Torbox mini integration into TorBox v.0.5.4 ALPHA

This integration should reduce the complexity for further TorBox development
radio24 · Mar 26, 2024 · be1324c · be1324c
2 parents aad4329 + f35f2ae
commit be1324c
Show file tree

Hide file tree

Showing 28 changed files with 1,755 additions and 53 deletions.
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ TorBox is ideal for providing additional protection for the entire data stream a
 2. Transfer the downloaded image file on an [SD Card](https://en.wikipedia.org/wiki/Secure_Digital), for example, with [Etcher](https://www.balena.io/etcher/). TorBox needs at least an 8 GB SD Card.
 3. Put the SD Card into your Raspberry Pi, link it with an Internet router using an Ethernet cable, or place an USB WiFi adapter in one of the USB ports to use an existing WiFi. Afterwards, start the Raspberry Pi. During the start, the system on the SD card automatically expands over the entire free partition – user interaction, screen, and peripherals are not required yet.
 4. After 2-3 minutes, when the green LED stops to flicker, connect your client to the new WiFi “**TorBox053**” (password: **CHANGE-IT**).
-5. Login to the TorBox by using a [SSH client](https://www.torbox.ch/?page_id=112#how-can-i-access-the-torbox-menu) (**192.168.42.1** on a WiFi client, **192.168.43.1** on a cable client or **192.168.44.1** when connected via VPN) or a web browser (http://192.168.42.1 on a WiFi client, http://192.168.43.1 on a cable client or http://192.168.44.1 when connected via VPN; username: **torbox** / password: **CHANGE-IT**).
+5. Login to the TorBox by using a [SSH client](https://www.torbox.ch/?page_id=112#how-can-i-access-the-torbox-menu) (**192.168.42.1** on a WiFi client, **192.168.43.1** on a cable client or **192.168.44.1** when connected via VPN or if you use a Raspberry Pi Zero 2 W as a RNDIS/Ethernet Gadget) or a web browser (http://192.168.42.1 on a WiFi client, http://192.168.43.1 on a cable client or http://192.168.44.1 when connected via VPN; username: **torbox** / password: **CHANGE-IT**).
 6. After [seeing a welcome screen and answering some initial questions during the first start-up](https://www.torbox.ch/?page_id=2637), you should see the [TorBox Main Menu](https://www.torbox.ch/?page_id=775). Immediately, you should **change the default passwords** (the associated entries are placed in the [configuration sub-menu](https://www.torbox.ch/?page_id=875).
 
 At least a **Raspberry Pi 3 [Model B+](https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/)** or a **[Raspberry Pi 4 Model B](https://www.raspberrypi.org/products/raspberry-pi-4-model-b/)** is recommended. TorBox should also work on a new **[Raspberry Pi 5](https://www.raspberrypi.com/news/introducing-raspberry-pi-5/)**, but we couldn't verify this yet. However, we offer also [installation script for other systems](https://www.torbox.ch/?page_id=1168), which might run on older (32bit) or other hardware platforms.

diff --git a/bin/hostapd_fallback_komplex_part_1 b/bin/hostapd_fallback_komplex_part_1
@@ -38,6 +38,10 @@
 # wlan1 entries in the configuration fails and substitutet them with wlan0.
 #
 #
+# EXCEPTION: don't run on TorBox mini (will replace /etc/network/interfaces) --> asuming that we don't have clients on the wifi
+RUNFILE="/home/torbox/torbox/run/torbox.run"
+if grep "^TORBOX_MINI=1" ${RUNFILE} ; then exit; fi
+
 ##### SET VARIABLES ######
 
 #Other variables

diff --git a/bin/set_interfaces_2 b/bin/set_interfaces_2
@@ -41,7 +41,8 @@
 # eth1  -> 	The device is connected with a cable (USB ethernet adapter).
 # wlan0 -> 	The device is connected via wireless network (onboard chip)
 # wlan1 -> 	The device is connected via wireless network (USB wlan adapter)
-# tun1  ->  The device is a VPN client and connected with TorBox's VPN server
+# tun1  ->  The device is a VPN client and connected with TorBox's VPN server (only <incoming interface 3>)
+# usb0  ->  The TorBox is a RNDIS/Ethernet Gadget (TorBox mini, only <incoming interface 3>)
 #
 # Both, <incoming interface 1> and <incoming interface 2>, have to be set.
 # If <incoming interface 1> is not used, the default should be "wlan0".

