Prepare a Custom Fedora VM from Commandline (No Installation) (Boot Virtual Disk with Grub)

So, today I wanted to create a Fedora VM, prepared beforehand, without any ISO, redistributable.
So, here is how I was able to achieve this:
This method was tested on a host machine running CentOS 6.6 as well as a host machine running Fedora 21.
First, create the virtual disk.

/t/fedora21 ❯❯❯ truncate -s 10G fedora21.img

Yeah, I know, one can use "qemu-img create -f raw fedora21.img 10G" too.
Find a free loop device and map the image to it automatically:

/t/fedora21 ❯❯❯ kpartx -va fedora21.img

Find out which loopback interface was our image mapped to:

/t/fedora21 ❯❯❯ losetup -a
/dev/loop0: [0802]:393335 (fedora21.img)

Write a DOS partition table:

/t/fedora21 ❯❯❯ fdisk /dev/loop0 
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0xf6e951e8.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 22: Invalid argument.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Let us create a partition and mark it bootable:

/t/fedora21 ❯❯❯ fdisk /dev/loop0 

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1305, default 1): 
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305): 
Using default value 1305

Command (m for help): a
Partition number (1-4): 1

Command (m for help): p

Disk /dev/loop0: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xf6e951e8

      Device Boot      Start         End      Blocks   Id  System
/dev/loop0p1   *           1        1305    10482381   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 22: Invalid argument.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Run kpartx again, to map the newly created partition as another loop device

/t/fedora21 ❯❯❯ kpartx -va fedora21.img
add map loop0p1 (253:0): 0 20964762 linear /dev/loop0 63

Format the newly created partition to ext4 filesystem.

/t/fedora21 ❯❯❯ mkfs.ext4 /dev/mapper/loop0p1
mke2fs 1.41.12 (17-May-2010)
Discarding device blocks: done                            
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
655360 inodes, 2620595 blocks
131029 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2684354560
80 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 36 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Mount the new partition to /mnt/fedora21/

/t/fedora21 ❯❯❯ mkdir -p /mnt/fedora21/; mount /dev/mapper/loop0p1 /mnt/fedora21/

Install mock (a simple program that helps in building source RPMs inside a chroot)

/t/fedora21 ❯❯❯ yum install -y mock

Initialize a directory structure for mock fedora21

/t/fedora21 ❯❯❯ sudo mock --init -v -r fedora-21-x86_64 --install grubby kernel grub2 passwd
/t/fedora21 ❯❯❯ #For configuring stuff, edit the file /etc/mock/fedora-21-x86_64.cfg or create a copy of it and play with it.

Copy all mock files to your disk image:

/t/fedora21 ❯❯❯ cp -r /var/lib/mock/fedora-21-x86_64/root/* /mnt/fedora21/

Note the UUID of the new partition

/t/fedora21 ❯❯❯ blkid /dev/mapper/loop0p1
/dev/mapper/loop0p1: UUID="9d4d0fec-3cdc-4d72-9f46-3aca30d981c5" TYPE="ext4"

Setup /etc/fstab

/t/fedora21 ❯❯❯ tee /mnt/fedora21/etc/fstab <<EOF
UUID="9d4d0fec-3cdc-4d72-9f46-3aca30d981c5" TYPE="ext4" /                       ext4    defaults        1 1
EOF

Mount and bind some important directories

for i in /dev /dev/pts /proc /sys; do mount -B $i /mnt/fedora21/$i ; done

Create a configuration file for grub

/t/fedora21 ❯❯❯ chroot /mnt/fedora21 /bin/bash -c "grub2-mkconfig -o /boot/grub2/grub.cfg"
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.19.3-200.fc21.x86_64
Found initrd image: /boot/initramfs-3.19.3-200.fc21.x86_64.img
done

Install grub (assuming legacy system)

/t/fedora21 ❯❯❯ chroot /mnt/fedora21 /bin/bash -c "grub2-install /dev/loop0 --target=i386-pc"
Installing for i386-pc platform.
Installation finished. No error reported.

If you were running this on a system which was booted in UEFI mode, then replace efi stuff inside the grub configuration, since it is not relevant.

