#+OPTIONS: ^:nil toc:nil
#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="freedombone.css" />
#+BEGIN_CENTER
[[file:images/logo.png]]
#+END_CENTER
#+BEGIN_EXPORT html
<center>
<h3>Welcome to the Freedombone Mesh</h3>
</center>
#+END_EXPORT
The following apps are available:
#+BEGIN_EXPORT html
<center>
<table style="width:80%; border:0">
<tr>
<td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
<td><center><b><h3></h3></b><br></center></td>
</tr>
</table>
</center>
#+END_EXPORT

BIN
image_build/mesh_apps/ssb.apk Normal file
View File

Binary file not shown.

BIN
img/avatars/invite.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
img/icon_ferment.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
img/mesh_mobileapps.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

49
src/freedombone-app-scuttlebot
View File

@ -8,9 +8,8 @@
#
# Freedom in the Cloud
#
# scuttlebot pub application
# scuttlebot pub application. Enables nat traversal for SSB.
# https://scuttlebot.io
# Problem: on occasion uses 100% of the CPU, severely impacting other services
#
# License
# =======
@ -30,14 +29,14 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS=''
VARIANTS='full full-vim social'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SHOW_ICANN_ADDRESS_ON_ABOUT=0
SCUTTLEBOT_VERSION='9.8.0'
SCUTTLEBOT_PORT=8008
SCUTTLEBOT_VERSION='10.4.6'
SCUTTLEBOT_PORT=8010
scuttlebot_variables=(MY_USERNAME
DEFAULT_DOMAIN_NAME
@ -197,6 +196,46 @@ function remove_scuttlebot {
sed -i '/scuttlebot /d' $COMPLETION_FILE
}
function mesh_install_scuttlebot {
cat <<EOF > $rootdir/usr/bin/install_scuttlebot
#!/bin/bash
npm install -g scuttlebot@${SCUTTLEBOT_VERSION}
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_scuttlebot
chroot "$rootdir" /usr/bin/install_scuttlebot
rm $rootdir/usr/bin/install_scuttlebot
if [ ! -f $rootdir/usr/local/bin/sbot ]; then
echo $'Scuttlebot was not installed'
exit 528253
fi
if [ ! -d $rootdir/etc/scuttlebot ]; then
mkdir -p $rootdir/etc/scuttlebot
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d /etc/scuttlebot/ scuttlebot
# daemon
echo '[Unit]' > $rootdir/etc/systemd/system/scuttlebot.service
echo 'Description=Scuttlebot (messaging system)' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'After=syslog.target' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'After=network.target' >> $rootdir/etc/systemd/system/scuttlebot.service
echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
echo '[Service]' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'Type=simple' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'User=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'Group=scuttlebot' >> $rootdir/etc/systemd/system/scuttlebot.service
echo "WorkingDirectory=/etc/scuttlebot" >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'ExecStart=/usr/local/bin/sbot server' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'Restart=always' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'Environment="USER=scuttlebot"' >> $rootdir/etc/systemd/system/scuttlebot.service
echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
}
function install_scuttlebot {
function_check install_nodejs
install_nodejs scuttlebot

17
src/freedombone-app-tox
View File

@ -34,8 +34,11 @@ IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
TOX_PORT=33445
# upstream is https://github.com/TokTok/c-toxcore
TOXCORE_REPO="https://github.com/bashrc/toxcore"
TOXCORE_COMMIT='532629d486e3361c7d8d95b38293cc7d61dc4ee5'
TOXCORE_COMMIT='987ad5eac173442d6ad2d5cd80c2da763a815a9a'
TOXID_REPO="https://github.com/bashrc/toxid"
TOX_BOOTSTRAP_ID_FILE=/var/lib/tox-bootstrapd/pubkey.txt
# These are some default nodes, but you can replace them with trusted nodes
@ -46,7 +49,7 @@ TOX_NODES=
# '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE'
#)
TOXIC_REPO="https://github.com/Tox/toxic"
TOXIC_COMMIT='cf16849b374e484a33a4dffa3dfb937b59d537f2'
TOXIC_COMMIT='5cc83a7cb584886d90d7da15e8398215fed0d315'
TOXIC_FILE=/usr/local/bin/toxic
QTOX_REPO="https://github.com/bashrc/qTox"
@ -139,6 +142,8 @@ function mesh_tox_qtox {
chroot "${rootdir}" apt-get -yq install libspeex-dev yasm pkg-config libopenjp2-7-dev
chroot "${rootdir}" apt-get -yq install libx264-dev mjpegtools libmjpegtools-dev libav-tools
chroot "${rootdir}" apt-get -yq install build-essential cmake ffmpeg libexif-dev libgdk-pixbuf2.0-dev libglib2.0-dev libgtk2.0-dev libopenal-dev libqrencode-dev libqt5opengl5-dev libqt5svg5-dev libsqlcipher-dev libxss-dev pkg-config qrencode qt5-default qt5-qmake qttools5-dev qttools5-dev-tools yasm
if [ -d /repos/qtox ]; then
mkdir ${rootdir}$INSTALL_DIR/qtox
cp -r -p /repos/qtox/. ${rootdir}$INSTALL_DIR/qtox
@ -155,13 +160,15 @@ function mesh_tox_qtox {
git checkout $QTOX_COMMIT -b $QTOX_COMMIT
chroot ${rootdir} /bin/bash -x <<EOF
cd ${INSTALL_DIR}/qtox
qmake
export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig"
cmake .
make
make install
EOF
if [ ! -f ${rootdir}/usr/bin/qtox ]; then
if [ ! -f ${rootdir}/usr/local/bin/qtox ]; then
exit 75784
fi
cp ${rootdir}/usr/local/bin/qtox ${rootdir}/usr/bin/qtox
}
function reconfigure_tox {
@ -684,9 +691,11 @@ function mesh_tox_client {
if [ ${rootdir} ]; then
chroot ${rootdir} apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
chroot ${rootdir} apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
chroot ${rootdir} apt-get -yq install libqrencode-dev
else
apt-get -yq install libncursesw5-dev libconfig-dev libqrencode-dev
apt-get -yq install libcurl4-openssl-dev libvpx-dev libopenal-dev
apt-get -yq install libqrencode-dev
fi
TEMP_SCRIPT_NAME=fbtmp728353.sh

287
src/freedombone-app-vpn
View File

@ -46,6 +46,7 @@ VPN_ORGANISATION="Freedombone"
VPN_UNIT="Freedombone Unit"
STUNNEL_PORT=3439
VPN_TLS_PORT=553
VPN_MESH_TLS_PORT=653
vpn_variables=(MY_EMAIL_ADDRESS
DEFAULT_DOMAIN_NAME
@ -454,144 +455,127 @@ function remove_user_vpn {
new_username="$1"
}
function install_stunnel {
apt-get -yq install stunnel4
function mesh_setup_vpn {
vpn_generate_keys
cd /etc/stunnel
if [ -d /home/fbone ]; then
cp /etc/stunnel/stunnel-client.conf /home/fbone/stunnel-client.conf
chown fbone:fbone /home/fbone/stunnel*
fi
generate_stunnel_keys
systemctl restart openvpn
}
function generate_stunnel_keys {
openssl req -x509 -nodes -days 3650 -sha256 \
-subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \
-newkey rsa:2048 -keyout key.pem \
-out cert.pem
if [ ! -f key.pem ]; then
-newkey rsa:2048 -keyout /etc/stunnel/key.pem \
-out /etc/stunnel/cert.pem
if [ ! -f /etc/stunnel/key.pem ]; then
echo $'stunnel key not created'
exit 793530
fi
if [ ! -f cert.pem ]; then
if [ ! -f /etc/stunnel/cert.pem ]; then
echo $'stunnel cert not created'
exit 204587
fi
chmod 400 key.pem
chmod 640 cert.pem
chmod 400 /etc/stunnel/key.pem
chmod 640 /etc/stunnel/cert.pem
cat key.pem cert.pem >> stunnel.pem
chmod 640 stunnel.pem
cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem
chmod 640 /etc/stunnel/stunnel.pem
openssl pkcs12 -export -out stunnel.p12 -inkey key.pem -in cert.pem -passout pass:
if [ ! -f stunnel.p12 ]; then
openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass:
if [ ! -f /etc/stunnel/stunnel.p12 ]; then
echo $'stunnel pkcs12 not created'
exit 639353
fi
chmod 640 stunnel.p12
echo 'chroot = /var/lib/stunnel4' > stunnel.conf
echo 'pid = /stunnel4.pid' >> stunnel.conf
echo 'setuid = stunnel4' >> stunnel.conf
echo 'setgid = stunnel4' >> stunnel.conf
echo 'socket = l:TCP_NODELAY=1' >> stunnel.conf
echo 'socket = r:TCP_NODELAY=1' >> stunnel.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> stunnel.conf
echo '[openvpn]' >> stunnel.conf
echo "accept = $VPN_TLS_PORT" >> stunnel.conf
echo 'connect = localhost:1194' >> stunnel.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> stunnel.conf
sed -i 's|ENABLED=.*|ENABLED=1|g' /etc/default/stunnel4
echo '[openvpn]' > stunnel-client.conf
echo 'client = yes' >> stunnel-client.conf
echo "accept = $STUNNEL_PORT" >> stunnel-client.conf
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> stunnel-client.conf
echo 'cert = stunnel.pem' >> stunnel-client.conf
echo '[Unit]' > /etc/systemd/system/stunnel.service
echo 'Description=SSL tunnel for network daemons' >> /etc/systemd/system/stunnel.service
echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> /etc/systemd/system/stunnel.service
echo 'DefaultDependencies=no' >> /etc/systemd/system/stunnel.service
echo 'After=network.target' >> /etc/systemd/system/stunnel.service
echo 'After=syslog.target' >> /etc/systemd/system/stunnel.service
echo '' >> /etc/systemd/system/stunnel.service
echo '[Install]' >> /etc/systemd/system/stunnel.service
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/stunnel.service
echo 'Alias=stunnel.target' >> /etc/systemd/system/stunnel.service
echo '' >> /etc/systemd/system/stunnel.service
echo '[Service]' >> /etc/systemd/system/stunnel.service
echo 'Type=forking' >> /etc/systemd/system/stunnel.service
echo 'RuntimeDirectory=stunnel' >> /etc/systemd/system/stunnel.service
echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> /etc/systemd/system/stunnel.service
echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> /etc/systemd/system/stunnel.service
echo 'ExecStop=/usr/bin/killall -9 stunnel' >> /etc/systemd/system/stunnel.service
echo 'RemainAfterExit=yes' >> /etc/systemd/system/stunnel.service
if [ $VPN_TLS_PORT -eq 443 ]; then
systemctl stop nginx
systemctl disable nginx
else
systemctl enable nginx
systemctl restart nginx
fi
systemctl enable stunnel
systemctl daemon-reload
systemctl start stunnel
chmod 640 /etc/stunnel/stunnel.p12
cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
}
function install_vpn {
apt-get -yq install fastd openvpn easy-rsa
groupadd vpn
useradd -r -s /bin/false -g vpn vpn
# server configuration
echo 'port 1194' > /etc/openvpn/server.conf
echo 'proto tcp' >> /etc/openvpn/server.conf
echo 'dev tun' >> /etc/openvpn/server.conf
echo 'tun-mtu 1500' >> /etc/openvpn/server.conf
echo 'tun-mtu-extra 32' >> /etc/openvpn/server.conf
echo 'mssfix 1450' >> /etc/openvpn/server.conf
echo 'ca /etc/openvpn/ca.crt' >> /etc/openvpn/server.conf
echo 'cert /etc/openvpn/server.crt' >> /etc/openvpn/server.conf
echo 'key /etc/openvpn/server.key' >> /etc/openvpn/server.conf
echo 'dh /etc/openvpn/dh2048.pem' >> /etc/openvpn/server.conf
echo 'server 10.8.0.0 255.255.255.0' >> /etc/openvpn/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 85.214.73.63\"" >> /etc/openvpn/server.conf
echo "push \"dhcp-option DNS 213.73.91.35\"" >> /etc/openvpn/server.conf
echo 'keepalive 5 30' >> /etc/openvpn/server.conf
echo 'comp-lzo' >> /etc/openvpn/server.conf
echo 'persist-key' >> /etc/openvpn/server.conf
echo 'persist-tun' >> /etc/openvpn/server.conf
echo 'status /dev/null' >> /etc/openvpn/server.conf
echo 'verb 3' >> /etc/openvpn/server.conf
echo '' >> /etc/openvpn/server.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
cp -r /usr/share/easy-rsa/ /etc/openvpn
if [ ! -d /etc/openvpn/easy-rsa/keys ]; then
mkdir /etc/openvpn/easy-rsa/keys
function install_stunnel {
prefix=
prefixchroot=
if [ $rootdir ]; then
prefix=$rootdir
prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT
fi
# keys configuration
sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" /etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" /etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" /etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" /etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" /etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" /etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" /etc/openvpn/easy-rsa/vars
$prefixchroot apt-get -yq install stunnel4
if [ ! $prefix ]; then
cd /etc/stunnel
generate_stunnel_keys
fi
echo 'chroot = /var/lib/stunnel4' > $prefix/etc/stunnel/stunnel.conf
echo 'pid = /stunnel4.pid' >> $prefix/etc/stunnel/stunnel.conf
echo 'setuid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
echo 'setgid = stunnel4' >> $prefix/etc/stunnel/stunnel.conf
echo 'socket = l:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
echo 'socket = r:TCP_NODELAY=1' >> $prefix/etc/stunnel/stunnel.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
echo '[openvpn]' >> $prefix/etc/stunnel/stunnel.conf
echo "accept = $VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel.conf
echo 'connect = localhost:1194' >> $prefix/etc/stunnel/stunnel.conf
echo 'cert = /etc/stunnel/stunnel.pem' >> $prefix/etc/stunnel/stunnel.conf
sed -i 's|ENABLED=.*|ENABLED=1|g' $prefix/etc/default/stunnel4
echo '[openvpn]' > $prefix/etc/stunnel/stunnel-client.conf
echo 'client = yes' >> $prefix/etc/stunnel/stunnel-client.conf
echo "accept = $STUNNEL_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
echo "connect = $DEFAULT_DOMAIN_NAME:$VPN_TLS_PORT" >> $prefix/etc/stunnel/stunnel-client.conf
echo 'cert = stunnel.pem' >> $prefix/etc/stunnel/stunnel-client.conf
echo '[Unit]' > $prefix/etc/systemd/system/stunnel.service
echo 'Description=SSL tunnel for network daemons' >> $prefix/etc/systemd/system/stunnel.service
echo 'Documentation=man:stunnel https://www.stunnel.org/docs.html' >> $prefix/etc/systemd/system/stunnel.service
echo 'DefaultDependencies=no' >> $prefix/etc/systemd/system/stunnel.service
echo 'After=network.target' >> $prefix/etc/systemd/system/stunnel.service
echo 'After=syslog.target' >> $prefix/etc/systemd/system/stunnel.service
echo '' >> $prefix/etc/systemd/system/stunnel.service
echo '[Install]' >> $prefix/etc/systemd/system/stunnel.service
echo 'WantedBy=multi-user.target' >> $prefix/etc/systemd/system/stunnel.service
echo 'Alias=stunnel.target' >> $prefix/etc/systemd/system/stunnel.service
echo '' >> $prefix/etc/systemd/system/stunnel.service
echo '[Service]' >> $prefix/etc/systemd/system/stunnel.service
echo 'Type=forking' >> $prefix/etc/systemd/system/stunnel.service
echo 'RuntimeDirectory=stunnel' >> $prefix/etc/systemd/system/stunnel.service
echo 'EnvironmentFile=-/etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
echo 'ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf' >> $prefix/etc/systemd/system/stunnel.service
echo 'ExecStop=/usr/bin/killall -9 stunnel' >> $prefix/etc/systemd/system/stunnel.service
echo 'RemainAfterExit=yes' >> $prefix/etc/systemd/system/stunnel.service
if [ ! $prefix ]; then
if [ $VPN_TLS_PORT -eq 443 ]; then
systemctl stop nginx
systemctl disable nginx
else
systemctl enable nginx
systemctl restart nginx
fi
systemctl enable stunnel
systemctl daemon-reload
systemctl start stunnel
cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
fi
}
function vpn_generate_keys {
# generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
fi
if [ ! -f /etc/openvpn/dh2048.pem ]; then
echo $'vpn dhparams were not generated'
@ -621,7 +605,7 @@ function install_vpn {
sed -i 's| --interact||g' build-key-server
sed -i 's| --interact||g' build-ca
./build-ca
./build-key-server $OPENVPN_SERVER_NAME
./build-key-server ${OPENVPN_SERVER_NAME}
if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
echo $'OpenVPN crt not found'
exit 7823352
@ -643,19 +627,82 @@ function install_vpn {
fi
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
create_user_vpn_key $MY_USERNAME
create_user_vpn_key ${MY_USERNAME}
}
firewall_enable_vpn
function install_vpn {
prefix=
prefixchroot=
if [ $rootdir ]; then
prefix=$rootdir
prefixchroot="chroot $rootdir"
VPN_TLS_PORT=$VPN_MESH_TLS_PORT
fi
$prefixchroot apt-get -yq install fastd openvpn easy-rsa
if [ $VPN_TLS_PORT -ne 443 ]; then
firewall_add VPN-TLS $VPN_TLS_PORT tcp
$prefixchroot groupadd vpn
$prefixchroot useradd -r -s /bin/false -g vpn vpn
# server configuration
echo 'port 1194' > $prefix/etc/openvpn/server.conf
echo 'proto tcp' >> $prefix/etc/openvpn/server.conf
echo 'dev tun' >> $prefix/etc/openvpn/server.conf
echo 'tun-mtu 1500' >> $prefix/etc/openvpn/server.conf
echo 'tun-mtu-extra 32' >> $prefix/etc/openvpn/server.conf
echo 'mssfix 1450' >> $prefix/etc/openvpn/server.conf
echo 'ca /etc/openvpn/ca.crt' >> $prefix/etc/openvpn/server.conf
echo 'cert /etc/openvpn/server.crt' >> $prefix/etc/openvpn/server.conf
echo 'key /etc/openvpn/server.key' >> $prefix/etc/openvpn/server.conf
echo 'dh /etc/openvpn/dh2048.pem' >> $prefix/etc/openvpn/server.conf
echo 'server 10.8.0.0 255.255.255.0' >> $prefix/etc/openvpn/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp"' >> $prefix/etc/openvpn/server.conf
echo "push \"dhcp-option DNS 85.214.73.63\"" >> $prefix/etc/openvpn/server.conf
echo "push \"dhcp-option DNS 213.73.91.35\"" >> $prefix/etc/openvpn/server.conf
echo 'keepalive 5 30' >> $prefix/etc/openvpn/server.conf
echo 'comp-lzo' >> $prefix/etc/openvpn/server.conf
echo 'persist-key' >> $prefix/etc/openvpn/server.conf
echo 'persist-tun' >> $prefix/etc/openvpn/server.conf
echo 'status /dev/null' >> $prefix/etc/openvpn/server.conf
echo 'verb 3' >> $prefix/etc/openvpn/server.conf
echo '' >> $prefix/etc/openvpn/server.conf
if [ ! $prefix ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' $prefix/etc/sysctl.conf
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' $prefix/etc/sysctl.conf
cp -r $prefix/usr/share/easy-rsa/ $prefix/etc/openvpn
if [ ! -d $prefix/etc/openvpn/easy-rsa/keys ]; then
mkdir $prefix/etc/openvpn/easy-rsa/keys
fi
systemctl start openvpn
# keys configuration
sed -i "s|export KEY_COUNTRY.*|export KEY_COUNTRY=\"US\"|g" $prefix/etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_PROVINCE.*|export KEY_PROVINCE=\"TX\"|g" $prefix/etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_CITY.*|export KEY_CITY=\"Dallas\"|g" $prefix/etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_ORG.*|export KEY_ORG=\"$PROJECT_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_EMAIL.*|export KEY_EMAIL=\"$MY_EMAIL_ADDRESS\"|g" $prefix/etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_OU=.*|export KEY_OU=\"MoonUnit\"|g" $prefix/etc/openvpn/easy-rsa/vars
sed -i "s|export KEY_NAME.*|export KEY_NAME=\"$OPENVPN_SERVER_NAME\"|g" $prefix/etc/openvpn/easy-rsa/vars
if [ ! $prefix ]; then
vpn_generate_keys
firewall_enable_vpn
if [ ${VPN_TLS_PORT} -ne 443 ]; then
firewall_add VPN-TLS ${VPN_TLS_PORT} tcp
fi
systemctl start openvpn
fi
install_stunnel
systemctl restart openvpn
if [ ! $prefix ]; then
systemctl restart openvpn
fi
APP_INSTALLED=1
}

