vxlan #198
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-fastd
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
protocol=fastd
|
||||
|
||||
fastd_clear() {
|
||||
rm /tmp/fastd_fff_peers/*
|
||||
}
|
||||
|
||||
fastd_addpeer() {
|
||||
[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
|
||||
|
||||
# write fastd-config
|
||||
json_get_var servername name
|
||||
filename="/etc/fastd/fff/peers/$servername"
|
||||
echo "#name \"${servername}\";" > "$filename"
|
||||
json_get_var key key
|
||||
echo "key \"${key}\";" >> "$filename"
|
||||
json_get_var address address
|
||||
json_get_var port port
|
||||
echo "remote \"${address}\" port ${port};" >> "$filename"
|
||||
echo "" >> "$filename"
|
||||
echo "float yes;" >> "$filename"
|
||||
}
|
||||
|
||||
fastd_start_stop() {
|
||||
/etc/init.d/fastd reload # does nothing if fastd was not running
|
||||
|
||||
# fastd start/stop for various situations
|
||||
# this is needed for first start and if fastd comes up or disappears in hoodfile
|
||||
pidfile="/tmp/run/fastd.fff.pid"
|
||||
if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
|
||||
else
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
|
||||
fi
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-node
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
@ -12,6 +12,7 @@ define Package/fff-node
|
|||
URL:=https://www.freifunk-franken.de
|
||||
DEPENDS:=+fff-batman-adv \
|
||||
+fff-fastd \
|
||||
+fff-vxlan-node-vpn \
|
||||
+fff-firewall \
|
||||
+fff-hoods \
|
||||
+fff-uradvd
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-vpn-select
|
||||
PKG_RELEASE:=5
|
||||
PKG_RELEASE:=6
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -1,65 +1,45 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Usage: vpn-select <path-to-hood-file>
|
||||
# To add a new protocol, put a file with three functions to /usr/lib/vpn-select.d/ .
|
||||
# The file must start with protocol=name. It is most important to use the same name here and in hoodfile.
|
||||
# The old config can be cleared in function ${protocol}_clear(). It is called first once per installed protocol.
|
||||
# The function ${protocol}_addpeer() is called for every selected peer in hoodfile.
|
||||
# The function ${protocol}_start_stop() is called at the end once per installed protocol.
|
||||
|
||||
. /usr/share/libubox/jshn.sh
|
||||
|
||||
hoodfile="$1"
|
||||
|
||||
make_config() {
|
||||
# remove old config
|
||||
rm /tmp/fastd_fff_peers/*
|
||||
# source functions
|
||||
for file in /usr/lib/vpn-select.d/*; do
|
||||
[ -f $file ] && . "$file"
|
||||
supported_protocols="$supported_protocols $protocol"
|
||||
done
|
||||
|
||||
# prepare
|
||||
Index=1
|
||||
# clear old config
|
||||
for protocol in $supported_protocols; do
|
||||
"${protocol}_clear"
|
||||
done
|
||||
|
||||
# configure vpn
|
||||
|
||||
if [ -n "$hoodfile" ] && [ -s "$hoodfile" ] ; then
|
||||
json_load "$(cat "$hoodfile")"
|
||||
json_select hood
|
||||
json_get_var id id
|
||||
json_select ".."
|
||||
json_select vpn
|
||||
|
||||
# get fastd peers
|
||||
while json_select "$Index" > /dev/null
|
||||
do
|
||||
json_get_keys vpn_keys
|
||||
for key in $vpn_keys; do
|
||||
json_select $key
|
||||
json_get_var protocol protocol
|
||||
if [ "$protocol" = "fastd" ]; then
|
||||
# set up fastd
|
||||
json_get_var servername name
|
||||
filename="/etc/fastd/fff/peers/$servername"
|
||||
echo "#name \"${servername}\";" > "$filename"
|
||||
json_get_var key key
|
||||
echo "key \"${key}\";" >> "$filename"
|
||||
json_get_var address address
|
||||
json_get_var port port
|
||||
echo "remote \"${address}\" port ${port};" >> "$filename"
|
||||
echo "" >> "$filename"
|
||||
echo "float yes;" >> "$filename"
|
||||
fi
|
||||
"${protocol}_addpeer"
|
||||
json_select ".." # back to vpn
|
||||
Index=$(( Index + 1 ))
|
||||
done
|
||||
json_select ".." # back to root
|
||||
}
|
||||
|
||||
# Only do something if file is there and not empty; otherwise exit 1
|
||||
if [ -s "$hoodfile" ]; then
|
||||
if [ ! -d /tmp/fastd_fff_peers ]; then
|
||||
# first run after reboot
|
||||
mkdir /tmp/fastd_fff_peers
|
||||
make_config
|
||||
# start fastd only if there are some peers
|
||||
[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
|
||||
else
|
||||
make_config
|
||||
/etc/init.d/fastd reload
|
||||
|
||||
# fastd start/stop for various situations
|
||||
pidfile="/tmp/run/fastd.fff.pid"
|
||||
if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
|
||||
else
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
|
||||
fi
|
||||
fi
|
||||
exit 0
|
||||
else
|
||||
echo "vpn-select: Hood file not found or empty!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# start/restart/stop vpnservices
|
||||
for protocol in $supported_protocols; do
|
||||
"${protocol}_start_stop"
|
||||
done
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
rm /tmp/fastd_fff_peers/*
|
||||
/etc/init.d/fastd stop
|
||||
|
|
@ -0,0 +1 @@
|
|||
vpn-select
|
|
@ -0,0 +1,29 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-vxlan-node-vpn
|
||||
PKG_RELEASE:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/$(PKG_NAME)
|
||||
SECTION:=base
|
||||
CATEGORY:=Freifunk
|
||||
TITLE:=Freifunk-Franken vxlan-node
|
||||
URL:=http://www.freifunk-franken.de
|
||||
DEPENDS:=+vxlan
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
This is the vxlan-node-vpn package for the Freifunk Franken Firmware
|
||||
This will configure and set up the VPN via vxlan
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
# nothing
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/install
|
||||
$(CP) ./files/* $(1)/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,$(PKG_NAME)))
|
|
@ -0,0 +1,16 @@
|
|||
uci batch <<EOF
|
||||
set network.vxlan0=interface
|
||||
set network.vxlan0.proto=vxlan6
|
||||
set network.vxlan0.port=8472
|
||||
set network.vxlan0.ip6addr=auto
|
||||
set network.vxlan0.srcportmin=8472
|
||||
set network.vxlan0.srcportmax=8473
|
||||
set network.vxlan0.ageing=30
|
||||
set network.vxlan0.mtu=1422
|
||||
set network.vxlan0.vid=0
|
||||
|
||||
set network.vxbat=interface
|
||||
set network.vxbat.proto=batadv_hardif
|
||||
set network.vxbat.master=bat0
|
||||
set network.vxbat.ifname=vxlan0
|
||||
EOF
|
|
@ -0,0 +1,27 @@
|
|||
protocol=vxlan
|
||||
|
||||
vxlan_clear() {
|
||||
while uci -q delete network.@vxlan_peer[0]; do :; done
|
||||
}
|
||||
|
||||
vxlan_addpeer() {
|
||||
uci set network.vxlan0.vid="$id"
|
||||
json_get_var address address
|
||||
address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
|
||||
[ -z $address ] && return ## address not reachable
|
||||
uci add network vxlan_peer
|
||||
uci set network.@vxlan_peer[-1].vxlan="vxlan0"
|
||||
uci set network.@vxlan_peer[-1].dst="$address"
|
||||
}
|
||||
|
||||
vxlan_start_stop() {
|
||||
uci commit network
|
||||
# reload_config will not add new peers. A ifup is needed
|
||||
ifup vxlan0
|
||||
|
||||
# this workaround is cleaning up old fdb entries
|
||||
# and can be removed if someday netifd will do that
|
||||
bridge fdb show dev vxlan0 state permanent | while read mac dst ip rest ; do
|
||||
grep -q "$ip" /etc/config/network || bridge fdb del $mac dev vxlan0 dst $ip
|
||||
done
|
||||
}
|
Loading…
Reference in New Issue