mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Development

Browse source
This commit is contained in:
Matthew Grotke 2026-05-21 03:58:17 -04:00
parent 622cf7960f
commit 3bd98f0c90
2 changed files with 9 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -1,6 +1,6 @@
# Routlin # Routlin
A collection of Python scripts that transform an existing Linux server (with at least two Ethernet NICs) into a fully featured home router, eliminating the need for a separate router appliance. A collection of Python scripts that transform an existing Linux server (with at least two Ethernet NICs) into a fully-featured enterprise-grade router, eliminating the need for a separate router appliance.
## Why Replace Your Router? ## Why Replace Your Router?
@ -14,7 +14,7 @@ Consumer and prosumer router appliances are constrained by OEM firmware. Securit
## Summary ## Summary
These scripts do not run continuously in the background. They install and facilitate the configuration of battle-hardened software (`dnsmasq` for DHCP and DNS, `nftables` for firewall and NAT, `chrony` for NTP, `freeradius` for RADIUS, `avahi` for mDNS discovery, and `wireguard` for VPN) using JSON files that you edit. The scripts also install systemd timers to run periodic activities: updating the DNS blocklist(s) of your choice (default once per day), and optionally checking if your external IP address changed (default every 5 mins) and if so, updating a DDNS provider. These scripts do not run continuously in the background. They install and facilitate the configuration of battle-hardened software (`dnsmasq` for DHCP and DNS, `nftables` for firewall and NAT, `chrony` for NTP, `freeradius` for RADIUS, `avahi` for mDNS discovery, and `wireguard` for VPN) using JSON files that you edit. A fully-featured, easy-to-use web management dashboard is included for users who prefer not to edit JSON directly.
--- ---
@ -22,7 +22,7 @@ These scripts do not run continuously in the background. They install and facili
The suite is organized into three independent but complementary scripts, each managing one layer of the stack: The suite is organized into three independent but complementary scripts, each managing one layer of the stack:
### Core: DHCP, DNS, Blocklists, Firewall, RADIUS, and mDNS (`core.py`) ### Core: DHCP, DNS, Blocklists, Firewall, RADIUS, mDNS, and WireGuard VPN (`core.py`)
- Configures VLAN sub-interfaces via `systemd-networkd` - Configures VLAN sub-interfaces via `systemd-networkd`
- Assigns static or dynamic DHCP reservations by MAC address and hostname - Assigns static or dynamic DHCP reservations by MAC address and hostname
@ -47,15 +47,8 @@ The suite is organized into three independent but complementary scripts, each ma
- Generates FreeRADIUS `clients.conf` and `users` files from `core.json` reservations, enabling dynamic VLAN assignment via MAC Authentication Bypass (MAB) for both wired (802.1X) and wireless clients - Generates FreeRADIUS `clients.conf` and `users` files from `core.json` reservations, enabling dynamic VLAN assignment via MAC Authentication Bypass (MAB) for both wired (802.1X) and wireless clients
- Manages a `.radius-secret` shared secret file (generated automatically on first `--apply` if RADIUS is enabled) - Manages a `.radius-secret` shared secret file (generated automatically on first `--apply` if RADIUS is enabled)
- Configures `avahi-daemon` as an mDNS reflector to forward service discovery announcements (AirPrint, AirPlay, Chromecast, etc.) across VLANs - Configures `avahi-daemon` as an mDNS reflector to forward service discovery announcements (AirPrint, AirPlay, Chromecast, etc.) across VLANs
- Supports any number of WireGuard VPN interfaces (`is_vpn: true` VLANs); generates the server keypair on first apply, writes the server conf to `/etc/wireguard/`, and brings the interface up with `wg-quick`; subsequent applies sync peer changes live without restarting the interface
### Optional: WireGuard VPN (managed by `core.py` and the dashboard) - Supports per-peer split-tunnel (VPN subnet only) or full-tunnel (all traffic) routing; peer data is stored directly in `core.json`
- Supports any number of WireGuard interfaces defined in `core.json` (any VLAN with `is_vpn: true`)
- `core.py --apply` generates the server keypair on first run, writes the server conf to `/etc/wireguard/`, and brings the interface up with `wg-quick`. Subsequent applies sync peer changes live without restarting the interface
- Peer management is done through the Routlin Dashboard: add a peer, set its IP and tunnel mode, and the dashboard generates and downloads the ready-to-import client `.conf` file immediately - the private key is never stored
- Peer data (name, IP, public key, enabled state) is stored directly in `core.json` alongside the rest of the network config
- Supports per-peer choice of split-tunnel (VPN subnet only) or full-tunnel (all traffic) routing
- Reports active peer connections, handshake times, and RX/TX byte counts on the dashboard VPN view
### Optional: DDNS (`ddns.py`) ### Optional: DDNS (`ddns.py`)

7
routlin/core.py
View file

@ -3128,9 +3128,10 @@ def cmd_apply(data, dry_run=False):
install_timer(data) install_timer(data)
print() print()
print("Dashboard timer =====================================================") if DASHB_QUEUE_FILE.exists():
install_dashboard_timer() print("Dashboard timer =====================================================")
print() install_dashboard_timer()
print()
print("Boot service ========================================================") print("Boot service ========================================================")
install_nat_service() install_nat_service()