From e2064e36e319fd34b6c9e3b60c5de13938a2211d Mon Sep 17 00:00:00 2001 From: Tom Herbers Date: Mon, 15 Aug 2022 15:09:07 +0200 Subject: [PATCH] docs: vpn: add fastd Supernode offloading recommendations closes freifunk-gluon/gluon#2603 Co-authored-by: Martin Weinelt --- docs/features/vpn.rst | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/docs/features/vpn.rst b/docs/features/vpn.rst index cf6c7ea7..95d0ee27 100644 --- a/docs/features/vpn.rst +++ b/docs/features/vpn.rst @@ -79,6 +79,46 @@ performance reasons. Nodes using offloading can communicate with supornodes that don't use offloading as long as both use the ``null@l2tp`` method. +.. _vpn-gateway-configuration-offloading: + +Offloading on Gateways / Supernodes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To enable L2TP offloading on the supornodes, it is recommended to study the +fastd documentation section pertaining to the `offload configuration option +`_. + +However, the important changes to the fastd config on your Supernode are: + + - | Set ``mode multitap;`` + | Every peer gets their own interface. + + - | Replace ``interface "foo":`` with ``interface "peer-%k";`` + | ``%k`` is substituted for a portion of the peers public key. + + - | Set ``offload l2tp yes;`` + | This tells fastd to use the l2tp kernel module. + + - | Set ``persist interface no;`` + | This tells fastd to only keep interfaces arround while the connection is active. + +Note that in ``multitap`` mode, which is required when using L2TP offloading, +fastd will create one interface per peer on the supernode's. This allows +offloading the L2TP forwarding into the kernel space. But this also means added +copmlexity with regards to handling those interfaces. + +There are two main options on how you can handle this: + + - create ``on up`` and ``on down`` hooks + + - to handle interface setup and destruction + - preferrably using the async keyword, so hooks are not blocking fastd + + - use a daemon like systemd-networkd + +Examples for both options can be found in the +`Wiki `_. + Configurable Method """""""""""""""""""