/t/fedora21 ❯❯❯ chroot /mnt/fedora21 /bin/bash -c "sed -i 's/initrdefi/initrd/g' /boot/grub2/grub.cfg"
/t/fedora21 ❯❯❯ chroot /mnt/fedora21 /bin/bash -c "sed -i 's/linuxefi/linux/g' /boot/grub2/grub.cfg"

Setup root password

/t/fedora21 ❯❯❯ chroot /mnt/fedora21 /bin/bash -c "passwd"
Changing password for user root.
New password: 
BAD PASSWORD: The password is a palindrome
Retype new password: 
passwd: all authentication tokens updated successfully.

Unmount the partition

/t/fedora21 ❯❯❯ for i in /dev/pts /dev /proc /sys; do umount /mnt/fedora21/$i ; done; umount /mnt/fedora21/

Delete device mapping

/t/fedora21 ❯❯❯ kpartx -vd fedora21.img
del devmap : loop0p1
loop deleted : /dev/loop0

Lets test this! Mr. Qemu, hit it!

/t/fedora21 ❯❯❯ /usr/libexec/qemu-kvm fedora216.img 
VNC server running on `::1:5900'

And... we have what we want:

/t/fedora21 ❯❯❯ vncviewer :5900

TigerVNC Viewer for X version 1.1.0 - built Oct 30 2014 12:44:50
Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.

Prepare a Custom CentOS VM from Commandline (Boot Virtual Disk with Extlinux)

So, today I wanted to create a CentOS VM, prepared beforehand, without any ISO, redistributable.
As you all know, it is a great PITA, when it comes to grub v0.97 and CentOS < 7. So I let go of grub and embraced extlinux.
So, here is how I was able to achieve this:
This method was tested on a host machine running CentOS 6.6
First, create the virtual disk.

/t/centos ❯❯❯ truncate -s 10G centos6.img

Yeah, I know, one can use "qemu-img create -f raw centos6.img 10G" too.
Find a free loop device and map the image to it automatically:

/t/centos ❯❯❯ kpartx -va centos6.img

Find out which loopback interface was our image mapped to:

/t/centos ❯❯❯ losetup -a
/dev/loop0: [0802]:402326 (centos6.img)

Write a DOS partition table:

/t/centos ❯❯❯ fdisk /dev/loop0 
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x9958dbf2.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 22: Invalid argument.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Let us create a partition and mark it bootable:

/t/centos ❯❯❯ fdisk /dev/loop0 

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1305, default 1): 
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305): 
Using default value 1305

Command (m for help): p

Disk /dev/loop0: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x402195a6

      Device Boot      Start         End      Blocks   Id  System
/dev/loop0p1               1        1305    10482381   83  Linux

Command (m for help): a
Partition number (1-4): 1

Command (m for help): p

Disk /dev/loop0: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x402195a6

      Device Boot      Start         End      Blocks   Id  System
/dev/loop0p1   *           1        1305    10482381   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 22: Invalid argument.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
[root@ibm2 wani]/t/centos ❯❯❯ fdisk /dev/loop0 -l

Disk /dev/loop0: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x402195a6

      Device Boot      Start         End      Blocks   Id  System
/dev/loop0p1   *           1        1305    10482381   83  Linux

Verify that a new, bootable partition has been created:

]/t/centos ❯❯❯ fdisk /dev/loop0 -l

Disk /dev/loop0: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x402195a6

      Device Boot      Start         End      Blocks   Id  System
/dev/loop0p1   *           1        1305    10482381   83  Linux

Run kpartx again, to map the newly created partition as another loop device

/t/centos ❯❯❯ kpartx -va centos6.img 
add map loop0p1 (253:0): 0 20964762 linear /dev/loop0 63

Format the newly created partition to ext4 filesystem.

