User Login      + Register  

Install Premium Content  SecureOffice  xoops  29-Nov-2020 21:50  0  5960 reads

Table_of_Contents

1      Premium Content

2      How To Purchase

2.1                Enable SecureOffice Package Repository

3      About Licensing

3.1                Extending or Renewing Trial Licenses

3.2                Enter User Information

3.3                Select and Install Premium Application

3.4                Diagnosing Licensing Failures

3.4.1      Configuration is Incomplete

3.4.2      Registered Domain Mismatch

3.4.3      Expired Trial License

3.4.4      Hardware or Domain Changed

3.4.5      Internet Connection Issues

3.4.6      License Server Down

3.4.7      License Service Not Running

3.5                Licensing Technical Overview

List of Figures

Figure 1:       User Information Page

Figure 2:       Manage Licenses Page

1      Premium Content

To install anything extra on basic (free) SecureOffice requires a small annual access fee for the premium SecureOffice package repository. This allows downloading additional packages and prerequisites for premium (including trial) applications.

SecureOffice provides two classes of applications, custom (requires repository access) and premium (requires license):

1.1                For Small Annual Access Fee

Custom packages, once the custom repository is enabled are installed the same as any other OpenWrt package (using opkg install). None of these packages are available for standard OpenWrt.

Instructions for using custom scripts are provided at the corresponding script page and under the "HowTo" menu.

  • Provides download access to the custom package / script repository. Once custom packages / scripts are installed, they stay installed / running forever.
  • Contains custom packages / applications developed for / ported to SecureOffice. The custom package list can be viewed (x86_64) here or (aarch64) here.
  • Luci-app-nginx-certificates: LetsEncrypt client for free, automatically renewing SSL certificates. Package details here.
  • Logtrigger: An automated syslog event parser, for detecting hacker intrusions with custom script capability for responding to any syslog event. Also useful for automation / alarm systems, custom response (such as sending emails) to system events. Package details here.
  • Xorg: Standard Linux GUI. Allows running Xorg applications and configuring SecureOffice to be a TV box for media applications.
  • Lxterminal: An Xorg multi-tabbed console application.
  • NxServer: Remote access to SecureOffice Xorg GUI.
  • Xeoma: IP camera monitoring application. Allows SecureOffice to also be a security monitoring / recording system.
  • Kurento Media Server (experimental, geeks only): A WebRTC media server and a set of client APIs simplifying the development of advanced video applications for WWW and smartphone platforms. Kurento Media Server features include group communications, transcoding, recording, mixing, broadcasting and routing of audiovisual flows.
  • WebRTC Streamer: Easily stream V4L2 capture devices and RTSP sources (IP Cameras) to internet clients such as Android phones and PC's for security applications.
  • ZoneMinder: IP camera surveillance / recording, motion detection alarm system. Also integrates with X10 systems. Package details here.
  • Home Assistant: Home automation, IOT device control. SecureOffice Home Assistant is provided by package docker-hassio which depends on premium package docker.
  • NextCloud: Self-hosted cloud file and services server, completely private and under your control. SecureOffice NextCloud is provided by package docker-nextcloud which depends on premium package docker.
  • RClone: Mount any local, cloud storage (Google Drive, Microsoft OneDrive, etc) or virtual filesystem as a disk, also serves files using SFTP, HTTP, WebDAV, FTP and DLNA. RClone is provided by SecureOffice package luci-app-rclone. Also useful for increasing bulk storage and as a network backup directory.
  • VPN Scripts: Easily create VPN client / server configuration / certificates. Also provides ability to easily provide services / websites over VPN, making your services / websites appear anywhere, globally where VPN endpoints exist. Package details here.
  • RAID Scripts: Easily create SecureOffice RAID arrays for data reliability. Also provides status emails when significant events such as disk failure occur. Package details here.

1.2                For Paid Licenses

Premium copy protected packages require individual licensing and access to the custom repository for dependencies. Free 30-day trial, annual and permanent licences are available.

Premium, licensed applications are installed using the licensing pages in the OpenWrt configuration GUI ("System -> Licensing").

2      How To Purchase

  • It is necessary to be up and running free SecureOffice, with an active domain prior to purchasing anything.
  • Follow the instructions in the prerequisites section, to prepare for SecureOffice installation.
  • Follow the instructions in the install section to download, install and configure free SecureOffice.
  • Ensure your user information for SecureOffice ("System->Licensing->Registration"), web GUI page is correct.
  • If purchasing a premium application, please install (and be satisfied with) the trial version prior to purchase.

The registered SecureOffice domain must be active. All authentication and license requests must come from the registered domain, else will be denied.

Become a registered user at this site (only once):

  • Click "Register" at top of this page. The registration form will appear.
  • Enter username, email and password.
  • Select "I Agree" to the site terms of use.
  • Answer the "skill" testing question.
  • Click submit. A confirmation email will be sent.

Follow instructions in the confirmation email to complete registration.

  • Login to this site, click "Purchase", add items to cart by selecting the desired product, select "continue shopping" until all products required are entered.
  • Select "Checkout". On the "Validate Purchase" page, enter mandatory (marked by "*") user information. Select "Next" when done.
  • Select "PayPal" as the payment method, select "Final Confirm". On the next page (Validate Purchase), review your order before selecting "Pay Online" which will take you to the Paypal website to login and securely complete the purchase.
  • Paypal will send a purchase confirmation email containing a "Transaction ID : 81G64613TK608341D" (example). Keep the email for proof of purchase.

Enter your Paypal payment ID in the correct form and press "Save and Apply":

  • For Access to custom packages / scripts, enter your Paypal payment ID at "System->Licensing->Registration". Click "Save&Apply"
  • For premium applications, enter your Paypal payment ID at "System->Licensing->Manage Licenses->Application". Click "Register" to update your licensing.

After purchasing custom repository access, the repository and user credentials must be configured. Instruction are in the next section.

Upon receipt of payment confirmation, the license administrator will update your Access / License status.

2.1                Enable SecureOffice Package Repository

After purchasing access to the custom SecureOffice package / script repository, it must be enabled. From a command prompt:

  • Enter "nano /etc/opkg/distfeeds.conf"
  • Un-comment (remove "#") at the beginning of this line: "#src/gz SecureOffice http://rossco.org/Downloads/SecureOffice/r13710/packages_x86_64/". Note that the revision (r13710) may be different. Save the file and exit the nano editor.
  • Enter "nano /etc/opkg/opkg.conf"
  • Un-comment (remove "#") at the beginning of line: "#option http_user (Your SecureOffice userid for support site)". Change "(Your SecureOffice userid for support site)" to your registration (this site) email address which is also your user ID. When done, the line will look like this (without quotes): "option http_user <your_email_address>".
  • Un-comment (remove "#") at the beginning of this line: "#option http_password (Your SecureOffice password for support site)". Change "(Your SecureOffice password for support site)" to your SecureOffice (this site) password. When done, the line will look like this (without quotes): "option http_password <your_password>".
  • The above custom repository registration credentials are what you entered in the Luci web GUI ("System->Licensing->Registration") and your user ID (email address) and password for this site.
  • Save the file and exit the nano editor.
  • Test custom repository access be entering "opkg update". You should see "Updated source OpenWrt" (free repository) and "Updated source 'SecureOffice" (custom repository). If not, re-check your repository credentials and try again.
  • If credentials are OK, and failure occurs, it may mean that the license administrator has not yet updated your access permissions. Try again later.

No errors mean that credentials are correct and the license server administrator has updated your access. All premium packages / scripts are now available.

Errors may be caused by:

3      About Licensing

It is recommended (to maximize usage time) of trial licenses that, prior to installing any premium application, all application prerequisites, user preferences and information required for application configuration be reviewed and prepared to rapidly configure the application once it is installed. For trial and time limited licenses, the clock starts ticking once the application is first installed.

The purpose of trial licenses is to allow users to evaluate (try before buy) and, initially, to provide feedback / suggestions for quality control and user satisfaction purposes.

It is the preference of the SecureOffice team that nothing be sold until quality has been confirmed by users, in addition to the rigorous team testing already completed. Full 30 day support is available (from SecureOffice developers) in the forum and charitable users after, even for trial licenses. Further, most SecureOffice packages, once installed are standard and can be configured using online OpenWrt, etc articles for particular packages.

3.1                Extending or Renewing Trial Licenses

Users who are helpful with suggestions, feedback or bug reports regarding this website, SecureOffice or premium applications will be considered for time extensions of their trial licenses and, perhaps earn permanent licenses or discounts.

If it is determined that more user feedback is required, trial licenses may, without notice, be extended by the SecureOffice team for some, or all users.

