94 lines
2.0 KiB
Lua
Executable File
94 lines
2.0 KiB
Lua
Executable File
#!/usr/bin/lua
|
|
|
|
local site = require 'gluon.site_config'
|
|
local users = require 'gluon.users'
|
|
local util = require 'gluon.util'
|
|
|
|
local uci = require('luci.model.uci').cursor()
|
|
|
|
|
|
-- The previously used user is removed, we need root privileges to use the packet_mark option
|
|
users.remove_user('gluon-fastd')
|
|
|
|
-- Group for iptables rule
|
|
users.add_group('gluon-fastd', 800)
|
|
|
|
|
|
local enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
|
|
if not enabled then
|
|
enabled = site.fastd_mesh_vpn.enabled and 1 or 0
|
|
end
|
|
|
|
|
|
uci:section('fastd', 'fastd', 'mesh_vpn',
|
|
{
|
|
enabled = enabled,
|
|
group = 'gluon-fastd',
|
|
syslog_level = 'verbose',
|
|
interface = 'mesh-vpn',
|
|
mode = 'tap',
|
|
mtu = site.fastd_mesh_vpn.mtu,
|
|
secure_handshakes = 1,
|
|
method = site.fastd_mesh_vpn.methods,
|
|
packet_mark = 1,
|
|
status_socket = '/var/run/fastd.mesh_vpn.socket',
|
|
}
|
|
)
|
|
uci:delete('fastd', 'mesh_vpn', 'user')
|
|
|
|
uci:delete('fastd', 'mesh_vpn_backbone')
|
|
uci:section('fastd', 'peer_group', 'mesh_vpn_backbone',
|
|
{
|
|
enabled = 1,
|
|
net = 'mesh_vpn',
|
|
peer_limit = site.fastd_mesh_vpn.backbone.limit,
|
|
}
|
|
)
|
|
|
|
uci:delete_all('fastd', 'peer',
|
|
function(peer)
|
|
return peer.net == 'mesh_vpn' and peer.group == 'mesh_vpn_backbone'
|
|
end
|
|
)
|
|
|
|
for name, config in pairs(site.fastd_mesh_vpn.backbone.peers) do
|
|
uci:section('fastd', 'peer', 'mesh_vpn_backbone_peer_' .. name,
|
|
{
|
|
enabled = 1,
|
|
net = 'mesh_vpn',
|
|
group = 'mesh_vpn_backbone',
|
|
key = config.key,
|
|
remote = config.remotes,
|
|
}
|
|
)
|
|
end
|
|
|
|
uci:save('fastd')
|
|
uci:commit('fastd')
|
|
|
|
|
|
uci:section('network', 'interface', 'mesh_vpn',
|
|
{
|
|
ifname = 'mesh-vpn',
|
|
proto = 'batadv',
|
|
mesh = 'bat0',
|
|
mesh_no_rebroadcast = 1,
|
|
macaddr = util.generate_mac(4, 0),
|
|
}
|
|
)
|
|
|
|
uci:save('network')
|
|
uci:commit('network')
|
|
|
|
|
|
uci:section('firewall', 'include', 'mesh_vpn_dns',
|
|
{
|
|
type = 'restore',
|
|
path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',
|
|
family = 'ipv4',
|
|
}
|
|
)
|
|
|
|
uci:save('firewall')
|
|
uci:commit('firewall')
|