46 lines
1.6 KiB
ReStructuredText
46 lines
1.6 KiB
ReStructuredText
VPN
|
|
===
|
|
|
|
Gluon supports different options to establish vpn tunnels,
|
|
which connect mesh clouds and provide internet access.
|
|
Currently the available vpn protocols options are:
|
|
|
|
- fastd
|
|
- L2TP (tunneldigger)
|
|
|
|
Fastd is a lightweight vpn daemon in userspace, which is
|
|
especially designed for embedded hardware. It supports
|
|
encryption and authentication.
|
|
|
|
L2TP is implemented inside the linux kernel and has
|
|
therefore performance advantages over fastd. The
|
|
disadvantage of L2TP is, that it does not support any
|
|
encryption. So everything is sent in plain.
|
|
|
|
Optional Encryption (fastd only):
|
|
---------------------------------
|
|
|
|
When using fastd, the firmware can allow the user to
|
|
decide by itself, whether he want's to use encryption
|
|
or not. If the firmware builder doesn't like this, he
|
|
is also able to hide (or even forbid) the encryptionless
|
|
option to the user.
|
|
|
|
If you want to allow users to decide by themselves:
|
|
|
|
- Be sure, the package ``gluon-web-mesh-vpn-fastd`` is enabled in ``site.mk``
|
|
- Set the option ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
|
|
- On the server side, be sure that ``null`` cipher is allowed and preferred over ``salsa2012+umac``. You can ensure this by inserting the ``method "null";`` entry before the ``method "salsa2012+umac";`` in your fastd.conf.
|
|
|
|
Users now should have the choice in expert mode to decide
|
|
by themselves, which looks like this:
|
|
|
|
.. image:: fastd_mode.gif
|
|
|
|
If you want to ensure, that the correct chipher is chosen,
|
|
you can use the following command on a router. You maybe
|
|
have to install socat before.
|
|
|
|
socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket
|
|
|