/t/centos ❯❯❯ mkfs.ext4 /dev/mapper/loop0p1
mke2fs 1.41.12 (17-May-2010)
Discarding device blocks: done                            
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
655360 inodes, 2620595 blocks
131029 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2684354560
80 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 30 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Mount the new partition to /mnt/mycentos6/

/t/centos ❯❯❯ mkdir -p /mnt/mycentos6/; mount /dev/mapper/loop0p1 /mnt/mycentos6/

Install syslinux-extlinux (bootloader) and mock (a simple program that helps in building source RPMs inside a chroot)

/t/centos ❯❯❯ yum install -y mock syslinux-extlinux

Initialize a directory structure for epel6 family.

/t/centos ❯❯❯ sudo mock --init -v -r epel-6-x86_64
/t/centos ❯❯❯ #For configuring stuff, edit the file /etc/mock/epel-6-x86_64.cfg or create a copy of it and play with it.

Copy all mock files to your disk image:

/t/centos ❯❯❯ cp -r /var/lib/mock/epel-6-x86_64/root/* /mnt/mycentos6/

Create a directory for syslinux.

/t/centos ❯❯❯ mkdir /mnt/mycentos6/boot/syslinux; 

Note the UUID of the new partition

/t/centos ❯❯❯ blkid /dev/mapper/loop0p1
/dev/mapper/loop0p1: UUID="02afc1b5-66b4-4931-9411-6123a6d1f152" TYPE="ext4"

Setup /etc/fstab

/t/centos ❯❯❯ tee /mnt/mycentos6/etc/fstab <<EOF
UUID=02afc1b5-66b4-4931-9411-6123a6d1f152 /                       ext4    defaults        1 1
EOF

Create a configuration file for extlinux

/t/centos ❯❯❯ tee /mnt/mycentos6/boot/syslinux/extlinux.conf <<EOF
default vesamenu.c32
timeout 600

display boot.msg

menu background splash.jpg
menu title Welcome to CentOS 6.6!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000

label CentOS 6
  menu label CentOS 6
  menu default
  kernel /boot/vmlinuz-2.6.32-504.12.2.el6.x86_64 root=UUID=02afc1b5-66b4-4931-9411-6123a6d1f152
  append initrd=/boot/initramfs-2.6.32-504.12.2.el6.x86_64.img 
EOF

Copy files required for menu, etc

/t/centos ❯❯❯ cp /usr/share/syslinux/vesamenu.c32 /mnt/mycentos6/boot/syslinux/
/t/centos ❯❯❯ cp /mnt/mycentos6/usr/lib/anaconda-runtime/syslinux-vesa-splash.jpg /mnt/mycentos6/boot/syslinux/splash.jpg

Install MBR code that boots from the partition marked as bootable. The syslinux family comes with such a MBR code, so we use it:

/t/centos ❯❯❯ dd if=/usr/share/syslinux/mbr.bin of=centos6.img conv=notrunc

Install extlinux

/t/centos ❯❯❯ extlinux --install /mnt/mycentos6/boot/syslinux
/mnt/mycentos6/boot/syslinux is device /dev/mapper/loop0p1

Unmount the partition

/t/centos ❯❯❯ umount /mnt/mycentos6/

Delete device mapping

/t/centos ❯❯❯ kpartx -vd centos6.img
del devmap : loop0p1
loop deleted : /dev/loop0

Lets test this! Mr. Qemu, hit it!

/t/centos ❯❯❯ /usr/libexec/qemu-kvm centos6.img 
VNC server running on `::1:5900'

And... we have what we want:

/t/centos ❯❯❯ vncviewer :5900

TigerVNC Viewer for X version 1.1.0 - built Oct 30 2014 12:44:50
Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.

Configuring transparent HTTP Proxy, transparent HTTPS proxy and 802.1x authentication on a Wireless Router

In my college, there is a squid proxy server (10.4.8.204) running on 8080. The firewall on the default gateway drops any packets that are either not coming from proxy, or are not ICMP. Now a days, students use a lot of wireless devices, and many of the famous apps like skype on apple devices, don't honour system proxy settings. So, obviously, students are angry that they can't use their devices to talk to their loved ones, can't play Quizup, can't 'whatsapp' any person, blah, blah. So, I thought why not we put up a transparent proxy for HTTP as well as HTTPS on the wireless router itself, and forget about proxy settings? Transparent HTTP Proxy is easy to find, but such a thing for HTTPS has security issues and what not. One of my seniors, wrote such a software and was happy to share it with the world. I tested this method on one of the TP Link routers, and guess what? It worked! Yay!

