From 7c6befc7c3cae040c58f7d5d19b0276ec3d4e0cb Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 7 Mar 2021 20:47:27 +0100 Subject: [PATCH] gluon-mesh-vpn-fastd: add L2TP offload support --- package/features | 7 ++++++- package/gluon-mesh-vpn-fastd-l2tp/Makefile | 13 +++++++++++++ .../files/lib/gluon/mesh-vpn/fastd/l2tp | 0 .../files/lib/gluon/mesh-vpn/fastd/.keep | 0 .../lib/gluon/upgrade/400-mesh-vpn-fastd | 18 ++++++++++++++++++ 5 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 package/gluon-mesh-vpn-fastd-l2tp/Makefile create mode 100644 package/gluon-mesh-vpn-fastd-l2tp/files/lib/gluon/mesh-vpn/fastd/l2tp create mode 100644 package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn/fastd/.keep diff --git a/package/features b/package/features index c6e94a1a..da68b369 100644 --- a/package/features +++ b/package/features @@ -16,7 +16,12 @@ when(_'web-wizard' and _'autoupdater', { 'gluon-config-mode-autoupdater', }) -when(_'web-wizard' and (_'mesh-vpn-fastd' or _'mesh-vpn-tunneldigger' or _'mesh-vpn-wireguard'), { +when(_'web-wizard' and ( + _'mesh-vpn-fastd' or + _'mesh-vpn-fastd-l2tp' or + _'mesh-vpn-tunneldigger' or + _'mesh-vpn-wireguard' +), { 'gluon-config-mode-mesh-vpn', }) diff --git a/package/gluon-mesh-vpn-fastd-l2tp/Makefile b/package/gluon-mesh-vpn-fastd-l2tp/Makefile new file mode 100644 index 00000000..8eb5f6ec --- /dev/null +++ b/package/gluon-mesh-vpn-fastd-l2tp/Makefile @@ -0,0 +1,13 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-mesh-vpn-fastd-l2tp +PKG_VERSION:=1 + +include ../gluon.mk + +define Package/gluon-mesh-vpn-fastd-l2tp + TITLE:=Support for connecting meshes via fastd (with L2TP kernel offloading) + DEPENDS:=+gluon-core +gluon-mesh-vpn-fastd +kmod-l2tp-eth +@GLUON_SPECIALIZE_KERNEL:KERNEL_L2TP +endef + +$(eval $(call BuildPackageGluon,gluon-mesh-vpn-fastd-l2tp)) diff --git a/package/gluon-mesh-vpn-fastd-l2tp/files/lib/gluon/mesh-vpn/fastd/l2tp b/package/gluon-mesh-vpn-fastd-l2tp/files/lib/gluon/mesh-vpn/fastd/l2tp new file mode 100644 index 00000000..e69de29b diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn/fastd/.keep b/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn/fastd/.keep new file mode 100644 index 00000000..e69de29b diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd index 1af8218e..c8898755 100755 --- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd +++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd @@ -5,6 +5,7 @@ local util = require 'gluon.util' local vpn_core = require 'gluon.mesh-vpn' local uci = require('simple-uci').cursor() +local unistd = require 'posix.unistd' local syslog_level = uci:get('fastd', 'mesh_vpn', 'syslog_level') or 'verbose' @@ -52,9 +53,19 @@ uci:section('fastd', 'fastd', 'mesh_vpn', { secure_handshakes = true, method = methods, packet_mark = 1, + persist_interface = true, + offload_l2tp = false, status_socket = '/var/run/fastd.mesh_vpn.socket', }) +uci:delete('fastd', 'mesh_vpn', 'peer_limit') +-- L2TP offload support +if unistd.access('/lib/gluon/mesh-vpn/fastd/l2tp') then + uci:set('fastd', 'mesh_vpn', 'mode', 'multitap') + uci:set('fastd', 'mesh_vpn', 'persist_interface', false) + uci:set('fastd', 'mesh_vpn', 'offload_l2tp', true) + uci:set('fastd', 'mesh_vpn', 'peer_limit', 1) +end -- Collect list of groups that have peers with 'preserve' flag local preserve_groups = {} @@ -96,6 +107,7 @@ local function add_peer(group, name, config) enabled = true, net = 'mesh_vpn', group = group, + interface = 'mesh-vpn', key = config.key, remote = config.remotes, }) @@ -125,5 +137,11 @@ end add_groups('mesh_vpn', site.mesh_vpn.fastd.groups()) +-- Update preserved peers as well +uci:foreach('fastd', 'peer', function(peer) + if peer.net == 'mesh_vpn' then + uci:set('fastd', peer['.name'], 'interface', 'mesh-vpn') + end +end) uci:save('fastd')