gluon-mesh-vpn-*: make vpn MTU provider specific

If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.

This has two advantages:
1. The same site.conf can used to bake firmwares for different
   VPN providers (only by selecting a diferent vpn feature in the
   site.mk).
2. We are coming closer to the option of integrating multiple VPN
   providers into one firmware.
This commit is contained in:
lemoer 2021-12-28 22:50:18 +01:00
parent 57c0bdbf56
commit 7c81897b4c
9 changed files with 19 additions and 3 deletions

View File

@ -1,5 +1,4 @@
need_boolean(in_site({'mesh_vpn', 'enabled'}), false) need_boolean(in_site({'mesh_vpn', 'enabled'}), false)
need_number({'mesh_vpn', 'mtu'})
need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false) need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false)
need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false) need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false)

View File

@ -7,6 +7,7 @@ local util = require 'gluon.util'
local uci = require('simple-uci').cursor() local uci = require('simple-uci').cursor()
local vpn_core = require 'gluon.mesh-vpn' local vpn_core = require 'gluon.mesh-vpn'
local _, active_vpn = vpn_core.get_active_provider()
uci:section('network', 'interface', 'mesh_vpn', { uci:section('network', 'interface', 'mesh_vpn', {
ifname = vpn_core.get_interface(), ifname = vpn_core.get_interface(),
@ -14,7 +15,7 @@ uci:section('network', 'interface', 'mesh_vpn', {
transitive = true, transitive = true,
fixed_mtu = true, fixed_mtu = true,
macaddr = util.generate_mac(7), macaddr = util.generate_mac(7),
mtu = site.mesh_vpn.mtu(), mtu = active_vpn.mtu(),
}) })
uci:save('network') uci:save('network')

View File

@ -1,6 +1,7 @@
local fastd_methods = {'salsa2012+umac', 'null+salsa2012+umac', 'null@l2tp', 'null'} local fastd_methods = {'salsa2012+umac', 'null+salsa2012+umac', 'null@l2tp', 'null'}
need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods) need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false) need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
need_number({'mesh_vpn', 'fastd', 'mtu'})
need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}), need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}),
{'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false) {'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)

View File

@ -3,6 +3,7 @@
local site = require 'gluon.site' local site = require 'gluon.site'
local util = require 'gluon.util' local util = require 'gluon.util'
local vpn_core = require 'gluon.mesh-vpn' local vpn_core = require 'gluon.mesh-vpn'
local _, active_vpn = vpn_core.get_active_provider()
local uci = require('simple-uci').cursor() local uci = require('simple-uci').cursor()
local unistd = require 'posix.unistd' local unistd = require 'posix.unistd'
@ -49,7 +50,7 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
secret = secret, secret = secret,
interface = vpn_core.get_interface(), interface = vpn_core.get_interface(),
mode = 'tap', mode = 'tap',
mtu = site.mesh_vpn.mtu(), mtu = active_vpn.mtu(),
secure_handshakes = true, secure_handshakes = true,
method = methods, method = methods,
packet_mark = 1, packet_mark = 1,

View File

@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
uci:save('simple-tc') uci:save('simple-tc')
end end
function M.mtu()
return site.mesh_vpn.fastd.mtu()
end
return M return M

View File

@ -1 +1,2 @@
need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'})) need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'}))
need_number({'mesh_vpn', 'tunneldigger', 'mtu'})

View File

@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
uci:save('simple-tc') uci:save('simple-tc')
end end
function M.mtu()
return site.mesh_vpn.tunneldigger.mtu()
end
return M return M

View File

@ -7,3 +7,4 @@ local function check_peer(k)
end end
need_table({'mesh_vpn', 'wireguard', 'peers'}, check_peer) need_table({'mesh_vpn', 'wireguard', 'peers'}, check_peer)
need_number({'mesh_vpn', 'wireguard', 'mtu'})

View File

@ -40,4 +40,8 @@ function M.set_limit(ingress_limit, egress_limit)
uci:save('simple-tc') uci:save('simple-tc')
end end
function M.mtu()
return site.mesh_vpn.wireguard.mtu()
end
return M return M