From 3bd98f0c9004d39c073eb320f0b9e3ba6c587431 Mon Sep 17 00:00:00 2001 From: Matthew Grotke Date: Thu, 21 May 2026 03:58:17 -0400 Subject: [PATCH] Development --- README.md | 17 +++++------------ routlin/core.py | 7 ++++--- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 1058790..48af05c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Routlin -A collection of Python scripts that transform an existing Linux server (with at least two Ethernet NICs) into a fully featured home router, eliminating the need for a separate router appliance. +A collection of Python scripts that transform an existing Linux server (with at least two Ethernet NICs) into a fully-featured enterprise-grade router, eliminating the need for a separate router appliance. ## Why Replace Your Router? @@ -14,7 +14,7 @@ Consumer and prosumer router appliances are constrained by OEM firmware. Securit ## Summary -These scripts do not run continuously in the background. They install and facilitate the configuration of battle-hardened software (`dnsmasq` for DHCP and DNS, `nftables` for firewall and NAT, `chrony` for NTP, `freeradius` for RADIUS, `avahi` for mDNS discovery, and `wireguard` for VPN) using JSON files that you edit. The scripts also install systemd timers to run periodic activities: updating the DNS blocklist(s) of your choice (default once per day), and optionally checking if your external IP address changed (default every 5 mins) and if so, updating a DDNS provider. +These scripts do not run continuously in the background. They install and facilitate the configuration of battle-hardened software (`dnsmasq` for DHCP and DNS, `nftables` for firewall and NAT, `chrony` for NTP, `freeradius` for RADIUS, `avahi` for mDNS discovery, and `wireguard` for VPN) using JSON files that you edit. A fully-featured, easy-to-use web management dashboard is included for users who prefer not to edit JSON directly. --- @@ -22,7 +22,7 @@ These scripts do not run continuously in the background. They install and facili The suite is organized into three independent but complementary scripts, each managing one layer of the stack: -### Core: DHCP, DNS, Blocklists, Firewall, RADIUS, and mDNS (`core.py`) +### Core: DHCP, DNS, Blocklists, Firewall, RADIUS, mDNS, and WireGuard VPN (`core.py`) - Configures VLAN sub-interfaces via `systemd-networkd` - Assigns static or dynamic DHCP reservations by MAC address and hostname @@ -47,15 +47,8 @@ The suite is organized into three independent but complementary scripts, each ma - Generates FreeRADIUS `clients.conf` and `users` files from `core.json` reservations, enabling dynamic VLAN assignment via MAC Authentication Bypass (MAB) for both wired (802.1X) and wireless clients - Manages a `.radius-secret` shared secret file (generated automatically on first `--apply` if RADIUS is enabled) - Configures `avahi-daemon` as an mDNS reflector to forward service discovery announcements (AirPrint, AirPlay, Chromecast, etc.) across VLANs - -### Optional: WireGuard VPN (managed by `core.py` and the dashboard) - -- Supports any number of WireGuard interfaces defined in `core.json` (any VLAN with `is_vpn: true`) -- `core.py --apply` generates the server keypair on first run, writes the server conf to `/etc/wireguard/`, and brings the interface up with `wg-quick`. Subsequent applies sync peer changes live without restarting the interface -- Peer management is done through the Routlin Dashboard: add a peer, set its IP and tunnel mode, and the dashboard generates and downloads the ready-to-import client `.conf` file immediately - the private key is never stored -- Peer data (name, IP, public key, enabled state) is stored directly in `core.json` alongside the rest of the network config -- Supports per-peer choice of split-tunnel (VPN subnet only) or full-tunnel (all traffic) routing -- Reports active peer connections, handshake times, and RX/TX byte counts on the dashboard VPN view +- Supports any number of WireGuard VPN interfaces (`is_vpn: true` VLANs); generates the server keypair on first apply, writes the server conf to `/etc/wireguard/`, and brings the interface up with `wg-quick`; subsequent applies sync peer changes live without restarting the interface +- Supports per-peer split-tunnel (VPN subnet only) or full-tunnel (all traffic) routing; peer data is stored directly in `core.json` ### Optional: DDNS (`ddns.py`) diff --git a/routlin/core.py b/routlin/core.py index 9bad2ef..34e1211 100644 --- a/routlin/core.py +++ b/routlin/core.py @@ -3128,9 +3128,10 @@ def cmd_apply(data, dry_run=False): install_timer(data) print() - print("Dashboard timer =====================================================") - install_dashboard_timer() - print() + if DASHB_QUEUE_FILE.exists(): + print("Dashboard timer =====================================================") + install_dashboard_timer() + print() print("Boot service ========================================================") install_nat_service()