nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'configurable-methods'

Browse Source
This commit is contained in:
Matthias Schiffer 2015-05-06 23:54:17 +02:00
commit 1e427c4e77
13 changed files with 242 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/site-example/site.conf
View File

@ -89,6 +89,8 @@
fastd_mesh_vpn = {
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
-- configurable = true,
mtu = 1426,
groups = {
backbone = {

13
docs/user/site.rst
View File

@ -97,11 +97,22 @@ next_node : package
fastd_mesh_vpn
Remote server setup for vpn.
Remote server setup for the fastd-based mesh VPN.
If `configurable` is false or unset, the method list will be replaced on updates
with the list in the site configuration. Setting `configurable` to `true` will allow the user to
add the method ``null`` to the front of the method list or remove ``null`` from it,
and make this change survive updates. Settings configurable is necessary for the
package `gluon-luci-mesh-vpn-fastd`, which adds a UI for this configuration.
In any case, the ``null`` method should always be the first method in the list
if it is supported at all. You should only set `configurable` to `true` if the
configured peers support both the ``null`` method and methods with encryption.
::
fastd_mesh_vpn = {
methods = {'salsa2012+umac'},
-- configurable = true,
mtu = 1426,
groups = {
backbone = {

41
package/gluon-luci-mesh-vpn-fastd/Makefile Normal file
View File

@ -0,0 +1,41 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-luci-mesh-vpn-fastd
PKG_VERSION:=1
PKG_RELEASE:=1
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(GLUONDIR)/include/package.mk
PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
define Package/gluon-luci-mesh-vpn-fastd
SECTION:=gluon
CATEGORY:=Gluon
TITLE:=Luci module to enable and disable encryption for the mesh VPN
DEPENDS:=+gluon-luci-admin +gluon-mesh-vpn-fastd
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Configure
endef
define Build/Compile
$(call GluonBuildI18N,gluon-mesh-vpn-fastd,i18n)
endef
define Package/gluon-luci-mesh-vpn-fastd/install
$(CP) ./files/* $(1)/
$(call GluonInstallI18N,gluon-mesh-vpn-fastd,$(1))
endef
define Package/gluon-luci-mesh-vpn-fastd/postinst
#!/bin/sh
$(call GluonCheckSite,check_site.lua)
endef
$(eval $(call BuildPackage,gluon-luci-mesh-vpn-fastd))

2
package/gluon-luci-mesh-vpn-fastd/check_site.lua Normal file
View File

@ -0,0 +1,2 @@
assert(need_boolean('fastd_mesh_vpn.configurable') == true,
"site.conf error: expected `fastd_mesh_vpn.configurable' to be true")

5
package/gluon-luci-mesh-vpn-fastd/files/usr/lib/lua/luci/controller/admin/mesh_vpn_fastd.lua Normal file
View File

@ -0,0 +1,5 @@
module("luci.controller.admin.mesh_vpn_fastd", package.seeall)
function index()
entry({"admin", "mesh_vpn_fastd"}, cbi("admin/mesh_vpn_fastd"), _("Mesh VPN"), 20)
end

41
package/gluon-luci-mesh-vpn-fastd/files/usr/lib/lua/luci/model/cbi/admin/mesh_vpn_fastd.lua Normal file
View File

@ -0,0 +1,41 @@
local uci = luci.model.uci.cursor()
local util = luci.util
local f = SimpleForm('mesh_vpn', translate('Mesh VPN'))
f.template = "admin/expertmode"
local s = f:section(SimpleSection)
local o = s:option(Value, 'mode')
o.template = "gluon/cbi/mesh-vpn-fastd-mode"
local methods = uci:get('fastd', 'mesh_vpn', 'method')
if util.contains(methods, 'null') then
o.default = 'performance'
else
o.default = 'security'
end
function f.handle(self, state, data)
if state == FORM_VALID then
local site = require 'gluon.site_config'
local methods = {}
if data.mode == 'performance' then
table.insert(methods, 'null')
end
for _, method in ipairs(site.fastd_mesh_vpn.methods) do
if method ~= 'null' then
table.insert(methods, method)
end
end
uci:set('fastd', 'mesh_vpn', 'method', methods)
uci:save('fastd')
uci:commit('fastd')
end
end
return f

32
package/gluon-luci-mesh-vpn-fastd/files/usr/lib/lua/luci/view/gluon/cbi/mesh-vpn-fastd-mode.htm Normal file
View File

@ -0,0 +1,32 @@
<div class="cbi-value">
<div class="cbi-value-title">
<input class="cbi-input-radio" onclick="cbi_d_update(this.id)" onchange="cbi_d_update(this.id)" type="radio" value="security"<%= attr("id", cbid..'1') .. attr("name", cbid) .. ifattr((self:cfgvalue(section) or self.default) == "security", "checked", "checked") %> />
</div>
<div class="cbi-value-field-long">
<label<%= attr("for", cbid..'1') %> class="cbi-value-title"><%:Security mode%></label>
<br />
<%= translate(
'In security mode, the mesh VPN uses an encrypted tunnel to connect to the VPN servers. ' ..
'The encryption ensures that it is impossible for your internet access provider to see what ' ..
'data is exchanged over your node.'
) %>
<br />
</div>
<div class="cbi-value-field-long-after"></div>
</div>
<div class="cbi-value cbi-value-last">
<div class="cbi-value-title">
<input class="cbi-input-radio" onclick="cbi_d_update(this.id)" onchange="cbi_d_update(this.id)" type="radio" value="performance"<%= attr("id", cbid..'2') .. attr("name", cbid) .. ifattr((self:cfgvalue(section) or self.default) == "performance", "checked", "checked") %> />
</div>
<div class="cbi-value-field-long">
<label<%= attr("for", cbid..'2') %> class="cbi-value-title"><%:Performance mode%></label>
<br />
<%= translate(
'In performance mode, no encryption is used. This usually allows for higher throughput, but the data exchanged over your node is not ' ..
'protected against eavesdroppers.'
) %>
<br />
</div>
<div class="cbi-value-field-long-after"></div>
</div>

