Note: examples on this page may be outdated, we now describe new features in WiBSD handbook only. Please look there for actual and complete information.
Below you can find some usefull HOWTOs. In case you cannot find HOWTO what are you looking for or you have any problem with some HOWTO please contact us via WiBSD mailing list.
WiBSD configuration is in one single file which is located at /etc/rc.conf so if you want to make your configuration you have to change only this file. It's easy configuration, easy backup and easy recover after any failure or upgrade.
/etc/rc.conf is physically placed in compact flash which is usually in read/only mode. You have to use command rwremount to change compact flash to read/write mode. The command roremount changes compact flash back to read/only mode.
In more details the configuration is merged from three config files. These files are:
/etc/defaults/rc.conf
/etc/defaults/wibsd.conf
/etc/rc.conf
You can find default settings of WiBSD (with helpfull comments) in files /etc/defaults/rc.conf, /etc/defaults/wibsd.conf and by changing /etc/rc.conf rewrite some variables to your values and make your particular configuration.
Configure in /etc/rc.conf something like:
make_accounts_users="wibsd root toor"
make_accounts_user_wibsd_password_hash='$1$onw74atP$xqaOmtLIjAxN4SYG4Ntkh1'
make_accounts_user_root_password_hash='$1$j/kvXYrq$J7huLPiw6/tM/BZPLDvH90'
make_accounts_user_toor_password_hash='$1$j/kvXYrq$J7huLPiw6/tM/BZPLDvH90'
make_accounts_user_toor_shell="/usr/local/bin/bash"
See more details in file /etc/defaults/wibsd.conf
Install WiBSD and configure rc.conf like:
hostname="YOUR_HOSTNAME"
ifconfig_sis0="inet a.b.c.d/MASK" #WAN interface with IP and mask from your ISP
ifconfig_sis1="inet 192.168.0.1/24"
resolv_conf_nameservers="YOUR_PRIMARY_NAMESERVER YOUR_SECONDARY_NAMESERVER"
resolv_conf_search="YOUR_SEARCH_DOMAIN"
natd_interface="sis0"
natd_enable="YES"
dhcpd_enable="YES"
dhcpd_ifaces="sis1"
dhcpd_domain_name="YOUR_DOMAIN_FOR_LAN"
dhcpd_domain_name_servers="NAMESERVER_1_FOR_WORKSTATIONS,NAMESERVER_2_FOR_WORKSTATIONS"
dhcpd_subnet_sis1_address="192.168.0.0"
dhcpd_subnet_sis1_netmask="255.255.255.0"
dhcpd_subnet_sis1_gateway="192.168.0.1"
dhcpd_subnet_sis1_range_start="192.168.0.100"
dhcpd_subnet_sis1_range_end="192.168.0.200"
fw_private_client_blocks="192.168.0.0/24"
Note: WiBSD 2.x only
Install WiBSD and configure rc.conf like:
hostname="YOUR_HOSTNAME"
resolv_conf_nameservers="YOUR_PRIMARY_NAMESERVER YOUR_SECONDARY_NAMESERVER"
resolv_conf_search="YOUR_SEARCH_DOMAIN"
natd_interface="tun0"
fw_wan_interface="tun0"
ppp_conf_enable="YES"
ppp_conf_include_default_section="YES"
ppp_conf_sections="cdma"
ppp_conf_section_cdma_sets="log speed device phone authname authkey timeout"
ppp_conf_section_cdma_set_log=""
ppp_conf_section_cdma_set_speed="921600"
ppp_conf_section_cdma_set_device="/dev/ucom0"
ppp_conf_section_cdma_set_phone="\"#777\""
ppp_conf_section_cdma_set_authname="YOUR_PASSWORD"
ppp_conf_section_cdma_set_authkey="YOUR_USERNAME"
ppp_conf_section_cdma_set_timeout="0"
ppp_conf_section_cdma_disables="ipv6 dns"
ppp_conf_section_cdma_routes="default"
ppp_conf_section_cdma_route_default="default HISADDR"
ppp_wdog_enable="YES"
crontab_lines="$crontab_lines ppp"
crontab_line_ppp_comment="PPP/natd wdog for CDMA"
crontab_line_ppp="*/1 * * * * root /usr/local/bin/wdog_ppp.sh -nr cdma >/dev/null"
The new Eurotel's AnyDATA modem is also supported, but changes to configuration are needed, look at WiBSD handbook for more information.
