Add all files

Oxygen Root · Oxygen Root · commit b85b0c63d8eb · 2019-02-08T00:12:13.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,24 @@
-*
-**/*
+/*
 
 !.gitignore
+!.gitmodule
+
+!/etc/pf.conf
+!/etc/rc.conf
+
+!/usr
+/usr/*
+
+!/usr/local
+/usr/local/*
+
+!/usr/local/etc/
+/usr/local/etc/*
+
+!/usr/local/etc/lpmng
+/usr/local/etc/lpmng/openvpn/key
+
+!/usr/local/etc/rc.d/
+/usr/local/etc/rc.d/*
+
+!/usr/local/etc/rc.d/lpmng-fw-agent
diff --git a/.gitmodule b/.gitmodule
@@ -0,0 +1,3 @@
+[submodule "lpmng-fw-agent"]
+	path = /opt/lpmng-fw-agent
+	url = https://github.com/lpmng/lpmng-fw-agent
diff --git a/etc/pf.conf b/etc/pf.conf
@@ -0,0 +1,58 @@
+unsafe_services = "{ ssh, telnet, http, https }"
+
+wan_if = "em0.666"
+nated_if = "tun0"
+lan_ifs = "{ em0.1337, em0.2048, em0.69 }"
+traffic_shapping_interco_if = "em0.38"
+
+localnet = "10.82.0.0/21"
+
+seitokai = "10.82.0.0/24"
+daigurren = "10.82.1.0/24"
+userkun = "10.82.2.0/23"
+
+vpn_server_public_ip = "62.210.83.83"
+vpn_server_local_ip = "10.10.10.1"
+vpn_client = "10.10.10.2"
+
+captive_portal = "10.82.0.66"
+http_services = "{10.82.0.65, 10.82.0.66}"
+
+
+dns_server="10.82.0.32"
+
+
+# nat traffic stopping at vpn serveur (which won't go through vpn)
+nat on $wan_if from $localnet to $vpn_server_public_ip -> ($wan_if)
+# nat traffic from localnet to vpn
+nat on $nated_if from $localnet to any -> ($nated_if)
+nat on em0.1337 from $localnet to $dns_server -> (em0.1337)
+
+# redirect non connected user using httP to captive portal
+rdr on $traffic_shapping_interco_if proto tcp from !<authorized_users> to !10.82.0.1/24 port http -> $captive_portal port http
+# redirect dns traffic to our server
+rdr proto udp from $userkun to any port 53 -> $dns_server
+
+
+block all
+# allow oxygen to do anything
+pass quick from { self,  $vpn_client } to any
+
+
+# routing rules
+
+pass from $localnet to any
+
+block from $userkun to any
+
+pass from <authorized_users> to any
+
+## deny ssh from userkun and http connection to local web services
+block return proto tcp from $userkun to $localnet port $unsafe_services
+## allow access to web services provided to authed users
+pass proto tcp from $userkun to $http_services port { http, https }
+pass proto udp from any to any port 53
+
+# allow external ssh connection to oxygen
+pass proto tcp from $vpn_server_local_ip to $vpn_client port 22
+
diff --git a/etc/rc.conf b/etc/rc.conf
@@ -0,0 +1,34 @@
+hostname="ox1.net.air-eisti.fr"
+keymap="fr.iso.acc.kbd"
+sshd_enable="YES"
+ntpd_enable="YES"
+powerd_enable="YES"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="AUTO"
+
+# most of PF configuration is already done in /etd/default/rc.conf
+pf_enable="YES"			# enable pf
+pflog_enable="YES"              # start pflogd(8)
+firewall_enable="NO"		# deactivate ipfw (we use pf not ipfw)
+
+gateway_enable="YES" # enable ip4 forwarding
+
+# VLANs
+ifconfig_em0="up"
+vlans_em0="666 1337 2048 38"
+
+#ifconfig_em0_666="DHCP"
+ifconfig_em0_666="inet 192.168.139.2/24"
+defaultrouter="192.168.139.1"
+
+ifconfig_em0_1337="inet 10.82.0.1/24"
+ifconfig_em0_2048="inet 10.82.1.1/24"
+ifconfig_em0_38="inet 10.82.4.1/30"
+static_routes="trafficshapping_interco"
+route_trafficshapping_interco="-net 10.82.2.0/23 10.82.4.2"
+
+openvpn_if="tun"
+openvpn_configfile="/usr/local/etc/lpmng/openvpn/oxygen2ozone.conf"
+openvpn_dir="/usr/local/etc/lpmng/openvpn"
+
+lpmng_fw_agent_enable="YES"
diff --git a/usr/local/etc/lpmng/openvpn/oxygen2ozone.conf b/usr/local/etc/lpmng/openvpn/oxygen2ozone.conf
@@ -0,0 +1,23 @@
+verb 3 
+mlock
+
+cipher none
+secret key
+
+remote 62.210.83.83
+proto udp
+dev tun0
+dev-type tun
+persist-key
+persist-tun
+
+user nobody
+group nobody
+nice -10
+
+ping 5
+ping-restart 20
+
+ifconfig 10.10.10.2 10.10.10.1
+redirect-gateway def1
+
diff --git a/usr/local/etc/rc.d/lpmng-fw-agent b/usr/local/etc/rc.d/lpmng-fw-agent
@@ -0,0 +1 @@
+/opt/lpmng-fw-agent/lpmng-fw-agent

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[submodule "lpmng-fw-agent"]`
	`2`	`+ path = /opt/lpmng-fw-agent`
	`3`	`+ url = https://github.com/lpmng/lpmng-fw-agent`