6
src/freedombone-dhparam
View File

@ -199,6 +199,12 @@ do
shift
RECALCULATE=${1}
;;
-o|--output)
shift
FAST='yes'
calc_dh ${1}
exit 0
;;
--fast)
shift
if [[ ${1} == $"yes" || ${1} == $"y" ]]; then

116
src/freedombone-image-customise
View File

@ -564,6 +564,9 @@ INSTALLING_MESH=
PATCHWORK_REPO="https://github.com/ssbc/patchwork"
PATCHWORK_COMMIT='60111a9e3385d65be0d17aa0d15fd20e5fb311ce'
FERMENT_REPO="https://github.com/LolaShare/ferment"
FERMENT_COMMIT='6e0e434114cd4cc652a03f6dcc6ddcec007b0058'
install_patchwork() {
if [[ $VARIANT != "meshclient" ]]; then
return
@ -599,6 +602,56 @@ EOF
cp $rootdir/root/$PROJECT_NAME/img/icon_patchwork.png $rootdir/etc/patchwork/icon_patchwork.png
}
install_ferment() {
if [[ $VARIANT != "meshclient" ]]; then
return
fi
get_npm_arch
git clone $FERMENT_REPO $rootdir/etc/ferment
if [ ! -d $rootdir/etc/ferment ]; then
exit 5239465
fi
cd $rootdir/etc/ferment
git checkout $FERMENT_COMMIT -b $FERMENT_COMMIT
cat <<EOF > $rootdir/usr/bin/install_ferment
#!/bin/bash
cd /etc/ferment
npm install --arch=$NPM_ARCH --build-from-source
npm install --arch=$NPM_ARCH --save-dev electron-rebuild
./node_modules/.bin/electron-rebuild
npm install --arch=$NPM_ARCH git-ssb
EOF
chroot "$rootdir" /bin/chmod +x /usr/bin/install_ferment
chroot "$rootdir" /usr/bin/install_ferment
rm $rootdir/usr/bin/install_ferment
echo '#!/bin/bash' > $rootdir/usr/bin/start_ferment
echo 'cd /etc/ferment' >> $rootdir/usr/bin/start_ferment
echo 'npm start' >> $rootdir/usr/bin/start_ferment
chmod +x $rootdir/usr/bin/start_ferment
# Copy icon to an accesible location
cp $rootdir/root/$PROJECT_NAME/img/icon_ferment.png $rootdir/etc/patchwork/icon_ferment.png
}
mesh_shutdown_script() {
echo '[Unit]' > $rootdir/etc/systemd/system/meshshutdown.service
echo 'Description=Shuts down the mesh' >> $rootdir/etc/systemd/system/meshshutdown.service
echo 'Before=shutdown.target' >> $rootdir/etc/systemd/system/meshshutdown.service
echo '' >> $rootdir/etc/systemd/system/meshshutdown.service
echo '[Service]' >> $rootdir/etc/systemd/system/meshshutdown.service
echo 'ExecStart=/bin/true' >> $rootdir/etc/systemd/system/meshshutdown.service
echo 'ExecStop=/bin/bash /usr/local/bin/batman stop' >> $rootdir/etc/systemd/system/meshshutdown.service
echo 'RemainAfterExit=yes' >> $rootdir/etc/systemd/system/meshshutdown.service
echo '' >> $rootdir/etc/systemd/system/meshshutdown.service
echo '[Install]' >> $rootdir/etc/systemd/system/meshshutdown.service
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/meshshutdown.service
chroot "$rootdir" systemctl enable meshshutdown
}
initialise_mesh() {
if [[ $VARIANT != "mesh"* ]]; then
return
@ -632,10 +685,14 @@ initialise_mesh() {
configure_firewall
install_avahi
install_batman
mesh_shutdown_script
install_vpn
install_tomb
#install_tahoelafs
#install_librevault
install_patchwork
mesh_install_scuttlebot
#install_ferment
install_ipfs
install_tox
install_web_server
@ -828,9 +885,16 @@ function configure_user_interface {
# USB cloning tool
chroot "$rootdir" apt-get -yq install gnome-multi-writer
# clipboard
chroot "$rootdir" apt-get -yq install xclip
# audio recording
chroot "$rootdir" apt-get -yq install audacity
# Produce a text file on the desktop listing users on the mesh
cat <<EOF > $rootdir/usr/bin/list-tox-users
#!/bin/bash
ethernet_connected=$(cat /sys/class/net/eth0/carrier)
users_list=\$(lstox | awk -F ' ' '{\$1=""; print \$0}' | sed -e 's/^[[:space:]]*//' | sort -d | uniq)
if [ ! \$users_list ]; then
no_of_users=0
@ -870,7 +934,8 @@ if [ \$no_of_users -gt 0 ]; then
echo 'Comment=A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB)' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Exec=bash /usr/bin/start_patchwork' >> /home/$MY_USERNAME/Desktop/social.desktop
echo "Icon=/etc/patchwork/icon_patchwork.png" >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'StartupNotify=true' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/social.desktop
chmod +x /home/$MY_USERNAME/Desktop/social.desktop
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/social.desktop
else
@ -879,6 +944,23 @@ if [ \$no_of_users -gt 0 ]; then
fi
fi
#if [ ! -f /home/$MY_USERNAME/Desktop/audio.desktop ]; then
# echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/audio.desktop
# echo 'Name=Audio/Music' >> /home/$MY_USERNAME/Desktop/audio.desktop
# echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/audio.desktop
# echo 'Comment=Audio publishing and streaming' >> /home/$MY_USERNAME/Desktop/audio.desktop
# echo 'Exec=bash /usr/bin/start_ferment' >> /home/$MY_USERNAME/Desktop/audio.desktop
# echo "Icon=/etc/patchwork/icon_ferment.png" >> /home/$MY_USERNAME/Desktop/audio.desktop
# echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/audio.desktop
# echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/audio.desktop
# chmod +x /home/$MY_USERNAME/Desktop/audio.desktop
# chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/audio.desktop
#else
# if grep -q "Offline" /home/$MY_USERNAME/Desktop/audio.desktop; then
# sed -i 's|Name=.*|Name=Audio/Music|g' /home/$MY_USERNAME/Desktop/audio.desktop
# fi
#fi
if [ -f /tmp/.ipfs-users ]; then
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/sites.desktop
echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/sites.desktop
@ -922,6 +1004,26 @@ if [ \$no_of_users -gt 0 ]; then
chmod +x /home/$MY_USERNAME/Desktop/tox.desktop
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/tox.desktop
fi
# If ethernet is connected then add the invite icon to help enable
# SSB nat traversal
if [[ "$ethernet_connected" != "0" ]]; then
if [ ! -f /home/$MY_USERNAME/Desktop/invite.desktop ]; then
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Version=1.0' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Name=Create Invite' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Comment=Create an invite for Patchwork or Ferment' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Exec=mate-terminal -e freedombone-mesh-invite' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Icon=/usr/share/freedombone/avatars/invite.png' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/invite.desktop
echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/invite.desktop
fi
else
if [ -f /home/$MY_USERNAME/Desktop/invite.desktop ]; then
rm /home/$MY_USERNAME/Desktop/invite.desktop
fi
fi
else
if [ -f /tmp/Users.txt ]; then
rm /tmp/Users.txt
@ -943,8 +1045,20 @@ else
sed -i 's|Name=.*|Name=Social (Offline)|g' /home/$MY_USERNAME/Desktop/social.desktop
fi
fi
#if [ -f /home/$MY_USERNAME/Desktop/audio.desktop ]; then
# if ! grep -q "Offline" /home/$MY_USERNAME/Desktop/audio.desktop; then
# sed -i 's|Name=.*|Name=Audio/Music (Offline)|g' /home/$MY_USERNAME/Desktop/audio.desktop
# fi
#fi
pkill qtox
fi
# If there is no ethernet then remove the invite icon
if [[ "$ethernet_connected" == "0" ]]; then
if [ -f /home/$MY_USERNAME/Desktop/invite.desktop ]; then
rm /home/$MY_USERNAME/Desktop/invite.desktop
fi
fi
fi
EOF
chroot "$rootdir" /bin/chown $MY_USERNAME:$MY_USERNAME /usr/bin/list-tox-users

7
src/freedombone-image-make
View File

@ -154,16 +154,11 @@ case "$MACHINE" in
extra_opts="\
--grub \
--roottype btrfs \
" ;;
meshclient)
extra_opts="\
--grub \
--roottype btrfs \
" ;;
all)
extra_opts="\
--grub \
--roottype btrfs \
--roottype ext4 \
" ;;
esac

