From be88eba07fcd71585845ba92daa770d85d83bed1 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Fri, 10 Mar 2017 16:21:32 +0100
Subject: [PATCH] Refactor common parts of gluon-mesh-vpn-fastd into a
gluon-mesh-vpn-core package
The fastd_mesh_vpn site.conf section is renamed to mesh_vpn.fastd.
---
docs/site-example/site.conf | 76 ++++----
docs/user/site.rst | 79 +++++----
package/gluon-mesh-vpn-core/Makefile | 35 ++++
package/gluon-mesh-vpn-core/check_site.lua | 8 +
.../files/lib/gluon/mesh-vpn/iptables.rules | 3 +
.../luasrc/lib/gluon/upgrade/400-mesh-vpn | 60 +++++++
package/gluon-mesh-vpn-fastd/Makefile | 4 +-
package/gluon-mesh-vpn-fastd/check_site.lua | 43 ++---
.../lib/gluon/mesh-vpn-fastd/iptables.rules | 3 -
.../files/lib/gluon/mesh-vpn/fastd | 0
.../lib/gluon/upgrade/400-mesh-vpn-fastd | 166 +++++++-----------
.../upgrade/420-mesh-vpn-fastd-simple-tc | 31 ----
.../gluon-web-mesh-vpn-fastd/check_site.lua | 4 +-
.../gluon/web/model/admin/mesh_vpn_fastd.lua | 2 +-
14 files changed, 273 insertions(+), 241 deletions(-)
create mode 100644 package/gluon-mesh-vpn-core/Makefile
create mode 100644 package/gluon-mesh-vpn-core/check_site.lua
create mode 100644 package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules
create mode 100755 package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/400-mesh-vpn
delete mode 100644 package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules
create mode 100644 package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn/fastd
delete mode 100755 package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/420-mesh-vpn-fastd-simple-tc
diff --git a/docs/site-example/site.conf b/docs/site-example/site.conf
index 07639b18c..2e4152392 100644
--- a/docs/site-example/site.conf
+++ b/docs/site-example/site.conf
@@ -95,48 +95,50 @@
-- },
-- },
- -- Refer to http://fastd.readthedocs.org/en/latest/ to better understand
- -- what these options do.
- fastd_mesh_vpn = {
- -- List of crypto-methods to use.
- methods = {'salsa2012+umac'},
- -- enabled = true,
- -- configurable = true,
- -- syslog_level = 'warn',
-
- mtu = 1280,
- groups = {
- backbone = {
- -- Limit number of connected peers to reduce bandwidth.
- limit = 1,
-
- -- List of peers.
- peers = {
- peer1 = {
- key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
-
- -- This is a list, so you might add multiple entries.
- remotes = {'ipv4 "xxx.somehost.invalid" port xxxxxx'},
+ mesh_vpn = {
+ -- Refer to http://fastd.readthedocs.org/en/latest/ to better understand
+ -- what these options do.
+ fastd = {
+ -- List of crypto-methods to use.
+ methods = {'salsa2012+umac'},
+ -- enabled = true,
+ -- configurable = true,
+ -- syslog_level = 'warn',
+
+ mtu = 1280,
+ groups = {
+ backbone = {
+ -- Limit number of connected peers to reduce bandwidth.
+ limit = 1,
+
+ -- List of peers.
+ peers = {
+ peer1 = {
+ key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
+
+ -- This is a list, so you might add multiple entries.
+ remotes = {'ipv4 "xxx.somehost.invalid" port xxxxxx'},
+ },
+ peer2 = {
+ key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
+ -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
+ remotes = {'"xxx.somehost2.invalid" port xxxxx'},
+ },
},
- peer2 = {
- key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
- -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
- remotes = {'"xxx.somehost2.invalid" port xxxxx'},
- },
- },
- -- Optional: nested peer groups
- -- groups = {
- -- backbone_sub = {
- -- ...
- -- },
+ -- Optional: nested peer groups
+ -- groups = {
+ -- backbone_sub = {
+ -- ...
+ -- },
+ -- ...