A little while later, college authorities enabled 802.1x authentication mechanism. Now the routers cried, as by default, they don't provide any mechanism to authenticate themselves on the WAN port over 802.1x protocol. So, an extra layer of authentication using wpa_supplicant had to be added.

This blog post lists the entire setup done in order to deploy transparent proxies, and authenticate user over 8021.x. In short, as soon as the router is switched on, it keeps sending DHCPDISCOVER packets. The switch understands that it is not interested in 802.1x protocol and throws it into a Guest VLAN. Now, in the Guest VLAN, the router can connect to only one machine in the entire campus, which is basically configured as a tftp server for booting/installing operating systems over network. So, I hosted the required files on this server (10.1.34.345). The router downloads the binary for wpa_supplicant compiled specifically for it's ISA and runs it with the proper configuration, just after restarting the wan service, so that it can ask for a new lease from the DHCP. Now, since it is authenticated, the VLAN is different and the DHCP gives a different IP address. After this, the router downloads pre-compiled binary and configuration files of transparent http and https proxies and runs them in background. PREROUTING rules are configured so that all packets destined for 80 and 443 are redirected to these proxies. Since the code is very new and sometimes segfaults, both the proxies are run in an infinite loop, so that user doesn't have to switch on/off the router again and again.

This method has been tested on

1. TP-Link WR740N v4.27
2. D-Link DIR-600

Content taken from: Transparent HTTP Proxy and Transparent HTTPS Proxy Github Repo: router_tproxy

Step 1: Visit DD-WRT Downloads page and enter WR740N. Since my device version is 4.27, I should click on 4.x then download factory-to-ddwrt.bin Mirror

Step 2: Perform a 30-30-30 Hard Reset on your router.

Step 3: Visit 192.168.0.1 in your browser after connecting your device with the router. The IP address may be different, depending upon your router.

Step 4: Upload the downloaded file to: System Tools -> Firmware Upgrade and click Upgrade

 Step 5: After the router restarts, visit 192.168.1.1 in your browser after connecting to the open wifi with ssid dd-wrt

Step 6: Update the username and password.


Step 7: Click on the tab: Services and then click on Enable besides Telnet



Step 8: Create a file onrouter.sh and host it on some persistent network reachable from within campus. For example: http://10.4.8.200/~nehal.wani/router_proxy/onrouter.sh. You can download the file here. Contents of the file are:

# iptables commands to be run on DD-WRT for tproxyhttps intercepting
# Note your router setup may differ , use only as a guide
cd /tmp/tmpf/

LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

## HTTPS Stuff
# IP address of machine on which the intermediate transparent https proxy (tproxyhttps)
# is running (if you are running tproxyhttps on the router itself, then this is the router's ip) 
PROXY_IP=192.168.1.1 
PROXY_PORT=1125 # Port on which the intermediate transparent http proxy listens for requests
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 443 -j DNAT --to $PROXY_IP:$PROXY_PORT

chmod a+x /tmp/tmpf/tproxyhttps
echo "while true; do /tmp/tmpf/tproxyhttps -s 10.4.8.204 -a 8080 -p $PROXY_PORT -v &> /tmp/tmpf/tproxyhttps.log ; done" >> /tmp/tmpf/script_https.sh
chmod a+x /tmp/tmpf/script_https.sh
sh script_https.sh &

## HTTP Stuff
# IP address of machine on which the intermediate transparent http proxy (tinyproxy)
# is running (if you are running tinyproxy on the router itself, then this is the router's ip) 
PROXY_IP=192.168.1.1 
PROXY_PORT=3128 # Port on which the intermediate transparent https proxy listens for requests
iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT

chmod a+x /tmp/tmpf/tinyproxy
echo "while true; do /tmp/tmpf/tinyproxy -c tp.conf &> /tmp/tmpf/tp.log ; done" >> /tmp/tmpf/script_http.sh
chmod a+x /tmp/tmpf/script_http.sh
sh script_http.sh &