38
package/gluon-luci-mesh-vpn-fastd/i18n/de.po Normal file
View File

@ -0,0 +1,38 @@
msgid ""
msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Project-Id-Version: PACKAGE VERSION\n"
"PO-Revision-Date: 2015-05-03 20:39+0200\n"
"Last-Translator: <mschiffer@universe-factory.net>\n"
"Language-Team: German\n"
"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
msgid ""
"In performance mode, no encryption is used. This usually allows for higher "
"throughput, but the data exchanged over your node is not protected against "
"eavesdroppers."
msgstr ""
"Im Modus &bdquo;Hohe Geschwindigkeit&ldquo; wird auf Verschlüsselung verzichtet. "
"Dies erlaubt häufig eine höhere Bandbreite als mit Verschlüsselung, aber die "
"Verbindung ist nicht gegen Abhören geschützt."
msgid ""
"In security mode, the mesh VPN uses an encrypted tunnel to connect to the "
"VPN servers. The encryption ensures that it is impossible for your internet "
"access provider to see what data is exchanged over your node."
msgstr ""
"Im Modus &bdquo;Hohe Sicherheit&ldquo; wird ein verschlüsselter Tunnel verwendet. "
"Dies schließt aus, dass dein Internetzugangsprovider herausfinden kann, was für "
"Daten über deinen Knoten übertragen werden."
msgid "Mesh VPN"
msgstr "Mesh-VPN"
msgid "Performance mode"
msgstr "Hohe Geschwindigkeit"
msgid "Security mode"
msgstr "Hohe Sicherheit"

23
package/gluon-luci-mesh-vpn-fastd/i18n/gluon-luci-mesh-vpn-fastd.pot Normal file
View File

@ -0,0 +1,23 @@
msgid ""
msgstr "Content-Type: text/plain; charset=UTF-8"
msgid ""
"In performance mode, no encryption is used. This usually allows for higher "
"throughput, but the data exchanged over your node is not protected against "
"eavesdroppers."
msgstr ""
msgid ""
"In security mode, the mesh VPN uses an encrypted tunnel to connect to the "
"VPN servers. The encryption ensures that it is impossible for your internet "
"access provider to see what data is exchanged over your node."
msgstr ""
msgid "Mesh VPN"
msgstr ""
msgid "Performance mode"
msgstr ""
msgid "Security mode"
msgstr ""

2
package/gluon-luci-theme/files/www/luci-static/gluon/cascade.css
View File

File diff suppressed because one or more lines are too long

15
package/gluon-luci-theme/sass/cascade.scss
View File

@ -648,6 +648,21 @@ div.cbi-value-field {
}
}
div.cbi-value-field-long {
flex: 10;
position: relative;
input, select, input + label {
position: relative;
top: -0.39em;
}
}
div.cbi-value-field-long-after {
flex: 2;
}
div.cbi-value-description {
font-size: 8pt;
}

1
package/gluon-mesh-vpn-fastd/check_site.lua
View File

@ -1,6 +1,7 @@
need_string_array('fastd_mesh_vpn.methods')
need_number('fastd_mesh_vpn.mtu')
need_boolean('fastd_mesh_vpn.enabled', false)
need_boolean('fastd_mesh_vpn.configurable', false)
local function check_peer(prefix)

30
package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/400-mesh-vpn-fastd
View File

@ -5,6 +5,7 @@ local users = require 'gluon.users'
local util = require 'gluon.util'
local uci = require('luci.model.uci').cursor()
local lutil = require 'luci.util'
-- The previously used user is removed, we need root privileges to use the packet_mark option
@ -20,6 +21,33 @@ if not enabled then
end
local methods
if site.fastd_mesh_vpn.configurable then
local has_null = lutil.contains(site.fastd_mesh_vpn.methods, 'null')
local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
if old_methods then
has_null = lutil.contains(old_methods, 'null')
end
methods = {}
if has_null then
table.insert(methods, 'null')
end
for _, method in ipairs(site.fastd_mesh_vpn.methods) do
if method ~= 'null' then
table.insert(methods, method)
end
end
else
methods = site.fastd_mesh_vpn.methods
end
uci:section('fastd', 'fastd', 'mesh_vpn',
{
enabled = enabled,
@ -29,7 +57,7 @@ uci:section('fastd', 'fastd', 'mesh_vpn',
mode = 'tap',
mtu = site.fastd_mesh_vpn.mtu,
secure_handshakes = 1,
method = site.fastd_mesh_vpn.methods,
method = methods,
packet_mark = 1,
status_socket = '/var/run/fastd.mesh_vpn.socket',
}