diff --git a/package/gluon-mesh-vpn-fastd/Makefile b/package/gluon-mesh-vpn-fastd/Makefile index 9290b457..1547985c 100644 --- a/package/gluon-mesh-vpn-fastd/Makefile +++ b/package/gluon-mesh-vpn-fastd/Makefile @@ -11,7 +11,7 @@ define Package/gluon-mesh-vpn-fastd SECTION:=gluon CATEGORY:=Gluon TITLE:=Support for connecting batman-adv meshes via fastd - DEPENDS:=+gluon-core +gluon-mesh-batman-adv +fastd + DEPENDS:=+gluon-core +gluon-mesh-batman-adv +gluon-wan-dnsmasq +fastd +iptables-mod-extra endef define Package/gluon-mesh-vpn-fastd/description diff --git a/package/gluon-mesh-vpn-fastd/files/etc/hotplug.d/iface/50-gluon-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/files/etc/hotplug.d/iface/50-gluon-mesh-vpn-fastd deleted file mode 100644 index 26ad4773..00000000 --- a/package/gluon-mesh-vpn-fastd/files/etc/hotplug.d/iface/50-gluon-mesh-vpn-fastd +++ /dev/null @@ -1,3 +0,0 @@ -[ "$INTERFACE" = 'wan' ] || exit 0 - -/lib/gluon/mesh-vpn-fastd/update-dnsmasq diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules b/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules new file mode 100644 index 00000000..c1a16ee1 --- /dev/null +++ b/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules @@ -0,0 +1,3 @@ +*nat +-I OUTPUT -m owner --gid-owner gluon-fastd -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54 +COMMIT diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/update-dnsmasq b/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/update-dnsmasq deleted file mode 100755 index 33e23a59..00000000 --- a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/update-dnsmasq +++ /dev/null @@ -1,101 +0,0 @@ -#!/bin/sh - - -. /lib/functions.sh - - -_json_push() { - export JSON_PATH="${JSON_PATH}/$1" -} - -_json_pop() { - export JSON_PATH="${JSON_PATH%/*}" -} - -json_init() { - export JSON_PATH='' -} - -json_add_object() { - _json_push "$1" -} - -json_close_object() { - _json_pop -} - -json_add_array() { - _json_push "$1" -} - -json_close_array() { - _json_pop -} - -json_add_int() { - return -} - -json_add_boolean() { - return -} - -json_add_double() { - return -} - -json_add_string() { - [ "$JSON_PATH" = '/inactive/dns_server' ] || return - echo "$2" -} - - -get_dns_server() { - eval `jshn -r "$(ubus call network.interface.wan status)"` -} - -generate_dnsmasq_conf_remote() { - local remote="$1"; local servers="$2" - - local hostname="$(echo "$remote" | awk -F \" '{print $2}')" - [ -n "$hostname" ] || return - - for ns in $servers; do - echo "server=/$hostname/$ns" - done -} - -generate_dnsmasq_conf_peer() { - local peer="$1"; local servers="$2" - local enabled; local net - - config_get_bool enabled "$peer" 'enabled' 0 - [ "$enabled" -gt 0 ] || return - - config_get net "$peer" 'net' - [ "$net" = 'mesh_vpn' ] || return - - config_list_foreach "$peer" 'remote' generate_dnsmasq_conf_remote "$servers" -} - -generate_dnsmasq_conf() { - local servers="$1" - - config_load fastd - config_foreach generate_dnsmasq_conf_peer 'peer' "$servers" -} - - -mkdir -p /var/gluon/mesh-vpn-fastd -generate_dnsmasq_conf "$(get_dns_server)" > /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$ - -lock /var/gluon/mesh-vpn-fastd/dnsmasq.conf.lock - -if cmp -s /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$ /var/gluon/dnsmasq.d/mesh-vpn-fastd.conf; then - rm /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$ -else - mv -f /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$ /var/gluon/dnsmasq.d/mesh-vpn-fastd.conf - /etc/init.d/dnsmasq restart -fi - -lock -u /var/gluon/mesh-vpn-fastd/dnsmasq.conf.lock diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/010-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/010-mesh-vpn-fastd index da8b5e6a..a2081169 100755 --- a/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/010-mesh-vpn-fastd +++ b/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/010-mesh-vpn-fastd @@ -13,9 +13,13 @@ local c = uci.cursor() -- The previously used user is removed, we need root privileges to use the packet_mark option users.remove_user('gluon-fastd') +-- Group for iptables rule +users.add_group('gluon-fastd', 800) + c:section('fastd', 'fastd', 'mesh_vpn', { + group = 'gluon-fastd', syslog_level = 'verbose', interface = 'mesh-vpn', mode = 'tap', @@ -70,3 +74,15 @@ c:section('network', 'interface', 'mesh_vpn', c:save('network') c:commit('network') + + +c:section('firewall', 'include', 'mesh_vpn_dns', + { + type = 'restore', + path = '/lib/gluon/mesh-vpn-fastd/iptables.rules', + family = 'ipv4', + } +) + +c:save('firewall') +c:commit('firewall')