#
# {{ site }} / {{ network }} FASTd configuration (Salt managed)
#

log to syslog level info;

interface "{{ site }}_{{ network }}";

{%- if 'aes' in grains['cpu_flags'] %}
method "aes128-ctr+umac";
{%- else %}
#method "aes128-ctr+umac";	# Not supported by CPU on this machine
{%- endif %}
method "salsa2012+umac";
{%- if site == 'legacy' %}
method "salsa2012+gmac";
{%- endif %}


{#- nodes{4,6} VPNs #}
{%- if network_type == 'nodes' %}
  {%- set proto = network.split ('-')[-1] %}
  {%- set port = 10000 + site_no|int %}
  {%- if network == 'nodes4' %}
bind 0.0.0.0:{{ port }} interface "vrf_external";
  {%- else %}
bind [::]:{{ port }} interface "vrf_external";
  {%- endif %}
 
{#- intergw VPN #}
{%- else %}
{%- set port = 11000 + site_no|int %}
bind 0.0.0.0:{{ port }} interface "vrf_external";
bind [::]:{{ port }} interface "vrf_external";
{%- endif %}

# Mark packets to make sure they are associated to VRF vrf_external.
# Specifying the interface and setsockopt() isn't enough for fastd.
packet mark 0x1023;

include "secret.conf";
mtu 1406;

status socket "/var/run/fastd.{{ site }}_{{ network }}.sock";

on up "
	ifconfig $INTERFACE down
	ip link set address {{ mac_address }} dev $INTERFACE
	ifconfig $INTERFACE up

	batctl -m {{ bat_iface }} if add $INTERFACE
";

on down "
	batctl -m {{ bat_iface }} if del $INTERFACE
";

{%- if 'nodes' in network %}
#on establish    async "/usr/local/bin/ff_log_vpnpeer establish";
#on disestablish async "/usr/local/bin/ff_log_vpnpeer disestablish";

include peers from "/etc/freifunk/peers";
  {%- if peer_limit %}
peer limit {{ peer_limit }};
  {%- endif %}
{%- elif 'intergw' in network %}
include peers from "gateways";
{%- endif %}