Skip to content
Snippets Groups Projects
Select Git revision
  • 3f7c0b3ae8297541389a2512ac92ad5c1a02bbeb
  • v2018.2.x default
  • experimental
  • master
  • v2021.1.2-ffs
  • v2021.1.1-ffs
  • nrb/gluon-master-cpe510
  • v2021.1-ffs
  • v2020.2.3-ffs
  • nrbffs/fastd-remove-delay
  • v2020.2.2-ffs
  • v2020.2.1-ffs
  • v2020.2-ffs
  • v2020.2.x
  • v2020.1.3-ffs
  • v2020.1.1-ffs
  • v2020.1-ffs
  • v2019.1.2-ffs
  • v2019.1.1-ffs
  • nrb/test-radv-filter
  • v2019.1-ffs
  • nrbffs/netgear-ex6120
  • v2021.1.2-ffs0.2
  • v2021.1.2-ffs0.1
  • v2021.1.1-ffs0.4
  • v2021.1.1-ffs0.3
  • v2021.1.1-ffs0.2
  • v2021.1.1-ffs0.1
  • v2021.1-ffs0.1
  • v2020.2.3-ffs0.3
  • v2020.2.3-ffs0.2
  • v2020.2.3-ffs0.1
  • v2020.2.2-ffs0.1
  • v2020.2.1-ffs0.1
  • v2020.2-ffs0.1
  • v2020.2
  • v2020.2.x-ffs0.1
  • v2020.1.3-ffs0.1
  • v2020.1.1-ffs0.1
  • v2020.1-ffs0.1
  • v2019.1.2-ffs0.1
  • v2019.1.1-ffs0.1
42 results

features

Blame
    • Forked from firmware / FFS Gluon
    1680 commits behind the upstream repository.
    user avatar
    gluon-mesh-vpn-wireguard: add package (#2168)
    lemoer authored and GitHub committed 
    The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).

The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.

Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"

The following interfaces are used for wireguard:
- wg_mesh  -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh

If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).
    3f7c0b3a
    History
    user avatar 3f7c0b3a
    History
    features 1.00 KiB

    Impressum - Datenschutz