+ -- },
+ },
+ -- Optional: additional peer groups, possibly with other limits
+ -- backbone2 = {
-- ...
-- },
},
- -- Optional: additional peer groups, possibly with other limits
- -- backbone2 = {
- -- ...
- -- },
},
bandwidth_limit = {
diff --git a/docs/user/site.rst b/docs/user/site.rst
index abf787f0a..4fd5a55d7 100644
--- a/docs/user/site.rst
+++ b/docs/user/site.rst
@@ -169,14 +169,18 @@ mesh \: optional
mesh = {
batman_adv = {
gw_sel_class = 1,
- },
+ },
}
-fastd_mesh_vpn
- Remote server setup for the fastd-based mesh VPN.
+mesh_vpn
+ Remote server setup for the mesh VPN.
+
+ The `enabled` option can be set to true to enable the VPN by default. `mtu`
+ defines the MTU of the VPN interface.
- The `enabled` option can be set to true to enable the VPN by default.
+ The `fastd` section configures settings specific to the *fastd* VPN
+ implementation.
If `configurable` is set to `false` or unset, the method list will be replaced on updates
with the list from the site configuration. Setting `configurable` to `true` will allow the user to
@@ -191,44 +195,47 @@ fastd_mesh_vpn
You can set syslog_level from verbose (default) to warn to reduce syslog output.
::
- fastd_mesh_vpn = {
- methods = {'salsa2012+umac'},
- -- enabled = true,
- -- configurable = true,
- -- syslog_level = 'warn',
+ mesh_vpn = {
+ -- enabled = true,
mtu = 1280,
- groups = {
- backbone = {
- -- Limit number of connected peers from this group
- limit = 1,
- peers = {
- peer1 = {
- key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
- -- Having multiple domains prevents SPOF in freifunk.net
- remotes = {
- 'ipv4 "vpn1.alpha-centauri.freifunk.net" port 10000',
- 'ipv4 "vpn1.alpha-centauri-freifunk.de" port 10000',
+
+ fastd = {
+ methods = {'salsa2012+umac'},
+ -- configurable = true,
+ -- syslog_level = 'warn',
+ groups = {
+ backbone = {
+ -- Limit number of connected peers from this group
+ limit = 1,
+ peers = {
+ peer1 = {
+ key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+ -- Having multiple domains prevents SPOF in freifunk.net
+ remotes = {
+ 'ipv4 "vpn1.alpha-centauri.freifunk.net" port 10000',
+ 'ipv4 "vpn1.alpha-centauri-freifunk.de" port 10000',
+ },
+ },
+ peer2 = {
+ key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+ -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
+ remotes = {'"vpn2.alpha-centauri.freifunk.net" port 10000'},
},
},
- peer2 = {
- key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
- -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
- remotes = {'"vpn2.alpha-centauri.freifunk.net" port 10000'},
- },
+ -- Optional: nested peer groups
+ -- groups = {
+ -- lowend_backbone = {
+ -- limit = 1,
+ -- peers = ...
+ -- },
+ -- },
},
- -- Optional: nested peer groups
- -- groups = {
- -- lowend_backbone = {
- -- limit = 1,
- -- peers = ...