268
src/freedombone-image-mesh
View File

@ -72,6 +72,19 @@ IPFS_PORT=4001
CURRENT_BLOG_INDEX=/home/$MY_USERNAME/.blog-index
OPENVPN_SERVER_NAME="server"
OPENVPN_KEY_FILENAME='client.ovpn'
VPN_COUNTRY_CODE="US"
VPN_AREA="Apparent Free Speech Zone"
VPN_LOCATION="Freedomville"
VPN_ORGANISATION="Freedombone"
VPN_UNIT="Freedombone Unit"
STUNNEL_PORT=3439
VPN_TLS_PORT=553
VPN_MESH_TLS_PORT=653
SCUTTLEBOT_PORT=8010
# Debian stretch has a problem where the formerly predictable wlan0 and eth0
# device names get assigned random names. This is a hacky workaround.
# Also adding net.ifnames=0 to kernel options on bootloader may work.
@ -280,6 +293,24 @@ function show_desktop_icons {
echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/new_identity.desktop
echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/social.desktop
echo 'Name=Social (Offline)' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Comment=A decentralized messaging and sharing app built on top of Secure Scuttlebutt (SSB)' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Exec=bash /usr/bin/start_patchwork' >> /home/$MY_USERNAME/Desktop/social.desktop
echo "Icon=/etc/patchwork/icon_patchwork.png" >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/social.desktop
echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/social.desktop
#echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/audio.desktop
#echo 'Name=Audio/Music (Offline)' >> /home/$MY_USERNAME/Desktop/audio.desktop
#echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/audio.desktop
#echo 'Comment=Audio publishing and streaming' >> /home/$MY_USERNAME/Desktop/audio.desktop
#echo 'Exec=bash /usr/bin/start_ferment' >> /home/$MY_USERNAME/Desktop/audio.desktop
#echo "Icon=/etc/patchwork/icon_ferment.png" >> /home/$MY_USERNAME/Desktop/audio.desktop
#echo 'Terminal=false' >> /home/$MY_USERNAME/Desktop/audio.desktop
#echo 'Categories=Application;' >> /home/$MY_USERNAME/Desktop/audio.desktop
# set permissions
chmod +x /home/$MY_USERNAME/Desktop/*.desktop
chown ${MY_USERNAME}:${MY_USERNAME} /home/$MY_USERNAME/Desktop/*
@ -554,6 +585,236 @@ function setup_tahoelafs {
echo $'Configured Tahoe-LAFS' >> $INSTALL_LOG
}
function create_user_vpn_key {
username=$1
if [ ! -d /home/$username ]; then
return
fi
echo $"Creating VPN key for $username" >> /var/log/${PROJECT_NAME}.log
cd /etc/openvpn/easy-rsa
if [ -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
rm /etc/openvpn/easy-rsa/keys/$username.crt
fi
if [ -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
rm /etc/openvpn/easy-rsa/keys/$username.key
fi
if [ -f /etc/openvpn/easy-rsa/keys/$username.csr ]; then
rm /etc/openvpn/easy-rsa/keys/$username.csr
fi
sed -i 's| --interact||g' build-key
./build-key "$username"
if [ ! -f /etc/openvpn/easy-rsa/keys/$username.crt ]; then
echo $'VPN user cert not generated' >> /var/log/${PROJECT_NAME}.log
exit 783528
fi
user_cert=$(cat /etc/openvpn/easy-rsa/keys/$username.crt)
if [ ${#user_cert} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/$username.crt
echo $'User cert generation failed' >> /var/log/${PROJECT_NAME}.log
exit 634659
fi
if [ ! -f /etc/openvpn/easy-rsa/keys/$username.key ]; then
echo $'VPN user key not generated'
exit 682523
fi
user_key=$(cat /etc/openvpn/easy-rsa/keys/$username.key)
if [ ${#user_key} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/$username.key
echo $'User key generation failed'
exit 285838
fi
user_vpn_cert_file=/home/$username/$OPENVPN_KEY_FILENAME
echo 'client' > $user_vpn_cert_file
echo 'dev tun' >> $user_vpn_cert_file
echo 'proto tcp' >> $user_vpn_cert_file
echo "remote localhost $STUNNEL_PORT" >> $user_vpn_cert_file
echo "route $DEFAULT_DOMAIN_NAME 255.255.255.255 net_gateway" >> $user_vpn_cert_file
echo 'resolv-retry infinite' >> $user_vpn_cert_file
echo 'nobind' >> $user_vpn_cert_file
echo 'tun-mtu 1500' >> $user_vpn_cert_file
echo 'tun-mtu-extra 32' >> $user_vpn_cert_file
echo 'mssfix 1450' >> $user_vpn_cert_file
echo 'persist-key' >> $user_vpn_cert_file
echo 'persist-tun' >> $user_vpn_cert_file
echo 'auth-nocache' >> $user_vpn_cert_file
echo 'remote-cert-tls server' >> $user_vpn_cert_file
echo 'comp-lzo' >> $user_vpn_cert_file
echo 'verb 3' >> $user_vpn_cert_file
echo '' >> $user_vpn_cert_file
echo '<ca>' >> $user_vpn_cert_file
cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
echo '</ca>' >> $user_vpn_cert_file
echo '<cert>' >> $user_vpn_cert_file
cat /etc/openvpn/easy-rsa/keys/$username.crt >> $user_vpn_cert_file
echo '</cert>' >> $user_vpn_cert_file
echo '<key>' >> $user_vpn_cert_file
cat /etc/openvpn/easy-rsa/keys/$username.key >> $user_vpn_cert_file
echo '</key>' >> $user_vpn_cert_file
chown $username:$username $user_vpn_cert_file
# keep a backup
cp $user_vpn_cert_file /etc/openvpn/easy-rsa/keys/$username.ovpn
#rm /etc/openvpn/easy-rsa/keys/$username.crt
#rm /etc/openvpn/easy-rsa/keys/$username.csr
shred -zu /etc/openvpn/easy-rsa/keys/$username.key
echo $"VPN key created at $user_vpn_cert_file" >> /var/log/${PROJECT_NAME}.log
}
function vpn_generate_keys {
# generate host keys
if [ ! -f /etc/openvpn/dh2048.pem ]; then
${PROJECT_NAME}-dhparam -o /etc/openvpn/dh2048.pem
fi
if [ ! -f /etc/openvpn/dh2048.pem ]; then
echo $'vpn dhparams were not generated' >> /var/log/${PROJECT_NAME}.log
exit 73724523
fi
cp /etc/openvpn/dh2048.pem /etc/openvpn/easy-rsa/keys/dh2048.pem
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
vpn_openssl_version='1.0.0'
if [ ! -f openssl-${vpn_openssl_version}.cnf ]; then
echo $"openssl-${vpn_openssl_version}.cnf was not found" >> /var/log/${PROJECT_NAME}.log
exit 7392353
fi
cp openssl-${vpn_openssl_version}.cnf openssl.cnf
if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
fi
if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key
fi
if [ -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr ]; then
rm /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.csr
fi
sed -i 's| --interact||g' build-key-server
sed -i 's| --interact||g' build-ca
./build-ca
./build-key-server ${OPENVPN_SERVER_NAME}
if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt ]; then
echo $'OpenVPN crt not found' >> /var/log/${PROJECT_NAME}.log
exit 7823352
fi
server_cert=$(cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt)
if [ ${#server_cert} -lt 10 ]; then
cat /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.crt
echo $'Server cert generation failed' >> /var/log/${PROJECT_NAME}.log
exit 3284682
fi
if [ ! -f /etc/openvpn/easy-rsa/keys/${OPENVPN_SERVER_NAME}.key ]; then
echo $'OpenVPN key not found' >> /var/log/${PROJECT_NAME}.log
exit 6839436
fi
if [ ! -f /etc/openvpn/easy-rsa/keys/ca.key ]; then
echo $'OpenVPN ca not found' >> /var/log/${PROJECT_NAME}.log
exit 7935203
fi
cp /etc/openvpn/easy-rsa/keys/{$OPENVPN_SERVER_NAME.crt,$OPENVPN_SERVER_NAME.key,ca.crt} /etc/openvpn
create_user_vpn_key ${MY_USERNAME}
}
function generate_stunnel_keys {
echo "Creating stunnel keys" >> /var/log/${PROJECT_NAME}.log
openssl req -x509 -nodes -days 3650 -sha256 \
-subj "/O=$VPN_ORGANISATION/OU=$VPN_UNIT/C=$VPN_COUNTRY_CODE/ST=$VPN_AREA/L=$VPN_LOCATION/CN=$HOSTNAME" \
-newkey rsa:2048 -keyout /etc/stunnel/key.pem \
-out /etc/stunnel/cert.pem
if [ ! -f /etc/stunnel/key.pem ]; then
echo $'stunnel key not created' >> /var/log/${PROJECT_NAME}.log
exit 793530
fi
if [ ! -f /etc/stunnel/cert.pem ]; then
echo $'stunnel cert not created' >> /var/log/${PROJECT_NAME}.log
exit 204587
fi
chmod 400 /etc/stunnel/key.pem
chmod 640 /etc/stunnel/cert.pem
cat /etc/stunnel/key.pem /etc/stunnel/cert.pem >> /etc/stunnel/stunnel.pem
chmod 640 /etc/stunnel/stunnel.pem
openssl pkcs12 -export -out /etc/stunnel/stunnel.p12 -inkey /etc/stunnel/key.pem -in /etc/stunnel/cert.pem -passout pass:
if [ ! -f /etc/stunnel/stunnel.p12 ]; then
echo $'stunnel pkcs12 not created' >> /var/log/${PROJECT_NAME}.log
exit 639353
fi
chmod 640 /etc/stunnel/stunnel.p12
cp /etc/stunnel/stunnel.pem /home/$MY_USERNAME/stunnel.pem
cp /etc/stunnel/stunnel.p12 /home/$MY_USERNAME/stunnel.p12
chown $MY_USERNAME:$MY_USERNAME $prefix$userhome/stunnel*
echo "stunnel keys created" >> /var/log/${PROJECT_NAME}.log
}
function mesh_setup_vpn {
vpn_generate_keys
cp /etc/stunnel/stunnel-client.conf /home/$MY_USERNAME/stunnel-client.conf
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/stunnel*
generate_stunnel_keys
sed -i 's|tun-mtu .*|tun-mtu 1532|g' /home/$MY_USERNAME/client.ovpn
systemctl restart openvpn
}
function initialise_scuttlebot_pub {
chown -R scuttlebot:scuttlebot /etc/scuttlebot
systemctl enable scuttlebot.service
systemctl daemon-reload
systemctl start scuttlebot.service
sleep 3
if [ ! -d /etc/scuttlebot/.ssb ]; then
echo $'Scuttlebot config not generated' >> /var/log/${PROJECT_NAME}.log
exit 73528
fi
echo '{' > /etc/scuttlebot/.ssb/config
echo " \"host\": \"${HOSTNAME}\"," >> /etc/scuttlebot/.ssb/config
echo " \"port\": ${SCUTTLEBOT_PORT}," >> /etc/scuttlebot/.ssb/config
echo ' "allowPrivate": true,' >> /etc/scuttlebot/.ssb/config
echo ' "timeout": 30000,' >> /etc/scuttlebot/.ssb/config
echo ' "pub": true,' >> /etc/scuttlebot/.ssb/config
echo ' "local": true,' >> /etc/scuttlebot/.ssb/config
echo ' "friends": {' >> /etc/scuttlebot/.ssb/config
echo ' "dunbar": 150,' >> /etc/scuttlebot/.ssb/config
echo ' "hops": 3' >> /etc/scuttlebot/.ssb/config
echo ' },' >> /etc/scuttlebot/.ssb/config
echo ' "gossip": {' >> /etc/scuttlebot/.ssb/config
echo ' "connections": 2' >> /etc/scuttlebot/.ssb/config
echo ' },' >> /etc/scuttlebot/.ssb/config
echo ' "master": [],' >> /etc/scuttlebot/.ssb/config
echo ' "logging": {' >> /etc/scuttlebot/.ssb/config
echo ' "level": "error"' >> /etc/scuttlebot/.ssb/config
echo ' }' >> /etc/scuttlebot/.ssb/config
echo '}' >> /etc/scuttlebot/.ssb/config
chown scuttlebot:scuttlebot /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot.service
}
# whether to reset the identity
set_new_identity=
if [ $2 ]; then
@ -594,6 +855,11 @@ if [ -f $MESH_INSTALL_SETUP ]; then
rm -rf /home/$MY_USERNAME/.ssb
fi
# Remove vpn keys
if [ -d /etc/openvpn/easy-rsa/keys ]; then
rm -rf /etc/openvpn/easy-rsa/keys/*
fi
echo $'Beginning mesh node setup' >> $INSTALL_LOG
if [ -d /home/$MY_USERNAME/.config ]; then
@ -610,6 +876,8 @@ if [ -f $MESH_INSTALL_SETUP ]; then
configure_toxcore
create_tox_user
#setup_tahoelafs
mesh_setup_vpn
initialise_scuttlebot_pub
setup_ipfs
mesh_amnesic
make_root_read_only

