DiogoVieira14/lr-openwrt-tool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17364e23d34d3b7619bc26d55a3f3670638b42bf
lr-openwrt-tool/README.md
T
litoral05 8075104243 Initial project structure cleanup
2026-05-08 16:57:55 +01:00

118 lines
3.0 KiB
Markdown
Raw Blame History

# Litoral Regas VPN Orchestrator
A dark-themed Tauri desktop technician app for provisioning Litoral_Regas OpenWrt WireGuard production routers.
## Production baseline
The app is structured around the validated router baseline:
- OpenWrt 23.05 only
- ZBT-WE826 16M target firmware
- fw4/nftables only
- no `opkg upgrade`
- LAN subnet: `198.51.100.0/24`
- Router LAN IP: `198.51.100.1`
- Controller IP: `198.51.100.10`
- PLC IP: `198.51.100.50`
- Overlay route: `198.19.0.0/16`
- Router password: `litoralr`
- Hostname format: `Litoral_Regas_XXX`
- LuCI over WireGuard
- VPN firewall zone and DNAT rules:
- router WG IP `:5900` -> `198.51.100.10:5900`
- router WG IP `:20248` -> `198.51.100.10:20249`
- router WG IP `:8000` -> `198.51.100.10:8000`
- router WG IP `:81` -> `198.51.100.50:81`
## Install
```bash
npm install
npm install lucide-react recharts clsx tailwind-merge
npm install -D tailwindcss postcss autoprefixer
```
## Development
```bash
npm run tauri:dev
```
Equivalent bootstrap command sequence:
```bash
npm create tauri-app@latest lr-openwrt-tool
# choose React, TypeScript, npm
cd lr-openwrt-tool
npm install
npm run tauri:dev
```
## Build
```bash
npm run tauri:build
```
## Backend assumptions
Development defaults are stored in app settings, not hardcoded as production secrets:
- Base URL: `http://localhost:8080`
- Header: `X-API-Key: dev-api-key`
Implemented API client calls:
- `GET /api/vpn/available-ip`
- `GET /api/vpn/used-ips`
- `POST /api/vpn/peers`
- `GET /api/vps/health`
- `POST /api/vps/wireguard/rollback-last-backup`
## Provisioning flow
The provisioning wizard models the technician workflow as a state machine:
1. `IDLE`
2. `DETECT_ROUTER`
3. `UPLOAD_FIRMWARE`
4. `FLASHING`
5. `WAITING_FOR_REBOOT`
6. `WAITING_FOR_RECONNECT`
7. `UPLOAD_PROVISIONING_BUNDLE`
8. `RUN_PROVISIONING`
9. `CAPTURE_PUBLIC_KEY`
10. `REGISTER_PEER`
11. `VERIFY`
12. `COMPLETE`
13. `ERROR`
New router flow:
1. Detect router at `192.168.1.1`.
2. Request next available VPN IP from the backend.
3. Generate `router.env` using the production baseline.
4. Upload firmware, flash router, and wait for SSH at `198.51.100.1`.
5. Upload `router.env` and `provision.sh`.
6. Run provisioning.
7. Capture WireGuard public key.
8. Register peer with `POST /api/vpn/peers`.
9. Verify final router state.
Reprovision flow keeps the selected existing VPN IP and replaces the public key through the same `POST /api/vpn/peers` endpoint.
## Current Tauri command status
The following commands are implemented as mock placeholders with production-ready signatures:
- `detect_router(ip)`
- `upload_firmware(ip, firmwarePath)`
- `flash_router(ip, remoteFirmwarePath)`
- `wait_for_ssh(ip)`
- `upload_provisioning_bundle(ip, envContent, scriptContent)`
- `run_provisioning(ip)`
- `capture_wireguard_public_key(ip)`
- `verify_router(ip)`
Future work should replace the mock bodies with real SSH/SCP/sysupgrade logic and explicitly call `remove_known_host` before reconnect attempts for `192.168.1.1` and `198.51.100.1`.
Reference in New Issue View Git Blame Copy Permalink