And now you can look at Setting up a router with NAT HOWTO.
Add to rc.conf this:
dhcpd_enable="YES"
dhcpd_ifaces="sis1"
dhcpd_domain_name="YOUR_DOMAIN_FOR_LAN"
dhcpd_domain_name_servers="NAMESERVER_1_FOR_WORKSTATIONS,NAMESERVER_2_FOR_WORKSTATIONS"
dhcpd_subnet_sis1_address="192.168.0.0"
dhcpd_subnet_sis1_netmask="255.255.255.0"
dhcpd_subnet_sis1_gateway="192.168.0.1"
dhcpd_subnet_sis1_range_start="192.168.0.100"
dhcpd_subnet_sis1_range_end="192.168.0.200"
#
# use this to define static entries
dhcpd_max_static_hosts="2"
# HOST 1
dhcpd_host_1_hostname="HOST1"
dhcpd_host_1_hw="00:0f:b0:03:de:1f"
dhcpd_host_1_ip="192.168.0.10"
# HOST2
dhcpd_host_2_hostname="HOST2"
dhcpd_host_2_hw="00:50:fc:44:2a:83"
dhcpd_host_2_ip="192.168.1.12"
Note: This configuration style is obsolete, consult WiBSD handbook for actual information.
Please look to WiBSD handbook for info about this feature.
WiBSD now supports shared-network for dhcpd, ie. more different networks on one interface using one section in dhcpd.conf. Is it useful if you want for example on interface wi0 offer address 10.0.99.0/24 for unknown clients and address 10.0.98.0/24 for clients based on mac address.
First define subnets names in dhcpd_subnets. If you leave this variable empty, dhcpd_ifaces will be used (for backward compatability). For each subnet, you have to define its interface, and if there are more subnets for one interface, they will be given in one shared-network section. If you do not define interface, subnet name will be taken as interface (for backward compatability).
You don't have to create range for all subnets in one shared network, if you do not create it, no address from that subnet will be offered to client. The main point is that you can create static address mapping from that subnet based on client mac address.
Dhcp server will then be started on all interfaces you have defined subnets on.
example:
dhcpd_subnets="7 13"
# 7
dhcpd_subnet_7_address="10.0.99.0"
dhcpd_subnet_7_netmask="255.255.255.0"
dhcpd_subnet_7_gateway="10.0.99.1"
dhcpd_subnet_7_range_start="10.0.99.100"
dhcpd_subnet_7_range_end="10.0.99.200"
dhcpd_subnet_7_iface="wi0"
#
# 13
dhcpd_subnet_13_address="10.0.98.0"
dhcpd_subnet_13_netmask="255.255.255.0"
dhcpd_subnet_13_gateway="10.0.98.1"
dhcpd_subnet_13_iface="wi0"
#
dhcpd_host_dynamic1_hostname="user1"
dhcpd_host_dynamic1_hw="00:11:24:a0:1c:59"
dhcpd_host_dynamic1_ip="10.0.98.50"
#
Add to rc.conf this:
net_snmpd_enable="YES"
net_snmpd_rocommunity="YOUR_COMMUNITY_PASSWORD"
net_snmpd_rocommunity_permit_from="YOUR_IP_FROM_WHERE_YOU_RUN_SNMP_CLIENT"
net_snmpd_disks="$net_snmpd_disks flash"
net_snmpd_disk_flash="/mnt/flashcard 55%"
On the other side of VPN link:
openvpn_enable="YES"
openvpn_daemon="YES"
openvpn_secret_key="-----BEGIN OpenVPN Static key V1-----
2bfa2a8f969af3439f0134c301538b87
94a68c9d2dd9237964c9ae6e9c34c4d4
0123befbc05985cdea31d75f721ce754
58b0057260cfe28a0d65926c1d44b23d
2d3fa71ff658c5b32ba4c803a5885520
bafc2af6fe70f485f5e1bfb6a9ae84c3
42cbe4f16227c3dfcace44bcf2963f9c
c94efb22d3de2862957c1df154199cf1
4756d86d850d7e56df3db7c86886e787
a00745d9e6046cf7dfb011b9944ef20c
048a18b091b24b93944fdc5dfba4dd8d
871ed8dddc709e54a3d749b150f62f95
32e348283874afcc4fed1ba07d6a3c5b
846cf1d709d20ddd75fc6ddc40cecf2e
6ee31fd4af8f2bf9b74906ee4610dbae
ce70de62d4f09286e14f6ff4e86bdc97
-----END OpenVPN Static key V1-----"
# if you are using tun0 for CDMA you have to define openvpn_dev="tun1"
openvpn_dev="tun"
openvpn_remote="VPN1_HOST"
openvpn_ifconfig="10.99.9.2 10.99.9.1"
openvpn_port="5001"
openvpn_proto="udp"
openvpn_route_delay="2"
openvpn_route_gateway="10.99.9.1"
openvpn_verb="5"
openvpn_keepalive="10 120"
openvpn_tun_mtu="1255"
# other static routes
openvpn_route="10.85.9.0 255.255.255.0"
openvpn_route="10.85.8.0 255.255.255.0"
This HOWTO will guide you through the creation of Certification Authority, generation of server certificate, client certificate and then OpenVPN configuration on both sides so that at the end we will have a working OpenVPN link between those two boxes.
