Re: [FRnOG] [TECH] Teltonika RUTM08 / RUTX08 en tant que CPE Ethernet ?

[DUVERGIER Claude]

Top, ça me donne une bonne base pour convertir ma config via HTTP en 
config via SSH : merci

--
DUVERGIER Claude
Le 18/03/2025 à 16:44, Stéphane Rivière a écrit :

Tu aurais une documentation sur cette CLI ? La seule que je trouve [1] 
m'explique à quoi sert ls, mkdir, vi, grep, route, etc.

J'ai, en son temps, tout trouvé sur le net. Là, je suis en plein bilan. 
Je vais pas te rechercher les liens...

Pas te mettre du code source avec le contrôle fin de la bête mais ça 
c'est le fichier externe de config finale d'une de nos apps, après que 
le telto ait été brassé aux oignons.

# 
-----------------------------------------------------------------------------
#  hex01_cfg.par - Teltonika Rut2m parameter file
# 
-----------------------------------------------------------------------------
#
#  20240530 - sr - First release
#
# 
-----------------------------------------------------------------------------

# Rut2m uci configuration 
-----------------------------------------------------

# INVALIDATION WIFI

uci set wireless.default_radio0.disabled='1'

uci commit wireless

# INVALIDATION FOTA

# Cloud Teltonika

uci delete dfota.config.notify
uci set rut_fota.config.enabled='0'

uci commit dfota
uci commit rut_fota

# INVALIDATION COMMANDES SMS

# Ces commandes permettent de contrôle le RUT à partir de messages
# SMS qui lui sont envoyés, avec bien sûr le mot de passe en clair.

uci delete sms_utils.@rule[0].enabled='1'
uci set sms_utils.@rule[0].enabled='0'
uci set sms_utils.@rule[1].enabled='0'
uci set sms_utils.@rule[2].enabled='0'
uci set sms_utils.@rule[3].enabled='0'
uci set sms_utils.@rule[4].enabled='0'
uci set sms_utils.@rule[5].enabled='0'
uci set sms_utils.@rule[6].enabled='0'
uci set sms_utils.@rule[7].enabled='0'
uci set sms_utils.@rule[8].enabled='0'
uci set sms_utils.@rule[9].enabled='0'
uci set sms_utils.@rule[10].enabled='0'
uci set sms_utils.@rule[11].enabled='0'
uci set sms_utils.@rule[12].enabled='0'
uci set sms_utils.@rule[13].enabled='0'
uci set sms_utils.@rule[14].enabled='0'
uci set sms_utils.@rule[15].enabled='0'
uci set sms_utils.@rule[16].enabled='0'
uci set sms_utils.@rule[17].enabled='0'
uci set sms_utils.@rule[18].enabled='0'
uci set sms_utils.@rule[19].enabled='0'
uci set sms_utils.@rule[20].enabled='0'
uci set sms_utils.@rule[21].enabled='0'
uci set sms_utils.@rule[22].enabled='0'
uci set sms_utils.@rule[23].enabled='0'
uci set sms_utils.@rule[24].enabled='0'
uci set sms_utils.@rule[25].enabled='0'
uci set sms_utils.@rule[26].enabled='0'
uci set sms_utils.@rule[27].enabled='0'

uci commit sms_utils

#FAILOVER ON
#
#uci set mwan3.wan.enabled='1'
#uci set mwan3.mob1s1a1.enabled='1'
#uci commit mwan3

# NETWORK

# Réseau LAN : 172.20.0.0/24
# Rut2m : 172.20.0.1

uci set network.lan.netmask='255.255.255.0'
uci set network.lan.ipaddr='172.20.0.1'
uci set network.br_lan.stp='0'
uci set network.lan.metric='1'
uci set network.lan.delegate='1'
uci set network.lan.force_link='1'
uci set network.lan._area_type='lan'
uci set network.lan.igmp_snooping='0'
uci set network.wan._area_type='wan'
uci set network.wan6.disabled='1'

uci commit network

# DHCP

uci set dhcp.lan.start='75'
uci set dhcp.lan.limit='78'
uci set dhcp.lan.force='0'

uci commit dhcp

# OPENVPN

uci set openvpn.hex=openvpn
uci set openvpn.hex._name='hex'
uci set openvpn.hex.persist_key='1'
uci set openvpn.hex.persist_tun='1'
uci set openvpn.hex.nobind='1'
uci set openvpn.hex.verb='5'
uci set openvpn.hex.type='client'
uci set openvpn.hex.mode='p2p'
uci set openvpn.hex.tls_client='1'
uci set openvpn.hex.client='1'
uci set openvpn.hex.enable_external='0'
uci set openvpn.hex.upload_files='0'
uci set openvpn.hex.enable_custom='1'
uci set openvpn.hex.enable='1'
# Concatenation with rut2m MAC address 
cbid.openvpn.hex.config209727170262.ovpn'
uci set openvpn.hex.config='/etc/vuci-uploads/cbid.openvpn.hex.config
uci set openvpn.hex.proto='udp4'
uci set openvpn.hex.dev='tun_c_hex'
uci set openvpn.hex.port='1194'

