Table_of_Contents
1 SecureOffice Copyright and Licensing
2 Install SecureOffice on Boot Device
2.1 Install on Target PC Using Rescue USB Boot Disk
2.2 Install on Target PC Using SecureOffice USB Boot Disk
2.3 Install on Target Media Using Linux PC
2.4 Install on Target Media Using Linux VM
2.5 Optional SSH Into Installation PC
2.6 Identify SecureOffice Boot Media Device
2.7 Install SecureOffice to Boot Media
4.1 OpenWrt Local Console Access
4.3 Basic Network Configuration
4.4 Configure WAN Network Topology
4.4.1 Configure LAN Ethernet Interface
4.4.2 Configure WAN Ethernet Interface
4.5 Configure LAN Network Topology
4.6 Configure WiFi
4.7.1 Choose a DDNS Service Provider
4.7.2 Configure and Enable DDNS Service
4.8 Configure SecureOffice Domain
5 Install Other Services and Applications
5.1 Other Services and Applications
5.2 Requesting Missing Packages and Drivers
5.3 Licensed Services and Applications
5.3.1 About Licensing
5.3.2 Secure Telephone System
5.3.3 Virtual Machine Hosting
5.3.4 Docker Container Support
5.3.5 Free and Automatic Renewing SSL Certs
5.3.6 Developing Applications and Services
List of Figures
Figure 1: System Rescue Boot Options Menu
Figure 2: Boot Failure Kernel Panic
Figure 3: GRUB Boot Menu
Figure 4: Edit GRUB Boot Menu
Figure 5: Successful Boot
Figure 6: Edit GRUB Configuration
Figure 7: RFC 1918 Private Address Space
Figure 8: LAN Configuration Section
Figure 9: Web GUI Password Prompt
Figure 10: Web GUI Status Page
Figure 11: Internet Traffic Graph
Figure 12: WAN Protocol Selection
Figure 13: WAN Static Address Configuration
Figure 14: OpenWrt Firewall Allow GUI
Figure 15: DDNS Configuration
List of Tables
Table 1: SecureOffice Default Settings
Licensing terms for SecureOffice and applications are available in the licensing section. The licensing terms basically state that you are aware of and consent to:
The developers of SecureOffice stand on the shoulders of giants and owe a huge debt of respect and gratitude (and do not take credit) to all opensource (monopoly breakers) developers. In particular: the OpenWrt, FreeSwitch and FusionPBX teams.
SecureOffice contains copyrighted enhancements / material that may be "of use" to the projects above and developers may wish to incorporate them. Should team members of the above projects be interested in incorporating copyrighted SecureOffice enhancements into the above projects, it is the intent of the developer of SecureOffice to be liberal in granting copyright waivers. Contact us if interested.
When volumes warrant, the SecureOffice copyright owner is willing to discuss allowing VAR's (Value Added Retailers) and PC / HTPC manufacturers to sell and distribute pre-installed SecureOffice systems. Further, it is intended to sell pre-installed systems for customers without the time, expertise or patience to install SecureOffice. Contact us if interested.
The developers are porting SecureOffice to lower cost MIPS / ARM architectures for the home market. VmWare Workstation is not possible / practical on these architectures. Contact us if interested.
License terms for SecureOffice and applications are available below:
Installation or downloading any portion, including the install script for SecureOffice indicates consent to the licensing terms.
Users who purchased hardware (x86_64 or aarch64) with SecureOffice pre-installed can skip ahead to Configure OpenWrt Router.
These instructions are for installing SecureOffice on real hardware. If hardware is not yet available, or if you want to evaluate SecureOffice with zero hardware cost, you can install SecureOffice as a virtual machine or create a SecureOffice USB boot disk. When real hardware is available, SecureOffice configuration can be backed up and restored to real hardware.
It is assumed (from Tools for Initial SecureOffice Install) that one of the following Linux system options is available for installation:
Note that Sme-Server (recommended VM for service provision using licensed VmWare Workstation application) can also be used as the Linux system for initial SecureOffice installation. This avoids having to create two Linux virtual machines.
Figure 1: System Rescue Boot Options Menu
It is assumed that you are at a Linux command prompt on the installation PC.
If in a virtual machine or rescue system console, most likely you do not have copy and paste ability for commands which is cumbersome. Using PuTTY to SSH into the installation machine will remedy this.