On the server (or concentrator), prepare for certificates/keys generation. This will initialize some needed variables for you:
. /etc/defaults/wibsd.conf
. /etc/rc.conf
cd $openvpn_x_easy_rsa_root
. ./vars
clean all possible rubish and create a pub-key pair for the certification authority:
./clean-all # be VERY VERY CAREFULL; if you do it after CA
# creation, you can delete ALL YOUR CERFITICATES
./build-ca
then create a pair for the server and DH pair:
./build-key-server server
./build-dh # on soekris 45xx it takes about 15 minutes
and then generate a client's certificate/key pair:
./build-key some_fully_qualified_hostname
add this to your /etc/rc.conf file:
openvpn_enable="YES"
# this is IP range for PTP links that will be created for each
# client. You can set it as you like, eg. "192.168.10.0 255.255.255.0"
openvpn_server="10.254.0.0 255.255.0.0"
openvpn_dev="tun"
openvpn_proto="udp"
openvpn_user="root"
openvpn_group="wheel"
# we route the whole 10.0.0.0/8 network because we use some
# 10's C loppbacks that are behind the PTP links. For
# basic functionality you don't even need that.
openvpn_route="10.0.0.0 255.0.0.0"
Now you have to save all the keys and certificates into the rc.conf. Those files will be then created during the OpenVPN startup. You have to set the location of the files using regular OpenVPN's options and then you must define the content of the files using auxiliary "_x_" variables. See the example server's configuration.
If you want to internally route some particular IP block
(must be part of the block from openvpn_route
variable of course) to the specific client (OpenVPN 2.0 uses
just one tun interface for all VPN connections, so some
kind of internal routing must exist here), you set Client
Config Dir; some_fully_qualified_hostname is the one
mentioned above during the client's pair creation.
openvpn_x_ccd_clients="xxx"
openvpn_x_ccd_client_xxx="some_fully_qualified_hostname"
openvpn_x_ccd_client_xxx="10.10.12.0 255.255.255.0"
The configuration above creates a special file in (by
default) /usr/local/etc/openvpn/ccd directory.
Now set the OpenVPN configuration on the client's side:
openvpn_enable="YES"
openvpn_client="YES"
openvpn_dev="tun"
openvpn_remote="YOUR_SERVER_IP" # set this to the correct IP of the VPN concentrator (server)
openvpn_nobind="YES"
openvpn_proto="udp"
openvpn_user="root"
openvpn_group="wheel"
openvpn_ns_cert_type="server" # DON'T FORGET TO INCLUDE THIS
As on server's side, you must include a certificate for the
Certification Authority (this certificate is used to verify,
that server is what it claims to be) and then certificate and
the key of the client. See the real part of client's
rc.conf.
Start the VPN daemon on the server's side:
/usr/local/etc/rc.d/75.openvpn.sh start
Start the VPN daemon on the client's side:
/usr/local/etc/rc.d/75.openvpn.sh start
And see the tail of If you did correctly, you should ping from the one end to
the other. Note that you cannot ping exactly the opposite
side, you must use server's IP if sittion on client and
client's IP if sitting on the server. So this is how it
looks like on the server's side:
And this is how it looks like on the client's side:
First create certification authority, server certificate and secret key as shown above and save them in rc.conf. (clients do not need certificates, but server does)
Please note openvpn_config_delimiter variable. Sometimes in real config file, there should be two lines with the same variable name but different value. It is not possible to accomplish in standard way in rc.conf, you need to use one variable name and delimiter as is shown in example bellow.
