forked from freifunk-franken/firmware
Fabian Blaese
328beebe32
The babel interface type 'tunnel' has some disadvantageous properties for our network. First, babel tries to evaluate the tunnel performance using the rtt. However, this makes the network quite unstable, as rtt might fluctuate a lot, especially on less reliable connections (e.g. LTE). Instead of fully falling back to an alternate route, this rtt evaluation leads to a lot of flapping routes. Additionally, rtt evaluation changes the metric of routes quite often, which leads to many unnessessary babel messages in our network. Also, babeld disables split-horizon processing on 'tunnel' interfaces per default. However, split-horizon processing can be done in our point-to-point tunnel setup without any issues and has the advantage of significantly reduced babel messages on a link with many uplink routes. Therefore, wireguard babel peers now use the interface type 'wired'. Signed-off-by: Fabian Bläse <fabian@blaese.de> Reviewed-by: Johannes Kimmel <fff@bareminimum.eu> Reviewed-by: Robert Langhammer <rlanghammer@web.de> [bump PKG_RELEASE, adjust commit title prefix] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
147 lines
3.6 KiB
Plaintext
147 lines
3.6 KiB
Plaintext
. /lib/functions.sh
|
|
. /lib/functions/fff/network
|
|
. /lib/functions/fff/babel
|
|
|
|
#load board specific properties
|
|
BOARD="$(uci get board.model.name)"
|
|
. /etc/network.$BOARD
|
|
|
|
configure() {
|
|
# remove peers missing in gateway config
|
|
remove_wgpeer() {
|
|
local name="$1"
|
|
|
|
# check prefix
|
|
if [ "$name" = "${name#wg_}" ]; then
|
|
return
|
|
fi
|
|
|
|
if ! uci -q get gateway.${name#wg_} > /dev/null; then
|
|
# remove interface
|
|
uci -q del network.$name
|
|
# remove wireguard config
|
|
uci -q del network.@wireguard_$name[0]
|
|
|
|
# remove iif-rules
|
|
babel_delete_iifrules "$name"
|
|
# remove babel interface
|
|
babel_delete_interface "$name"
|
|
fi
|
|
}
|
|
|
|
config_load babeld
|
|
config_foreach remove_wgpeer interface
|
|
|
|
|
|
# add new peers
|
|
add_wgpeer() {
|
|
local name="$1"
|
|
local prefixname="wg_$name"
|
|
|
|
# ensure name length
|
|
if [ ${#name} -gt 12 ]; then
|
|
echo "ERROR: name $name is too long!"
|
|
exit 1
|
|
fi
|
|
|
|
# get rxcost
|
|
if rxcost=$(uci -q get gateway.$name.rxcost); then
|
|
rxcost="$rxcost"
|
|
else
|
|
rxcost=16384
|
|
fi
|
|
|
|
# get wireguard properties
|
|
local privkey
|
|
local pubkey
|
|
local endpoint_host
|
|
local endpoint_port
|
|
local persistent_keepalive
|
|
local mtu
|
|
|
|
if ! privkey=$(uci -q get gateway.$name.local_private_key); then
|
|
privkey=$(wg genkey)
|
|
uci set gateway.$name.local_private_key="$privkey"
|
|
fi
|
|
|
|
if ! pubkey=$(uci get gateway.$name.remote_public_key); then
|
|
echo "ERROR: publickey for ${name} missing!"
|
|
exit 1
|
|
fi
|
|
|
|
if ! endpoint_host=$(uci get gateway.$name.endpoint_host); then
|
|
echo "ERROR: endpoint_host for ${name} missing!"
|
|
exit 1
|
|
fi
|
|
|
|
if ! endpoint_port=$(uci get gateway.$name.endpoint_port); then
|
|
echo "ERROR: endpoint_port for ${name} missing!"
|
|
exit 1
|
|
fi
|
|
|
|
persistent_keepalive=$(uci -q get gateway.$name.persistent_keepalive)
|
|
mtu=$(uci -q get gateway.$name.mtu)
|
|
|
|
|
|
# add interface
|
|
uci set network.$prefixname=interface
|
|
uci set network.$prefixname.proto=wireguard
|
|
uci set network.$prefixname.nohostroute='1'
|
|
uci set network.$prefixname.fwmark='0xc8'
|
|
uci set network.$prefixname.mtu="${mtu:-1420}"
|
|
|
|
uci set network.$prefixname.private_key="$privkey"
|
|
echo "INFO: publickey for wireguardpeer ${name}: $(uci get gateway.$name.local_private_key | wg pubkey)"
|
|
|
|
|
|
# add wireguard properties
|
|
if uci -q get network.@wireguard_$prefixname[0] > /dev/null; then
|
|
#config already exists
|
|
cfg="@wireguard_$prefixname[0]"
|
|
else
|
|
#create new config
|
|
cfg=$(uci add network wireguard_$prefixname)
|
|
fi
|
|
|
|
uci set network.$cfg.public_key="$pubkey"
|
|
uci set network.$cfg.endpoint_host="$endpoint_host"
|
|
uci set network.$cfg.endpoint_port="$endpoint_port"
|
|
uci set network.$cfg.persistent_keepalive="$persistent_keepalive"
|
|
uci -q delete network.$cfg.allowed_ips
|
|
uci add_list network.$cfg.allowed_ips='::/0'
|
|
uci add_list network.$cfg.allowed_ips='0.0.0.0/0'
|
|
|
|
|
|
# remove old addresses
|
|
uci -q del network.$prefixname.addresses
|
|
|
|
# add link local address
|
|
uci add_list network.$prefixname.addresses="$(ipEUIAssemble "fe80::/64" "$ROUTERMAC")"
|
|
|
|
# add peer_ip
|
|
babel_add_peeraddr "network.$prefixname.addresses"
|
|
babel_add_peer6addr "network.$prefixname.addresses"
|
|
|
|
# add iif-rules
|
|
babel_add_iifrules "$prefixname" || { echo "ERROR: Could not add iif-rules for wgpeer $name"; exit 1; }
|
|
|
|
# add babel interface
|
|
babel_add_interface "$prefixname" "$prefixname" 'wired' "$rxcost" || { echo "ERROR: Could not add babeld interface for wgpeer $name"; exit 1; }
|
|
}
|
|
|
|
config_load gateway
|
|
config_foreach add_wgpeer wireguardpeer
|
|
}
|
|
|
|
apply() {
|
|
uci commit network
|
|
uci commit babeld
|
|
uci commit gateway
|
|
}
|
|
|
|
revert() {
|
|
uci revert network
|
|
uci revert babeld
|
|
uci revert gateway
|
|
}
|