# Router PiCore 9.0.3 on Raspberry PI 3B - Configuration Guide
# v0.1

# Needed by FRrouting we need to install them locally as they aren't in repo
tce-load -i c-ares.tcz
tce-load -i c-ares-dev.tcz

# Needed by FRrouting
tce-load -wi json-c.tcz
tce-load -wi readline.tcz

# IPv6 support
tce-load -wi ipv6-KERNEL.tcz
sudo modprobe ipv6

# Firewall
tce-load -wi iptables

# IP command
tce-load -wi iproute2.tcz

# Kernel modules for PPP
tce-load -i ppp-modules-4.9.22-piCore-v7.tcz

# PPP client for pppoe
tce-load -i ppp.tcz ppp-dev.tcz


# Bash
tce-load -wi bash.tcz
tce-load -wi bash-locale.tcz 
tce-load -wi bash-doc.tcz 
tce-load -wi bash-dev.tcz

# Debugging
tce-load -wi strace

# FRrouting
tce-load -i frr.tcz
tce-load -i frr-dev.tcz
tce-load -i frr-doc.tcz

# Locally installed extensions so we need to make them persistent
echo "c-ares.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "c-ares-dev.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "frr.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "frr-dev.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "frr-doc.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "ppp-modules-4.9.22-piCore-v7.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "ppp.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst
echo "ppp-dev.tcz" >> /mnt/mmcblk0p2/tce/onboot.lst

# Copy locally compiled extensions from /home/tc/ to /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares-dev.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares-dev.tcz.dep /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares-dev.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares.tcz-dev.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/c-ares.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-dev.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-dev.tcz.dep /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-dev.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-dev.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-doc.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-doc.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr-doc.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr.tcz.dep /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/frr.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-modules-4.9.22-piCore-v7.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-modules-4.9.22-piCore-v7.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-modules-4.9.22-piCore-v7.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp.tcz.dep /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-dev.tcz /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-dev.tcz.dep /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-dev.tcz.list /mnt/mmcblk0p2/tce/optional/
mv /home/tc/ppp-dev.tcz.md5.txt /mnt/mmcblk0p2/tce/optional/


# Delete garbage from /home/tc
rm -rf /home/tc

# Startup IPV6, Iptables, Forwarding betwwen interfaces and FRRouting daemons after boot
echo "modprobe ipv6" >> /opt/bootlocal.sh
echo "modprobe iptable_nat" >> /opt/bootlocal.sh
echo "modprobe iptable_mangle" >> /opt/bootlocal.sh
echo "modprobe ip6table_filter" >> /opt/bootlocal.sh
echo "modprobe ip6_tables" >> /opt/bootlocal.sh
echo "sysctl -w net.ipv4.ip_forward=1" >> /opt/bootlocal.sh
echo "sysctl -w net.ipv6.conf.all.forwarding=1" >> /opt/bootlocal.sh
echo "/usr/local/sbin/zebra -u root -d -f /usr/local/etc/frr/zebra.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/ripd -u root -d -f /usr/local/etc/frr/ripd.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/ripngd -u root -d -f /usr/local/etc/frr/ripngd.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/ospfd -u root -d -f /usr/local/etc/frr/ospfd.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/ospf6d -u root -d -f /usr/local/etc/frr/ospf6d.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/bgpd -u root -d -f /usr/local/etc/frr/bgpd.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/isisd -u root -d -f /usr/local/etc/frr/isisd.conf" >> /opt/bootlocal.sh
echo "/usr/local/sbin/pimd -u root -d -f /usr/local/etc/frr/pimd.conf" >> /opt/bootlocal.sh

# These dirs are saved - they contain config
echo "/usr/local/var/frr" >> /opt/.filetool.lst
echo "/usr/local/etc/frr" >> /opt/.filetool.lst

# Create empty config files for frr daemons
sudo touch /usr/local/etc/frr/bgpd.conf
sudo touch /usr/local/etc/frr/isisd.conf 
sudo touch /usr/local/etc/frr/ospf6d.conf 
sudo touch /usr/local/etc/frr/ospfd.conf 
sudo touch /usr/local/etc/frr/pimd.conf
sudo touch /usr/local/etc/frr/ripd.conf
sudo touch /usr/local/etc/frr/ripngd.conf
sudo touch /usr/local/etc/frr/vtysh.conf 
sudo touch /usr/local/etc/frr/zebra.conf