Then configure rc.conf link this:
and append configuration for users/passwords
You only have to copy public certificate of certification authority to check you are connecting to right server
userpass file contains only two lines, first your username and second your password
up and down directives are paths to files to run after start / before exit. We use them for setting up DNS servers. It is not neccesary to define this.
Client configuration file should look like this:
Substitue IP_OF_REMOTE_VPN_SERVER by real ip. Correct path to certificate of certification authority and to userpass file.
Download TunnelBlick package, which containts openvpn for Mac OS X binary, GUI and tun/tap driver and install it.
Configuration file is the same as for FreeBSD, but if you use precompiled binaries, there is no support for reading username and password from file, so you have to substitute this line
by this
and system will ask for username and password when connecting to OpenVPN server
Download OpenVPN binary from www.openvpn.net. There is also grafical user interface for windows here. Install it and create file vpn.ovpn in config directory (usually c:\program files\openvpn\config). It is the same config file as for FreeBSD but remove up and down lines, log-append, status and daemon lines. Correct all paths to files you have in your computer (especially path to certificate of certification authority).
Since OpenVPN is not able to set up dns servers on other systems than Windows, you have to use "up" and "down" scripts, which are run after start and before exit. They can look like this:
up.sh
down.sh
Install WiBSD and configure rc.conf like that:
On client's side, create And then you can connect to the server via PPTP (you must have
pptpclient installed; see
We prepared some local scripts which check if some services are running.
You can configure it to crontab to run those scripts periodicaly.
To enable srmgmt_watchdog To enable temporary pipes when login portal is not accessible General settings
Caching only nameserver
Primary nameserver for domain
first enter symbolic names for zones you want to configure in bind9_zones and their domains in _domain variables
set necessary SOA record, some variables uses adequate defaults if empty
in bind9_zone_?_records insert some symbolic name for each record you want to have
and for each name from _records create its settings
In rc.conf set up tftp server address, files to backup and directory on server where to put our files
save_config script can called manually after every change or just add it to crontab on right place
Rememeber that many tftp servers doesn't allow clients to create files and directories, therefore they must exist and have right privileges before the first backuping
There is the system called dashboard which allows (in conjuction with srmgmt) to manage users accessing internet through your router
NOTE: It is necessary to have smart router management sw running on your box
If you want to use this, you have to define a few important variables:
Enable this feature by srmgmt_enable="YES" and sr_ap_usermgmt_enable="YES"
sr_ap_usermgmt_multilogin says, that user cannot log in more than ones (ie. if he tries, he will be stoped on old address and access will be allowed only from new address). Setting "NO" to multilogin variable says, that user can log in as many times as he want and from any address.
sr_ap_usermgmt_page_ext_url is address of web page that will be shown on the same page as login page (usually description of your AP or some warning or anything).
You have to setup where is login page/script stored.
We already cooked dashboard.cgi in WiBSD which build a login page
from rc.conf variables described bellow. e.f.g.h is IP address of local
system (for ex. 10.0.99.1).
(See variables with prefix sr_ap_usermgmt_page_)
Next, you have to define user names and passwords, maximal bandwidth and idle time as in following example
There is no possibility for users after successfull login to log out. You can solve it with periodically calling dashboard_idle.sh script to remove users with greater idle time than defined in rc.conf. Crontab can be used for this:
There are many other variables, especially for defining how the page will look like. Feel free to change them as you like. You can use HTML also.
/var/log/messages if
everything is ok. You can manually check
/usr/local/etc/openvpn directory and check if all
certificates/keys are properly generated. On server's side
only, you can check /usr/local/etc/openvpn/ccd
directory if you configured CCD.