A certain way to earn permanent licenses is to provide significant technical help, useful feedback in the following areas:

  • Xoops / CMS experts: Help to theme, clean up and make this site truly clean and professional, or, at least provide a deep discount for doing so.
  • Ecommerce experts: Help to improve ecommerce on this site, with minimal "cut" for any third-party service providers required. Preferably, using Xoops CMS. What is required is website support for purchasing a variety of products, some of which invoke a script to automatically update a licensing database with user information.
  • Freeswitch / FusionPBX experts: Load testing, suggestions regarding default configuration, detailed, helpful feedback.
  • Security Experts: Detailed security audit / testing.
  • Documentation Experts: Editorial / clarification assistance, this site.

The above can be considered the development roadmap for SecureOffice. None of the above issues are "show stoppers". SecureOffice is ready for deployment NOW. The SecureOffice team has the expertise, but not the time required. If this is not achieved by user feedback and assistance, funding will be sought to put together a larger engineering / marketing team. Funding options being considered are bootstrap using sales revenue, kickstarter campaign or corporate sponsorship / partners.

Ultimately, a manufacturing partner will be sought to streamline and cost reduce the SecureOffice hardware. Turnkey systems requiring minimal configuration with pre-installed OS and premium applications, requiring minimal configuration will become available.

If you have ideas / proposals regarding building a larger SecureOffice team, or, if your organization already has the required resources, send a private message simply outlining your proposal / terms and resources available with reply email address. Email and / or phone discussions will follow.

TODO: create dedicated "partner" opportunities page.

3.2                Enter User Information

It is required that you be a registered user at the support (this) site and have installed SecureOffice before being able to register as a SecureOffice user.

Using the OpenWrt GUI, navigate to "System->Licensing". You will see the "Registration" page (Figure 1, below) where user information must be entered. This information is required for all licensing including custom repository access and premium applications.

Users must enter the same email address and user ID as was used for registration at the support (this) site.

The "Password" is the password to be used for SecureOffice custom repository access. It must match the password in "Enable SecureOffice Package Repository" above.

Once user information is entered and registered with the license server, the "User ID" and "email" fields cannot be updated, without manual intervention by the license server administrator. Other information on this page, including password may be updated at any time.

The "Purchase Receipt ID#" field can be left blank for now. After access to the SecureOffice custom package repository is purchased, enter the receipt ID in this field.

Enter and verify your information, click "Save&Apply".

User registration information is included (encrypted) in each license issued and stored in a license server database for verification purposes.

Figure 1: User Information Page

3.3                Select and Install Premium Application

Premium applications are managed (installed and removed) using the OpenWrt web GUI ("System->License->Manage Licenses"). The "License Management" page (Figure 2) will display.

Prior to installing anything, please review the links in the "Licensing Terms" section. Installing any application constitutes agreement to the applicable license terms.

A License help page is available to assist with this process.

Figure 2: Manage Licenses Page

  • Using the "Please Select Application" dropdown menu, select the application you wish to install. Click "Add" and then "Save&Apply". The application and related fields will appear. It is not necessary to change any of the fields.
  • Press the "Register" button for the application. This will confirm your credentials (user information above and that you are a valid user at this support site) and enter you as a registered user for the selected application.
  • The "License Status Log" will display results. Fix any issues such as "server failed to respond" (Internet Connection Issues) or "not authorized for access to SecureOffice custom repository" (How To Purchase) before proceeding.
  • Press the "Install" button for the application. The application and license may not yet be ready (custom created, automatically, for each user, domain and hardware fingerprint) for download. Repeatedly try again (press "Install" button every few minutes). When successful, status with days remaining in license will be displayed, followed by various application installation status messages, ending with a success or fail message. Diagnose and fix any failures prior to proceeding. The clock on trial licenses for applications starts to tick the first time the application is installed.

License status and time remaining in application licenses can be checked at any time by pressing the application "Verify" button.

If, for any reason your license is corrupted or lost (such as by completely re-installing SecureOffice on the same hardware, then restoring from backup), pressing the "Install" button will replace your license (but, not extend license period).

The "Register" button serves multiple purposes, depending on licensing state.

  • New Users: Enters user information from the "Registration" page, installation domain and hardware fingerprint into the licensing database. Creates a trial license.
  • Trial Users: If any changes, updates license database user information from the "Registration" page. Creates (but does not install) an updated license. Users with trial licenses who have received and entered their "Purchase Receipt ID#" for the application will have their license database information updated to fully licensed. Pressing "Install" will update the license.
  • Licensed Users: Updates license database with user information from the "Registration" page, installation domain and hardware fingerprint. Creates (but does not install) an updated license.

