2019-07-06 23:52:40 +02:00
|
|
|
. /lib/functions.sh
|
|
|
|
. /lib/functions/fff/network
|
|
|
|
. /lib/functions/fff/babel
|
|
|
|
|
|
|
|
#load board specific properties
|
|
|
|
BOARD="$(uci get board.model.name)"
|
|
|
|
. /etc/network.$BOARD
|
2021-02-10 01:18:28 +01:00
|
|
|
[ -n "$ROUTERMAC" ] || ROUTERMAC=$(get_mac_label)
|
2019-07-06 23:52:40 +02:00
|
|
|
|
|
|
|
configure() {
|
|
|
|
# remove peers missing in gateway config
|
|
|
|
remove_wgpeer() {
|
|
|
|
local name="$1"
|
|
|
|
|
|
|
|
# check prefix
|
|
|
|
if [ "$name" = "${name#wg_}" ]; then
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! uci -q get gateway.${name#wg_} > /dev/null; then
|
|
|
|
# remove interface
|
|
|
|
uci -q del network.$name
|
|
|
|
# remove wireguard config
|
|
|
|
uci -q del network.@wireguard_$name[0]
|
|
|
|
|
|
|
|
# remove iif-rules
|
|
|
|
babel_delete_iifrules "$name"
|
|
|
|
# remove babel interface
|
|
|
|
babel_delete_interface "$name"
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
config_load babeld
|
|
|
|
config_foreach remove_wgpeer interface
|
|
|
|
|
|
|
|
|
|
|
|
# add new peers
|
|
|
|
add_wgpeer() {
|
|
|
|
local name="$1"
|
|
|
|
local prefixname="wg_$name"
|
|
|
|
|
|
|
|
# ensure name length
|
|
|
|
if [ ${#name} -gt 12 ]; then
|
|
|
|
echo "ERROR: name $name is too long!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# get rxcost
|
|
|
|
if rxcost=$(uci -q get gateway.$name.rxcost); then
|
|
|
|
rxcost="$rxcost"
|
|
|
|
else
|
|
|
|
rxcost=16384
|
|
|
|
fi
|
|
|
|
|
|
|
|
# get wireguard properties
|
|
|
|
local privkey
|
|
|
|
local pubkey
|
|
|
|
local endpoint_host
|
|
|
|
local endpoint_port
|
|
|
|
local persistent_keepalive
|
|
|
|
local mtu
|
|
|
|
|
2019-08-19 22:02:55 +02:00
|
|
|
if ! privkey=$(uci -q get gateway.$name.local_private_key); then
|
2019-07-06 23:52:40 +02:00
|
|
|
privkey=$(wg genkey)
|
2019-08-19 22:02:55 +02:00
|
|
|
uci set gateway.$name.local_private_key="$privkey"
|
2019-07-06 23:52:40 +02:00
|
|
|
fi
|
|
|
|
|
2019-08-19 22:02:55 +02:00
|
|
|
if ! pubkey=$(uci get gateway.$name.remote_public_key); then
|
2019-07-06 23:52:40 +02:00
|
|
|
echo "ERROR: publickey for ${name} missing!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! endpoint_host=$(uci get gateway.$name.endpoint_host); then
|
|
|
|
echo "ERROR: endpoint_host for ${name} missing!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! endpoint_port=$(uci get gateway.$name.endpoint_port); then
|
|
|
|
echo "ERROR: endpoint_port for ${name} missing!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
persistent_keepalive=$(uci -q get gateway.$name.persistent_keepalive)
|
|
|
|
mtu=$(uci -q get gateway.$name.mtu)
|
|
|
|
|
|
|
|
|
|
|
|
# add interface
|
|
|
|
uci set network.$prefixname=interface
|
|
|
|
uci set network.$prefixname.proto=wireguard
|
|
|
|
uci set network.$prefixname.nohostroute='1'
|
|
|
|
uci set network.$prefixname.fwmark='0xc8'
|
|
|
|
uci set network.$prefixname.mtu="${mtu:-1420}"
|
|
|
|
|
|
|
|
uci set network.$prefixname.private_key="$privkey"
|
2019-08-19 22:02:55 +02:00
|
|
|
echo "INFO: publickey for wireguardpeer ${name}: $(uci get gateway.$name.local_private_key | wg pubkey)"
|
2019-07-06 23:52:40 +02:00
|
|
|
|
|
|
|
|
|
|
|
# add wireguard properties
|
|
|
|
if uci -q get network.@wireguard_$prefixname[0] > /dev/null; then
|
|
|
|
#config already exists
|
|
|
|
cfg="@wireguard_$prefixname[0]"
|
|
|
|
else
|
|
|
|
#create new config
|
|
|
|
cfg=$(uci add network wireguard_$prefixname)
|
|
|
|
fi
|
|
|
|
|
|
|
|
uci set network.$cfg.public_key="$pubkey"
|
|
|
|
uci set network.$cfg.endpoint_host="$endpoint_host"
|
|
|
|
uci set network.$cfg.endpoint_port="$endpoint_port"
|
|
|
|
uci set network.$cfg.persistent_keepalive="$persistent_keepalive"
|
|
|
|
uci -q delete network.$cfg.allowed_ips
|
|
|
|
uci add_list network.$cfg.allowed_ips='::/0'
|
|
|
|
uci add_list network.$cfg.allowed_ips='0.0.0.0/0'
|
|
|
|
|
|
|
|
|
|
|
|
# remove old addresses
|
|
|
|
uci -q del network.$prefixname.addresses
|
|
|
|
|
|
|
|
# add link local address
|
2021-01-13 21:12:54 +01:00
|
|
|
uci add_list network.$prefixname.addresses="$(owipcalc "fe80::/64" add "::$(ipEUISuffix "$ROUTERMAC")")"
|
2019-07-06 23:52:40 +02:00
|
|
|
|
|
|
|
# add peer_ip
|
|
|
|
babel_add_peeraddr "network.$prefixname.addresses"
|
|
|
|
babel_add_peer6addr "network.$prefixname.addresses"
|
|
|
|
|
|
|
|
# add iif-rules
|
|
|
|
babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
|
|
|
|
|
|
|
|
# add babel interface
|
fff-wireguard: Use babel type wired for wireguard babel peers
The babel interface type 'tunnel' has some disadvantageous properties for
our network.
First, babel tries to evaluate the tunnel performance using the rtt. However,
this makes the network quite unstable, as rtt might fluctuate a lot, especially
on less reliable connections (e.g. LTE). Instead of fully falling back to an alternate
route, this rtt evaluation leads to a lot of flapping routes. Additionally, rtt
evaluation changes the metric of routes quite often, which leads to many unnessessary
babel messages in our network.
Also, babeld disables split-horizon processing on 'tunnel' interfaces per default.
However, split-horizon processing can be done in our point-to-point tunnel setup without
any issues and has the advantage of significantly reduced babel messages on a link with
many uplink routes.
Therefore, wireguard babel peers now use the interface type 'wired'.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Johannes Kimmel <fff@bareminimum.eu>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
[bump PKG_RELEASE, adjust commit title prefix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-14 13:17:05 +02:00
|
|
|
babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
|
2019-07-06 23:52:40 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
config_load gateway
|
|
|
|
config_foreach add_wgpeer wireguardpeer
|
|
|
|
}
|
|
|
|
|
2019-12-30 12:05:56 +01:00
|
|
|
apply() {
|
2019-07-06 23:52:40 +02:00
|
|
|
uci commit network
|
|
|
|
uci commit babeld
|
|
|
|
uci commit gateway
|
|
|
|
}
|
|
|
|
|
|
|
|
revert() {
|
|
|
|
uci revert network
|
|
|
|
uci revert babeld
|
|
|
|
uci revert gateway
|
|
|
|
}
|