272
src/freedombone-mesh-batman
View File

@ -13,7 +13,7 @@
# License
# =======
#
# Copyright (C) 2015-2016 Bob Mottram <bob@freedombone.net>
# Copyright (C) 2015-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -30,7 +30,9 @@
PROJECT_NAME='freedombone'
COMPLETION_FILE=/root/${PROJECT_NAME}-completed.txt
HOTSPOT_PASSPHRASE='mesh'
# hotspot passphrase must be 5 characters or longer
HOTSPOT_PASSPHRASE="${PROJECT_NAME}"
source /usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-wifi
@ -94,6 +96,14 @@ if [ -e /etc/default/batctl ]; then
. /etc/default/batctl
fi
function get_ipv4_wlan {
echo $(ip -o -f inet addr show dev "$IFACE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
}
function mesh_hotspot_ip_address {
echo $(ip -o -f inet addr show dev "$BRIDGE" | awk '{print $4}' | awk 'END {print}' | awk -F '/' '{print $1}')
}
function global_rate_limit {
if ! grep -q "tcp_challenge_ack_limit" /etc/sysctl.conf; then
echo 'net.ipv4.tcp_challenge_ack_limit = 999999999' >> /etc/sysctl.conf
@ -114,16 +124,14 @@ function stop {
fi
if [ "$EIFACE" ]; then
brctl delif $BRIDGE bat0
brctl delif $BRIDGE $EIFACE
ifconfig $BRIDGE down || true
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
if [[ "$ethernet_connected" != "0" ]]; then
systemctl stop hostapd
brctl delif $BRIDGE $EIFACE
ifconfig $EIFACE down -promisc
fi
brctl delbr $BRIDGE
ifconfig $EIFACE down -promisc
fi
if [ $IFACE_SECONDARY ]; then
systemctl stop hostapd
brctl delif $BRIDGE_HOTSPOT bat0
ifconfig $BRIDGE_HOTSPOT down || true
brctl delbr $BRIDGE_HOTSPOT
fi
avahi-autoipd -k $BRIDGE
@ -131,11 +139,21 @@ function stop {
ifconfig bat0 down -promisc
batctl if del $IFACE
rmmod batman-adv
ifconfig $IFACE mtu 1500
ifconfig $IFACE down
iwconfig $IFACE mode managed
if [ $IFACE_SECONDARY ]; then
systemctl stop hostapd
systemctl disable hostapd
batctl if del $IFACE_SECONDARY
ifconfig $IFACE_SECONDARY mtu 1500
ifconfig $IFACE_SECONDARY down
iwconfig $IFACE_SECONDARY mode managed
fi
rmmod batman-adv
iptables -D INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $TRACKER_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport 80 -j ACCEPT
@ -155,9 +173,24 @@ function stop {
iptables -D INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
# SSB/Patchwork
# SSB/Scuttlebot/Patchwork
iptables -D INPUT -p udp --dport 8008 -j ACCEPT
iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
iptables -D INPUT -p udp --dport 8010 -j ACCEPT
iptables -D INPUT -p tcp --dport 8010 -j ACCEPT
# vpn over the internet
iptables -D INPUT -p tcp --dport 653 -j ACCEPT
iptables -D INPUT -p udp --dport 653 -j ACCEPT
iptables -D INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -D INPUT -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -D OUTPUT -o tun+ -j ACCEPT
echo 0 > /proc/sys/net/ipv4/ip_forward
sed -i 's|net.ipv4.ip_forward=.*|net.ipv4.ip_forward=0|g' /etc/sysctl.conf
systemctl restart network-manager
}
@ -188,7 +221,63 @@ function assign_peer_address {
fi
echo -n "${octet}"
done
echo ''
}
function add_wifi_interface {
ifname=$1
ifssid=$WIFI_SSID
if [ $2 ]; then
ifssid=$2
fi
ifmode=ad-hoc
if [ $3 ]; then
ifmode=$3
fi
ifchannel=$CHANNEL
if [ $4 ]; then
ifchannel=$4
fi
ifconfig $ifname down
ifconfig $ifname mtu 1532
peermac=$(assign_peer_address)
if [ ! $peermac ]; then
echo $"Unable to obtain MAC address for $peermac on $ifname"
return
fi
ifconfig $ifname hw ether $peermac
echo $"$ifname assigned MAC address $peermac"
iwconfig $ifname enc off
iwconfig $ifname mode $ifmode essid $ifssid channel $ifchannel
batctl if add $ifname
ifconfig $ifname up
}
function mesh_create_app_downloads_page {
if [ ! -d /root/$PROJECT_NAME/image_build/mesh_apps ]; then
return
fi
if [ ! -d /var/www/html ]; then
return
fi
cp /root/$PROJECT_NAME/website/EN/meshindex.html /var/www/html/index.html
if [ ! -f /var/www/html/ssb.apk ]; then
cp /root/$PROJECT_NAME/image_build/mesh_apps/ssb.apk /var/www/html/ssb.apk
fi
if [ ! -d /var/www/html/images ]; then
mkdir /var/www/html/images
fi
if [ ! -f /var/www/html/images/logo.png ]; then
cp /root/$PROJECT_NAME/img/logo.png /var/www/html/images/logo.png
fi
if [ ! -f /var/www/html/images/ssb.png ]; then
cp /root/$PROJECT_NAME/img/icon_patchwork.png /var/www/html/images/ssb.png
fi
if [ ! -f /var/www/html/freedombone.css ]; then
cp /root/$PROJECT_NAME/website/freedombone.css /var/www/html/freedombone.css
fi
chown -R www-data:www-data /var/www/html/*
}
function start {
@ -211,85 +300,69 @@ function start {
# Might have to re-enable wifi
rfkill unblock $(rfkill list|awk -F: "/phy/ {print $1}") || true
ifconfig $IFACE down
ifconfig $IFACE mtu 1532
ifconfig $IFACE hw ether $(assign_peer_address)
iwconfig $IFACE enc off
iwconfig $IFACE mode ad-hoc essid $WIFI_SSID channel $CHANNEL
sleep 1
iwconfig $IFACE ap $CELLID
modprobe batman-adv
batctl if add $IFACE
ifconfig $IFACE up
avahi-autoipd --force-bind --daemonize --wait $IFACE
ifconfig bat0 up promisc
#Use persistent HWAddr
ether_new=$(ifconfig eth0 | grep HWaddr | sed -e "s/.*HWaddr //")
if [ ! -f /var/lib/mesh-node/bat0 ]; then
mkdir /var/lib/mesh-node
echo "${ether_new}" > /var/lib/mesh-node/bat0
else
ether=$(cat /var/lib/mesh-node/bat0)
ifconfig bat0 hw ether ${ether}
fi
if [ "$EIFACE" ] ; then
brctl addbr $BRIDGE
brctl addif $BRIDGE bat0
brctl addif $BRIDGE $EIFACE
ifconfig bat0 0.0.0.0
ifconfig $EIFACE 0.0.0.0
ifconfig $EIFACE up promisc
ifconfig $BRIDGE up
avahi-autoipd --force-bind --daemonize --wait $BRIDGE
fi
secondary_wifi_available=
if [ $IFACE_SECONDARY ]; then
if [[ $IFACE != $IFACE_SECONDARY ]]; then
if [ -d /etc/hostapd ]; then
# bridge between mesh and wifi hotspot for mobile
HOTSPOT_NAME=$"${WIFI_SSID}-hotspot"
ifconfig $IFACE_SECONDARY down
ifconfig $IFACE_SECONDARY mtu 1500
ifconfig $IFACE_SECONDARY hw ether $(assign_peer_address)
iwconfig $IFACE_SECONDARY enc open
iwconfig $IFACE_SECONDARY mode managed essid $HOTSPOT_NAME channel ${HOTSPOT_CHANNEL}
iwconfig $IFACE_SECONDARY ap $CELLID
brctl addbr $BRIDGE_HOTSPOT
brctl addif $BRIDGE_HOTSPOT bat0
brctl addif $BRIDGE_HOTSPOT $IFACE_SECONDARY
ifconfig bat0 0.0.0.0
ifconfig $IFACE_SECONDARY 0.0.0.0
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
echo "bridge=${BRIDGE_HOTSPOT}" >> /etc/hostapd/hostapd.conf
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
echo "ssid=$HOTSPOT_NAME" >> /etc/hostapd/hostapd.conf
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
ifconfig $BRIDGE_HOTSPOT up
avahi-autoipd --force-bind --daemonize --wait $BRIDGE_HOTSPOT
ifconfig $IFACE_SECONDARY up promisc
#ifconfig $IFACE_SECONDARY auto-dhcp start
systemctl start hostapd
if [ ${#HOTSPOT_PASSPHRASE} -gt 4 ]; then
secondary_wifi_available=1
else
echo $'Hotspot passphrase is too short'
fi
fi
fi
fi
modprobe batman-adv
add_wifi_interface $IFACE $WIFI_SSID ad-hoc $CHANNEL
avahi-autoipd --force-bind --daemonize --wait $IFACE
# NOTE: Don't connect the secondary wifi device. hostapd will handle that by itself
ifconfig bat0 up promisc
brctl addbr $BRIDGE
brctl addif $BRIDGE bat0
ifconfig bat0 0.0.0.0
if [ "$EIFACE" ] ; then
ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
if [[ "$ethernet_connected" != "0" ]]; then
echo $'Trying ethernet bridge to the internet'
brctl addif $BRIDGE $EIFACE
ifconfig $EIFACE 0.0.0.0
ifconfig $EIFACE up promisc
echo $'End of ethernet bridge'
else
echo $"$EIFACE is not connected"
fi
fi
ifconfig $BRIDGE up
dhclient $BRIDGE
if [ $secondary_wifi_available ]; then
sed -i 's|#DAEMON_CONF=.*|DAEMON_CONF="/etc/hostapd/hostapd.conf"|g' /etc/default/hostapd
echo "interface=${IFACE_SECONDARY}" > /etc/hostapd/hostapd.conf
echo "bridge=${BRIDGE}" >> /etc/hostapd/hostapd.conf
echo 'driver=nl80211' >> /etc/hostapd/hostapd.conf
echo "country_code=UK" >> /etc/hostapd/hostapd.conf
echo "ssid=${WIFI_SSID}-$(mesh_hotspot_ip_address)" >> /etc/hostapd/hostapd.conf
echo 'hw_mode=g' >> /etc/hostapd/hostapd.conf
echo "channel=${HOTSPOT_CHANNEL}" >> /etc/hostapd/hostapd.conf
echo 'wpa=2' >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$HOTSPOT_PASSPHRASE" >> /etc/hostapd/hostapd.conf
echo 'wpa_key_mgmt=WPA-PSK' >> /etc/hostapd/hostapd.conf
echo 'wpa_pairwise=TKIP' >> /etc/hostapd/hostapd.conf
echo 'rsn_pairwise=CCMP' >> /etc/hostapd/hostapd.conf
echo 'auth_algs=1' >> /etc/hostapd/hostapd.conf
echo 'macaddr_acl=0' >> /etc/hostapd/hostapd.conf
systemctl enable hostapd
systemctl restart hostapd
mesh_create_app_downloads_page
fi
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT
@ -310,12 +383,39 @@ function start {
iptables -A INPUT -p tcp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
# SSB/Patchwork
# SSB/Scuttlebot/Patchwork
iptables -A INPUT -p udp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p udp --dport 8010 -j ACCEPT
iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
# vpn over the internet
iptables -A INPUT -p tcp --dport 653 -j ACCEPT
iptables -A INPUT -p udp --dport 653 -j ACCEPT
iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
iptables -A OUTPUT -o tun+ -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
systemctl restart avahi-daemon
if [ -f /etc/scuttlebot/.ssb/config ]; then
ethernet_connected=$(cat /sys/class/net/eth0/carrier)
if [[ "$ethernet_connected" != "0" ]]; then
sed -i "s|\"host\": .*|\"host\": \"$(get_ipv4_wlan)\",|g" /etc/scuttlebot/.ssb/config
systemctl restart scuttlebot
else
systemctl stop scuttlebot
fi
fi
verify
}