# All SNAT Stuff
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

# Don't route the local network packets through intermediate proxies
iptables -t nat -I PREROUTING -i br0 -d 192.168.36.0/24 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -d 10.0.0.0/13 -j ACCEPT

# add search domain option for intranet domains
echo "dhcp-option=option:domain-search,iiit.ac.in" >> /tmp/dnsmasq.conf
stopservice dnsmasq
startservice dnsmasq

Step 9: Compile the file tproxyhttps.c for the Instructions Set Architecture of your router. For TPLink-WR740N, the chipset is of Atheros and ISA is MIPS32. Host the compiled binary on some persistent network reachable from within campus. For example: http://10.4.8.200/~nehal.wani/router_proxy/tproxyhttps. You can download the compiled binary for TPlink-WR740N here. If you wish to compile it yourself, download OpenWRT-toolchain-for-mips-gcc Mirror. If your router model is D-Link DIR-600, then you need to download OpenWRT-toolchain-for-ramips-gcc Run this command for compilation:

mips-openwrt-linux-gcc tproxyhttps_working.c -ldl  -lpthread -o tproxyhttps

The binary can be found in: ./OpenWrt-Toolchain-ar71xx-for-mips_r2-gcc-4.6-linaro_uClibc-0.9.33.2/toolchain-mips_r2_gcc-4.6-linaro_uClibc-0.9.33.2/bin/ Similar command can be used to compile transparent http proxy. The files required are:

• tinyproxy. Pre-compiled binary extracted from this link 
• tp.conf (tinyproxy config file)

Step 10: Open 192.168.1.1 in your browser and go to Setup -> Basic Setup. In Connection Type, choose Automatic Configuration - DHCP. In the section Network Address Server Settings (DHCP), deselect Use DNSMasq for DNS and enter 10.4.3.222 and 10.4.20.204 in Static DNS 1 and Static DNS 2. Click Save at the bottom of the page.



Step 11: Find the program wpa_supplicant supporting your device's chipset and ISA. For TPLink-WR740N v4.28, I found the binary in this package. Mirror and host it one of the nodes which is almost always connected to the private network created by the router. For example, http://192.168.148.1/wpa_supplicant_mips32
Step 12: Telnet into the router and type the following commands (Change the links of the hosted files appropriately):

root@DD-WRT:~# nvram set rc_startup="
mkdir /tmp/tmpf
cd /tmp/tmpf
while true; do ifconfig | grep -A2 eth0 | grep inet; if [[ \$? -ne 0 ]]; then sleep 1; else break; fi; done #wait for Guest VLAN IP
wget http://10.1.34.245/softwares/RouterFiles/wpa_supplicant_mips32 #download from local network
mv wpa_supplicant_mips32 wpa_supplicant
chmod a+x wpa_supplicant
echo \"
ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
fast_reauth=1
network={
    key_mgmt=IEEE8021X
    eap=GTC
    identity=\\\"nehal.wani@students.iiit.ac.in\\\"
    password=\\\"i-wont-tell-you\\\"
}\" > /tmp/tmpf/wpa_supplicant.conf
./wpa_supplicant -D wired -i eth0 -dd -c /tmp/tmpf/wpa_supplicant.conf &> /tmp/wpa_supplicant.log &
sleep 10 #wait for authentication to complete
stopservice wan
startservice wan
sleep 10 #wait for IP from DHCP
wget http://10.4.8.200/~nehal.wani/router_proxy/onrouter.sh;
wget http://10.4.8.200/~nehal.wani/router_proxy/tproxyhttps;
wget http://10.4.8.200/~nehal.wani/router_proxy/tinyproxy;
wget http://10.4.8.200/~nehal.wani/router_proxy/tp.conf;
sh onrouter.sh;" #This set the the nvram variable rc_startup
root@DD-WRT:~# nvram commit #Save the nvram variable, so that it is persistent w.r.t reboots.
root@DD-WRT:~# reboot #Reboot to apply changes