| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- Mesh-VPN
- ========
- Gluon integrates several OSI-Layer 2 tunneling protocols to
- enable interconnects between local meshes and provide
- internetwork access. Available protocols currently are:
- - fastd
- - L2TPv3 (via tunneldigger)
- fastd is a lightweight userspace tunneling daemon, that
- implements cipher suites that are specifically designed
- to work well on embedded devices. It offers encryption
- and authentication. Its primary drawback are the necessary
- context-switches when forwarding packets.
- L2TPv3 is an in-kernel tunneling protocol that performs well,
- but offers no security properties by itself.
- The brokering of the tunnel happens through tunneldigger,
- its primary drawback being the lack of IPv6 support.
- fastd
- -----
- Configurable Cipher
- ^^^^^^^^^^^^^^^^^^^
- From the site configuration fastd can be allowed to offer
- toggleable encryption in the config mode with the intent to
- increase throughput, although in practice the gain is minimal.
- **Site configuration:**
- 1) Install ``gluon-web-mesh-vpn-fastd`` in ``site.mk``
- 2) Set ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
- **Gateway configuration:**
- 1) Prepend the ``none`` cipher in fastds method list
- **Config Mode:**
- The resulting firmware will allow users to choose between secure (encrypted) and fast (unencrypted) transport.
- .. image:: fastd_mode.gif
- **Unix socket:**
- To confirm whether the correct cipher is being used, fastds unix
- socket can be interrogated, after installing for example `socat`.
- ::
- opkg update
- opkg install socat
- socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket
|