47
src/freedombone-mesh-invite Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Creates a scuttlebot invite for use with Ferment or Patchwork
#
# License
# =======
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-mesh-invite
export TEXTDOMAINDIR="/usr/share/locale"
invite=$(sudo -- bash -c 'su -c "sbot invite.create 1" - scuttlebot' | awk -F '"' '{print $2}')
if [ ${#invite} -lt 10 ]; then
dialog --title $"Create Invite" \
--msgbox $"\nThe invite could not be created" 7 70
exit 1
fi
echo "$invite" | xclip -selection c
dialog --title $"Create Invite" \
--msgbox $"\nThe invite has been copied to the clipboard.\n\nYou can paste it with CTRL+v" 9 70
exit 0

1
src/freedombone-mesh-reset
View File

@ -44,6 +44,7 @@ case $sel in
sudo pkill firefox
sudo pkill iceweasel
sudo pkill midori
sudo pkill patchwork
sudo rm -f $MESH_INSTALL_COMPLETED
sudo ${PROJECT_NAME}-image-mesh $USER new
sudo batman start

4
src/freedombone-utils-wifi
View File

@ -215,6 +215,10 @@ function update_wifi_adaptors {
IFACE=
IFACE_SECONDARY=
for i in $(seq 10 -1 0); do
ifdown --force wlan${i}
done
for i in $(seq 10 -1 0); do
if grep -q "wlan${i}" /proc/net/dev; then
if [ ! $IFACE ]; then

32
website/EN/app_vpn.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-09-27 Wed 17:58 -->
<!-- 2017-10-05 Thu 14:51 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -266,9 +266,9 @@ Using a Tor browser is another way to get around censorship, but there might be
On Freedombone the VPN is wrapped within a TLS layer of encryption, making it difficult for any deep packet inspection systems to know whether you are using a VPN or not. Since there is lots of TLS traffic on the internet your connection looks like any other TLS connection to a server, and this may help to avoid being censored. It's probably not possible for your local ISP to block TLS traffic without immediately generating a lot of irate customers, and stopping any kind of commercial activity.
</p>
<div id="outline-container-org778c839" class="outline-2">
<h2 id="org778c839">Installation</h2>
<div class="outline-text-2" id="text-org778c839">
<div id="outline-container-orgb96ecdd" class="outline-2">
<h2 id="orgb96ecdd">Installation</h2>
<div class="outline-text-2" id="text-orgb96ecdd">
<p>
ssh into the system with:
</p>
@ -288,9 +288,9 @@ Only use ports 443 or 80 for VPN as an <i>absolute last resort</i>, since doing
</div>
</div>
<div id="outline-container-org2cfcc49" class="outline-2">
<h2 id="org2cfcc49">Usage</h2>
<div class="outline-text-2" id="text-org2cfcc49">
<div id="outline-container-orgc55576d" class="outline-2">
<h2 id="orgc55576d">Usage</h2>
<div class="outline-text-2" id="text-orgc55576d">
<p>
When the installation is complete you can download your VPN keys and configuration files onto your local machine.
</p>
@ -306,7 +306,7 @@ You will need to ensure that the <i>openvpn</i> and <i>stunnel</i> packages are
</p>
<div class="org-src-container">
<pre class="src src-bash">sudp pacman -S openvpn stunnel4
<pre class="src src-bash">sudo pacman -S openvpn stunnel4
</pre>
</div>
@ -335,9 +335,9 @@ You should see a series of messages with "<i>Initialization Sequence Completed</
</div>
</div>
<div id="outline-container-orgc7282cd" class="outline-2">
<h2 id="orgc7282cd">Changing port number</h2>
<div class="outline-text-2" id="text-orgc7282cd">
<div id="outline-container-org8a983c5" class="outline-2">
<h2 id="org8a983c5">Changing port number</h2>
<div class="outline-text-2" id="text-org8a983c5">
<p>
Avoiding censorship can be a cat and mouse game, and so if the port you're using for VPN gets blocked then you may want to change it.
</p>
@ -348,16 +348,16 @@ Avoiding censorship can be a cat and mouse game, and so if the port you're using
</div>
<p>
Select <b>Administrator controls</b> then <b>App Settings</b> then <b>vpn</b>. Choose <b>Change TLS port</b> and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the <a href="#org2cfcc49">Usage</a> section above.
Select <b>Administrator controls</b> then <b>App Settings</b> then <b>vpn</b>. Choose <b>Change TLS port</b> and enter a new port value. You can then either manually change the port within your VPN configuration files, or download them again as described in the <a href="#orgc55576d">Usage</a> section above.
</p>
</div>
</div>
<div id="outline-container-orgbe4ddea" class="outline-2">
<h2 id="orgbe4ddea">Generating new keys</h2>
<div class="outline-text-2" id="text-orgbe4ddea">
<div id="outline-container-orgc802140" class="outline-2">
<h2 id="orgc802140">Generating new keys</h2>
<div class="outline-text-2" id="text-orgc802140">
<p>
It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the <b>Administrator controls</b> by going to <b>App Settings</b> then <b>vpn</b> then choosing <b>Regenerate keys for a user</b> and downloading the new keys as described in the <a href="#org2cfcc49">Usage</a> section above.
It's possible that your VPN keys might get lost or compromised on your local machine. If that happens you can generate new ones from the <b>Administrator controls</b> by going to <b>App Settings</b> then <b>vpn</b> then choosing <b>Regenerate keys for a user</b> and downloading the new keys as described in the <a href="#orgc55576d">Usage</a> section above.
</p>
</div>
</div>

