forked from freifunk-franken/firmware
fff-node: Add package fff-vxlan-node-vpn
This package adds vxlan support to the node variant and configures the vxlan-vpn tunnels to the gateways. Signed-off-by: Robert Langhammer <rlanghammer@web.de> Acked-by: Fabian Bläse <fabian@blaese.de> --- A vpn section for vxlan in hoodfile: "vpn": [ { "name": "gatewayname", "protocol": "vxlan", "address": "gateway.url" (or IP) } "name" is optional. ---
This commit is contained in:
parent
1febd2a9b2
commit
12f60419cd
|
@ -1,7 +1,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=fff-node
|
PKG_NAME:=fff-node
|
||||||
PKG_RELEASE:=3
|
PKG_RELEASE:=4
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
@ -12,6 +12,7 @@ define Package/fff-node
|
||||||
URL:=https://www.freifunk-franken.de
|
URL:=https://www.freifunk-franken.de
|
||||||
DEPENDS:=+fff-batman-adv \
|
DEPENDS:=+fff-batman-adv \
|
||||||
+fff-fastd \
|
+fff-fastd \
|
||||||
|
+fff-vxlan-node-vpn \
|
||||||
+fff-firewall \
|
+fff-firewall \
|
||||||
+fff-hoods \
|
+fff-hoods \
|
||||||
+fff-uradvd
|
+fff-uradvd
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_NAME:=fff-vxlan-node-vpn
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/$(PKG_NAME)
|
||||||
|
SECTION:=base
|
||||||
|
CATEGORY:=Freifunk
|
||||||
|
TITLE:=Freifunk-Franken vxlan-node
|
||||||
|
URL:=http://www.freifunk-franken.de
|
||||||
|
DEPENDS:=+vxlan
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/$(PKG_NAME)/description
|
||||||
|
This is the vxlan-node-vpn package for the Freifunk Franken Firmware
|
||||||
|
This will configure and set up the VPN via vxlan
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Build/Compile
|
||||||
|
# nothing
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/$(PKG_NAME)/install
|
||||||
|
$(CP) ./files/* $(1)/
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,$(PKG_NAME)))
|
|
@ -0,0 +1,15 @@
|
||||||
|
uci batch <<EOF
|
||||||
|
set network.vxlan0=interface
|
||||||
|
set network.vxlan0.proto=vxlan6
|
||||||
|
set network.vxlan0.port=8472
|
||||||
|
set network.vxlan0.ip6addr=auto
|
||||||
|
set network.vxlan0.srcportmin=8472
|
||||||
|
set network.vxlan0.srcportmax=8473
|
||||||
|
set network.vxlan0.ageing=30
|
||||||
|
set network.vxlan0.mtu=1422
|
||||||
|
|
||||||
|
set network.vxbat=interface
|
||||||
|
set network.vxbat.proto=batadv_hardif
|
||||||
|
set network.vxbat.master=bat0
|
||||||
|
set network.vxbat.ifname=vxlan0
|
||||||
|
EOF
|
|
@ -0,0 +1,27 @@
|
||||||
|
protocol=vxlan
|
||||||
|
|
||||||
|
vxlan_clear() {
|
||||||
|
while uci -q delete network.@vxlan_peer[0]; do :; done
|
||||||
|
}
|
||||||
|
|
||||||
|
vxlan_addpeer() {
|
||||||
|
uci set network.vxlan0.vid="$id"
|
||||||
|
json_get_var address address
|
||||||
|
address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
|
||||||
|
[ -z $address ] && return ## address not reachable
|
||||||
|
uci add network vxlan_peer
|
||||||
|
uci set network.@vxlan_peer[-1].vxlan="vxlan0"
|
||||||
|
uci set network.@vxlan_peer[-1].dst="$address"
|
||||||
|
}
|
||||||
|
|
||||||
|
vxlan_start_stop() {
|
||||||
|
uci commit network
|
||||||
|
# reload_config will not add new peers. A ifup is needed
|
||||||
|
ifup vxlan0
|
||||||
|
|
||||||
|
# this workaround is cleaning up old fdb entries
|
||||||
|
# and can be removed if someday netifd will do that
|
||||||
|
bridge fdb show dev vxlan0 state permanent | while read mac dst ip rest ; do
|
||||||
|
grep -q "$ip" /etc/config/network || bridge fdb del $mac dev vxlan0 dst $ip
|
||||||
|
done
|
||||||
|
}
|
Loading…
Reference in New Issue