gluon-mesh-vpn-*: make vpn MTU provider specific
If a community uses different vpn providers, they typically assume the same MTU for the wan device underneath the VPN. As different VPN providers however have different overhead, the MTU of the VPN device differs for each provider. Therefore this commit makes the MTU of the VPN device provider specific. This has two advantages: 1. The same site.conf can used to bake firmwares for different VPN providers (only by selecting a diferent vpn feature in the site.mk). 2. We are coming closer to the option of integrating multiple VPN providers into one firmware.
This commit is contained in:
parent
57c0bdbf56
commit
7c81897b4c
@ -1,5 +1,4 @@
|
|||||||
need_boolean(in_site({'mesh_vpn', 'enabled'}), false)
|
need_boolean(in_site({'mesh_vpn', 'enabled'}), false)
|
||||||
need_number({'mesh_vpn', 'mtu'})
|
|
||||||
need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false)
|
need_boolean(in_site({'mesh_vpn', 'pubkey_privacy'}), false)
|
||||||
|
|
||||||
need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false)
|
need_boolean(in_site({'mesh_vpn', 'bandwidth_limit', 'enabled'}), false)
|
||||||
|
@ -7,6 +7,7 @@ local util = require 'gluon.util'
|
|||||||
local uci = require('simple-uci').cursor()
|
local uci = require('simple-uci').cursor()
|
||||||
|
|
||||||
local vpn_core = require 'gluon.mesh-vpn'
|
local vpn_core = require 'gluon.mesh-vpn'
|
||||||
|
local _, active_vpn = vpn_core.get_active_provider()
|
||||||
|
|
||||||
uci:section('network', 'interface', 'mesh_vpn', {
|
uci:section('network', 'interface', 'mesh_vpn', {
|
||||||
ifname = vpn_core.get_interface(),
|
ifname = vpn_core.get_interface(),
|
||||||
@ -14,7 +15,7 @@ uci:section('network', 'interface', 'mesh_vpn', {
|
|||||||
transitive = true,
|
transitive = true,
|
||||||
fixed_mtu = true,
|
fixed_mtu = true,
|
||||||
macaddr = util.generate_mac(7),
|
macaddr = util.generate_mac(7),
|
||||||
mtu = site.mesh_vpn.mtu(),
|
mtu = active_vpn.mtu(),
|
||||||
})
|
})
|
||||||
|
|
||||||
uci:save('network')
|
uci:save('network')
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
local fastd_methods = {'salsa2012+umac', 'null+salsa2012+umac', 'null@l2tp', 'null'}
|
local fastd_methods = {'salsa2012+umac', 'null+salsa2012+umac', 'null@l2tp', 'null'}
|
||||||
need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
|
need_array_of({'mesh_vpn', 'fastd', 'methods'}, fastd_methods)
|
||||||
need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
|
need_boolean(in_site({'mesh_vpn', 'fastd', 'configurable'}), false)
|
||||||
|
need_number({'mesh_vpn', 'fastd', 'mtu'})
|
||||||
|
|
||||||
need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}),
|
need_one_of(in_site({'mesh_vpn', 'fastd', 'syslog_level'}),
|
||||||
{'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
|
{'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
|
||||||
|
@ -3,6 +3,7 @@
|
|||||||
local site = require 'gluon.site'
|
local site = require 'gluon.site'
|
||||||
local util = require 'gluon.util'
|
local util = require 'gluon.util'
|
||||||
local vpn_core = require 'gluon.mesh-vpn'
|
local vpn_core = require 'gluon.mesh-vpn'
|
||||||
|
local _, active_vpn = vpn_core.get_active_provider()
|
||||||
|
|
||||||
local uci = require('simple-uci').cursor()
|
local uci = require('simple-uci').cursor()
|
||||||
local unistd = require 'posix.unistd'
|
local unistd = require 'posix.unistd'
|
||||||
@ -49,7 +50,7 @@ uci:section('fastd', 'fastd', 'mesh_vpn', {
|
|||||||
secret = secret,
|
secret = secret,
|
||||||
interface = vpn_core.get_interface(),
|
interface = vpn_core.get_interface(),
|
||||||
mode = 'tap',
|
mode = 'tap',
|
||||||
mtu = site.mesh_vpn.mtu(),
|
mtu = active_vpn.mtu(),
|
||||||
secure_handshakes = true,
|
secure_handshakes = true,
|
||||||
method = methods,
|
method = methods,
|
||||||
packet_mark = 1,
|
packet_mark = 1,
|
||||||
|
@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
|
|||||||
uci:save('simple-tc')
|
uci:save('simple-tc')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function M.mtu()
|
||||||
|
return site.mesh_vpn.fastd.mtu()
|
||||||
|
end
|
||||||
|
|
||||||
return M
|
return M
|
||||||
|
@ -1 +1,2 @@
|
|||||||
need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'}))
|
need_string_array(in_domain({'mesh_vpn', 'tunneldigger', 'brokers'}))
|
||||||
|
need_number({'mesh_vpn', 'tunneldigger', 'mtu'})
|
||||||
|
@ -39,4 +39,8 @@ function M.set_limit(ingress_limit, egress_limit)
|
|||||||
uci:save('simple-tc')
|
uci:save('simple-tc')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function M.mtu()
|
||||||
|
return site.mesh_vpn.tunneldigger.mtu()
|
||||||
|
end
|
||||||
|
|
||||||
return M
|
return M
|
||||||
|
@ -7,3 +7,4 @@ local function check_peer(k)
|
|||||||
end
|
end
|
||||||
|
|
||||||
need_table({'mesh_vpn', 'wireguard', 'peers'}, check_peer)
|
need_table({'mesh_vpn', 'wireguard', 'peers'}, check_peer)
|
||||||
|
need_number({'mesh_vpn', 'wireguard', 'mtu'})
|
||||||
|
@ -40,4 +40,8 @@ function M.set_limit(ingress_limit, egress_limit)
|
|||||||
uci:save('simple-tc')
|
uci:save('simple-tc')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
function M.mtu()
|
||||||
|
return site.mesh_vpn.wireguard.mtu()
|
||||||
|
end
|
||||||
|
|
||||||
return M
|
return M
|
||||||
|
Loading…
Reference in New Issue
Block a user