# For FRR pids
sudo mkdir -p /usr/local/var/frr

# Set Bash
sudo sed -i 's/sh/bash/g' /etc/passwd

# Delete history
echo > .ash_history
sudo echo


$ /usr/bin/filetool.sh -b

# Wireless AP
# Broadcom BCM43438 chip provides 2.4GHz 802.11n 

# Kernel modules and drivers for wireless
tce-load -wi wireless-4.9.22-piCore.tcz

# Firmware files for the wireless chip BCM43430
tce-load -wi firmware-rpi3-wireless.tcz

# Wireless tools - iwconfig, iwlist etc.
tce-load -wi wireless_tools

# IEEE 802.11 AP and Authenticator
tce-load -wi hostapd

# Create configuration file for hostapd

sudo su
echo "interface=wlan0" >> /usr/local/etc/hostapd.conf
echo "driver=nl80211" >> /usr/local/etc/hostapd.conf
echo "ssid=piCore" >> /usr/local/etc/hostapd.conf
echo "hw_mode=g" >> /usr/local/etc/hostapd.conf
echo "ieee80211n=1" >> /usr/local/etc/hostapd.conf
echo "channel=6" >> /usr/local/etc/hostapd.conf
echo "macaddr_acl=0" >> /usr/local/etc/hostapd.conf
echo "auth_algs=1" >> /usr/local/etc/hostapd.conf
echo "ignore_broadcast_ssid=0" >> /usr/local/etc/hostapd.conf
echo "wpa=2" >> /usr/local/etc/hostapd.conf
echo "wpa_passphrase=raspberry" >> /usr/local/etc/hostapd.conf
echo "wpa_key_mgmt=WPA-PSK" >> /usr/local/etc/hostapd.conf
echo "rsn_pairwise=CCMP" >> /usr/local/etc/hostapd.conf
exit

# Make /usr/local/etc/hostapd.conf persistent
echo "/usr/local/etc/hostapd.conf" >> /opt/.filetool.lst

# Start hostapd after boot
echo "hostapd /usr/local/etc/hostapd.conf" >> /opt/bootlocal.sh

# Configure IP address for wireless interface
sudo ifconfig wlan0 192.168.230.1 netmask 255.255.255.0
 

# DNS and DHCP
tce-load -wi dnsmasq.tcz

sudo su
echo "interface=wlan0" >> /usr/local/etc/dnsmasq.conf       
echo "listen-address=0.0.0.0" >> /usr/local/etc/dnsmasq.conf 
echo "bind-interfaces" >> /usr/local/etc/dnsmasq.conf     
echo "server=8.8.8.8" >> /usr/local/etc/dnsmasq.conf       
echo "domain-needed" >> /usr/local/etc/dnsmasq.conf          
echo "bogus-priv" >> /usr/local/etc/dnsmasq.conf 
echo "dhcp-option=option:router,192.168.230.1" >> /usr/local/etc/dnsmasq.conf
echo "dhcp-range=192.168.230.2,192.168.230.245,24h" >> /usr/local/etc/dnsmasq.conf

# Create dir for leases and make it persistent
mkdir -p /usr/local/var/lib/misc/
exit
echo "/usr/local/var/lib/misc/" >> /opt/.filetool.lst

