mesh-vpn: fully abstract VPN methods #2102
Conversation
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
c3b5ddd to
ba34418
Compare
package/gluon-mesh-vpn-core/luasrc/usr/lib/lua/gluon/mesh-vpn/core.lua
Outdated
Show resolved
Hide resolved
|
I see a few conceptual issues that need to be discuss:
|
package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/method/fastd.lua
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-core/luasrc/usr/lib/lua/gluon/mesh-vpn/core.lua
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/method/fastd.lua
Outdated
Show resolved
Hide resolved
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
ba34418 to
dc13502
Compare
|
@NeoRaider For the first point, I would propose to leave it to the site configuration for now. The goal of this PR is not to add this functionality but to remove the core VPN package dependencies on the specific VPN implementation packages. Your second remark is correct. I've simply didn't correctly interpret the context and it's goal for which the specific VPN states are extracted. I'll fix that. |
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
2 times, most recently
from
8fff333 to
d84c0a1
Compare
package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
Outdated
Show resolved
Hide resolved
package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
Outdated
Show resolved
Hide resolved
package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-core/luasrc/usr/lib/lua/gluon/mesh-vpn/core.lua
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/method/fastd.lua
Outdated
Show resolved
Hide resolved
| end | ||
| uci:save('tunneldigger') |
There was a problem hiding this comment.
You are removing the code that disables the unavailable VPNs, this is not correct.
There was a problem hiding this comment.
Hmm, I wrote the code this way so that even VPNs that are not installed anymore get disabled (for the case when for example fastd is installed, but gluon-mesh-vpn-fastd isn't).
What we really want is a generic facility that allows removed packages to clean up after themselves on firmware upgrades, that way we wouldn't need a full list of packages that could exist. I have a few ideas how to solve this...
package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/method/fastd.lua
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-core/luasrc/usr/lib/lua/gluon/mesh-vpn/core.lua
Outdated
Show resolved
Hide resolved
package/gluon-mesh-vpn-core/luasrc/usr/lib/lua/gluon/mesh-vpn/core.lua
Outdated
Show resolved
Hide resolved
rotanid
added
the
2. status: waiting-on-author
|
@NeoRaider
I've been working on IPSec using L2TP where I'd like to be able to let the user configure the encryption this way. Please make it as generic as possible or we will rip it out again, later. |
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
4 times, most recently
from
3688b9c to
fae8219
Compare
|
Fixed all outstanding comments. Regarding the teardown of old VPN methods - I tend to leave it as - is for now. This might not be perfect, but we remain consistent in the behavior. For the future, we can have a teardown manager which manages teardown in case a package does no exist anymore. The goal of allowing a third-party VPN method from a community feed is still possible this way, they have to take care of teardown themselves though. @AiyionPrime Not build / ru ntested yet although the linter is happy. |
|
Thanks! You five got access to it, welcome to my kitchen; obviously leave the rest of the network untouched. |
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
fae8219 to
251d550
Compare
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
e4b5414 to
ef5fe30
Compare
github-actions
bot
added
3. topic: config-mode
|
Addressed comments and rebased on #2223 |
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
ef5fe30 to
fca24cc
Compare
|
There are currently 17 occurrences of |
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
2 times, most recently
from
330ed59 to
4d737b8
Compare
|
Looks better, I'll test later, when the dust has settled a little. |
|
Works from my testing. |
|
Compiles and gluon-reconfigure does it's job. I'll close blocktrron#6 then. |
| if meshvpn_enabled then | ||
| pubkey = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn')) | ||
| if has_vpn and vpn.enabled() then | ||
| local _, active_vpn = vpn.get_active_provider() |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
| end | ||
|
|
||
| function M.uci_sections() | ||
| return {'tunneldigger'} |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
These methods are now obsolete anyways, as uci::commit is called globally on reconfigure anyways. I removed them now.
| pubkey = util.trim(util.exec("/etc/init.d/fastd show_key mesh_vpn")) | ||
| if vpn.enabled() then | ||
| local _, active_vpn = vpn.get_active_provider() | ||
| pubkey = active_vpn.public_key() |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
4d737b8 to
3ee6a02
Compare
This fully abstracts VPN methods, making gluon-mesh-vpn-fastd and gluon-mesh-vpn-tunneldigger completely self-contained. Provide a LUA interface for generic interacting with VPN methods in gluon-mesh-vpn-core and web packages. This also adds the ability to install tunneldigger and fastd to the same image, selecting the VPN method based on the selected domain. Signed-off-by: David Bauer <mail@david-bauer.net>
blocktrron
force-pushed
the
mesh-vpn-abstraction
branch
from
3ee6a02 to
98a1c19
Compare
There was a problem hiding this comment.