The "Install" button serves multiple purposes, depending on the application install state:

  • Application not installed: Performs initial application install with default configuration. If a backup from a previous installation exists, application configuration is restored. Creates and installs application license with current user information from licensing database. Be aware that some applications install many dependencies and takes time to install.
  • Application installed: Uses current user information from licensing database to create and install (if any changes) an updated license for the application.

The "Remove" button performs a backup of application configuration settings and completely uninstalls the application.

The "Verify" button is used to check application licensing status.

Pressing the "Delete" button uninstalls the application and removes it from the Luci web GUI. After done, press the "Save&Apply" button to save the configuration.

Applications can be installed / removed freely using the "Install" and "Remove" buttons. This will not affect the license or trial period. When an application is removed, all application configuration settings are saved and re-applied if the application is re-installed.

After removing an application, if you wish to re-install the application with default configuration (not restore from backup), using a command prompt, delete or rename the "/packages/<application-name>-backup.tar.gz" file, if it exists, prior to re-installing the application.

3.4                Diagnosing Licensing Failures

If, during normal operation, a licensed application fails to start, the first thing to do is to check the "License Status Log" using the OpenWrt GUI to access the application install page ("System->License->Manage Licenses") for error messages.

Possible reasons for licensing failure are outlined in the following sections.

3.4.1      Configuration is Incomplete

If this message appears in the licensing log, it is an indication that either all mandatory fields have not been entered in the Identity configuration section ("System->License->Registration"), the SecureOffice domain has not been configured correctly, or DDNS is not working.

3.4.2      Registered Domain Mismatch

A message appears in the log:

"ERROR: License Failure: Your registered domain IP: <some IP address> does not match your IP: <some other IP address> for domain: <your domain>"

Your DNS domain IP address and the IP address that SecureOffice is attempting to verify licensing for are different. This means:

  • An attempt is being made to bypass licensing.
  • You are using dynamic DNS, your IP address has changed and the internet DNS servers have not yet been updated. If this is the case, wait until your DDNS domain is updated and try again.

Keep retrying until the internet DNS servers acquire your updated IP address.

3.4.3      Expired Trial License

It is possible that the SecureOffice team may have extended the trial period for some or all licenses, in order to extend the test period for user feedback. Press the "Install" button to check for and install an updated license if it exists.

If this fails, you will have to provide compelling (Send a Private Message) reasons why your trial license period should be extended, contributions you have made and contributions you intend to make. If you have qualified as a beta tester by previous contributions and beta test is ongoing, your license will be extended. No response (within a week) to your request means: denied.

3.4.4      Hardware or Domain Changed

Successful license verification depends on matching the domain and hardware fingerprint of your installation taken during registration with the license server. If the domain or hardware has changed by replacing an ethernet interface (0, 1), WiFi or hard disk, a license failure will occur. An error message indicating this will be in the "License Status Log" visible at "System->License->Manage Licenses".

Updating licenses due to domain and / or hardware changes requires the following:

  • Trial licenses cannot be transferred to new domains or hardware.
  • Fully licensed users can change their domain (after reconfiguring it) and hardware that is licensed at any time, using the SecureOffice web GUI.
  • Press the "Register" button for each application (using same user ID and email address as previous registration), be sure to enter your "Purchase Receipt #". This will update user information with the license server.
  • Press the "Install" button. This will create and install an updated license.

The above process is fully automated, but unanticipated problems may occur, requiring a Private Messsage and manual intervention by the license server admin.

3.4.5      Internet Connection Issues

At a SecureOffice command prompt: enter "ping yahoo.com" to verify connectivity. Fix any problems before proceeding.

At a SecureOffice command prompt: enter "ping [this site]" to verify connectivity. Fix any problems before proceeding.

A good place to start is the SecureOffice syslog. At a command prompt enter "logread" to see system status. If there is too much information that scrolls off the screen, enter "logread > /tmp/syslog; nano /tmp/syslog" to inspect the log, looking for network related problems.

The following should be checked:

  • DDNS is working and your IP address is correct with internet DNS servers. Ping "www.<your_domain>" from another computer (not SecureOffice"). Fix any DNS related problems.

If all else fails, search the internet for "OpenWrt network troubleshooting".