# Make config file /etc/dnsmasq.conf persistent
echo "/usr/local/etc/dnsmasq.conf" >> /opt/.filetool.lst


# Delete content of /opt/bootsync.sh and make sure that wlan0 has assigned IP during boot
# then start dnsmasq
# Note: First /opt/bootsync.sh is started during boot and then /opt/bootlocal.sh 
sudo su 
echo "/usr/bin/sethostname box" > /opt/bootsync.sh
echo "ifconfig wlan0 192.168.230.1 netmask 255.255.255.0" >> /opt/bootsync.sh
echo "dnsmasq -C /usr/local/etc/dnsmasq.conf -l /usr/local/var/lib/misc/dnsmasq.leases" >> /opt/bootsync.sh
echo "/sbin/modprobe ipv6" >> /opt/bootsync.sh
echo "/sbin/modprobe iptable_nat" >> /opt/bootsync.sh
echo "/sbin/modprobe iptable_mangle" >> /opt/bootsync.sh
echo "/sbin/modprobe ip6table_filter" >> /opt/bootsync.sh
echo "/sbin/modprobe ip6_tables" >> /opt/bootsync.sh
echo "iptables-restore < /usr/local/etc/iptables/iptables.rules" >> /opt/bootsync.sh
echo "/opt/bootlocal.sh &" >> /opt/bootsync.sh
exit


# NAT Configuration
sudo su
mkdir /usr/local/etc/iptables
iptables --table nat -A POSTROUTING -o eth0 --jump MASQUERADE
iptables-save > /usr/local/etc/iptables/iptables.rules
exit
echo "/usr/local/etc/iptables" >> /opt/.filetool.lst

# Kernel modules for PPP 
sudo depmod -a

# First we need to delete line /opt/bootlocal.sh &, we will add it as last 
sed -i '/\/opt\/bootlocal.sh &/d' /opt/bootsync.sh 
echo "/sbin/modprobe pppox" >> /opt/bootsync.sh
echo "/sbin/modprobe slhc" >> /opt/bootsync.sh
echo "/sbin/modprobe ppp_generic" >> /opt/bootsync.sh
echo "/sbin/modprobe pppoe" >> /opt/bootsync.sh
echo "/opt/bootlocal.sh &" >> /opt/bootsync.sh

sudo /sbin/modprobe pppox
sudo /sbin/modprobe slhc
sudo /sbin/modprobe ppp_generic
sudo /sbin/modprobe pppoe


# PPPOE configuration 
sudo mkdir -p /etc/ppp/peers
sudo su

echo -e "plugin rp-pppoe.so\n" > /etc/ppp/peers/my_ISP
echo -e "eth0\n" >> /etc/ppp/peers/my_ISP
echo "# Username - same as in /etc/ppp/chap-secret" >> /etc/ppp/peers/my_ISP
echo "user \"user123@comfortpro\"" >> /etc/ppp/peers/my_ISP
echo -e "noauth\n" >> /etc/ppp/peers/my_ISP
echo "# Use IP address from ISP provider" >> /etc/ppp/peers/my_ISP
echo -e "noipdefault\n" >> /etc/ppp/peers/my_ISP
echo "# Use provider's DNS server" >> /etc/ppp/peers/my_ISP
echo -e "usepeerdns\n" >> /etc/ppp/peers/my_ISP
echo "# Fixed connection" >> /etc/ppp/peers/my_ISP
echo -e "persist\n" >> /etc/ppp/peers/my_ISP
echo "# Provide default route" >> /etc/ppp/peers/my_ISP
echo -e "defaultroute\n" >> /etc/ppp/peers/my_ISP
echo "remotename 1331" >> /etc/ppp/peers/my_ISP


echo "user123@comfortpro * Password123" > /etc/ppp/chap-secrets
exit
echo "/etc/ppp/" >> /opt/.filetool.lst

sed -i '/\/opt\/bootlocal.sh &/d' /opt/bootsync.sh 
echo "#/usr/local/sbin/pppd call my_ISP" >> /opt/bootsync.sh 
echo "/opt/bootlocal.sh &" >> /opt/bootsync.sh

# Delete , Bash history and ssh keys
sudo su
history -c && history -w
rm /root/.ssh/known_hosts
echo > /root/.bash_history
echo > /root/.ash_history
exit
history -c && history -w
rm /home/tc/.ssh/known_hosts
echo > /home/tc/.bash_history
echo > /home/tc/.ash_history

/usr/bin/filetool.sh -b




#Backup Image
#sudo dd bs=4M if=/dev/mmcblk0 of=piCore-9.0.3-router0.1.img status=progress conv=fsync

#Zip image
#zip -9 piCore-9.0.3-router0.1.zip piCore-9.0.3-router0.1.img

#Compute MD5 sum
#md5sum piCore-9.0.3-router0.1.img > piCore-9.0.3-router0.1.img.md5.txt