Checking the connection
root@server.site.prg:~# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.254.0.1 --> 10.254.0.2 netmask 0xffffffff
Opened by PID 893
root@server.site.prg:~#
root@server.site.prg:~#
root@server.site.prg:~#
root@server.site.prg:~# ping 10.254.0.6
PING 10.254.0.6 (10.254.0.6): 56 data bytes
64 bytes from 10.254.0.6: icmp_seq=0 ttl=64 time=45.296 ms
64 bytes from 10.254.0.6: icmp_seq=1 ttl=64 time=45.839 ms
64 bytes from 10.254.0.6: icmp_seq=2 ttl=64 time=43.581 ms
^C
--- 10.254.0.6 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 43.581/44.905/45.839/0.962 ms
root@shewolf.wibsd.cz:~# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.254.0.6 --> 10.254.0.5 netmask 0xffffffff
Opened by PID 1311
root@shewolf.wibsd.cz:~#
root@shewolf.wibsd.cz:~#
root@shewolf.wibsd.cz:~# ping 10.254.0.1
PING 10.254.0.1 (10.254.0.1): 56 data bytes
64 bytes from 10.254.0.1: icmp_seq=0 ttl=64 time=74.562 ms
64 bytes from 10.254.0.1: icmp_seq=1 ttl=64 time=38.733 ms
64 bytes from 10.254.0.1: icmp_seq=2 ttl=64 time=45.143 ms
64 bytes from 10.254.0.1: icmp_seq=3 ttl=64 time=42.012 ms
^C
--- 10.254.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 38.733/50.112/74.562/14.297 ms
HOWTO Create point-to-multipoint OpenVPN server using users and passwords instead of certificates
openvpn_enable="YES"
openvpn_config_delimiter="_NEXT_"
openvpn_tls_server="YES"
openvpn_mode="server"
openvpn_dev="tap"
openvpn_proto="tcp-server"
openvpn_port="5001"
openvpn_ifconfig="10.150.0.1 255.255.255.0"
openvpn_ifconfig_pool="10.150.0.65 10.150.0.126 255.255.255.0"
openvpn_duplicate_cn="YES"
openvpn_push="\"route-gateway 10.150.0.1\"_NEXT_\"redirect-gateway\"_NEXT_\"dhcp-option DOMAIN out.idc.cz\"_NEXT_\"dhcp-option DNS 1.2.3.4\"_NEXT_\"dhcp-option DNS 4.5.6.7\""
openvpn_ca="/usr/local/etc/openvpn/ca.crt"
openvpn_cert="/usr/local/etc/openvpn/server.crt"
openvpn_key="/usr/local/etc/openvpn/server.key"
openvpn_dh="/usr/local/etc/openvpn/dh1024.pem"
openvpn_comp_lzo="YES"
openvpn_verb="3"
openvpn_keepalive="10 60"
openvpn_log_append="/var/log/openvpn"
openvpn_daemon="openvpn"
openvpn_auth_user_pass_verify="/usr/local/etc/openvpn/auth.sh via-env"
openvpn_client_cert_not_required="YES"
openvpn_username_as_common_name="YES"
openvpn_secret_file="/usr/local/etc/openvpn/users"
openvpn_secret_file_generate="YES"
openvpn_secret_users="USERNAME"
openvpn_secret_user_USERNAME_password="userpassword"
Client side
FreeBSD
remote IP_OF_REMOTE_VPN_SERVER
tls-client
dev tap
proto tcp-client
port 5001
pull
ca /usr/local/etc/openvpn/holecek_certs_idc/ca.crt
auth-user-pass /usr/local/etc/openvpn/holecek_certs_idc/userpass
up /usr/local/etc/openvpn/up.sh
down /usr/local/etc/openvpn/down.sh
comp-lzo
verb 3
#ping-restart 10
log-append /var/log/openvpn
status /var/run/openvpn/vpn.status 10
daemon openvpn
Mac OS X
auth-user-pass /usr/local/etc/openvpn/holecek_certs_idc/userpass
auth-user-pass
Windows
DNS setup
#!/bin/sh
resolv_conf_file="/etc/resolv.conf"
# backup old resolv conf
mkdir -p /var/run/openvpn 2>/dev/null
cp $resolv_conf_file /var/run/openvpn/original_resolv_conf
>$resolv_conf_file
options=`set | grep ^foreign_option_ | cut -f1 -d=`
for option in $options
do
value="echo \$$option"
value=`eval $value`
is_dhcp=`echo $value | grep '^dhcp-option ' | wc -l`