diff --git a/bin/set_interfaces_3 b/bin/set_interfaces_3
@@ -76,11 +76,23 @@ read_config()
 	if [ "$NUMBER_OF_WORD" == "1" ]; then
 		I_DEVICE1=$CLIENT_IFACE
 		if [ "$INTERNET_IFACE" == "eth0" ]; then I_DEVICE2="eth1"; else I_DEVICE2="eth0"; fi
-		I_DEVICE3="tun1"
+		if grep "^TORBOX_MINI=0" ${RUNFILE} ; then
+			I_DEVICE3="usb0"
+		else
+			I_DEVICE3="tun1"
+		fi
+	elif [ "$NUMBER_OF_WORD" == "2" ]; then
+		I_DEVICE1=$(cut -d ' ' -f1 <<< $CLIENT_IFACE)
+		I_DEVICE2=$(cut -d ' ' -f1 <<< $CLIENT_IFACE)
+		if grep "^TORBOX_MINI=0" ${RUNFILE} ; then
+			I_DEVICE3="usb0"
+		else
+			I_DEVICE3="tun1"
+		fi
 	else
 		I_DEVICE1=$(cut -d ' ' -f1 <<< $CLIENT_IFACE)
-		I_DEVICE2=$(cut -d ' ' -f2 <<< $CLIENT_IFACE)
-		I_DEVICE3="tun1"
+		I_DEVICE2=$(cut -d ' ' -f1 <<< $CLIENT_IFACE)
+		I_DEVICE3=$(cut -d ' ' -f1 <<< $CLIENT_IFACE)
 	fi
 }
 

diff --git a/etc/default/isc-dhcp-server b/etc/default/isc-dhcp-server
@@ -18,5 +18,5 @@
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 
 # Changed by TorBox
-INTERFACESv4="wlan0 wlan1 eth0 eth1"
+INTERFACESv4="wlan0 wlan1 eth0 eth1 usb0"
 INTERFACESv6=""
diff --git a/etc/dhcp/dhcpd-mini.conf b/etc/dhcp/dhcpd-mini.conf
@@ -0,0 +1,30 @@
+# This configuration file was modified by TorBox
+
+default-lease-time 600;
+max-lease-time 7200;
+ddns-update-style none;
+authoritative;
+
+subnet 192.168.42.0 netmask 255.255.255.0 {
+range 192.168.42.10 192.168.42.19;
+option broadcast-address 192.168.42.255;
+option routers 192.168.42.1;
+option domain-name "local";
+option domain-name-servers 192.168.42.1;
+}
+
+subnet 192.168.43.0 netmask 255.255.255.0 {
+range 192.168.43.10 192.168.43.19;
+option broadcast-address 192.168.43.255;
+option routers 192.168.43.1;
+option domain-name "local";
+option domain-name-servers 192.168.43.1;
+}
+
+subnet 192.168.44.0 netmask 255.255.255.0 {
+range 192.168.44.10 192.168.44.19;
+option broadcast-address 192.168.44.255;
+option routers 192.168.44.1;
+option domain-name "local";
+option domain-name-servers 192.168.44.1;
+}
diff --git a/etc/iptables.ipv4-mini.nat b/etc/iptables.ipv4-mini.nat
@@ -0,0 +1,59 @@
+# Generated by iptables-save v1.8.7 on Sun Dec 24 13:26:09 2023
+*filter
+:INPUT DROP [30:6628]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [3859:3275084]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -m state --state INVALID -j DROP
+-A INPUT ! -s 192.168.0.0/16 -i wlan0 -j LOG --log-prefix "SPOOFED PKT "
+-A INPUT ! -s 192.168.0.0/16 -i eth1 -j LOG --log-prefix "SPOOFED PKT "
+-A INPUT ! -s 192.168.0.0/16 -i usb0 -j LOG --log-prefix "SPOOFED PKT "
+-A INPUT ! -s 192.168.0.0/16 -i wlan0 -j DROP
+-A INPUT ! -s 192.168.0.0/16 -i eth1 -j DROP
+-A INPUT ! -s 192.168.0.0/16 -i usb0 -j DROP
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i wlan0 -j ACCEPT
+-A INPUT -i eth1 -j ACCEPT
+-A INPUT -i usb0 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
+-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
+-A FORWARD -m state --state INVALID -j DROP
+-A FORWARD -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A FORWARD -p icmp -m icmp --icmp-type 0 -j ACCEPT
+-A OUTPUT -m conntrack --ctstate INVALID -j DROP
+-A OUTPUT -m state --state INVALID -j DROP
+-A OUTPUT ! -s 127.0.0.1/32 ! -d 127.0.0.1/32 ! -o lo -p tcp -m tcp --tcp-flags RST,ACK RST,ACK -j DROP
+COMMIT
+# Completed on Sun Dec 24 13:26:09 2023
+# Generated by iptables-save v1.8.7 on Sun Dec 24 13:26:09 2023
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -d 192.168.42.1/32 -i wlan0 -p tcp -j REDIRECT
+-A PREROUTING -d 192.168.43.1/32 -i eth1 -p tcp -j REDIRECT
+-A PREROUTING -d 192.168.44.1/32 -i usb0 -p tcp -j REDIRECT
+-A PREROUTING -d 10.192.0.0/10 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
+-A PREROUTING -p tcp -m tcp --dport 80 -j LOG --log-prefix "HTTP-REQUEST TCP " --log-tcp-options --log-ip-options
+-A PREROUTING -p udp -m udp --dport 80 -j LOG --log-prefix "HTTP-REQUEST UDP " --log-ip-options
+-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 0.0.0.0
+-A PREROUTING -p udp -m udp --dport 80 -j DNAT --to-destination 0.0.0.0
+-A PREROUTING -i wlan0 -p tcp -j REDIRECT --to-ports 9040
+-A PREROUTING -i eth1 -p tcp -j REDIRECT --to-ports 9040
+-A PREROUTING -i usb0 -p tcp -j REDIRECT --to-ports 9040
+-A PREROUTING -i wlan0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053
+-A PREROUTING -i eth1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053
+-A PREROUTING -i usb0 -p udp -m udp --dport 53 -j REDIRECT --to-ports 9053
+-A PREROUTING -i wlan0 -p udp -j REDIRECT --to-ports 9040
+-A PREROUTING -i eth1 -p udp -j REDIRECT --to-ports 9040
+-A PREROUTING -i usb0 -p udp -j REDIRECT --to-ports 9040
+-A PREROUTING -i usb0 -j LOG --log-prefix "FALLEN THROUGH PREROUTING "
+-A PREROUTING -i eth1 -j LOG --log-prefix "FALLEN THROUGH PREROUTING "
+-A PREROUTING -i usb0 -j LOG --log-prefix "FALLEN THROUGH PREROUTING "
+-A POSTROUTING -o eth0 -j MASQUERADE
+COMMIT
+# Completed on Thu Jul  6 09:15:23 2023
diff --git a/etc/network/interfaces b/etc/network/interfaces
@@ -2,7 +2,7 @@
 