uci commit openvpn

# FIREWALL

uci set firewall.20=zone
uci set firewall.20.name='openvpn'
uci set firewall.20.device='tun_+'
uci set firewall.20.input='ACCEPT'
uci set firewall.20.forward='REJECT'
uci set firewall.20.masq='1'
uci set firewall.20.output='ACCEPT'

uci set firewall.21=forwarding
uci set firewall.21.dest='lan'
uci set firewall.21.src='openvpn'
uci set firewall.22=forwarding
uci set firewall.22.dest='wan'
uci set firewall.22.src='openvpn'

uci set firewall.23=forwarding
uci set firewall.23.dest='openvpn'
uci set firewall.23.src='lan'

uci set firewall.24=rule
uci set firewall.24.priority='15'
uci set firewall.24.name='allow_openvpn_traffic'
uci set firewall.24.target='ACCEPT'
uci set firewall.24.src='wan'
uci set firewall.24.dest_port='1194'
uci set firewall.24.vpn_type='openvpn'
uci add_list firewall.24.proto='tcp'
uci add_list firewall.24.proto='udp'
uci add_list firewall.24.proto='tcp'
uci add_list firewall.24.proto='udp'
uci set firewall.24.family='any'

# Port 8082 sur cartes *********** : *************************

uci set firewall.25=redirect
uci set firewall.25.priority='16'
uci set firewall.25.name='hdn_1_web'
uci set firewall.25.target='DNAT'
uci set firewall.25.src='openvpn'
uci set firewall.25.src_dport='8082'
uci set firewall.25.dest='lan'
uci set firewall.25.dest_port='80'
uci set firewall.25.dest_ip='192.168.0.22'
uci add_list firewall.25.proto='tcp'
uci add_list firewall.25.proto='udp'
uci set firewall.25.enabled='1'
uci set firewall.25.reflection='1'

uci set firewall.26=redirect
uci set firewall.26.priority='17'
uci set firewall.26.name='hdn_2_web'
uci set firewall.26.target='DNAT'
uci set firewall.26.src='openvpn'
uci set firewall.26.src_dport='8082'
uci set firewall.26.dest='lan'
uci set firewall.26.dest_port='80'
uci set firewall.26.dest_ip='192.168.0.23'
uci add_list firewall.26.proto='tcp'
uci add_list firewall.26.proto='udp'
uci set firewall.26.enabled='1'
uci set firewall.26.reflection='1'

uci set firewall.27=redirect
uci set firewall.27.priority='18'
uci set firewall.27.name='hdn_3_web'
uci set firewall.27.target='DNAT'
uci set firewall.27.src='openvpn'
uci set firewall.27.src_dport='8082'
uci set firewall.27.dest='lan'
uci set firewall.27.dest_port='80'
uci set firewall.27.dest_ip='192.168.0.24'
uci add_list firewall.27.proto='tcp'
uci add_list firewall.27.proto='udp'
uci set firewall.27.enabled='1'
uci set firewall.27.reflection='1'

uci set firewall.28=redirect
uci set firewall.28.priority='19'
uci set firewall.28.name='hdn_4_web'
uci set firewall.28.target='DNAT'
uci set firewall.28.src='openvpn'
uci set firewall.28.src_dport='8082'
uci set firewall.28.dest='lan'
uci set firewall.28.dest_port='80'
uci set firewall.28.dest_ip='192.168.0.25'
uci add_list firewall.28.proto='tcp'
uci add_list firewall.28.proto='udp'
uci set firewall.28.enabled='1'
uci set firewall.28.reflection='1'

# VPN vers LAN

#uci set firewall.29=redirect
#uci set firewall.29.priority='20'
#uci set firewall.29.name='router_1'
#uci set firewall.29.target='SNAT'
#uci set firewall.29.src='openvpn'
#uci set firewall.29.src_dip='172.20.0.1'
#uci set firewall.29.dest='lan'
#uci set firewall.29.proto='all'
#uci set firewall.29.enabled='1'
#uci set firewall.29.utc_time='0'

