Development
This commit is contained in:
parent
622cf7960f
commit
3bd98f0c90
2 changed files with 9 additions and 15 deletions
17
README.md
17
README.md
|
|
@ -1,6 +1,6 @@
|
|||
# Routlin
|
||||
|
||||
A collection of Python scripts that transform an existing Linux server (with at least two Ethernet NICs) into a fully featured home router, eliminating the need for a separate router appliance.
|
||||
A collection of Python scripts that transform an existing Linux server (with at least two Ethernet NICs) into a fully-featured enterprise-grade router, eliminating the need for a separate router appliance.
|
||||
|
||||
## Why Replace Your Router?
|
||||
|
||||
|
|
@ -14,7 +14,7 @@ Consumer and prosumer router appliances are constrained by OEM firmware. Securit
|
|||
|
||||
## Summary
|
||||
|
||||
These scripts do not run continuously in the background. They install and facilitate the configuration of battle-hardened software (`dnsmasq` for DHCP and DNS, `nftables` for firewall and NAT, `chrony` for NTP, `freeradius` for RADIUS, `avahi` for mDNS discovery, and `wireguard` for VPN) using JSON files that you edit. The scripts also install systemd timers to run periodic activities: updating the DNS blocklist(s) of your choice (default once per day), and optionally checking if your external IP address changed (default every 5 mins) and if so, updating a DDNS provider.
|
||||
These scripts do not run continuously in the background. They install and facilitate the configuration of battle-hardened software (`dnsmasq` for DHCP and DNS, `nftables` for firewall and NAT, `chrony` for NTP, `freeradius` for RADIUS, `avahi` for mDNS discovery, and `wireguard` for VPN) using JSON files that you edit. A fully-featured, easy-to-use web management dashboard is included for users who prefer not to edit JSON directly.
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -22,7 +22,7 @@ These scripts do not run continuously in the background. They install and facili
|
|||
|
||||
The suite is organized into three independent but complementary scripts, each managing one layer of the stack:
|
||||
|
||||
### Core: DHCP, DNS, Blocklists, Firewall, RADIUS, and mDNS (`core.py`)
|
||||
### Core: DHCP, DNS, Blocklists, Firewall, RADIUS, mDNS, and WireGuard VPN (`core.py`)
|
||||
|
||||
- Configures VLAN sub-interfaces via `systemd-networkd`
|
||||
- Assigns static or dynamic DHCP reservations by MAC address and hostname
|
||||
|
|
@ -47,15 +47,8 @@ The suite is organized into three independent but complementary scripts, each ma
|
|||
- Generates FreeRADIUS `clients.conf` and `users` files from `core.json` reservations, enabling dynamic VLAN assignment via MAC Authentication Bypass (MAB) for both wired (802.1X) and wireless clients
|
||||
- Manages a `.radius-secret` shared secret file (generated automatically on first `--apply` if RADIUS is enabled)
|
||||
- Configures `avahi-daemon` as an mDNS reflector to forward service discovery announcements (AirPrint, AirPlay, Chromecast, etc.) across VLANs
|
||||
|
||||
### Optional: WireGuard VPN (managed by `core.py` and the dashboard)
|
||||
|
||||
- Supports any number of WireGuard interfaces defined in `core.json` (any VLAN with `is_vpn: true`)
|
||||
- `core.py --apply` generates the server keypair on first run, writes the server conf to `/etc/wireguard/`, and brings the interface up with `wg-quick`. Subsequent applies sync peer changes live without restarting the interface
|
||||
- Peer management is done through the Routlin Dashboard: add a peer, set its IP and tunnel mode, and the dashboard generates and downloads the ready-to-import client `.conf` file immediately - the private key is never stored
|
||||
- Peer data (name, IP, public key, enabled state) is stored directly in `core.json` alongside the rest of the network config
|
||||
- Supports per-peer choice of split-tunnel (VPN subnet only) or full-tunnel (all traffic) routing
|
||||
- Reports active peer connections, handshake times, and RX/TX byte counts on the dashboard VPN view
|
||||
- Supports any number of WireGuard VPN interfaces (`is_vpn: true` VLANs); generates the server keypair on first apply, writes the server conf to `/etc/wireguard/`, and brings the interface up with `wg-quick`; subsequent applies sync peer changes live without restarting the interface
|
||||
- Supports per-peer split-tunnel (VPN subnet only) or full-tunnel (all traffic) routing; peer data is stored directly in `core.json`
|
||||
|
||||
### Optional: DDNS (`ddns.py`)
|
||||
|
||||
|
|
|
|||
|
|
@ -3128,9 +3128,10 @@ def cmd_apply(data, dry_run=False):
|
|||
install_timer(data)
|
||||
print()
|
||||
|
||||
print("Dashboard timer =====================================================")
|
||||
install_dashboard_timer()
|
||||
print()
|
||||
if DASHB_QUEUE_FILE.exists():
|
||||
print("Dashboard timer =====================================================")
|
||||
install_dashboard_timer()
|
||||
print()
|
||||
|
||||
print("Boot service ========================================================")
|
||||
install_nat_service()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue