SecureOffice is an OpenWrt based, high performance, state of the art router / gateway / WiFi access point using a modern 64bit Linux kernel. It is intended to augment and / or replace your existing router with a higher functionality, increased security / performance state of the art system. It is also an application platform capable of hosting many services for the internet (public) and your local LAN (private). Be aware that many commercial systems have backdoors and are spying on you and your communications.
SecureOffice is intended to meet the privacy and security needs of anyone who uses the internet. It is designed to allow individuals and organizations to protect their information and privacy in the escalating war initiated by those who believe your private, peaceful, lawful business is their concern. The first rule of war is: know your enemy. Do not allow them to know you, but, do know them.
SecureOffice allows you to migrate from remote hosting of websites, telephone, internet of things, fax, email and file storage services to local hosting, allowing you to keep your communications and information secure, under your control and private. It is becoming very risky to trust third parties with YOUR information.
Basic SecureOffice provides all standard OpenWrt packages (for free) with zero cost download and package updates. Anything that OpenWrt provides is available for SecureOffice, without the hassle of having to build it. OpenWrt has a vast array of HowTo's for application packages such as file, media servers, etc. OpenWrt has a very active user forum for questions and support.
SecureOffice runs on standard PC (x86_64) and media player (Amlogic TV Box, aarch64) hardware.
SecureOffice also provides the premium SecurePBX (secure telephone / fax), Docker Containers and VmWare Workstation (x86_64 only) for running virtual machines such as web and email server packages.
SecureOffice is available pre-installed on select hardware or can be manually installed by users with compatible hardware (technical skills required).
SecureOffice consists of five major integrated components with large user bases and support networks:
- OpenWrt: is a highly extensible GNU / Linux distribution for embedded devices (typically wireless routers). OpenWrt is built from the ground up to be a full-featured, easily maintained operating system for routers. In practice, this means that you can have all the features you want with none of the risks / bloat of spyware, powered by a Linux kernel that's more recent than most other distributions. In addition, OpenWrt is opensource, peer-reviewed and tested to ensure that no security holes or spyware exist, which many commercial products have (by design). Further information regarding OpenWrt and user package installation / configuration is available on the OpenWrt Wiki page.
- FreeSwitch: a state of the art, carrier grade SIP PBX (Private Branch eXchange telephone switch) with encryption for secure audio / video phone calls, currently unbreakable by any snoops / hackers who may consider your private lawful business to be their concern. FreeSwitch is opensource, peer-reviewed and tested to ensure that no security holes or spyware exist, which many commercial telephone systems have. Further information regarding FreeSwitch is available by following the FreeSwitch link.
- FusionPBX is a browser-based GUI (Graphical User Interface) for easy user configuration of FreeSwitch. Without FusionPBX, user configuration of FreeSwitch is a daunting task, with a steep learning curve requiring editing configuration files, programming and call flow skills. FusionPBX is opensource, peer-reviewed and tested to ensure that no security holes or spyware exist. Further information regarding FusionPBX is available by following the previous link.
- The SecurePBX telephony application is FreeSwitch and FusionPBX integrated together.
- VmWare Workstation: (not opensource, commercial use requires an additional paid license from VmWare) allows hosting of virtual machines by SecureOffice. This allows users to easily port and consolidate existing services from third party service providers and / or dedicated servers. Further information regarding VmWare Workstation is available by following the previous link. Additional information regarding virtual machine technology is available from WikiPedia.
- Docker support. Run any docker-ce or docker-compose image. Packages available for home-assistant (home automation) and nextcloud (secure file sharing, collaboration and communications).
SecureOffice is:
- A high-performance internet gateway / wireless router / firewall (OpenWrt).
- A highly extensible application hosting platform, with many free applications available:
- OpenWrt applications such as file and media servers (Samba, DLNA, TFTP...), web servers (uHTTPD, email, Lighthttpd, Nginx, Apache...).
- OpenWrt is very suitable for hosting IOT (Internet of Things) local and remote services.
- In general, any application that is available for Linux can be made available for SecureOffice.
- OpenWrt and basic applications for SecureOffice are completely free to download, update and use with no restrictions.
- Additional application packages are available for a small annual subscription fee. These applications are not available from OpenWrt and have been custom developed / ported, for SecureOffice including:
- Additional drivers for graphics, multimedia and devices.
- LetsEncrypt support for free, automatically renewing SSL certificates. Package details: Luci-app-nginx-certificates.
- Logtrigger: An automated syslog event parser, for detecting hacker intrusions with custom script capability for responding to any syslog event. Also useful for automation / alarm systems, custom response (such as sending emails / text message) in response to system events (anything that appears in syslog). Also performs IP banning (block access from specific IP addresses) for repeated login failures (prevents dictionary attacks) attempting to access secure shell or SecurePBX. LogTrigger comes pre-configured to block invalid access attempts.
- Xorg: Standard Linux GUI. Allows running standard Xorg applications and configuring SecureOffice for media / GUI applications such as TV box or IP camera viewer.
- (xorg) FluxBox window manager.
- (xorg) Lxterminal, a multi-tabbed console for linux shell access.
- (xorg) NoMachine server for remote access to SecureOffice desktop GUI.
- (xorg) Xeoma video surveillance system. Free for up to eight cameras. Add IP cameras and turn SecureOffice into a video surveillance system / DVR
- ZoneMinder IP camera surveillance / recording, motion detection alarm system. Also integrates with X10 systems. Package details: ZoneMinder.
- Home Assistant: Home automation, IOT device control. Docker version requires paid Docker license. SecureOffice installation alternatives: Home Assistant.
- Webrtc-streamer: Easily stream V4L2 (video for Linux) capture devices and RTSP sources (IP Cameras) to internet clients such as Android phones and PC's for security applications. TODO: document
- NextCloud: Self-hosted productivity platform that keeps you in control of your information / services and who is allowed to access. Requires paid Docker license. Package details: NextCloud.
- Coturn: Stun / Turn server to allow easy firewall traversal for media streams. Used by NextCloud Talk.
- VPN Scripts: Easily create VPN client / server configuration / certificates. Also provides ability to easily provide services / websites over VPN, making your services / websites appear anywhere, globally where VPN endpoints exist.
- RAID Scripts: Easily create RAID arrays for data reliability. Also provides status emails when significant events such as disk failure occur.
Optional licensed ($) applications:
- SecurePBX: Freeswitch / FusionPBX SIP (VoIP) PBX. Secure audio / video telephony, messaging and fax. Powerful enough to provide phone service for a small town or large organization.
- Vmware Workstation (x86_64 only): Run virtual machines to provide additional services such as email, websites, etc. Commercial users must also license from VmWare.
- Docker: Next generation way to provide internet services. Rapidly replacing virtual machines for services deployment. Here's why.
- More to come, based on user requests.
SecurePBX is a standard SIP PBX (secure telephone system). Secure audio / video calls (encrypted, unbreakable) depend on whether remote SIP clients (endpoints / phones) on the internet are capable of encryption, or not. It is not necessary for SIP clients on the local LAN to be capable of encryption, since SecurePBX does the encryption / decryption for all phones on the local LAN. SecurePBX can replace any standard SIP PBX switch such as Asterisk, Nortel, Avaya, Mitel, Cisco, etc., assuming the phones are compatible with standard SIP protocols.
A free trial license is available to try before buy.
SecurePBX can also be configured for FAX extensions to act as send / receive fax machines, without the FAX machine.
SecurePBX is compatible with legacy analog phones and terminals (including FAX) using standard ATA FXO / FXS interfaces. This allows existing wiring and legacy analog phones to be used in a home / office environment.
A basic overview, getting started guide for SIP and VoIP communications is located here.
SecurePBX can be used for the following endeavors / applications:
- Geographically distributed enterprises with dispersed teleworkers. SecurePBX can, if desired, communicate / network with other SecurePBX's for load sharing by regional SecurePBX nodes.
- Individuals and SOHO's who wish to replace their existing landline and / or cellphone plans by less expensive (some without monthly phone bills) SIP telephony providers such as FreePhoneLine in Canada. Most SIP providers allow the option to keep your existing phone numbers.
- Use your home / office phone number for your cellphone also. Using ring groups, any combination of phones (extensions) wherever they may be, planet wide, fixed or roaming can be configured to ring for any line (phone #).
- If you are willing to accept the restriction that your cellphone number only works when WiFi is available, you can eliminate your monthly cellphone bill by configuring your cellphone as a SecurePBX extension, part of a ring group for a SIP phone number. Using this option for an extension means that unless you have a WiFi or cellular data connection (home, work, internet cafe, etc.) your cellphone will not be able to make / receive calls. Callers will be transferred to voicemail when your phone is not connected. This restriction can be lifted if you have a cellular plan for data only, in which case, you are fully mobile, at the cost of your cellular data use.
- Professionals such as Accountants, Lawyers, Brokers, Doctors who wish to offer a secure means to maintain client confidentiality.
- Spooks and other state entities who wish to hide the fact that they are up to "no good".
- Politicians, bureaucrats and diplomats weary of their private communications being intercepted, misrepresented and appearing on the nightly news, a career destroying event.
- Dissident networks, organizing for social / economic change.
- In general, any individual or group who wishes the reduced communications costs of VoIP telephony, advanced features and / or, secure communications (privacy). For most VoIP providers, advanced features such as call waiting, call forward and voicemail are normally free. SecurePBX is capable of providing these features locally, keeping your messages private.
VmWare Workstation allows you to simultaneously run multiple operating system such as Windows and Linux in a virtual environment. This allows consolidating web, email and other internet services from dedicated PC's to virtual machines running under SecureOffice. It also provides a way to run legacy software / operating systems no longer supported by "modern" computers, preserving your IT infrastructure investments. This allows legacy server applications running on various PC's to be consolidated to run under SecureOffice.
VmWare Workstation is an optional licensed application available to SecureOffice users. Commercial users must purchase an additional license from VmWare. A free trial license is available to try before buy.
Email, web and other virtual machine servers using standard distributions with automatic security updates is the easiest, cheapest and best way to maintain security for your internet servers.
For example, this website, personal and corporate email, licensing and package update server is running under SecureOffice as a virtual machine (SmeServer-9) and has been in trial for several years by the developer and a group of engineering associates and beta testers.
VmWare Workstation can be used for the following endeavors / applications:
- Those who do not want to risk or trust third party internet hosting providers with access to their files, database, access controls and users.
- Those who do not trust third party email providers with access to their email records.
- It is possible for SecureOffice to be configured (without using virtual machines) to host websites, email and other internet services. Choosing to do so means you would also have to manage security, antivirus and other updates, a tedious task and not recommended. If you wish to do so, search the internet for OpenWrt web and email server HowTo's.
- Using standard operating system virtual machine distribution to host services such as websites, email servers and file servers has the advantages of automatic updates and low maintenance. Several modern Linux server distributions (most free) are compared here. The author uses and recommends Sme-Server. A pre-configured Sme-Server virtual machine is available for download for registered SecureOffice users.
- Consolidating legacy servers, running on dedicated PC's as virtual machines under SecureOffice saves money and power. SecureOffice is capable of running multiple virtual machines simultaneously, limited only by performance of the hardware chosen to host SecureOffice.
- Road Warriors can install SecureOffice / VmWare Workstation on their laptops and bring their entire secure network infrastructure with them, while simultaneously running their OS of choice as virtual machines.
The SecureOffice docker package (premium content) integrates containerd, docker-ce and docker-compose with the OpenWrt configuration, initscript and DNS methodology, automating most of the steps required to run docker containers under SecureOffice.
The default docker image / container repository is Docker Hub. Available containers / images (over 100,000) can be browsed in the Docker Hub repository.
One very useful / popular docker application is NextCloud, a secure personal file and information repository, making your files, contacts, email, bookmarks, passwords and much more accessible anywhere using PC's, phones and tablets (free clients). NextCloud also provides the Talk application (secure multi-party videoconferencing, chat and screen sharing). Instructions for using Nextcloud with SecureOffice are provided in the NextCloud HowTo.
Another very useful / popular docker application is hassio (Home Assistant Supervised) for home automation to control / monitor your home locally or remotely using various remote clients for PC's, tablets and phones. Instructions for using hassio with SecureOffice are provided in the Home Assistant HowTo.
- Hardware meeting minimum requirements, as documented here. Any 64 bit Intel Windows 7 compatible PC should be adequate, including old laptops and desktops. The budget conscious can install / evaluate SecureOffice on an old PC before investing in modern, lower power hardware.
- Alternatively, SecureOffice can be installed as a virtual machine (requiring no dedicated hardware) on any modern Linux or Windows PC. A preconfigured SecureOffice virtual machine can be downloaded and used for free. This is the quickest, cheapest way to evaluate SecureOffice prior to committing to hardware. After evaluation is complete, VM settings can be backed up and restored to real hardware.
- Choose WAN or LAN network topology to determine whether two or one ethernet ports are required for SecureOffice hardware. The pros / cons of network topology selection are discussed here. Running SecureOffice as a virtual machine implies LAN topology.
- Optional: SecurePBX (licensed application, $) if you want to host (secure) telephone services.
- Optional: VmWare Workstation (licensed application, $) if you want to host virtual machines. Running VmWare Workstation in a SecureOffice virtual machine is not possible
- Optional: Docker support (licensed application, $) if you want to run docker images such as Home Assistant or NextCloud.
- SecureOffice, the operating system and basic applications (free).
- Cable / ADSL Modem - to connect to your internet provider.
- A 10/100/1000M Ethernet Switch (WAN topology) with sufficient ports to connect your wired LAN devices.
- A PC to administer / configure SecureOffice
- Optional: A public IP address, domain and DNS provider if you want to host internet services or make phone calls (including secure) over the internet. Refer to the DNS provider (some free) HowTo for further information regarding public IP addresses, domains and DNS.
- Optional: (for telephony service) At least two SIP phones (may be free clients for your Android tablet or cellphone or PC) and / or a wide range of compatible SIP phones and ATA's (Analog Terminal Adaptors). Refer to the SIP Clients HowTo for further information.
- A high performance, feature rich, secure state of the art router / gateway / WiFi access point.
- Basic SecureOffice which is everything available for OpenWrt.
- Available applications include media, file, web servers, virtual private networking (client / server), a rich set of utilities and programming languages such as lua, python, php and perl for custom applications.
- Package updates. The free package lists (architecture dependent) can be viewed for x86_64 (Intel / AMD machines), or aarch64 (Amlogic ARM machines)
- Support using this website forum, OpenWrt HowTo's and support forum and discord channel.
An annual access fee applies. Using free, automatic SSL certificates (luci-app-nginx-certificates) alone saves you more than the subscription fee.
Access to custom developed packages / scripts not available from OpenWrt, including:
- Custom packages / applications developed for / ported to SecureOffice. The custom package lists (architecture dependent) can be viewed for x86_64 (Intel / AMD machines), or aarch64 (Amlogic ARM machines).
- Additional drivers for graphics, multimedia and devices.
- LetsEncrypt: Free, automatically renewing SSL certificates. Package details: Luci-app-nginx-certificates.
- Logtrigger: Automated syslog event parser, for detecting hacker intrusions with custom script capability for responding to any syslog event. Also useful for automation / alarm systems, custom response (such as sending emails / text message) in response to system events (anything that appears in syslog). Also performs IP banning (block access from specific IP addresses) for repeated login failures (prevents dictionary attacks) attempting to access secure shell or SecurePBX. LogTrigger comes pre-configured to block invalid access attempts.
- Xorg: Standard Linux GUI. Allows running standard Xorg applications and configuring SecureOffice for media / GUI applications such as TV box or IP camera viewer.
- (xorg) FluxBox: Window manager.
- (xorg) Lxterminal: Multi-tabbed console for Linux shell access.
- (xorg) NoMachine: Server for remote access to SecureOffice Xorg desktop GUI. TODO: document.
- (xorg) Xeoma: Video surveillance system. Free for up to eight cameras. Add IP cameras and turn SecureOffice into a video surveillance system / DVR. TODO: document
- ZoneMinder: IP camera surveillance / recording, motion detection alarm system. Also integrates with X10 systems. Package details: ZoneMinder.
- Home-Assistant: Home automation, IOT device control. Docker version requires Docker license. SecureOffice installation alternatives: Home Assistant.
- NextCloud: Secure self-hosted productivity and communications (multi-party video conference, chat and screen sharing) platform that keeps you in control of your information / services and who is allowed to access. Requires Docker license. It provides access to your data through a web interface, mobile clients or WebDAV while providing a platform to view, sync and share across devices easily, all under your control. This will be useful for "cleaning" your laptop and Android phone to avoid "paranoid" border crossing events. Package details: NextCloud.
- Webrtc-streamer: Stream V4L2 (video for Linux) capture devices and RTSP sources (IP Cameras) to internet clients such as Android phones and PC's for security applications. TODO: document.