[ "$is_dhcp" -eq 0 ] && continue
type=`echo $value | awk -F ' ' '{print $2}'`
parm=`echo $value | awk -F ' ' '{print $3}'`
[ "$type" = "DOMAIN" ] && echo "search $parm" >>$resolv_conf_file
[ "$type" = "DNS" ] && echo "nameserver $parm" >>$resolv_conf_file
done
#!/bin/sh
resolv_conf_file="/etc/resolv.conf"
[ -r /var/run/openvpn/original_resolv_conf ] && cp /var/run/openvpn/original_resolv_conf $resolv_conf_file
HOWTO Setting up a PPTP VPN server
ppp_conf_enable="YES"
#
# convention is to use x.x.x.64/26 for clients, x.x.x.32/27 for
# static IP's
ppp_conf_section_pptp_set_ifaddr="10.44.44.1 10.44.44.65-10.44.44.126 255.255.255.255"
#
#
pptpd_enable="YES"
#
# generating /etc/ppp/ppp.secret file
ppp_secret_enable="YES"
ppp_secret_users="jp"
ppp_secret_user_jp_password="SECRET_KEY"
# convention is to use x.x.x.32/27 for static IP's
ppp_secret_user_jp_ip="10.44.44.44"
#
# generate pptpd.conf when booting (or not)
pptpd_conf_enable="YES"
# option 'noipparam' is very important in FreeBSD 5.x/6.x - it's not working without this option
pptpd_conf_commands="option localip remoteip pidfile noipparam"
pptpd_conf_command_localip="10.44.44.1"
# convention is to use x.x.x.64/26 for dynamic IP's
pptpd_conf_command_remoteip="10.44.44.65-126"
# Optionaly
# you can use another DNS servers
ppp_conf_section_pptp_sets="${ppp_conf_section_pptp_sets} dns"
ppp_conf_section_pptp_set_dns="YOUR_DNS_SERVER"
# Don't forget to allow pptp and gre in firewall
fw_allowed_access="... pptp gre"
fw_allowed_pptp_access="any:tcp:1723:setup:x:"
fw_allowed_access_gre="any:gre:::x:"
ppp.conf section like that:
server:
set authname "jp"
set authkey "SECRET_KEY"
disable dns
/usr/ports/net/pptpclient
if using FreeBSD):
pptp server.xxx.cz server
HOWTO Setting up local watchdog of services (daemons)
srmgmtd_watchdog_enable="YES"
crontab_lines="$crontab_lines wdog_srmgmtd"
crontab_line_wdog_srmgmtd_comment="(wibsd.conf) watch the srmgmtd daemon"
# check it every 2 minutes
crontab_line_wdog_srmgmtd="*/2 * * * * root /usr/local/bin/wdog_srmgmtd.sh"
#=====================================================================
# enable emergency pipe system if login portal is not accessible. If
# enabled, every user that tries to login will get a pipe no matter
# whether he is a valid user or not. No login/password check is
# performed. We then periodically from crontab check the login portal
# and when it begins accessible again, all these temporary pipes are
# deleted which effectively force all users to login via portal as
# usual.
sr_ap_temporary_pipes_enable="NO"
# if login portal is not accessible, use this bandwidth for temporary
# pipse; bw is in kilobytes
sr_ap_temporary_pipes_bw="64"
# you can change this if you run into name collision problem
sr_ap_temporary_pipes_user_prefix="emerg_user-"
# probably you will never need change this; if you do, remember that
# CGI scripts are run under user 'nobody'
sr_ap_temporary_pipes_db="/tmp/.temp_pipes.db"
#
# we need /etc/crontab for this
crontab_lines="${crontab_lines} temp_pipes"
crontab_line_temp_pipes_comment="(wibsd.conf) check temporary pipes in srmgmtd"
crontab_line_temp_pipes="*/2 * * * * root /usr/local/bin/wdog_temp_pipes_system.sh"
HOWTO Setting up bind9 as caching only or primary nameserver
bind9_enable="YES"