- -- },
+ -- Optional: additional peer groups, possibly with other limits
+ -- peertopeer = {
+ -- limit = 10,
+ -- peers = { ... },
-- },
},
- -- Optional: additional peer groups, possibly with other limits
- -- peertopeer = {
- -- limit = 10,
- -- peers = { ... },
- -- },
},
bandwidth_limit = {
diff --git a/package/gluon-mesh-vpn-core/Makefile b/package/gluon-mesh-vpn-core/Makefile
new file mode 100644
index 000000000..057d3bfac
--- /dev/null
+++ b/package/gluon-mesh-vpn-core/Makefile
@@ -0,0 +1,35 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-mesh-vpn-core
+PKG_VERSION:=1
+
+
+include ../gluon.mk
+
+
+define Package/gluon-mesh-vpn-core
+ SECTION:=gluon
+ CATEGORY:=Gluon
+ TITLE:=Basic support for connecting meshes via VPN tunnels
+ DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc
+endef
+
+define Build/Prepare
+ mkdir -p $(PKG_BUILD_DIR)
+endef
+
+define Build/Compile
+ $(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/)
+endef
+
+define Package/gluon-mesh-vpn-core/install
+ $(CP) ./files/* $(1)/
+ $(CP) $(PKG_BUILD_DIR)/luadest/* $(1)/
+endef
+
+define Package/gluon-mesh-vpn-core/postinst
+#!/bin/sh
+$(call GluonCheckSite,check_site.lua)
+endef
+
+$(eval $(call BuildPackage,gluon-mesh-vpn-core))
diff --git a/package/gluon-mesh-vpn-core/check_site.lua b/package/gluon-mesh-vpn-core/check_site.lua
new file mode 100644
index 000000000..94c0887bc
--- /dev/null
+++ b/package/gluon-mesh-vpn-core/check_site.lua
@@ -0,0 +1,8 @@
+need_boolean('mesh_vpn.enabled', false)
+need_number('mesh_vpn.mtu')
+
+if need_table('mesh_vpn.bandwidth_limit', nil, false) then
+ need_boolean('mesh_vpn.bandwidth_limit.enabled', false)
+ need_number('mesh_vpn.bandwidth_limit.ingress', false)
+ need_number('mesh_vpn.bandwidth_limit.egress', false)
+end
diff --git a/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules b/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules
new file mode 100644
index 000000000..771fb40c5
--- /dev/null
+++ b/package/gluon-mesh-vpn-core/files/lib/gluon/mesh-vpn/iptables.rules
@@ -0,0 +1,3 @@
+*nat
+-I OUTPUT -m owner --gid-owner gluon-mesh-vpn -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54
+COMMIT
diff --git a/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/400-mesh-vpn b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/400-mesh-vpn
new file mode 100755
index 000000000..36929b956
--- /dev/null
+++ b/package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/400-mesh-vpn
@@ -0,0 +1,60 @@
+#!/usr/bin/lua
+
+local site = require 'gluon.site_config'
+local users = require 'gluon.users'
+local util = require 'gluon.util'
+local fs = require 'nixio.fs'
+
+local uci = require('simple-uci').cursor()
+
+
+uci:section('network', 'interface', 'mesh_vpn', {
+ ifname = 'mesh-vpn',
+ proto = 'gluon_mesh',
+ transitive = true,
+ fixed_mtu = true,
+ macaddr = util.generate_mac(7),
+ mtu = site.mesh_vpn.mtu,
+})
+
+uci:save('network')
+
+
+if fs.access('/etc/config/gluon-simple-tc') then
+ os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')
+end
+
+if not uci:get('simple-tc', 'mesh_vpn') then
+ local config = {
+ ifname = 'mesh-vpn',
+ enabled = false,
+ }
+
+
+ if site.mesh_vpn.bandwidth_limit then
+ if site.mesh_vpn.bandwidth_limit.enabled then
+ config.enabled = true
+ end
+
+ config.limit_ingress = site.mesh_vpn.bandwidth_limit.ingress
+ config.limit_egress = site.mesh_vpn.bandwidth_limit.egress
+ end
+
+ uci:section('simple-tc', 'interface', 'mesh_vpn', config)
+ uci:save('simple-tc')
+end
+
+
+-- The previously used user and group are removed, we now have a generic group