3.4.6      License Server Down

The license server, this website and repositories are running in a SME-Server virtual machine under SecureOffice, for real world testing. There are currently upload bandwidth limitations due to ISP. Eventually this site will be moved to a faster internet connection. As in all new products, there may be minor issues.

To verify if this is the case, check the "License Status Log" (System->License->Manage Licenses) and enter "ping [this site]" at a command prompt.

Ping failure response, assuming your internet connection is OK means that the license server (and this website) is down (power or internet failure) and you will have to try again later.

Ping success means that the license server machine is up, but the license server is not. Wait until service is restored.

Long term, for reliability, the license server will be watchdogged and either moved into the cloud, immune to power and internet failures, or at least have a UPS (Uninterruptable Power System).

Ultimately, the license server, repositories and this website will be moved to cloud servers. For now, until load exceeded, SecureOffice services will continue to be run locally using ISP connection.

3.4.7      License Service Not Running

Application license verification requires the license service to be running on SecureOffice.

To check if the service is running, enter "ps -Af | grep vtdaemon". If the service is running, the response will contain "vtdaemon -f".

If the license service is running, it may have issues, requiring it to be restarted. From a command prompt, enter "/etc/init.d/vtdaemon restart" and attempt to start the failing application again.

If the license service is not running, it may have become disabled by misconfiguration. From a command prompt, enter "/etc/init.d/vtdaemon enable; /etc/init.d/vtdaemon restart" and verify that it is running by entering "ps -Af | grep vtdaemon". If it is still not running, check the logs (logread and License Status Log) for clues and fix any problems reported. If stuck, post in the forum with detailed information for assistance. The theoretical "problem" of unable to start the license service has never been observed during development and test. Any reports of this will get very high support priority.

If the license server is running, attempt to restart the application.

To restart SecurePBX: enter "/etc/init.d/freeswitch stop; /etc/init.d/freeswitch start" at a command prompt.

To restart VmWare WorkStation: enter "/etc/vmachines stop; /etc/vmachines start" at a command prompt.

To restart docker and containers, enter "/etc/init.d/docker stop; /etc/init.d/dockerd stop; /etc/init.d/dockerd start; /etc/init.d/docker/start" at a command prompt. Docker startup and error messages can be observed by entering "logread -f | grep docker"

If a premium application fails to start or misbehaves and there are no licensing issues, consult the Troubleshooting section for the application.

3.5                Licensing Technical Overview

SecureOffice licensing uses a custom Linux loader, public key cryptography, kernel space decryption and a license daemon securely communicating with a license server in the cloud.

  • Applications are copy protected and licenses created (encrypted) automatically during installation by the license server.
  • Copy protection is done by processing application binaries and libraries, requiring no source code modifications. All licensed applications require a main executable. Both executable and dependent libraries can be copy protected.
  • Applications and licenses are unique to each user, domain and hardware fingerprint.
  • Licensed applications will not run on any system except for the domain and machine they were licensed for.
  • Changing domain and / or hardware (Ethernet, WiFi, Hard Disk) requires a new license. This is only possible for non-trial licenses.
  • Licenses and applications contain encrypted user information. In the unlikely event that copy protection is broken / bypassed; the initial source of the breach can be tracked and licenses voided.
  • Time for time limited license expiry is obtained from the license server, independent of local time.
  • Licenses can be created as time-limited trial, fully licensed, permanent or time limited.
  • Licenses can be configured to require license server verification (internet based) or local verification. Currently, all licenses use internet verification.
  • Licenses can be configured to verify against the DNS domain name of the machine the application is running on. Currently, all licenses require domain verification.
  • Licenses can be configured to fingerprint or ignore any combination of hardware (Ethernet0, Ethernet1, WiFi, Hard Disk). Current licenses verify against all hardware.
  • The license server is currently managed (by license admin) using phpmyadmin. To change licenses from trial to time limited to permanent is currently a manual step by the license server admin, and will be automated and linked to ecommerce. All else is automated.

It is intended to make the SecurePBX licensing available as IP, since nobody else (that developers are aware of) apart from Wibu Systems has done kernel level, custom Linux loader, public key copy protection for Linux. Wibu copy protection is "proof of concept" for Raspberry Pi, requiring an expensive dongle and no cloud licensing (may have changed).

TODO: write full article with pretty pictures regarding copy protection IP, link here.

Rating 0/5
Rating: 0/5 (0 votes)
Votes are disable!
Print article
The comments are owned by the author. We aren't responsible for their content.

Technologies Used:

Design by: XOOPS UI/UX Team