# Leave bind9_listen_on variable empty to listen on all interfaces,
# or insert ip address of interface where to listen.
# REMEMBER: More addresses MUST be divided by semicolon
bind9_listen_on=""
bind9_forward_only="YES"
# REMEMBER: More addresses MUST be divided by semicolon
bind9_forwarders="1.2.3.4; 3.4.5.6"
bind9_forward_only="NO"
bind9_zones="wibsd"
bind9_zone_wibsd_domain="wibsd.cz"
bind9_zone_wibsd_serial="2006012001" # necessary
bind9_zone_wibsd_refresh="3600" # default: 3600
bind9_zone_wibsd_retry="900" # default: 900
bind9_zone_wibsd_expire="3600000" # default: 3600000
bind9_zone_wibsd_minimum="3600" # default: 3600
bind9_zone_wibsd_nameserver="server.wibsd.cz" # default: ns.{domain}
bind9_zone_wibsd_email="root@wibsd.cz" # default: root@{domain}
bind9_zone_wibsd_records="nameserver server mail"
bind9_zone_wibsd_record_nameserver_name=""
bind9_zone_wibsd_record_nameserver_type="NS"
bind9_zone_wibsd_record_nameserver_address="server.wibsd.cz."
bind9_zone_wibsd_record_server_name="server"
bind9_zone_wibsd_record_server_type="A"
bind9_zone_wibsd_record_server_address="192.168.1.1"
bind9_zone_wibsd_record_mail_name="@"
bind9_zone_wibsd_record_mail_type="MX 10"
bind9_zone_wibsd_record_mail_address="server"
HOWTO Automatically backup configuration files
backup_tftp_server_ip="192.168.1.1"
backup_tftp_server_directory="wibsd"
backup_tftp_files="/etc/rc.conf /etc/rc.firewall"
crontab_lines="$crontab_lines saveconfig"
crontab_line_saveconfig_comment="save our config files every day"
crontab_line_saveconfig="0 0 * * * root /usr/sbin/save_config"
HOWTO Simple user accounting for internet access
#
# srmgmt specific configuration
srmgmt_enable="YES"
srmgmt_lan_interfaces="wi0"
# turn NAT translation on/off (yes/no)
srmgmt_ap_fw_client_interfaces="wi0"
srmgmt_ap_fw_allowed_nameservers="$ns1 $ns2"
srmgmt_ap_accounting_interval="1"
#
# SmartRouter simple UserManagement
sr_ap_usermgmt_enable="YES"
sr_ap_usermgmt_multilogin="NO"
sr_ap_usermgmt_page_ext_url="http://www.example.com"
# a.b.c.d is IP address of www.example.com
# e.f.g.h is IP address of local thttpd (for ex. 10.0.99.1)
# srmgmt allows http and https ports for IP addreses on the firewall
srmgmt_ap_fw_authentication_servers="a.b.c.d e.f.g.h"
Only if you have dynamic IP address of WAN interface (for example CDMA) then
you have to setup static rule to firewall. If you have static IP address of WAN srmgmt will add firewall
rule automaticaly.
fw_allowed_access="http"
fw_allowed_access_http="any:tcp:80:setup keep-state::y"
#
# login page
www_config_inc_redirect="e.f.g.h/dashboard.cgi"
sr_ap_usermgmt_users="john tom ian"
sr_ap_usermgmt_user_john_password="hjohnh"
sr_ap_usermgmt_user_john_bw="512/128"
sr_ap_usermgmt_user_john_max_idle="100"
sr_ap_usermgmt_user_tom_password="htomh"
sr_ap_usermgmt_user_tom_bw="212/12"
sr_ap_usermgmt_user_tom_max_idle="200"
sr_ap_usermgmt_user_ian_password="hianh"
sr_ap_usermgmt_user_ian_bw="112/28"
sr_ap_usermgmt_user_ian_max_idle="1800"
crontab_lines="$crontab_lines dashboard"
crontab_line_dashboard_comment="delete idle users from srmgmt"
crontab_line_dashboard="*/5 * * * * root /usr/local/bin/dashboard_idle.sh"
sr_ap_usermgmt_page_title=".: Login portal :."
sr_ap_usermgmt_page_bgcolor="red"
sr_ap_usermgmt_page_username="Username: "
sr_ap_usermgmt_page_password="Password: "
sr_ap_usermgmt_page_login="Login"
sr_ap_usermgmt_page_noframes="Frames must be enabled to access this site"
sr_ap_usermgmt_page_badpassword="Bad username or password"
sr_ap_usermgmt_page_goodpassword="Okay, you are logged in"
sr_ap_usermgmt_page_error="Internal error"
home | contact | legal | ©
2003-2005 The WiBSD Project. All rights reserved.