Merge branch 'configurable-methods'

This commit is contained in:
Matthias Schiffer 2015-05-06 23:54:17 +02:00
commit 1e427c4e77
13 changed files with 242 additions and 3 deletions

View File

@ -89,6 +89,8 @@
fastd_mesh_vpn = {
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
-- configurable = true,
mtu = 1426,
groups = {
backbone = {

View File

@ -97,11 +97,22 @@ next_node : package
fastd_mesh_vpn
Remote server setup for vpn.
Remote server setup for the fastd-based mesh VPN.
If `configurable` is false or unset, the method list will be replaced on updates
with the list in the site configuration. Setting `configurable` to `true` will allow the user to
add the method ``null`` to the front of the method list or remove ``null`` from it,
and make this change survive updates. Settings configurable is necessary for the
package `gluon-luci-mesh-vpn-fastd`, which adds a UI for this configuration.
In any case, the ``null`` method should always be the first method in the list
if it is supported at all. You should only set `configurable` to `true` if the
configured peers support both the ``null`` method and methods with encryption.
::
fastd_mesh_vpn = {
methods = {'salsa2012+umac'},
-- configurable = true,
mtu = 1426,
groups = {
backbone = {

View File

@ -0,0 +1,41 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-luci-mesh-vpn-fastd
PKG_VERSION:=1
PKG_RELEASE:=1
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(GLUONDIR)/include/package.mk
PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
define Package/gluon-luci-mesh-vpn-fastd
SECTION:=gluon
CATEGORY:=Gluon
TITLE:=Luci module to enable and disable encryption for the mesh VPN
DEPENDS:=+gluon-luci-admin +gluon-mesh-vpn-fastd
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Configure
endef
define Build/Compile
$(call GluonBuildI18N,gluon-mesh-vpn-fastd,i18n)
endef
define Package/gluon-luci-mesh-vpn-fastd/install
$(CP) ./files/* $(1)/
$(call GluonInstallI18N,gluon-mesh-vpn-fastd,$(1))
endef
define Package/gluon-luci-mesh-vpn-fastd/postinst
#!/bin/sh
$(call GluonCheckSite,check_site.lua)
endef
$(eval $(call BuildPackage,gluon-luci-mesh-vpn-fastd))

View File

@ -0,0 +1,2 @@
assert(need_boolean('fastd_mesh_vpn.configurable') == true,
"site.conf error: expected `fastd_mesh_vpn.configurable' to be true")

View File

@ -0,0 +1,5 @@
module("luci.controller.admin.mesh_vpn_fastd", package.seeall)
function index()
entry({"admin", "mesh_vpn_fastd"}, cbi("admin/mesh_vpn_fastd"), _("Mesh VPN"), 20)
end

View File

@ -0,0 +1,41 @@
local uci = luci.model.uci.cursor()
local util = luci.util
local f = SimpleForm('mesh_vpn', translate('Mesh VPN'))
f.template = "admin/expertmode"
local s = f:section(SimpleSection)
local o = s:option(Value, 'mode')
o.template = "gluon/cbi/mesh-vpn-fastd-mode"
local methods = uci:get('fastd', 'mesh_vpn', 'method')
if util.contains(methods, 'null') then
o.default = 'performance'
else
o.default = 'security'
end
function f.handle(self, state, data)
if state == FORM_VALID then
local site = require 'gluon.site_config'
local methods = {}
if data.mode == 'performance' then
table.insert(methods, 'null')
end
for _, method in ipairs(site.fastd_mesh_vpn.methods) do
if method ~= 'null' then
table.insert(methods, method)
end
end
uci:set('fastd', 'mesh_vpn', 'method', methods)
uci:save('fastd')
uci:commit('fastd')
end
end
return f

View File

@ -0,0 +1,32 @@
<div class="cbi-value">
<div class="cbi-value-title">
<input class="cbi-input-radio" onclick="cbi_d_update(this.id)" onchange="cbi_d_update(this.id)" type="radio" value="security"<%= attr("id", cbid..'1') .. attr("name", cbid) .. ifattr((self:cfgvalue(section) or self.default) == "security", "checked", "checked") %> />
</div>
<div class="cbi-value-field-long">
<label<%= attr("for", cbid..'1') %> class="cbi-value-title"><%:Security mode%></label>
<br />
<%= translate(
'In security mode, the mesh VPN uses an encrypted tunnel to connect to the VPN servers. ' ..
'The encryption ensures that it is impossible for your internet access provider to see what ' ..
'data is exchanged over your node.'
) %>
<br />
</div>
<div class="cbi-value-field-long-after"></div>
</div>
<div class="cbi-value cbi-value-last">
<div class="cbi-value-title">
<input class="cbi-input-radio" onclick="cbi_d_update(this.id)" onchange="cbi_d_update(this.id)" type="radio" value="performance"<%= attr("id", cbid..'2') .. attr("name", cbid) .. ifattr((self:cfgvalue(section) or self.default) == "performance", "checked", "checked") %> />
</div>
<div class="cbi-value-field-long">
<label<%= attr("for", cbid..'2') %> class="cbi-value-title"><%:Performance mode%></label>
<br />
<%= translate(
'In performance mode, no encryption is used. This usually allows for higher throughput, but the data exchanged over your node is not ' ..
'protected against eavesdroppers.'
) %>
<br />
</div>
<div class="cbi-value-field-long-after"></div>
</div>