It is assumed you are at a Linux command prompt on the installation PC, either directly or using PuTTY.
During boot, Linux enumerates block devices (disks) and assigns them names: "sda, sdb, sdc", etc. The Linux device name of the disk that is intended to become the SecureOffice boot disk needs to be identified.
Enter "dmesg | grep sdX" repeatedly, where X increments from "a", "b", "c", etc., until you identify the correct disk.
You are looking for a portion of output (from dmesg) of the following form, corresponding to your disk, where XXX is the disk size in GB:
"sd 2:0:0:0: [sdb] 976773168 512-byte logical blocks: (XXX GB/YYY GiB)"
If the size of the target boot disk is unique (only one on installation system with XXX equal to the SecureOffice target boot disk size), this is likely the correct disk (sdb, sdc, etc). Note that "sda" cannot be the correct disk since that contains the OS of the installation system (unless using USB rescue disk).
As a sanity check, to confirm the SecureOffice boot disk candidate is correct, the disk partitions can be inspected using the "fdisk" command.
If still uncertain regarding correct disk choice (candidate disk has partitions you are unsure of), another sanity check is to inspect the disk contents.
The disk identified as the SecureOffice boot disk will be re-partitioned and formatted in the next step, wiping out all data on the selected disk. Be certain the disk chosen is the correct disk. Otherwise, at best, you will lose all data on the disk, at worse, wipe out the installation PC operating system. Recovery from this disaster is left as an exercise for the reader.
The SecureOffice operating system (pre-configured OpenWrt) is installed by downloading and running an installation script on the Linux installation PC. During installation, you must agree to SecureOffice licensing terms before proceeding with installation.
Disk technical notes:
Installation will result in four partitions on the target disk:
The size of partitions 1 plus 2 is 8GB, more than adequate for installing many applications and cannot be changed easily.
The size of the Swap (sdX3) and Data (sdX4) partitions can be changed by using fdisk to delete them and create new ones of the desired size and reformatting (mkswap, mkfs.ext4) them. These partitions are initially empty and contain no useful data. Not recommended. The only reasons for modifying partition layout is:
To install the latest version of SecureOffice, from a Linux command prompt, enter the following commands, in order:
Previous versions of SecureOffice can be downloaded from here. Choose "<version>/do_install.sh" where <version> is the desired version.
To install a locally archived (previously saved) version of SecureOffice, from a Linux command prompt, enter the following commands, in order:
SecureOffice will be installed on the target disk. It will take some time to download and complete, depending on disk size and speed. The script will inform you of success / failure and the disk will be synced and unmounted when complete. Do not remove the target disk prior to script completion, or abort the script, else, the target disk will be corrupted. If you do so, run the script again. Be patient.
If SecureOffice was not installed using the target PC / HTPC, remove the target disk from the installation PC and install it on the (unpowered) target PC / HTPC.
If SecureOffice was installed on the target PC / HTPC using a rescue or other Linux USB boot disk, power down or reboot the target PC / HTPC and remove the USB boot disk.
SecureOffice has undergone a major update and any IP addresses and versions in the following figures may not be current and can be ignored.
It is assumed that the SecureOffice PC / HTPC is powered off.
It is suggested that all disks intended to be used for normal SecureOffice operation be installed prior to this step, otherwise, it may have to be repeated. For example, if booting from mSATA with a SATA disk for data and virtual machine storage (recommended configuration), both disks should be installed at this point. Any temporary disks such as USB flash drives which will not be part of normal SecureOffice operation should be disconnected, lest they affect BIOS disk enumeration and boot disk selection.
SecureOffice (assuming BIOS capability) is capable of using different boot disks such as SATA, mSATA, TF, SD, USB Flash and hard disks. The disks are enumerated by BIOS at boot and, the correct boot disk must be selected by the bootloader (GRUB) in order to boot.
The boot disk is specified in the form /dev/sdX2, where "X" is a, b, c, etc., the order which BIOS enumerates the disks. "sdX2" is the root filesystem partition.
The easiest way to select the proper boot disk is to power on SecureOffice, determine if boot results in a Kernel Panic, as shown in the screenshot below. If more disks are added to SecureOffice in the future, this may alter the BIOS disk enumeration order and this boot device configuration procedure may need to be repeated.
