Managing a growing fleet of WiFi routers combining OpenWRT, … · 2019-07-04 · 03/07/19...

Post on 19-Apr-2020

10 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

transcript

03/07/19 Presentation 1

Managing a growing fleet of WiFi routers combining

OpenWRT, WireGuard, Salt and Zabbix

Kenan Ibrović

Presentation 203/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Problems● Requirements● Toolset● Issues and difficulties (+solutions)● Future plans

Presentation 303/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

What do you do when you have 20 routers in a different country with no techie there and

ISP you don’t trust?

Presentation 403/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Requirements:● Secure communication● Easy deployment● Easy management● Robustness

Presentation 503/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

TOOLS

Presentation 603/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● OpenWRT● 3000+ packages available● Regular updates● Open Source

Presentation 703/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● WireGuard

● Remote access● Encrypted connection● Easy to use

Presentation 803/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● SaltStack● Execute commands across all managed

systems● Scalable● Secure● Standardize

Presentation 903/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● States● Design system configurations● One state for all devices● wifi.sls

salt-ssh ‘*’ state.apply wifi

Presentation 1003/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

nodegroup:

pass-the-salt:

- router-1

- router-2

- router-n

salt-ssh -N pass-the-salt state.apply wifi

Presentation 1103/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Pillars● Makes states reusable● Store credentials, variables...

non-filtered.slswifi_ssid: Pass The Saltwifi_pass: newsecretpass

filtered.slswifi_ssid: Pass The Salt Filteredwifi_pass: secretpass

Presentation 1203/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Zabbix

Presentation 1303/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● OpenVPN● All connected devices on VPN● One account

Presentation 1403/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

Issues and difficulties

(+solutions)

Presentation 1503/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Salt client (minion) on OpenWRT?● None● Salt-ssh

Presentation 1603/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Limited space on the flash memory?● USB flash drive● Exroot configuration● Automated (install_requirements.sh)

Presentation 1703/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● OSError: Cannot locate OpenSSL libcrypto● Python can’t find it● fix_oserror.sh

Presentation 1803/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Firmware upgrade● Removes ALL user installed packages (no

WireGuard)● Keeps configuration (there is hope)● upgrade.sls

Presentation 1903/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Configuration messed up!!!● Remove USB flash drive● Reboot● Plug it back in● Run install_requirements.sh

Presentation 2003/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● setup.sh● wireguard-config.conf● router_config.sh

– Change password– Install and configure WireGuard

● install_requirements.sh– Exroot configuration– fix_oserror.sh– salt-ssh $SALT_NAME state.apply

Presentation 2103/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● Future plans:● QoS● Outline VPN

Presentation 2203/07/19

Managing a growing fleet of WiFi routers combining OpenWRT, WireGuard, Salt and Zabbix

● kenan@occrp.org● tech@occrp.org● https://tech.occrp.org● Git: https://git.occrp.org/libre/salt-routers

img sources:● Router icons: https://findicons.com/files/icons/2652/gentleface/48/wifi_router_icon.png

● Server icon: https://findicons.com/files/icons/2652/gentleface/48/wifi_router_icon.png

● Salt master-minion icon: https://docs.saltstack.com/en/getstarted/images/basic-comm.png

mailto:kenan@occrp.org
mailto:tech@occrp.org
https://tech.occrp.org/
https://git.occrp.org/libre/salt-routers
https://findicons.com/files/icons/2652/gentleface/48/wifi_router_icon.png
https://findicons.com/files/icons/2652/gentleface/48/wifi_router_icon.png
https://docs.saltstack.com/en/getstarted/images/basic-comm.png

03/07/19 Presentation 23

Thank You!

Top related

Inferring Person-to-person Proximity Using WiFi Signals · WiFi. We found that in our dataset there are multi-ple WiFi routers that share the same MAC address, a phe-nomenon which
Documents
NetGlide Product Family Overview. 2 nd Generation3 rd Generation4 th Generation 1 st Generation Consumer WiFi Consumer-Grade WiFi Routers Minimal Security.
Documents
Broadband Hamnet - Monroe County ARES/RACESBroadband Hamnet Repurposed home wifi routers Amateur 2.4GHz band overlaps lower half of wifi band Modified wifi routers form a mesh network
Documents
MetaROUTER and OpenWrt - MikroTik
Documents
Throughput test of 7 WiFi routers - Telenor
Documents
Unitronics 4G Routers BRO · 2020-07-02 · Unitronics 4G Routers LTE & WiFi Industrial Cellular Routers New 4G/LTE & WiFi cellular Routers support embedded SMS functionality, RS232,
Documents
Range test of 7 WiFi routers - Telenor
Documents
Table of Hardware Compatibility - OpenWrt
Documents
NETSHe for OpenWRT
Documents
OpenWRT guide and memo
Engineering
Incentivize decentralized WiFi roaming through VPN on home …delaat/rp/2019-2020/p25/... · 2019. 12. 6. · Incentivize decentralized WiFi roaming through VPN on home routers Master
Documents
An introduction to - RIPE 70 · RIPE meeting 70 How they do it: hardware and software • Open and closed hardware – OpenWRT Linux routers – Mikrotik + Ubiquiti, … • Wireless
Documents
Flashing & Attacking WiFi Routers - Hack Miamihackmiami.org/wp-content/uploads/2013/07/Flash-hacking-wifi... · Bypassing WiFi MAC Filtering Tools needed: airmong-ng/airodump-ng/macchanger
Documents
MetaROUTER and OpenWrt - MUM - MikroTik User … · MetaROUTER and OpenWrt Jesse Liu Convergingstream . AboutMe&
Documents
WiFi Booster for Mobile · open source routers, or other WiFi routers or gateways with non-standard or outdated firmware. 1Works with devices supporting Wi-Fi Protected Setup®(WPS).
Documents
OpenWrt From Top to Bottom
Software
Intelligent IoT Gateway on OpenWrt
Technology
OpenWRT and Perl
Technology
Fixing Wifi Latency… Finally! THIS!...3 3.5 4 4.5 5 MOS 0 5 10 15 20 25 30 35 40 45 50 Throughput Linux 4.4 Today OpenWrt CC LEDE Today LEDE Pending Linux 4.4 Today OpenWrt CC LEDE
Documents
Routers, switches, Modems, WiFi, FMS, Radio Link, Internet Lease Line.
Documents

Copyright © 2018 DOCUMENTS