 # interfaces(5) file used by ifup(8) and ifdown(8)
 # Include files from /etc/network/interfaces.d:
-#source-directory /etc/network/interfaces.d
+# source-directory /etc/network/interfaces.d
 
 auto lo
 auto eth0

diff --git a/etc/network/interfaces.mini b/etc/network/interfaces.mini
@@ -0,0 +1,21 @@
+# This configuration file was modified by TorBox
+
+# interfaces(5) file used by ifup(8) and ifdown(8)
+# Include files from /etc/network/interfaces.d:
+# source-directory /etc/network/interfaces.d
+
+auto lo
+auto wlan0
+auto usb0
+
+allow-hotplug usb0
+
+iface wlan0 inet dhcp
+
+iface usb0 inet static
+  address 192.168.44.1
+  netmask 255.255.255.0
+
+iface usb0 inet6 auto
+
+wireless-power off
diff --git a/etc/network/interfaces.wlan0eth0 b/etc/network/interfaces.wlan0eth0
@@ -2,7 +2,7 @@
 
 # interfaces(5) file used by ifup(8) and ifdown(8)
 # Include files from /etc/network/interfaces.d:
-#source-directory /etc/network/interfaces.d
+# source-directory /etc/network/interfaces.d
 
 auto lo
 auto eth1

diff --git a/etc/network/interfaces.wlan0eth1 b/etc/network/interfaces.wlan0eth1
@@ -2,7 +2,7 @@
 
 # interfaces(5) file used by ifup(8) and ifdown(8)
 # Include files from /etc/network/interfaces.d:
-#source-directory /etc/network/interfaces.d
+# source-directory /etc/network/interfaces.d
 
 auto lo
 auto eth0

diff --git a/etc/network/interfaces.wlan1eth0 b/etc/network/interfaces.wlan1eth0
@@ -4,7 +4,7 @@
 
 # interfaces(5) file used by ifup(8) and ifdown(8)
 # Include files from /etc/network/interfaces.d:
-#source-directory /etc/network/interfaces.d
+# source-directory /etc/network/interfaces.d
 
 auto lo
 auto eth1