gluon-mesh-vpn-openvpn: initial

package/gluon-mesh-vpn-openvpn/Makefile

@@ -0,0 +1,13 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-vpn-openvpn
+PKG_VERSION:=3
+
+include ../gluon.mk
+
+define Package/gluon-mesh-vpn-openvpn
+  TITLE:=Support for connecting meshes via custom openvpn configuration
+  DEPENDS:=+gluon-core +gluon-mesh-vpn-core +openvpn
+endef
+
+$(eval $(call BuildPackageGluon,gluon-mesh-vpn-openvpn))

package/gluon-mesh-vpn-openvpn/check_site.lua

@@ -0,0 +1 @@
+need_string(in_domain({'mesh_vpn', 'openvpn', 'config'}))

package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/310-openvpn-stop

@@ -0,0 +1,2 @@
+#!/bin/sh
+/etc/init.d/openvpn stop

package/gluon-mesh-vpn-openvpn/files/lib/gluon/reload.d/790-openvpn-start

@@ -0,0 +1,2 @@
+#!/bin/sh
+/etc/init.d/openvpn start

package/gluon-mesh-vpn-openvpn/files/usr/lib/micron.d/openvpn-watchdog

@@ -0,0 +1 @@
+*/5 * * * * /usr/bin/openvpn-watchdog

package/gluon-mesh-vpn-openvpn/luasrc/lib/gluon/upgrade/400-mesh-vpn-openvpn

@@ -0,0 +1,31 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site'
+local util = require 'gluon.util'
+local vpn_core = require 'gluon.mesh-vpn'
+
+local uci = require('simple-uci').cursor()
+
+
+local enabled
+
+local file = '/etc/openvpn/mesh_vpn.ovpn'
+
+-- TODO: support for directly specifying options in site conf
+
+fd = io.open(file, 'w')
+fd:write(site.mesh_vpn.openvpn.config())
+fd:close()
+
+uci:section('openvpn', 'mesh_vpn', {
+	enabled = enabled,
+	config = file,
+	-- uuid = util.node_id(),
+	-- interface = vpn_core.get_interface(),
+	-- bind_interface = 'br-wan',
+	-- group = 'gluon-mesh-vpn',
+	-- broker_selection = 'usage',
+	-- address = site.mesh_vpn.openvpn.brokers(),
+})
+
+uci:save('openvpn')

package/gluon-mesh-vpn-openvpn/luasrc/usr/bin/openvpn-watchdog

@@ -0,0 +1,46 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+local function restart_openvpn()
+	os.execute('logger -t openvpn-watchdog "Restarting openvpn."')
+	os.execute('/etc/init.d/openvpn restart')
+end
+
+local function read_pid_file()
+	local pid_file = io.open('/var/run/openvpn.mesh-vpn.pid', 'r')
+	if not pid_file then
+		return nil
+	end
+	local pid = pid_file:read('*l')
+	pid_file:close()
+	return pid
+end
+
+local function has_mesh_vpn_neighbours()
+	local handle = io.popen('batctl o', 'r')
+	if not handle then
+		return false
+	end
+	for line in handle:lines() do
+		if line:find('mesh%-vpn') then
+			handle:close()
+			return true
+		end
+	end
+	handle:close()
+	return false
+end
+
+if uci:get_bool('openvpn', 'mesh_vpn', 'enabled') then
+	-- if io.popen('pgrep -x /usr/bin/openvpn'):read('*l') ~= read_pid_file() then
+	-- 	os.execute('logger -t openvpn-watchdog "Process-Pid does not match with pid-File."')
+	-- 	restart_openvpn()
+	-- 	return
+	-- end
+	-- if not has_mesh_vpn_neighbours() then
+	-- 	os.execute('logger -t openvpn-watchdog "No vpn-mesh neighbours found."')
+	-- 	restart_openvpn()
+	-- 	return
+	-- end
+end

package/gluon-mesh-vpn-openvpn/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/openvpn.lua

@@ -0,0 +1,42 @@
+local uci = require('simple-uci').cursor()
+
+local site = require 'gluon.site'
+local vpn_core = require 'gluon.mesh-vpn'
+
+local M = {}
+
+function M.public_key()
+	return nil
+end
+
+function M.enable(val)
+	uci:set('openvpn', 'mesh_vpn', 'enabled', val)
+	uci:save('openvpn')
+end
+
+function M.active()
+	return site.mesh_vpn.openvpn() ~= nil
+end
+
+function M.set_limit(ingress_limit, egress_limit)
+	if ingress_limit ~= nil then
+		uci:set('openvpn', 'mesh_vpn', 'limit_bw_down', ingress_limit)
+	else
+		uci:delete('openvpn', 'mesh_vpn', 'limit_bw_down')
+	end
+
+	if egress_limit ~= nil then
+		uci:section('simple-tc', 'interface', 'mesh_vpn', {
+			ifname = vpn_core.get_interface(),
+			enabled = true,
+			limit_egress = egress_limit,
+		})
+	else
+		uci:delete('simple-tc', 'mesh_vpn')
+	end
+
+	uci:save('openvpn')
+	uci:save('simple-tc')
+end
+
+return M