View File

@ -0,0 +1,38 @@
msgid ""
msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Project-Id-Version: PACKAGE VERSION\n"
"PO-Revision-Date: 2015-05-03 20:39+0200\n"
"Last-Translator: <mschiffer@universe-factory.net>\n"
"Language-Team: German\n"
"Language: de\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
msgid ""
"In performance mode, no encryption is used. This usually allows for higher "
"throughput, but the data exchanged over your node is not protected against "
"eavesdroppers."
msgstr ""
"Im Modus &bdquo;Hohe Geschwindigkeit&ldquo; wird auf Verschlüsselung verzichtet. "
"Dies erlaubt häufig eine höhere Bandbreite als mit Verschlüsselung, aber die "
"Verbindung ist nicht gegen Abhören geschützt."
msgid ""
"In security mode, the mesh VPN uses an encrypted tunnel to connect to the "
"VPN servers. The encryption ensures that it is impossible for your internet "
"access provider to see what data is exchanged over your node."
msgstr ""
"Im Modus &bdquo;Hohe Sicherheit&ldquo; wird ein verschlüsselter Tunnel verwendet. "
"Dies schließt aus, dass dein Internetzugangsprovider herausfinden kann, was für "
"Daten über deinen Knoten übertragen werden."
msgid "Mesh VPN"
msgstr "Mesh-VPN"
msgid "Performance mode"
msgstr "Hohe Geschwindigkeit"
msgid "Security mode"
msgstr "Hohe Sicherheit"

View File

@ -0,0 +1,23 @@
msgid ""
msgstr "Content-Type: text/plain; charset=UTF-8"
msgid ""
"In performance mode, no encryption is used. This usually allows for higher "
"throughput, but the data exchanged over your node is not protected against "
"eavesdroppers."
msgstr ""
msgid ""
"In security mode, the mesh VPN uses an encrypted tunnel to connect to the "
"VPN servers. The encryption ensures that it is impossible for your internet "
"access provider to see what data is exchanged over your node."
msgstr ""
msgid "Mesh VPN"
msgstr ""
msgid "Performance mode"
msgstr ""
msgid "Security mode"
msgstr ""

File diff suppressed because one or more lines are too long

View File

@ -648,6 +648,21 @@ div.cbi-value-field {
}
}
div.cbi-value-field-long {
flex: 10;
position: relative;
input, select, input + label {
position: relative;
top: -0.39em;
}
}
div.cbi-value-field-long-after {
flex: 2;
}
div.cbi-value-description {
font-size: 8pt;
}

View File

@ -1,6 +1,7 @@
need_string_array('fastd_mesh_vpn.methods')
need_number('fastd_mesh_vpn.mtu')
need_boolean('fastd_mesh_vpn.enabled', false)
need_boolean('fastd_mesh_vpn.configurable', false)
local function check_peer(prefix)

View File

@ -5,6 +5,7 @@ local users = require 'gluon.users'
local util = require 'gluon.util'
local uci = require('luci.model.uci').cursor()
local lutil = require 'luci.util'
-- The previously used user is removed, we need root privileges to use the packet_mark option
@ -20,6 +21,33 @@ if not enabled then
end
local methods
if site.fastd_mesh_vpn.configurable then
local has_null = lutil.contains(site.fastd_mesh_vpn.methods, 'null')
local old_methods = uci:get('fastd', 'mesh_vpn', 'method')
if old_methods then
has_null = lutil.contains(old_methods, 'null')
end
methods = {}
if has_null then
table.insert(methods, 'null')
end
for _, method in ipairs(site.fastd_mesh_vpn.methods) do
if method ~= 'null' then
table.insert(methods, method)
end
end
else
methods = site.fastd_mesh_vpn.methods
end
uci:section('fastd', 'fastd', 'mesh_vpn',
{
enabled = enabled,
@ -29,7 +57,7 @@ uci:section('fastd', 'fastd', 'mesh_vpn',
mode = 'tap',
mtu = site.fastd_mesh_vpn.mtu,
secure_handshakes = 1,
method = site.fastd_mesh_vpn.methods,
method = methods,
packet_mark = 1,
status_socket = '/var/run/fastd.mesh_vpn.socket',
}