- VPN Scripts: Easily create VPN client / server configuration / certificates. Also provides ability to easily provide services / websites over VPN, making your services / websites appear anywhere, globally where VPN endpoints exist.
- RAID Scripts: Easily create RAID arrays for data reliability. Also provides status emails when significant events such as disk failure occur.
All licensed applications are available with free 30-day trial licences. These applications require many premium packages as dependencies, meaning that trial users must pay the annual repository access fee to be able to install trial licensed packages.
Premium applications for SecureOffice are available with annual or permanent licenses. It is strongly advised to be satisfied with the trial application before committing to a paid license. These packages required very significant engineering effort and are copy protected. These applications require many premium packages as dependencies, meaning that users must subscribe to the custom repository to install licensed packages.
- SecurePBX: Freeswitch / FusionPBX SIP (VoIP) PBX. Secure audio / video telephony, messaging and fax. Powerful enough to provide phone service for a small town or large organization.
- Vmware Workstation (x86_64 only): Run virtual machines to provide additional services such as email, websites, etc. Commercial users must also license from VmWare.
- Docker: Next generation way to provide internet services. Rapidly replacing virtual machines for services deployment. Here's why.
- More to come, based on technology trends and user requests.
Become a registered user at this site (only once):
- Click "Register" at top of this page. The registration form will appear.
- Enter username, email and password.
- Select "I Agree" to the site terms of use.
- Answer the "skill" testing question.
- Click submit. A confirmation email will be sent.
- Follow instructions in the confirmation email to complete registration.
It is necessary to be up and running free SecureOffice, with an active domain prior to purchasing custom repository access and premium applications. This is not necessary for systems with SecureOffice pre-installed.
Follow the instructions in the prerequisites section, to prepare for SecureOffice installation.
If using your own hardware, follow the instructions in the install section to download, install and configure free SecureOffice.
If using hardware with SecureOffice pre-installed, follow instructions starting with configure OpenWrt router.
Ensure your user information at the SecureOffice web interface (System->Licensing->Registration) page is correct.
If purchasing premium applications, please install (and be satisfied with) the trial version prior to purchase.
The SecureOffice registered domain must be active. All authentication and license requests must come from the registered domain, else will be denied.
Login to this site, click "Purchase", add items to cart by selecting the desired product, select "continue shopping" until all products desired are entered.
Select "Checkout". On the "Validate Purchase" page, enter mandatory (marked by "*") user information. Select "Next" when done.
Select "PayPal" as the payment method, select "Final Confirm". On the next page (Validate Purchase), review your order before selecting "Pay Online". Selecting "Pay Online" will take you to the PayPal website to securely login and complete the purchase. Private customer information such as credit card numbers cannot be accessed by this website.
PayPal will send a purchase confirmation email containing a "Transaction ID: 81G64613TK608341D" (example). Keep the email for proof of purchase.
Enter your PayPal payment ID in the correct form and press "Save and Apply":
- For Access to premium packages / scripts, enter your PayPal payment ID at "System->Licensing->Registration".
- For licensed applications, enter Paypal payment ID at "System->Licensing->Manage Licenses->Application".
After purchasing custom repository access, the repository and user credentials must be configured. Instruction are located in the enable repository access section.
Upon receipt of payment confirmation from PayPal, your Access / License authorization will be updated.
The SecureOffice team is actively developing the following applications:
- DNSCrypt: Encrypt DNS traffic so snoops cannot monitor your DNS queries, thus knowing the sites you visit. It also protects against DNS spoofing (used by hackers to redirect you to counterfeit sites, for purpose of collecting login credentials, credit card and banking information). Combined with internet browsing over a VPN connection, nobody can monitor your internet activity.
- WireGuard: Next generation, vastly higher performance VPN protocol, far superior to OpenVPN.
- In process of porting SecureOffice to inexpensive Android TV boxes which will be available with SecureOffice pre-installed, for the home market (lower cost / performance compared to PC's).
It is expected that users will have many suggestions regarding new applications. The forum contains a topic dedicated to this. May the best ideas win.
It should also be noted that development is not free. It is hoped that market success will result in resources to pull together a much larger engineering team and provide many more features (and, freedom from the "security state" - alliance of states and big business / finance which should be a concern for all).
Re: SecureOffice Overview
Re: SecureOffice Overview