4
website/EN/index.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-09-28 Thu 10:42 -->
<!-- 2017-10-05 Thu 13:21 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -280,7 +280,7 @@ If you have a single board ARM computer which isn't one of the officially suppor
</p>
<p>
Want to make a community mesh network which doesn't depend upon the internet? The <a href="./mesh.html">Freedombone Mesh</a> is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
Want to make a community mesh network which can either be fully autonomous or connected to the internet? The <a href="./mesh.html">Freedombone Mesh</a> is a wireless solution for networked communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised, or used as an infrastructural community service similar to <a href="https://en.wikipedia.org/wiki/Freifunk">Freifunk</a>.
</p>
<p>

212
website/EN/mesh.html
View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-09-23 Sat 21:46 -->
<!-- 2017-10-05 Thu 15:10 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
@ -274,13 +274,13 @@ for the JavaScript code in this tag.
</colgroup>
<tbody>
<tr>
<td class="org-left"><a href="#org802af98">What the system can do</a></td>
<td class="org-left"><a href="#orgb0dd1ad">What the system can do</a></td>
<td class="org-left">-</td>
<td class="org-left"><a href="#org38eda48">Disk Images</a></td>
<td class="org-left"><a href="#org2b727b3">Disk Images</a></td>
<td class="org-left">-</td>
<td class="org-left"><a href="#org0c3a295">Building Disk Images</a></td>
<td class="org-left"><a href="#org520845e">Building Disk Images</a></td>
<td class="org-left">-</td>
<td class="org-left"><a href="#org5f6418e">How to use it</a></td>
<td class="org-left"><a href="#org315aa35">How to use it</a></td>
</tr>
</tbody>
</table>
@ -292,11 +292,19 @@ for the JavaScript code in this tag.
</blockquote>
<p>
The Freedombone Mesh is a wireless solution for autonomous communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
The Freedombone Mesh is a wireless solution for autonomous or internet connected communication that can be rapidly deployed in temporary, emergency or post-disaster situations where internet access is unavailable or compromised.
</p>
<p>
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small business internal office communications, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies. The down side is that you can't access any internet content. The upside is that you can securely communicate with anyone on the local mesh. No ISPs. No payments or subscriptions beyond the cost of obtaining the hardware. Systems need to be within wifi range of each other for the mesh to be created. It can be an ultra-convenient way to do purely local communications.
Mesh networks are useful as a quick way to make a fully decentralised communications system which is not connected to or reliant upon the internet. Think festivals, hacker conferences, onboard ships at sea, disaster/war zones, small businesses who don't want the overhead of server maintenance, protests, remote areas of the world, temporary "digital blackouts", scientific expeditions and off-world space colonies.
</p>
<p>
If an internet connection is available then it can make use of that, but otherwise it can still work regardless of whether the internet exists. So it's not dependent upon ISPs and additional infrastructure other than USB drives isn't required.
</p>
<p>
Systems only need to be within wifi range of each other for the mesh to be created, so it can be an very convenient way to create a local communications network.
</p>
<p>
@ -316,18 +324,20 @@ The Freedombone mesh roughly follows MondoNet's ten social specifications:
<li><b>Evolvable</b>: The network should be built with future development in mind. The platform should be flexible enough to support technologies, protocols and modes of usage that have not yet been developed.</li>
</ul>
<div id="outline-container-org802af98" class="outline-2">
<h2 id="org802af98">What the system can do</h2>
<div class="outline-text-2" id="text-org802af98">
<div id="outline-container-orgb0dd1ad" class="outline-2">
<h2 id="orgb0dd1ad">What the system can do</h2>
<div class="outline-text-2" id="text-orgb0dd1ad">
<ul class="org-ul">
<li>Discovery of other users on the network</li>
<li>Text based chat, one-to-one and in groups</li>
<li>Voice chat (VoIP)</li>
<li>Voice chat (VoIP) and video calls</li>
<li>Private and public sharing of files</li>
<li>Blogging</li>
<li>Creating and broadcasting audio media/podcasts</li>
<li>Social network stream. Follow/unfollow other peers</li>
<li>No network administration required</li>
<li>No servers, internet connection or cabling is needed</li>
<li>No servers</li>
<li>Internet connection is optional</li>
<li>Works from bootable USB drives or microSD drives</li>
<li>Data is mesh routed between systems</li>
<li>Private communications is end-to-end secured and forward secret</li>
@ -335,18 +345,18 @@ The Freedombone mesh roughly follows MondoNet's ten social specifications:
</ul>
<p>
This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
This system should be quite scalable. Both qTox and IPFS are based upon distributed hash tables (DHT) so that each peer does not need to store the full index of data for the entire network. Gossiping between SSB peers may be slower, but the <a href="https://en.wikipedia.org/wiki/Small-world_network">small world effect</a> will presumably still make for quite efficient delivery in a large network. Caching or pinning of IPFS data and its content addressability means that if a file or blog becomes popular then performance should improve as the number of downloads increases, which is the opposite of the client/server paradigm.
</p>
</div>
</div>
<div id="outline-container-org38eda48" class="outline-2">
<h2 id="org38eda48">Disk Images</h2>
<div class="outline-text-2" id="text-org38eda48">
<div id="outline-container-org2b727b3" class="outline-2">
<h2 id="org2b727b3">Disk Images</h2>
<div class="outline-text-2" id="text-org2b727b3">
</div>
<div id="outline-container-org2291a28" class="outline-3">
<h3 id="org2291a28">Writing many images quickly</h3>
<div class="outline-text-3" id="text-org2291a28">
<div id="outline-container-org4dcc4ac" class="outline-3">
<h3 id="org4dcc4ac">Writing many images quickly</h3>
<div class="outline-text-3" id="text-org4dcc4ac">
<p>
There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the <b>dd</b> command is used for writing to the target drive, but to write to multiple drives you can use a tool such as <a href="https://wiki.gnome.org/Apps/MultiWriter">GNOME MultiWriter</a>.
</p>
@ -374,9 +384,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca
</p>
</div>
</div>
<div id="outline-container-orgd0546b8" class="outline-3">
<h3 id="orgd0546b8">Client images</h3>
<div class="outline-text-3" id="text-orgd0546b8">
<div id="outline-container-orgd331956" class="outline-3">
<h3 id="orgd331956">Client images</h3>
<div class="outline-text-3" id="text-orgd331956">
<div class="org-center">
<div class="figure">
@ -425,16 +435,16 @@ sudo dd <span class="org-variable-name">bs</span>=1M <span class="org-variable-n
</div>
</div>
<div id="outline-container-orgefe9dc5" class="outline-3">
<h3 id="orgefe9dc5">Router images</h3>
<div class="outline-text-3" id="text-orgefe9dc5">
<div id="outline-container-org513ddc4" class="outline-3">
<h3 id="org513ddc4">Router images</h3>
<div class="outline-text-3" id="text-org513ddc4">
<p>
Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.
</p>
</div>
<div id="outline-container-org2f4e6c1" class="outline-4">
<h4 id="org2f4e6c1">Beaglebone Black</h4>
<div class="outline-text-4" id="text-org2f4e6c1">
<div id="outline-container-orgfa33a6f" class="outline-4">
<h4 id="orgfa33a6f">Beaglebone Black</h4>
<div class="outline-text-4" id="text-orgfa33a6f">
<div class="org-center">
<div class="figure">
@ -471,9 +481,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
</div>
</div>
<div id="outline-container-org0c3a295" class="outline-2">
<h2 id="org0c3a295">Building Disk Images</h2>
<div class="outline-text-2" id="text-org0c3a295">
<div id="outline-container-org520845e" class="outline-2">
<h2 id="org520845e">Building Disk Images</h2>
<div class="outline-text-2" id="text-org520845e">
<p>
It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.
</p>
@ -561,9 +571,9 @@ The resulting image can be copied to a microSD card, inserted into a Beaglebone
</div>
</div>
<div id="outline-container-orgdbfa9a8" class="outline-2">
<h2 id="orgdbfa9a8">Customisation</h2>
<div class="outline-text-2" id="text-orgdbfa9a8">
<div id="outline-container-org138c835" class="outline-2">
<h2 id="org138c835">Customisation</h2>
<div class="outline-text-2" id="text-org138c835">
<p>
If you want to make your own specially branded version, such as for a particular event, then to change the default desktop backgrounds edit the images within <b>img/backgrounds</b> and to change the available avatars and desktop icons edit the images within <b>img/avatars</b>. Re-create disk images using the instructions shown previously.
</p>
@ -573,9 +583,9 @@ If you need particular <i>dconf</i> commands to alter desktop appearance or beha
</p>
</div>
</div>
<div id="outline-container-org5f6418e" class="outline-2">
<h2 id="org5f6418e">How to use it</h2>
<div class="outline-text-2" id="text-org5f6418e">
<div id="outline-container-org315aa35" class="outline-2">
<h2 id="org315aa35">How to use it</h2>
<div class="outline-text-2" id="text-org315aa35">
<p>
When you first boot from the USB drive the system will create some encryption keys, assign a unique network address to the system and then reboot itself. When that's done you should see a prompt asking for a username. This username just makes it easy for others to initially find you on the mesh and will appear in the list of users.
</p>
@ -585,9 +595,9 @@ After a minute or two if you are within wifi range and there is at least one oth
</p>
</div>
<div id="outline-container-org6f259f7" class="outline-3">
<h3 id="org6f259f7">Boot trouble</h3>
<div class="outline-text-3" id="text-org6f259f7">
<div id="outline-container-org1b3364a" class="outline-3">
<h3 id="org1b3364a">Boot trouble</h3>
<div class="outline-text-3" id="text-org1b3364a">
<p>
If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
</p>
@ -597,9 +607,9 @@ After the system has booted successfully the problem should resolve itself on su
</p>
</div>
</div>
<div id="outline-container-org32ab229" class="outline-3">
<h3 id="org32ab229">Set the Date</h3>
<div class="outline-text-3" id="text-org32ab229">
<div id="outline-container-orgde8506a" class="outline-3">
<h3 id="orgde8506a">Set the Date</h3>
<div class="outline-text-3" id="text-orgde8506a">
<p>
On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.
</p>
@ -609,9 +619,9 @@ On the ordinary internet the date and time of your system would be set automatic
</p>
</div>
</div>
<div id="outline-container-org0a0c31f" class="outline-3">
<h3 id="org0a0c31f">Check network status</h3>
<div class="outline-text-3" id="text-org0a0c31f">
<div id="outline-container-orgc819dda" class="outline-3">
<h3 id="orgc819dda">Check network status</h3>
<div class="outline-text-3" id="text-orgc819dda">
<p>
Unlike with ordinary wifi, on the mesh you don't get a signal strength icon and so it's not simple to see if you have a good connection.
</p>
@ -634,10 +644,96 @@ When you are finished close the window and then select the <i>Network Restart</i
</p>
</div>
</div>
<div id="outline-container-org41bb113" class="outline-3">
<h3 id="org41bb113">Connecting to the internet</h3>
<div class="outline-text-3" id="text-org41bb113">
<p>
If you need to be able to access the internet from the mesh then connect one of the peers to an internet router using an ethernet cable, then reboot it. Other peers in the mesh, including any attached mobile devices, will then be able to access the internet using the ethernet attached peer as a gateway. <a href="https://en.wikipedia.org/wiki/Freifunk">Freifunk</a> works in a similar way.
</p>
<div id="outline-container-org334d737" class="outline-3">
<h3 id="org334d737">Chat System</h3>
<div class="outline-text-3" id="text-org334d737">
<p>
After connecting one peer to the internet you may need to reboot other peers in order to update their network configurations.
</p>
<p>
If for legal reasons you need to connect to the internet via a VPN then openvpn is preinstalled and you can run the command:
</p>
<div class="org-src-container">
<pre class="src src-bash">sudo openvpn myclient.ovpn
</pre>
</div>
<p>
Where <i>myclient.ovpn</i> comes from your VPN provider and with the password "<i>freedombone</i>".
</p>
</div>
</div>
<div id="outline-container-orgcffa0dd" class="outline-3">
<h3 id="orgcffa0dd">Connecting two meshes over the internet via a VPN tunnel</h3>
<div class="outline-text-3" id="text-orgcffa0dd">
<p>
Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. VPN configuration, pem and stunnel files exist within the home directory. Edit the configuration with:
</p>
<div class="org-src-container">
<pre class="src src-bash">nano ~/client.ovpn
</pre>
</div>
<p>
Edit the IP address or domain for the mesh that you wish to connect to within the <i>route</i> command:
</p>
<div class="org-src-container">
<pre class="src src-bash">route [mesh IP or domain] 255.255.255.255 net_gateway
</pre>
</div>
<p>
Then you can connect to the other mesh with:
</p>
<div class="org-src-container">
<pre class="src src-bash"><span class="org-builtin">cd</span> /home/fbone
sudo stunnel stunnel-client.conf
sudo openvpn client.ovpn
</pre>
</div>
<p>
Using the password "<i>freedombone</i>". From a deep packet inspection point of view the traffic going over the internet will just look like any other TLS connection to a server.
</p>
</div>
</div>
<div id="outline-container-org0071e68" class="outline-3">
<h3 id="org0071e68">Mobile devices (phones, etc)</h3>
<div class="outline-text-3" id="text-org0071e68">
<p>
To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "<i>mesh-192.168.1.83</i>").
</p>
<p>
On a typical Android device go to <b>Settings</b> then <b>Security</b> and ensure that <b>Unknown sources</b> is enabled. Also within <b>Wifi</b> from the <b>Settings</b> screen select the mesh hotspot. The password is "<i>freedombone</i>". Open a non-Tor browser and navigate to the IP address showing in the hotspot name. You can then download and install mesh apps.
</p>
<div class="org-center">
<div class="figure">
<p><img src="images/mesh_mobileapps.jpg" alt="mesh_mobileapps.jpg" />
</p>
</div>
</div>
<p>
On some android devices you may need to move the downloaded APK file from the <b>Downloads</b> directory to your <b>home</b> directory before you can install it.
</p>
</div>
</div>
<div id="outline-container-org15ce109" class="outline-3">
<h3 id="org15ce109">Chat System</h3>
<div class="outline-text-3" id="text-org15ce109">
<p>
Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the <i>Chat</i> and <i>Other Users</i> icons appear. Select the users icon and you should see a list of users on the mesh. Select the <i>Chat</i> icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then copy and paste in a Tox ID from the users list.
</p>
@ -696,9 +792,9 @@ At present video doesn't work reliably, but text and voice chat do work well.
</div>
</div>
<div id="outline-container-org2195683" class="outline-3">
<h3 id="org2195683">Social Network</h3>
<div class="outline-text-3" id="text-org2195683">
<div id="outline-container-org9f229f4" class="outline-3">
<h3 id="org9f229f4">Social Network</h3>
<div class="outline-text-3" id="text-org9f229f4">
<p>
Patchwork is available as a social networking system for the mesh. Like all social network systems it has a stream of posts and you can follow or unfollow other users. You can also send private messages to other users with end-to-end encryption.
</p>
@ -733,9 +829,9 @@ The Secure Scuttlebutt protocol which Patchwork is based upon is intended to be
</div>
</div>
<div id="outline-container-org41de3cc" class="outline-3">
<h3 id="org41de3cc">Sharing Files</h3>
<div class="outline-text-3" id="text-org41de3cc">
<div id="outline-container-org31fc0a9" class="outline-3">
<h3 id="org31fc0a9">Sharing Files</h3>
<div class="outline-text-3" id="text-org31fc0a9">
<p>
You can make files publicly available on the network simply by dragging and dropping them into the <i>Public</i> folder on the desktop. To view the files belonging to another user select the desktop icon called <i>Visit a site</i> and enter the username or Tox ID of the other user.
</p>
@ -750,9 +846,9 @@ You can make files publicly available on the network simply by dragging and drop
</div>
</div>
<div id="outline-container-org534896d" class="outline-3">
<h3 id="org534896d">Blogging</h3>
<div class="outline-text-3" id="text-org534896d">
<div id="outline-container-org5a54e47" class="outline-3">
<h3 id="org5a54e47">Blogging</h3>
<div class="outline-text-3" id="text-org5a54e47">
<p>
To create a blog post select the <i>Blog</i> icon on the desktop and then use the up and down cursor keys, space bar and enter key to add a new entry. Edit the title of the entry and add your text. You can also include photos if you wish - just copy them to the <b>CreateBlog/content/images</b> directory and then link to them as shown.
</p>

