Home Explore Help
Register Sign In
FreifunkHochstift
/
gluon
6
0
Fork 0
Files Issues 0 Pull Requests 0
Tree: 6cddaedfc7
Branches Tags
gluon
/
package
/
gluon-mesh-vpn-fastd
/
luasrc
/
lib
/
gluon
/
upgrade
/
400-mesh-vpn-fastd

400-mesh-vpn-fastd 2.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. #!/usr/bin/lua
    2. 

  2. 

  3. local site = require 'gluon.site_config'
    4. 

  4. local users = require 'gluon.users'
    5. 

  5. local util = require 'gluon.util'
    6. 

  6. 

  7. local uci = require('luci.model.uci').cursor()
    8. 

  8. local lutil = require 'luci.util'
    9. 

  9. 

  10. 

  11. -- The previously used user is removed, we need root privileges to use the packet_mark option
    12. 

  12. users.remove_user('gluon-fastd')
    13. 

  13. 

  14. -- Group for iptables rule
    15. 

  15. users.add_group('gluon-fastd', 800)
    16. 

  16. 

  17. 

  18. local enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
    19. 

  19. if not enabled then
    20. 

  20.   enabled = site.fastd_mesh_vpn.enabled and 1 or 0
    21. 

  21. end
    22. 

  22. 

  23. 

  24. local methods
    25. 

  25. 

  26. if site.fastd_mesh_vpn.configurable then
    27. 

  27.   local has_null = lutil.contains(site.fastd_mesh_vpn.methods, 'null')
    28. 

  28. 

  29.   local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
    30. 

  30.   if old_methods then
    31. 

  31.     has_null = lutil.contains(old_methods, 'null')
    32. 

  32.   end
    33. 

  33. 

  34. 

  35.   methods = {}
    36. 

  36.   if has_null then
    37. 

  37.     table.insert(methods, 'null')
    38. 

  38.   end
    39. 

  39. 

  40.   for _, method in ipairs(site.fastd_mesh_vpn.methods) do
    41. 

  41.     if method ~= 'null' then
    42. 

  42.       table.insert(methods, method)
    43. 

  43.     end
    44. 

  44.   end
    45. 

  45. 

  46. else
    47. 

  47.   methods = site.fastd_mesh_vpn.methods
    48. 

  48. end
    49. 

  49. 

  50. 

  51. uci:section('fastd', 'fastd', 'mesh_vpn',
    52. 

  52. 	  {
    53. 

  53. 		  enabled = enabled,
    54. 

  54. 		  group = 'gluon-fastd',
    55. 

  55. 		  syslog_level = 'verbose',
    56. 

  56. 		  interface = 'mesh-vpn',
    57. 

  57. 		  mode = 'tap',
    58. 

  58. 		  mtu = site.fastd_mesh_vpn.mtu,
    59. 

  59. 		  secure_handshakes = 1,
    60. 

  60. 		  method = methods,
    61. 

  61. 		  packet_mark = 1,
    62. 

  62. 		  status_socket = '/var/run/fastd.mesh_vpn.socket',
    63. 

  63. 	  }
    64. 

  64. )
    65. 

  65. uci:delete('fastd', 'mesh_vpn', 'user')
    66. 

  66. 

  67. 

  68. local add_groups
    69. 

  69. 

  70. local function add_peer(group, name, config)
    71. 

  71.   uci:section('fastd', 'peer', group .. '_peer_' .. name,
    72. 

  72.     {
    73. 

  73.       enabled = 1,
    74. 

  74.       net = 'mesh_vpn',
    75. 

  75.       group = group,
    76. 

  76.       key = config.key,
    77. 

  77.       remote = config.remotes,
    78. 

  78.     }
    79. 

  79.   )
    80. 

  80. end
    81. 

  81. 

  82. local function add_group(name, config, parent)
    83. 

  83.   uci:delete('fastd', name)
    84. 

  84.   uci:delete_all('fastd', 'peer',
    85. 

  85.     function(peer)
    86. 

  86.       return (peer.net == 'mesh_vpn' and peer.group == name)
    87. 

  87.     end
    88. 

  88.   )
    89. 

  89. 

  90. 

  91.   uci:section('fastd', 'peer_group', name,
    92. 

  92.     {
    93. 

  93.       enabled = 1,
    94. 

  94.       net = 'mesh_vpn',
    95. 

  95.       parent = parent,
    96. 

  96.       peer_limit = config.limit,
    97. 

  97.     }
    98. 

  98.   )
    99. 

  99. 

  100.   if config.peers then
    101. 

  101.     for peername, peerconfig in pairs(config.peers) do
    102. 

  102.       add_peer(name, peername, peerconfig)
    103. 

  103.     end
    104. 

  104.   end
    105. 

  105. 

  106.   add_groups(name, config.groups, name)
    107. 

  107. end
    108. 

  108. 

  109. -- declared local above
    110. 

  110. function add_groups(prefix, groups, parent)
    111. 

  111.   if groups then
    112. 

  112.     for name, group in pairs(groups) do
    113. 

  113.       add_group(prefix .. '_' .. name, group, parent)
    114. 

  114.     end
    115. 

  115.   end
    116. 

  116. end
    117. 

  117. 

  118. add_groups('mesh_vpn', site.fastd_mesh_vpn.groups)
    119. 

  119. 

  120. 

  121. uci:save('fastd')
    122. 

  122. 

  123. 

  124. uci:section('network', 'interface', 'mesh_vpn',
    125. 

  125.   {
    126. 

  126.     ifname = 'mesh-vpn',
    127. 

  127.     proto = 'gluon_mesh',
    128. 

  128.     transitive = 1,
    129. 

  129.     fixed_mtu = 1,
    130. 

  130.     macaddr = util.generate_mac(7),
    131. 

  131.   }
    132. 

  132. )
    133. 

  133. 

  134. uci:save('network')
    135. 

  135. 

  136. 

  137. uci:section('firewall', 'include', 'mesh_vpn_dns',
    138. 

  138. 	  {
    139. 

  139. 	    type = 'restore',
    140. 

  140. 	    path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',
    141. 

  141. 	    family = 'ipv4',
    142. 

  142. 	  }
    143. 

  143. )
    144. 

  144. 

  145. uci:save('firewall')
    146.