Figure 2: Boot Failure Kernel Panic
If you see the boot process stopped with console output similar to the above screenshot, this means an incorrect boot device is configured and boot device configuration must be performed. This is done by editing the GRUB bootloader settings at boot.
To change the boot device configuration, during boot (after cycling power or reset) of SecureOffice, when you see the screen below, type "e" (no quotes) to invoke the GRUB edit menu, for recovery, the second screenshot below.
Figure 3: GRUB Boot Menu
Figure 4: Edit GRUB Boot Menu
The easiest, surest way to configure the correct boot device is to iteratively use the following algorithm until the proper boot device is found.
Figure 5: Successful Boot
After successful boot, the boot device configuration (/dev/sdX2) must be made permanent by editing the GRUB bootloader configuration file to use the device identified by the above selection algorithm. Enter the Linux commands below, pressing enter after each line. Do not enter any text surrounded by ().
Since this is the first mention of the nano editor, if required, usage instructions can be found by following the link.
You will see something like the screenshot below.
Figure 6: Edit GRUB Configuration
Using the cursor, backspace keys, change both occurrences of "root=/dev/sdX2", where X may be a, b, c, etc. to the correct X as determined by the boot drive selection algorithm above. For example, if the boot drive was determined as "/dev/sdb2", the two entries would be changed to "root=/dev/sdb2". Type CTL+o (together) to save changes. Type CTL+x (together) to exit. Type "reboot" or, cycle SecureOffice power to re-boot.
If SecureOffice boots correctly (observe OpenWrt splash screen and command prompt after pressing Enter, as shown in the above figure "Successful Boot"), this configuration step is complete. If not, you must go back, verifying the steps and correcting any errors.
If disks are later added to SecureOffice (and still present at next boot), this may alter the BIOS disk enumeration order, causing a boot failure (Kernel Panic) which will require the above boot disk configuration procedure to be repeated.
If a disk, such as USB Flash drive is temporarily present at boot, this may alter the BIOS drive enumeration (/dev/sdX) and cause a boot failure. To remedy this, remove the temporary disk, reboot and then connect the disk if still required.
The initial installation of SecureOffice is a fully configured version of OpenWrt, usable as a high performance (free) router.
At first boot, the default SecureOffice configuration is suitable for most users, allowing many of the following sections to be skipped until necessary.
Setting | Default | Section | When to change |
|
|
|
|
Root password | admin_54321 | Final site security. | |
Topology | WAN | Default, unless SecureOffice is not primary router. | |
LAN IP Address | 192.168.10.1 | If you want to retain static IP addresses of devices on existing LAN. | |
WAN IP Address | DHCP | If your modem connection to the internet is not DHCP. | |
WIFI SSID, Password | SecureOffice, admin_54321 | Final site security. |
Table 1:SecureOffice Default Settings
If the default settings are acceptable, SecureOffice is ready to use as a router / gateway, with access to the following functionality, assuming the WAN and LAN network interfaces are connected:
If using LAN Topology with only one ethernet port, access to the OpenWrt web GUI and secure shell access must be enabled by following Configure LAN Network Topology.
Unless already familiar with how to test WAN, LAN network connectivity and connect to SecureOffice / OpenWrt, it is suggested that any skipped sections be reviewed and understood, for instructions.
Once network connectivity is tested and established, if intending to host internet services, such as websites or IOT services, skip ahead to Configure Dynamic DNS. Otherwise, follow applicable instructions in Securing Your Site and enjoy this free, secure, state of the art, high performance router / gateway.
(Optional) Once SecureOffice is installed (real hardware or virtual machine) and you have an active domain name and DNS provider, SecureOffice must be configured to use it. This is necessary for access to the custom repository and premium packages. It is crucial to perform this step prior to registering SecureOffice (System->Licensing->Registration). For example, if your domain is "mydomain.com" and your LAN address is "192.168.10.1" (default), enter the following at a SecureOffice command prompt (real hardware or, within virtual machine):
"echo 192.168.10.1 mydomain.com >> /etc/hosts"
Replacing "192.168.10.1" and "mydomain.com" with your LAN address and your domain respectively.
(Optional) To access premium packages, including custom applications and additional installation scripts (from HowTo's), it is necessary to pay a small annual access fee to cover development, maintenance and distribution costs. Instructions for accessing premium content and packages are available here.