# Port 5900 sur PC : 172.20.0.10, 172.20.0.11, 172.20.0.12, 172.20.0.13

uci set firewall.30=redirect
uci set firewall.30.priority='21'
uci set firewall.30.name='pc_1_vnc'
uci set firewall.30.target='DNAT'
uci set firewall.30.src='openvpn'
uci set firewall.30.src_dport='5900'
uci set firewall.30.dest='lan'
uci set firewall.30.dest_port='5900'
uci set firewall.30.dest_ip='172.20.0.10'
uci add_list firewall.30.proto='tcp'
uci add_list firewall.30.proto='udp'
uci set firewall.30.enabled='1'

uci set firewall.31=redirect
uci set firewall.31.priority='22'
uci set firewall.31.name='pc_2_vnc'
uci set firewall.31.target='DNAT'
uci set firewall.31.src='openvpn'
uci set firewall.31.src_dport='5900'
uci set firewall.31.dest='lan'
uci set firewall.31.dest_port='5900'
uci set firewall.31.dest_ip='172.20.0.11'
uci add_list firewall.31.proto='tcp'
uci add_list firewall.31.proto='udp'
uci set firewall.31.enabled='1'

uci set firewall.32=redirect
uci set firewall.32.priority='23'
uci set firewall.32.name='pc_3_vnc'
uci set firewall.32.target='DNAT'
uci set firewall.32.src='openvpn'
uci set firewall.32.src_dport='5900'
uci set firewall.32.dest='lan'
uci set firewall.32.dest_port='5900'
uci set firewall.32.dest_ip='172.20.0.12'
uci add_list firewall.32.proto='tcp'
uci add_list firewall.32.proto='udp'
uci set firewall.32.enabled='1'

uci set firewall.33=redirect
uci set firewall.33.priority='24'
uci set firewall.33.name='pc_4_vnc'
uci set firewall.33.target='DNAT'
uci set firewall.33.src='openvpn'
uci set firewall.33.src_dport='5900'
uci set firewall.33.dest='lan'
uci set firewall.33.dest_port='5900'
uci set firewall.33.dest_ip='172.20.0.13'
uci add_list firewall.33.proto='tcp'
uci add_list firewall.33.proto='udp'
uci set firewall.33.enabled='1'

# Interdiction Internet sur PC : 172.20.0.10, 172.20.0.11, 172.20.0.12, 
172.20.0.13

uci set firewall.34=rule
uci set firewall.34.priority='25'
uci set firewall.34.name='block_lan'
uci set firewall.34.target='DROP'
uci set firewall.34.src='lan'
uci add_list firewall.34.src_ip='172.20.0.10'
uci add_list firewall.34.src_ip='172.20.0.11'
uci add_list firewall.34.src_ip='172.20.0.12'
uci add_list firewall.34.src_ip='172.20.0.13'
uci set firewall.34.dest='wan'
uci set firewall.34.proto='all'
uci set firewall.34.enabled='1'

# Interdiction VPN sur PC : 172.20.0.10, 172.20.0.11, 172.20.0.12, 
172.20.0.13

uci set firewall.35=rule
uci set firewall.35.priority='26'
uci set firewall.35.name='block_vpn'
uci set firewall.35.target='DROP'
uci set firewall.35.src='lan'
uci add_list firewall.35.src_ip='172.20.0.10'
uci add_list firewall.35.src_ip='172.20.0.11'
uci add_list firewall.35.src_ip='172.20.0.12'
uci add_list firewall.35.src_ip='172.20.0.13'
uci set firewall.35.dest='openvpn'
uci set firewall.35.proto='all'
uci set firewall.35.enabled='1'

uci commit firewall

# NTP

uci set ntpclient.ntpclient.zoneName='Europe/Paris'
uci set ntpclient.ntpclient.force='0'
uci set ntpclient.ntpclient.sync_enabled='0'
uci set ntpclient.ntpclient.save='1'
uci set ntpclient.ntpclient.tmz_sync_enabled='0'

uci commit ntpclient

# PING_REBOOT

uci set ping_reboot.@ping_reboot[0].host='********************'
uci set ping_reboot.@ping_reboot[0].enable='1'
uci set ping_reboot.@ping_reboot[0].modem='1-1'
uci set ping_reboot.@ping_reboot[0].current_try='0'

uci commit ping_reboot

# RMS_MQTT

uci set rms_mqtt.rms_connect_mqtt.enable='0'
uci set rms_mqtt.rms_connect_timer.level='1'

uci commit rms_mqtt

# SYSTEM

uci set system.system.zoneName='Europe/Paris'
uci set system.system.timezone='CET-1CEST,M3.5.0,M10.5.0/3'

uci commit system

# VUCI WEB INTERFACE

uci set vuci.main.firstlogin='0'
uci set vuci.main.advanced='1'

uci commit vuci

# Rut2m external configuration 
------------------------------------------------

# Root d'abord, Admin ensuite
rut2m.ssh=*******************
rut2m.web=*******************

# 
-----------------------------------------------------------------------------
# EOF
# 
-----------------------------------------------------------------------------




---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/