289
website/EN/meshindex.html Normal file
View File

@ -0,0 +1,289 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2017-10-05 Thu 11:44 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>&lrm;</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Bob Mottram" />
<meta name="description" content="Download apps for use on the mesh"
/>
<meta name="keywords" content="mesh, freedombone, apps" />
<style type="text/css">
<!--/*--><![CDATA[/*><!--*/
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #ccc;
box-shadow: 3px 3px 3px #eee;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: visible;
padding-top: 1.2em;
}
pre.src:before {
display: none;
position: absolute;
background-color: white;
top: -10px;
right: 10px;
padding: 3px;
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<link rel="stylesheet" type="text/css" href="freedombone.css" />
<script type="text/javascript">
/*
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2017 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
@licend The above is the entire license notice
for the JavaScript code in this tag.
*/
<!--/*--><![CDATA[/*><!--*/
function CodeHighlightOn(elem, id)
{
var target = document.getElementById(id);
if(null != target) {
elem.cacheClassElem = elem.className;
elem.cacheClassTarget = target.className;
target.className = "code-highlighted";
elem.className = "code-highlighted";
}
}
function CodeHighlightOff(elem, id)
{
var target = document.getElementById(id);
if(elem.cacheClassElem)
elem.className = elem.cacheClassElem;
if(elem.cacheClassTarget)
target.className = elem.cacheClassTarget;
}
/*]]>*///-->
</script>
</head>
<body>
<div id="preamble" class="status">
<a name="top" id="top"></a>
</div>
<div id="content">
<div class="org-center">
<div class="figure">
<p><img src="images/logo.png" alt="logo.png" />
</p>
</div>
</div>
<center>
<h3>Welcome to the Freedombone Mesh</h3>
</center>
<p>
The following apps are available:
</p>
<center>
<table style="width:80%; border:0">
<tr>
<td><center><b><a href="ssb.apk"><img src="images/ssb.png"/></a></b><br><a href="ssb.apk">Secure Scuttlebutt</a></center></td>
<td><center><b><h3></h3></b><br></center></td>
</tr>
</table>
</center>
</div>
<div id="postamble" class="status">
<style type="text/css">
.back-to-top {
position: fixed;
bottom: 2em;
right: 0px;
text-decoration: none;
color: #000000;
background-color: rgba(235, 235, 235, 0.80);
font-size: 12px;
padding: 1em;
display: none;
}
.back-to-top:hover {
background-color: rgba(135, 135, 135, 0.50);
}
</style>
<div class="back-to-top">
<a href="#top">Back to top</a> | <a href="mailto:bob@freedombone.net">E-mail me</a>
</div>
</div>
</body>
</html>