+users.remove_user('gluon-fastd')
+users.remove_group('gluon-fastd')
+
+users.add_group('gluon-mesh-vpn', 800)
+
+uci:section('firewall', 'include', 'mesh_vpn_dns', {
+ type = 'restore',
+ path = '/lib/gluon/mesh-vpn/iptables.rules',
+ family = 'ipv4',
+})
+
+uci:save('firewall')
diff --git a/package/gluon-mesh-vpn-fastd/Makefile b/package/gluon-mesh-vpn-fastd/Makefile
index ea63d83ce..2a1cc0671 100644
--- a/package/gluon-mesh-vpn-fastd/Makefile
+++ b/package/gluon-mesh-vpn-fastd/Makefile
@@ -12,8 +12,8 @@ include ../gluon.mk
define Package/gluon-mesh-vpn-fastd
SECTION:=gluon
CATEGORY:=Gluon
- TITLE:=Support for connecting batman-adv meshes via fastd
- DEPENDS:=+gluon-core +libgluonutil +gluon-wan-dnsmasq +fastd +iptables +iptables-mod-extra +simple-tc
+ TITLE:=Support for connecting meshes via fastd
+ DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd
endef
define Build/Prepare
diff --git a/package/gluon-mesh-vpn-fastd/check_site.lua b/package/gluon-mesh-vpn-fastd/check_site.lua
index c8370a569..64da9c88c 100644
--- a/package/gluon-mesh-vpn-fastd/check_site.lua
+++ b/package/gluon-mesh-vpn-fastd/check_site.lua
@@ -1,39 +1,30 @@
local fastd_methods = {'salsa2012+gmac', 'salsa2012+umac', 'null+salsa2012+gmac', 'null+salsa2012+umac', 'null'}
-need_array_of('fastd_mesh_vpn.methods', fastd_methods)
-need_number('fastd_mesh_vpn.mtu')
-need_boolean('fastd_mesh_vpn.enabled', false)
-need_boolean('fastd_mesh_vpn.configurable', false)
+need_array_of('mesh_vpn.fastd.methods', fastd_methods)
+need_boolean('mesh_vpn.fastd.configurable', false)
-need_one_of('fastd_mesh_vpn.syslog_level', {'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
+need_one_of('mesh_vpn.fastd.syslog_level', {'error', 'warn', 'info', 'verbose', 'debug', 'debug2'}, false)
local function check_peer(prefix)
- return function(k, _)
- assert_uci_name(k)
+ return function(k, _)
+ assert_uci_name(k)
- local table = string.format('%s[%q].', prefix, k)
+ local table = string.format('%s[%q].', prefix, k)
- need_string_match(table .. 'key', '^%x+$')
- need_string_array(table .. 'remotes')
- end
+ need_string_match(table .. 'key', '^%x+$')
+ need_string_array(table .. 'remotes')
+ end
end
local function check_group(prefix)
- return function(k, _)
- assert_uci_name(k)
+ return function(k, _)
+ assert_uci_name(k)
- local table = string.format('%s[%q].', prefix, k)
+ local table = string.format('%s[%q].', prefix, k)
- need_number(table .. 'limit', false)
- need_table(table .. 'peers', check_peer(table .. 'peers'), false)
- need_table(table .. 'groups', check_group(table .. 'groups'), false)
- end
+ need_number(table .. 'limit', false)
+ need_table(table .. 'peers', check_peer(table .. 'peers'), false)
+ need_table(table .. 'groups', check_group(table .. 'groups'), false)
+ end
end
-need_table('fastd_mesh_vpn.groups', check_group('fastd_mesh_vpn.groups'))
-
-
-if need_table('fastd_mesh_vpn.bandwidth_limit', nil, false) then
- need_boolean('fastd_mesh_vpn.bandwidth_limit.enabled', false)
- need_number('fastd_mesh_vpn.bandwidth_limit.ingress', false)
- need_number('fastd_mesh_vpn.bandwidth_limit.egress', false)
-end
+need_table('mesh_vpn.fastd.groups', check_group('mesh_vpn.fastd.groups'))
diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules b/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules
deleted file mode 100644
index c1a16ee12..000000000
--- a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn-fastd/iptables.rules
+++ /dev/null
@@ -1,3 +0,0 @@
-*nat
--I OUTPUT -m owner --gid-owner gluon-fastd -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54
-COMMIT
diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn/fastd b/package/gluon-mesh-vpn-fastd/files/lib/gluon/mesh-vpn/fastd
new file mode 100644
index 000000000..e69de29bb
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
index f6793ecaa..91e2d1fbf 100755
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
+++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd
@@ -1,144 +1,104 @@
#!/usr/bin/lua
local site = require 'gluon.site_config'
-local users = require 'gluon.users'
local util = require 'gluon.util'
local uci = require('simple-uci').cursor()
--- The previously used user is removed, we need root privileges to use the packet_mark option
-users.remove_user('gluon-fastd')
-
--- Group for iptables rule
-users.add_group('gluon-fastd', 800)
-
-
local enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
-if not enabled then
- enabled = site.fastd_mesh_vpn.enabled or false
+if enabled == nil then
+ enabled = site.mesh_vpn.enabled or false
end
local syslog_level = uci:get('fastd', 'mesh_vpn', 'syslog_level') or 'verbose'
local methods
-if site.fastd_mesh_vpn.configurable then
- local has_null = util.contains(site.fastd_mesh_vpn.methods, 'null')
+if site.mesh_vpn.fastd.configurable then
+ local has_null = util.contains(site.mesh_vpn.fastd.methods, 'null')
- local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
- if old_methods then
- has_null = util.contains(old_methods, 'null')
- end
+ local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
+ if old_methods then
+ has_null = util.contains(old_methods, 'null')
+ end
- methods = {}
- if has_null then
- table.insert(methods, 'null')
- end
+ methods = {}
+ if has_null then
+ table.insert(methods, 'null')
+ end
- for _, method in ipairs(site.fastd_mesh_vpn.methods) do
- if method ~= 'null' then
- table.insert(methods, method)
- end
- end
+ for _, method in ipairs(site.mesh_vpn.fastd.methods) do
+ if method ~= 'null' then
+ table.insert(methods, method)
+ end
+ end
else
- methods = site.fastd_mesh_vpn.methods
+ methods = site.mesh_vpn.fastd.methods
end
-uci:section('fastd', 'fastd', 'mesh_vpn',
- {
- enabled = enabled,
- group = 'gluon-fastd',
- syslog_level = syslog_level,
- interface = 'mesh-vpn',
- mode = 'tap',
- mtu = site.fastd_mesh_vpn.mtu,
- secure_handshakes = true,
- method = methods,
- packet_mark = 1,
- status_socket = '/var/run/fastd.mesh_vpn.socket',
- }
-)
+uci:section('fastd', 'fastd', 'mesh_vpn', {
+ enabled = enabled,
+ group = 'gluon-mesh-vpn',
+ syslog_level = syslog_level,
+ interface = 'mesh-vpn',
+ mode = 'tap',
+ mtu = site.mesh_vpn.mtu,
+ secure_handshakes = true,
+ method = methods,
+ packet_mark = 1,
+ status_socket = '/var/run/fastd.mesh_vpn.socket',
+})
uci:delete('fastd', 'mesh_vpn', 'user')
local add_groups
local function add_peer(group, name, config)
- uci:section('fastd', 'peer', group .. '_peer_' .. name,
- {
- enabled = true,
- net = 'mesh_vpn',
- group = group,
- key = config.key,
- remote = config.remotes,
- }
- )
+ uci:section('fastd', 'peer', group .. '_peer_' .. name, {
+ enabled = true,
+ net = 'mesh_vpn',
+ group = group,
+ key = config.key,
+ remote = config.remotes,
+ })
end
local function add_group(name, config, parent)
- uci:delete('fastd', name)
- uci:delete_all('fastd', 'peer',
- function(peer)
- return (peer.net == 'mesh_vpn' and peer.group == name)
- end
- )
-
-
- uci:section('fastd', 'peer_group', name,
- {
- enabled = true,
- net = 'mesh_vpn',
- parent = parent,
- peer_limit = config.limit,
- }
- )
-
- if config.peers then
- for peername, peerconfig in pairs(config.peers) do
- add_peer(name, peername, peerconfig)
- end
- end
-
