A LEAP-VPN client for embedded devices. Works with RiseupVPN and CalyxVPN for the time being.
The project is still not mature, so expect things to break. The following OpenWRT routers are supported :
- GL-iNet MT-300M-V2
- GL-iNet AR-750
See here for more info and config files that you can use as a basis to build your own images.
If you want to help testing, please follow these steps from your router:
For ar-750
:
src leap https://sindominio.net/kali/openwrt/packages/mips_24kc/leap
src leap-openwrt https://sindominio.net/kali/openwrt/packages/mips_24kc/packages/
For mt-300m-v2
:
src leap https://sindominio.net/kali/openwrt/packages/mipsel_24kc/leap
src leap-openwrt https://sindominio.net/kali/openwrt/packages/mipsel_24kc/packages/
wget https://sindominio.net/kali/openwrt/key-build.pub
If you feel like using gpg to verify that signature, you can use:
wget https://sindominio.net/kali/openwrt/key-build.pub.asc
gpg --verify key-build.pub.asc
Now add the key to opkg's store:
opkg-key add key-build.pub
(Note: you need TLS support enabled in wget at the moment, I have to move the feed somewhere that doesn't redirect to https).
opkg update
opkg install bitmask-vpn
If you had a previous version of openvpn-mbedtls you might want to uninstall it and get the one in kali's feed instead, since this one is compiled with management support.
- Get a recent ๐ nim version (use
choosenim
). - From the top of your OpenWRT SDK, do:
git clone https://0xacab.org/kali/bitmask-openwrt ../bitmask-openwrt
ln -s ../bitmask-openwrt package/bitmask-vpn
make package/bitmask-vpn/{clean,compile}
- Package will be ready under
bin/packages
:
bin/packages/mipsel_24kc/base/bitmask-vpn_0.0.1-1_mipsel_24kc.ipk
Here is the whole story.
Until the package is a bit more polished (daemon, logs etc), you can run things manually from a tmux screen or similar:
DEBUG=2 /usr/bin/bitmaskd
The supported models can be controlled with the toggle button (A symlink should
be created in /etc/rc.button/BTN_0
on the first run). One of the leds will be
toggled on/off to indicate the status of the tunnel.
Alternatively, for the time being you can control the connection via the REST API:
# with curl, locally from the router
curl localhost:8080/start
curl localhost:8080/status
curl localhost:8080/stop
You will see logs in the standard output.
Work in progress. Please do read this for pointers. Contributions welcome!
You can configure the server adding options to bitmask.cfg
, either on the
same folder as the binary, or in a system-wide folder in
/etc/bitmask/bitmask.cfg
.
You can select auto
algorithm to select gateway, or pick your preferred exit
location.
[Locations]
auto=false
preferred=paris
You can get a list of valid locations with:
curl localhost:8080/locations
If you have tor
and torsocks
installed in the router, you can use the Tor network to fetch configuration and certificates.
useTor=true
Would you like support for a particular device? Got a feature request? Please open an issue; merge requests and suggestions are welcome.
This project is maintained by Kali Kaneko. I hang out in IRC (#leap and #bitmask-dev at libera.chat).