gluon/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/010-mesh-vpn-fastd

#!/usr/bin/lua

local site = require 'gluon.site_config'
local sysconfig = require 'gluon.sysconfig'
local users = require 'gluon.users'

local nixio = require 'nixio'
local uci = require 'luci.model.uci'

local c = uci.cursor()


-- The previously used user is removed, we need root privileges to use the packet_mark option
users.remove_user('gluon-fastd')

-- Group for iptables rule
users.add_group('gluon-fastd', 800)


c:section('fastd', 'fastd', 'mesh_vpn',
	  {
		  group = 'gluon-fastd',
		  syslog_level = 'verbose',
		  interface = 'mesh-vpn',
		  mode = 'tap',
		  mtu = site.fastd_mesh_vpn.mtu,
		  secure_handshakes = '1',
		  method = site.fastd_mesh_vpn.methods,
		  packet_mark = 1,
	  }
)
c:delete('fastd', 'mesh_vpn', 'user')

c:delete('fastd', 'mesh_vpn_backbone')
c:section('fastd', 'peer_group', 'mesh_vpn_backbone',
	  {
		  enabled = 1,
		  net = 'mesh_vpn',
		  peer_limit = site.fastd_mesh_vpn.backbone.limit,
	  }
)

c:foreach('fastd', 'peer',
  function(peer)
    if peer.net == 'mesh_vpn' and peer.group == 'mesh_vpn_backbone' then
      c:delete('fastd', peer['.name'])
    end
  end
)

for name, config in pairs(site.fastd_mesh_vpn.backbone.peers) do
	c:section('fastd', 'peer', 'mesh_vpn_backbone_peer_' .. name,
		  {
			  enabled = 1,
			  net = 'mesh_vpn',
			  group = 'mesh_vpn_backbone',
			  key = config.key,
			  remote = config.remotes,
		  }
	)
end

c:save('fastd')
c:commit('fastd')


local m1, m2, m3, m4, m5, m6 = string.match(sysconfig.primary_mac, '(%x%x):(%x%x):(%x%x):(%x%x):(%x%x):(%x%x)')
m1 = nixio.bit.bor(tonumber(m1, 16), 0x02)
m4 = (tonumber(m4, 16)+1) % 0x100
local vpnaddr = string.format('%02x:%s:%s:%02x:%s:%s', m1, m2, m3, m4, m5, m6)

c:section('network', 'interface', 'mesh_vpn',
	  {
		  ifname = 'mesh-vpn',
		  proto = 'batadv',
		  mesh = 'bat0',
		  mesh_no_rebroadcast = 1,
		  macaddr = vpnaddr,
	  }
)

c:save('network')
c:commit('network')


c:section('firewall', 'include', 'mesh_vpn_dns',
	  {
	    type = 'restore',
	    path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',
	    family = 'ipv4',
	  }
)

c:save('firewall')
c:commit('firewall')
gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00			`#!/usr/bin/lua`

			`local site = require 'gluon.site_config'`
			`local sysconfig = require 'gluon.sysconfig'`
gluon-core: extend user management library and convert it to Lua 2014-07-07 17:12:42 +00:00			`local users = require 'gluon.users'`

gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00			`local nixio = require 'nixio'`
			`local uci = require 'luci.model.uci'`

			`local c = uci.cursor()`


Add support for IPv6 mesh VPN connections The support is still very limited (IPv6-only DNS on WAN doesn't work yet), and we now need fastd running as root, but apart from that, is should work. 2014-07-11 14:36:32 +00:00			`-- The previously used user is removed, we need root privileges to use the packet_mark option`
			`users.remove_user('gluon-fastd')`
gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00
gluon-mesh-vpn-fastd: use gluon-wan-dnsmasq 2014-07-20 02:03:43 +00:00			`-- Group for iptables rule`
			`users.add_group('gluon-fastd', 800)`

gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00
			`c:section('fastd', 'fastd', 'mesh_vpn',`
			`{`
gluon-mesh-vpn-fastd: use gluon-wan-dnsmasq 2014-07-20 02:03:43 +00:00			`group = 'gluon-fastd',`
gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00			`syslog_level = 'verbose',`
			`interface = 'mesh-vpn',`
			`mode = 'tap',`
			`mtu = site.fastd_mesh_vpn.mtu,`
			`secure_handshakes = '1',`
			`method = site.fastd_mesh_vpn.methods,`
Add support for IPv6 mesh VPN connections The support is still very limited (IPv6-only DNS on WAN doesn't work yet), and we now need fastd running as root, but apart from that, is should work. 2014-07-11 14:36:32 +00:00			`packet_mark = 1,`
gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00			`}`
			`)`
Add support for IPv6 mesh VPN connections The support is still very limited (IPv6-only DNS on WAN doesn't work yet), and we now need fastd running as root, but apart from that, is should work. 2014-07-11 14:36:32 +00:00			`c:delete('fastd', 'mesh_vpn', 'user')`
gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00
			`c:delete('fastd', 'mesh_vpn_backbone')`
			`c:section('fastd', 'peer_group', 'mesh_vpn_backbone',`
			`{`
			`enabled = 1,`
			`net = 'mesh_vpn',`
			`peer_limit = site.fastd_mesh_vpn.backbone.limit,`
			`}`
			`)`

gluon-mesh-vpn-fastd: delete all old backbone peers on update 2014-08-16 12:51:18 +00:00			`c:foreach('fastd', 'peer',`
			`function(peer)`
			`if peer.net == 'mesh_vpn' and peer.group == 'mesh_vpn_backbone' then`
			`c:delete('fastd', peer['.name'])`
			`end`
			`end`
			`)`

gluon-mesh-vpn-fastd: replace config script generator with Lua script 2014-05-14 18:05:13 +00:00			`for name, config in pairs(site.fastd_mesh_vpn.backbone.peers) do`
			`c:section('fastd', 'peer', 'mesh_vpn_backbone_peer_' .. name,`
			`{`
			`enabled = 1,`
			`net = 'mesh_vpn',`
			`group = 'mesh_vpn_backbone',`
			`key = config.key,`
			`remote = config.remotes,`
			`}`
			`)`
			`end`

			`c:save('fastd')`
			`c:commit('fastd')`


			`local m1, m2, m3, m4, m5, m6 = string.match(sysconfig.primary_mac, '(%x%x):(%x%x):(%x%x):(%x%x):(%x%x):(%x%x)')`
			`m1 = nixio.bit.bor(tonumber(m1, 16), 0x02)`
			`m4 = (tonumber(m4, 16)+1) % 0x100`
			`local vpnaddr = string.format('%02x:%s:%s:%02x:%s:%s', m1, m2, m3, m4, m5, m6)`

			`c:section('network', 'interface', 'mesh_vpn',`
			`{`
			`ifname = 'mesh-vpn',`
			`proto = 'batadv',`
			`mesh = 'bat0',`
			`mesh_no_rebroadcast = 1,`
			`macaddr = vpnaddr,`
			`}`
			`)`

			`c:save('network')`
			`c:commit('network')`
gluon-mesh-vpn-fastd: use gluon-wan-dnsmasq 2014-07-20 02:03:43 +00:00

			`c:section('firewall', 'include', 'mesh_vpn_dns',`
			`{`
			`type = 'restore',`
			`path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',`
			`family = 'ipv4',`
			`}`
			`)`

			`c:save('firewall')`
			`c:commit('firewall')`