Any applications, troubleshooting, HowTo's or configuration that is not covered by basic SecureOffice documentation is available by searching the OpenWrt documentation or forum. For the most part, unless otherwise stated in this documentation, SecureOffice and applications are standard and configured using standard OpenWrt / Linux methods.
Until the OpenWrt network is configured (allowing command line SSH access from LAN using PuTTY and / or browser access to GUI), a monitor and keyboard are required to access the OpenWrt (Linux) command prompt.
The default root (user) password for LAN SSH console access and OpenWrt web configuration GUI is "admin_54321". It is highly recommended to change this password for security considerations.
The OpenWrt / SecureOffice command prompt may be accessed via SSH (example: PuTTY client) from a PC on the SecureOffice LAN or, using a monitor / keyboard.
It is highly recommended that the root password be at least 8 characters long including: at least one each of the following: Upper case letter, lower case letter, number, symbol "({, [, +, etc)", with no spaces.
If the OpenWrt network has been configured, the OpenWrt root password can be changed remotely, using SSH or web GUI configuration.
Type the following commands (within " ") followed by Enter at the command prompt.
It is assumed that the pros / cons of installing SecureOffice as your main router (WAN Topology) or, as a server on your LAN (LAN Topology) using your existing router has been considered and, a choice made by considering WAN versus LAN topology.
The network topology choice affects how SecureOffice is physically connected to the network and how network interfaces are configured.
Independent of whether the network is configured using the OpenWrt web GUI (browser on a PC) or using command line, the Network is configured by altering the contents of file "/etc/config/network". This section is solely concerned with basic ethernet interface configuration, setting IP addresses and how they are acquired for the LAN and WAN ethernet interfaces.
Configuration uses a combination of command line and web browser GUI. There are many other aspects of the network that can be configured, such as IPV6, VLANs and VPN that are not discussed here. Configuration will be done using IPV4 addresses. A full reference for network configuration possibilities is available in the OpenWrt network documentation.
SecureOffice is connected directly to the internet using a Cable / DSL modem or other device. The following information is required for WAN configuration:
Devices on your local network such as PC's, Tablets, IP cameras are connected to SecureOffice LAN, wired or wireless.
The default settings for SecureOffice LAN (eth0) are: Protocol: Static, IP Address: 192.168.10.1, NetMask: 255.255.255.0, DHCP Server: Enabled.
For new installations, it is recommended to keep the default settings. One reason for not using a common LAN IP addresses such as 192.168.1.1 is that it will likely result in IP address conflicts when using SecureOffice as a VPN server and remotely connecting from public WiFi hotspots.
When replacing an existing router, especially if your LAN has devices with static IP addresses, it is initially easiest to use the same LAN settings as the router being replaced, otherwise, you will have to change all existing static IP address assignments to be within the SecureOffice LAN address range.
If the default LAN settings are acceptable, skip to the next step, "Configure WAN Ethernet Interface".
The chosen LAN address must fall within the RFC 1918 Private Address space.
Figure 7: RFC 1918 Private Address Space
Using command line access, enter the following commands to change the LAN configuration section (image below) for SecureOffice:
config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option ipaddr '<desired LAN address>'
option netmask '<desired netmask>'
option dns '<desired LAN address>'
option ip6assign '60'
Figure 8: LAN Configuration Section
Important: If you remotely change the LAN address using a SSH console or OpenWrt web GUI, you will lose network connectivity and must reconnect using the new LAN address.
Now that SecureOffice LAN is configured, the OpenWrt web GUI can be used to configure the WAN (eth1) Internet interface.
From a PC on the same LAN as SecureOffice, enter the configured LAN address (default 192.168.10.1) into your web browser address field and press enter. SecureOffice will prompt for your root password, as shown below. You may be prompted for a security exception due to self-signed SSH keys.
Figure 9: Web GUI Password Prompt
Type your root password (default: "admin_54321", you should have previously configured a new one) and press enter. You will see the main router status page, a portion of which is shown in the screenshot below.