- add_groups(name, config.groups, name)
+ uci:delete('fastd', name)
+ uci:delete_all('fastd', 'peer', function(peer)
+ return (peer.net == 'mesh_vpn' and peer.group == name)
+ end)
+
+
+ uci:section('fastd', 'peer_group', name, {
+ enabled = true,
+ net = 'mesh_vpn',
+ parent = parent,
+ peer_limit = config.limit,
+ })
+
+ if config.peers then
+ for peername, peerconfig in pairs(config.peers) do
+ add_peer(name, peername, peerconfig)
+ end
+ end
+
+ add_groups(name, config.groups, name)
end
-- declared local above
function add_groups(prefix, groups, parent)
- if groups then
- for name, group in pairs(groups) do
- add_group(prefix .. '_' .. name, group, parent)
- end
- end
+ if groups then
+ for name, group in pairs(groups) do
+ add_group(prefix .. '_' .. name, group, parent)
+ end
+ end
end
-add_groups('mesh_vpn', site.fastd_mesh_vpn.groups)
+add_groups('mesh_vpn', site.mesh_vpn.fastd.groups)
uci:save('fastd')
-
-
-uci:section('network', 'interface', 'mesh_vpn',
- {
- ifname = 'mesh-vpn',
- proto = 'gluon_mesh',
- transitive = true,
- fixed_mtu = true,
- macaddr = util.generate_mac(7),
- }
-)
-
-uci:save('network')
-
-
-uci:section('firewall', 'include', 'mesh_vpn_dns',
- {
- type = 'restore',
- path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',
- family = 'ipv4',
- }
-)
-
-uci:save('firewall')
diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/420-mesh-vpn-fastd-simple-tc b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/420-mesh-vpn-fastd-simple-tc
deleted file mode 100755
index 59de61852..000000000
--- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/420-mesh-vpn-fastd-simple-tc
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/lua
-
-local site = require 'gluon.site_config'
-local uci = require('simple-uci').cursor()
-local fs = require 'nixio.fs'
-
-
-if fs.access('/etc/config/gluon-simple-tc') then
- os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')
-end
-
-
-if not uci:get('simple-tc', 'mesh_vpn') then
- local config = {
- ifname = 'mesh-vpn',
- enabled = false,
- }
-
-
- if site.fastd_mesh_vpn.bandwidth_limit then
- if site.fastd_mesh_vpn.bandwidth_limit.enabled then
- config.enabled = true
- end
-
- config.limit_ingress = site.fastd_mesh_vpn.bandwidth_limit.ingress
- config.limit_egress = site.fastd_mesh_vpn.bandwidth_limit.egress
- end
-
- uci:section('simple-tc', 'interface', 'mesh_vpn', config)
- uci:save('simple-tc')
-end
diff --git a/package/gluon-web-mesh-vpn-fastd/check_site.lua b/package/gluon-web-mesh-vpn-fastd/check_site.lua
index 42ff5a503..b9e41e113 100644
--- a/package/gluon-web-mesh-vpn-fastd/check_site.lua
+++ b/package/gluon-web-mesh-vpn-fastd/check_site.lua
@@ -1,2 +1,2 @@
-assert(need_boolean('fastd_mesh_vpn.configurable') == true,
- "site.conf error: expected `fastd_mesh_vpn.configurable' to be true")
+assert(need_boolean('mesh_vpn.fastd.configurable') == true,
+ "site.conf error: expected `mesh_vpn.fastd.configurable' to be true")
diff --git a/package/gluon-web-mesh-vpn-fastd/luasrc/lib/gluon/web/model/admin/mesh_vpn_fastd.lua b/package/gluon-web-mesh-vpn-fastd/luasrc/lib/gluon/web/model/admin/mesh_vpn_fastd.lua
index 73ba6cacf..8b772cd36 100644
--- a/package/gluon-web-mesh-vpn-fastd/luasrc/lib/gluon/web/model/admin/mesh_vpn_fastd.lua
+++ b/package/gluon-web-mesh-vpn-fastd/luasrc/lib/gluon/web/model/admin/mesh_vpn_fastd.lua
@@ -23,7 +23,7 @@ function mode:write(data)
table.insert(methods, 'null')
end
- for _, method in ipairs(site.fastd_mesh_vpn.methods) do
+ for _, method in ipairs(site.mesh_vpn.fastd.methods) do
if method ~= 'null' then
table.insert(methods, method)
end
--
GitLab