Looks good to me.
@NeoRaider or @mweinelt may you review once more?
|
I compiled the code before the weekend; and just did so again. It's deployed on http://meshvpnabstracttest.n.ffh.zone/cgi-bin/status. |
|
Verified initial setup & upgrades are working in a fastd environment. Let's do this. |
The Gluon Tunneldigger protocol handler hasn't received the care and attention a core package, especially a VPN protocol, should. Due to the works in freifunk-gluon#2102 it's no longer required to maintain VPN handlers in the Gluon Core and they can be instead included via a package feed. Users who wish to continue using a supported core Gluon package are encouraged to take a look at fastd in conjunction with it's null@l2tp method. It offers roughly the same performance (it's using the same principle of operation) and supports connections via IPv6 as a bonus. In general it should be possible to change the VPN used protocol asynchronously with a normal update. If Gluon users wish to continue using tunneldigger the recomendation is to participate in the development of tunneldigger inside our community-packages.
The Gluon Tunneldigger protocol handler hasn't received the care and attention a core package, especially a VPN protocol, should. Due to the works in freifunk-gluon#2102 it's no longer required to maintain VPN handlers in the Gluon Core and they can be instead included via a package feed. Users who wish to continue using a supported core Gluon package are encouraged to take a look at fastd in conjunction with it's null@l2tp method. It offers roughly the same performance (it's using the same principle of operation) and supports connections via IPv6 as a bonus. In general it should be possible to change the VPN used protocol asynchronously with a normal update. If Gluon users wish to continue using tunneldigger the recomendation is to participate in the development of tunneldigger inside our community-packages.
The Gluon Tunneldigger protocol handler hasn't received the care and attention a core package, especially a VPN protocol, should. Due to the works in freifunk-gluon#2102 it's no longer required to maintain VPN handlers in the Gluon Core and they can be instead included via a package feed. Users who wish to continue using a supported core Gluon package are encouraged to take a look at fastd in conjunction with it's null@l2tp method. It offers roughly the same performance (it's using the same principle of operation) and supports connections via IPv6 as a bonus. In general it should be possible to change the VPN used protocol asynchronously with a normal update. If Gluon users wish to continue using tunneldigger the recomendation is to participate in the development of tunneldigger inside our community-packages.
The Gluon Tunneldigger protocol handler hasn't received the care and attention a core package, especially a VPN protocol, should. Due to the works in #2102 it's no longer required to maintain VPN handlers in the Gluon Core and they can be instead included via a package feed. Users who wish to continue using a supported core Gluon package are encouraged to take a look at fastd in conjunction with it's null@l2tp method. It offers roughly the same performance (it's using the same principle of operation) and supports connections via IPv6 as a bonus. In general it should be possible to change the VPN used protocol asynchronously with a normal update. If Gluon users wish to continue using tunneldigger the recomendation is to participate in the development of tunneldigger inside our community-packages.
The Gluon Tunneldigger protocol handler hasn't received the care and attention a core package, especially a VPN protocol, should. Due to the works in freifunk-gluon#2102 it's no longer required to maintain VPN handlers in the Gluon Core and they can be instead included via a package feed. Users who wish to continue using a supported core Gluon package are encouraged to take a look at fastd in conjunction with it's null@l2tp method. It offers roughly the same performance (it's using the same principle of operation) and supports connections via IPv6 as a bonus. In general it should be possible to change the VPN used protocol asynchronously with a normal update. If Gluon users wish to continue using tunneldigger the recomendation is to participate in the development of tunneldigger inside our community-packages.
This fully abstracts VPN methods, making gluon-mesh-vpn-fastd and
gluon-mesh-vpn-tunneldigger completely self-contained.
Provide a LUA interface for generic interacting with VPN methods in
gluon-mesh-vpn-core and web packages.
This also adds the ability to install tunneldigger and fastd to the same
image, selecting the VPN method based on the selected domain.