Figure 10: Web GUI Status Page
Navigation to a particular configuration section in subsequent instructions will be of the form: "Tab1->Tab2->Tab3, etc". For example: "Status->Realtime Graphs->Traffic->eth1" will show the network traffic for eth1 (WAN, Internet), as shown below:
Figure 11: Internet Traffic Graph
Using the web GUI, select "Network->Interfaces->WAN". The Protocol dropdown field will allow you to select your Internet connection type and other tabs will allow you to configure your WAN (Internet) interface as required by your ISP (Internet Service Provider). WAN interface types are shown in the screenshot below:
Figure 12: WAN Protocol Selection
It is easiest to copy the settings from your existing router, or, do an internet search: "your internet provider connection setup", or consult your internet provider (help pages, tech support). Another option is to search "OpenWrt 'your internet provider'" since SecureOffice uses standard OpenWrt and, odds are, given the widespread popularity of OpenWrt, many customers of your internet provider are already using OpenWrt.
After making changes, click the "Save & Apply" button in the web GUI to save changes.
To verify WAN settings, enter "ping yahoo.com" from a command prompt (console, or, via SSH client). A response should come from the site, or, a failure message will be displayed. Keep researching and altering WAN settings until you get a ping response example:
"PING yahoo.com (206.190.36.45): 56 data bytes" and "64 bytes from 98.139.183.24: seq=0 ttl=53 time=34.677 ms"
If all else fails, contact your ISP technical support department.
SecureOffice will be connected to the internet through your existing router, as a device or virtual machine with a static IP address on your existing LAN. Any virtual machines /devices providing public services hosted by SecureOffice must also have static IP LAN addresses. The SecureOffice WAN interface will be connected to your LAN using an interface on your existing router. The SecureOffice LAN interface (if two or more ethernet interfaces) is left disconnected and not used, unless another private LAN is required for other uses, outside of the scope of this document.
When using LAN Topology, the existing router must provide the following functionality:
SecureOffice in LAN topology must be configured with a static WAN IP address outside of the DHCP assignment range of the router, but within LAN address space of your existing router.
Determine the address of your existing router (usually the IP address that you use to access its web configuration page).
Access the configuration page of your existing router to determine the existing LAN subnet (eg: 255.255.255.0), DHCP address assignment range, for example 192.168.1.100 to 192.168.1.250.
With the above information, choose a static WAN IP address for SecureOffice outside of the router DHCP assignment range, but not ending with the router base (.1) or broadcast (.255) addresses and not yet assigned (unique) on LAN. For example: 192.168.1.20 or 192.168.1.251
Using console command line access mode (monitor / keyboard or SSH client), edit "nano /etc/config/network" and change the wan configuration section to read as follows, then, save:
config interface 'wan'
option proto 'static'
option ifname 'eth1'
option ipaddr '192.168.1.20'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option dns '192.168.1.1
Figure 13:WAN Static Address Configuration
By default, access to the SecureOffice web configuration GUI and secure shell access using the WAN interface is disabled by the OpenWrt firewall. For LAN topology (since your existing router firewall is protecting SecureOffice), firewall rules must be added to allow access. IMPORTANT: If you later change to WAN topology, these rules must be deleted, else SecureOffice / OpenWrt configuration GUI and shell will be accessible from the internet, a huge security risk.
Using console command line access mode (monitor / keyboard or SSH client), edit "nano /etc/config/firewall", scroll (down arrow key) to the end of the file. Enter the information shown below, then, save and exit ("CTL +o", "CTL + x").
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '80'
option name 'allow-http'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option name 'allow-https'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp udp'
option dest_port '22'
option name 'allow-ssh'
Figure 14: OpenWrt Firewall Allow GUI
Type "/etc/init.d/firewall restart" enter and "ifup wan" enter (to apply the above configuration changes)
Edit file "/etc/config/dropbear" and change line "option Interface 'lan'" to "#option Interface 'lan'" (comment line) so dropbear listens on all interfaces. Enter "/etc/init.d/dropbear restart" to apply the changes.
After the above changes for LAN topology, SecureOffice can be accessed from devices on the LAN:
SecureOffice should now be visible on your LAN. To test this, from SecureOffice console, enter "ping <the address of your router>". A valid reply should be received. If not, follow the troubleshooting steps below. Note that ping runs continuously and can be stopped by entering "CTL+c" (together) from the console.
To verify SecureOffice WAN internet settings, enter "ping yahoo.com" or another website on the internet from a SecureOffice command prompt (console, or, via SSH client). A response should come from the site, or, a failure message will be displayed. Keep researching and altering WAN ("/etc/config/network") settings until you get a ping response. Example:
"PING yahoo.com (206.190.36.45): 56 data bytes" and "64 bytes from 98.139.183.24: seq=0 ttl=53 time=34.677 ms".
The SecureOffice GUI configuration page should now be accessible from your LAN. To test this, enter the configured SecureOffice WAN (WAN_address_you_chose_above) into a web browser address field and confirm the SecureOffice web configuration page (login first) is displayed.
Possible ping failure reasons are:
If all else fails, search the internet for "openwrt WhatIs the problem"
Note: if your existing router is not capable of being a DDNS client, and you require DDNS, it is possible to configure DDNS to be a client from SecureOffice on the LAN, as explained in the DDNS configuration section below.
Default settings for SecureOffice WiFi are:
OpenWrt provides WiFi configuration instructions and how-to setup various WiFi cards, if the standard SecureOffice WiFi is not supported by your hardware.
TODO: Elaborate, enumerate tested WiFi (5G included) cards and how to use auto-detect and configure script (which is not yet released).
Dynamic DNS service can be performed by your existing router (LAN Topology, if capable) or SecureOffice (both topologies). Only one DDNS service should be configured to service your entire network.
Dynamic DNS (DDNS) is a service that updates Internet Dynamic Name Service (DNS) entries (on Internet name servers) relating your Domain Name (eg: example.com) to your current IP address (eg: aaa.bbb.ccc.ddd).
Simply put, this service gives a name to your numeric IP address. So, if you're hosting some service on your internet connection, people do not have to bother finding and typing your numeric IP address. They can just type in your domain name. It also helps when your IP address changes (a common occurrence with most internet providers). Users won't need to discover your new IP address, they can simply type your domain name.
You need a DDNS service provider and to configure the service if all of the following conditions are true:
Static IP addresses are a premium service, for which internet providers usually charge extra. If you are considering using a paid DDNS service, it may be worthwhile to weigh the costs of static IP versus DDNS service.
DDNS services may be paid (yearly domain name rental fee) or free.
Paid DDNS services allow you to have a domain name of the form "yourdomain.com". Paid DDNS services such as dyn.com and dynu.com also have the option to setup and pay for the Domain Name "yourdomain.com".
Free DDNS services such as duckdns.org allow you to have a subdomain within their domain such as "yoursubdomain.duckdns.org".
You must pay for your own Domain name and use a paid DDNS Service if you want to have your domain name unique to your site (eg: yourdomain.com) as opposed to a subdomain of a DDNS providers site (eg: yoursubdomain.duckdns.org).
For SecureOffice users who are satisfied with their domain name being a subdomain of a DDNS provider (eg: "yoursite.provider.com"), a free DDNS service is adequate and the expense of renting a domain name can be avoided. You can still provide internet services such as websites, file sharing, email servers, IOT and (encrypted) SecurePBX phone services.
Criteria for choosing a DDNS service provider is discussed in Domain Names and DDNS. For now, to be up and running quickly, it is best to use one of the recommended DDNS providers suggested in the previous link and defer final DDNS provider selection / configuration until you have configured and tested all of your internet services and are ready for the final configuration steps in "Securing Your Site".
OpenWrt has comprehensive documentation regarding DDNS Services, including listing DDNS service providers (free, paid) and configuring OpenWrt DDNS.
SecureOffice comes pre-configured for two free DDNS service (dynu.com, duckdns.org) and a paid DDNS service (dyn.org). It is required to register an account with the chosen DDNS service provider and configure user credentials. Otherwise, an alternate DDNS provider needs to be chosen by following the instructions in the OpenWrt DDNS services documentation.
Technical Note: With reference to OpenWrt DDNS documentation above, for SecureOffice, all packages required for wget DDNS are already installed and, the modifications for encrypted (SSL) DDNS, including SSL certificate installation for the preconfigured DDNS providers is already done.
Enter the configured SecureOffice LAN address (WAN topology, default: 192.168.10.1) or WAN address (LAN topology) in a browser and click "Services->Dynamic DNS". You will see the screenshot below, with the preconfigured DDNS providers:
Figure 15: DDNS Configuration
Note: OpenWrt DDNS has many options (documented in OpenWrt DDNS documentation) that are not configurable using the web GUI. To change them, use command line access mode and edit "/etc/config/ddns". This is not necessary if the one of the three preconfigured DDNS services are used.
Choose the DDNS service you want.
If you need a unique domain name such as yourdomain.com, dynu.com and dyn.com provide this service.
For duckdns.org (free), login to get an account here. For dyn.com (paid), login to get an account here.
Once you have your domain name and DDNS account credentials for the corresponding provider, fill in the following fields: Hostname, Username, Password and click the Enable checkbox for the selected DDNS service. Click "Save & Apply" to make the changes permanent.
Technical Note: SecureOffice DDNS is configured to function in either (WAN, LAN) topology by doing internet queries to determine the public IP address. For WAN topology, it is possible to use uPNP to eliminate these web queries and speed up DDNS. To enable this, in addition to the DDNS configuration steps above, prior to doing "Save & Apply":
The easiest way to test your DDNS settings and new domain name is to use SSH or console access to SecureOffice. Enter the following commands:
This setting is required for the following reasons:
To change the domain (from SecureOffice command prompt):
Assuming configuration in the applicable previous sections is complete; you now have internet access, a fully functioning (free) high performance router / gateway / WiFi access point (unless using a virtual machine) and are ready to install more applications / services, to customize to meet your requirements, limited only by imagination.
OpenWrt / SecureOffice has many standard applications that can be download and used for free such as web, file, media servers, etc. To appreciate the vast number of applications / services available and how to configure them, search the internet for "OpenWrt packages".
Application packages specific to SecureOffice must be installed from the SecureOffice package repositories using the standard OpenWrt package manager. Attempting to use other repositories and installation methods will most likely break your SecureOffice installation (translation: don't even try).
To see a list of packages already installed or available for SecureOffice, use a browser logged into the SecureOffice / OpenWrt web GUI (default: LAN address 192.168.10.1) and navigate to "System->Software". Select "Installed Packages" to view installed packages or "Available Packages" to view available packages.
If not licensed for premium packages / scripts, only free packages will be displayed, otherwise, the full package list will be displayed.
A list of free packages can be viewed online for x86_64 (PC architecture) and aarch64 (AmLogic S9XX architecture)
A list of premium packages can be viewed online for x86_64 (PC architecture) and aarch64 (AmLogic S9XX architecture)
The packages available at initial (free) installation should meet the needs of most users, but that is just the opinion of the development team. If some package / driver is currently unavailable, it is the policy of the SecureOffice team to be responsive to user needs. Users can request unavailable packages / drivers in the forum. Requests will be prioritized according to effort required and how many users the requested feature will serve.
If creating the requested package / driver is a simple matter of selecting it in configuration and rebuilding, the intent is to update the SecureOffice package repository on a regular basis, perhaps monthly.
When a package / driver is added to SecureOffice, the repository will be updated and a notice posted in the forum.
Premium applications must be installed using the SecureOffice web GUI which requires users to register and install the application using the SecureOffice license manager (System->Licensing). Time limited trial (try before buy) licenses are available for premium applications
Licensed applications and licenses are encrypted and custom created for each user / target hardware / domain and will not work on any other hardware or domain. Further, licenses are verified by an internet license server.
In the unlikely event that your license is compromised and someone else manages to clone / steal your license and break copy protection, pretending to be you, what will happen is:
A bounty (free license) is available for any hackers who manage to break copy protection, upon proof and providing technical details.
If you want the economic and / or privacy and security benefits of hosting your own secure phone system SecurePBX is for you.
If you want the economic, reduced maintenance and security benefits of running standard Linux servers (or any OS, or legacy systems) as virtual machines, VmWare Workstation is for you.
Provide services using Docker containers such as Home Assistant, NextCloud, etc from a vast array of containers.
If you want the economic, security and reduced maintenance benefits of free, automatically updating SSL certificates, luci-app-nginx-certificates is for you.
SecureOffice is also an application hosting platform, able to host and copy protect any Linux application / service. Copy protection requires no changes to source code. Application files are encrypted at the binary level and decrypted using public key cryptography by a custom Linux loader at run time.
Developers or enterprises wishing to sell and run their killer application / service for SecureOffice need to meet / agree to the following requirements:
|
Technologies Used: