87 lines
2.1 KiB
Bash
87 lines
2.1 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
PROTO_DEBUG=1
|
||
|
|
||
|
. /lib/functions.sh
|
||
|
. ../netifd-proto.sh
|
||
|
init_proto "$@"
|
||
|
|
||
|
WG=/usr/bin/wg
|
||
|
|
||
|
proto_gluon_wireguard_init_config() {
|
||
|
proto_config_add_int index
|
||
|
proto_config_add_int mtu
|
||
|
}
|
||
|
|
||
|
interface_linklocal_from_wg_public_key() {
|
||
|
# We generate a predictable v6 address
|
||
|
local macaddr="$(printf "%s" "$1"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')"
|
||
|
local oldIFS="$IFS"; IFS=':';
|
||
|
# shellcheck disable=SC2086
|
||
|
set -- $macaddr; IFS="$oldIFS"
|
||
|
echo "fe80::$1$2:$3ff:fe$4:$5$6"
|
||
|
}
|
||
|
|
||
|
proto_gluon_wireguard_setup() {
|
||
|
local config="$1"
|
||
|
local ifname="$2"
|
||
|
|
||
|
local index mtu
|
||
|
json_get_vars index mtu
|
||
|
|
||
|
local public_key="$(/lib/gluon/mesh-vpn/wireguard_pubkey.sh)"
|
||
|
|
||
|
# The wireguard proto itself can not be moved here, as the proto does not
|
||
|
# allow add_dynamic.
|
||
|
|
||
|
wireguard_ip=$(interface_linklocal_from_wg_public_key "$public_key")
|
||
|
|
||
|
## Add IP
|
||
|
|
||
|
proto_add_host_dependency "$config" '' "$ifname"
|
||
|
proto_init_update "$ifname" 1
|
||
|
proto_add_data
|
||
|
json_add_string zone 'wired_mesh'
|
||
|
proto_close_data
|
||
|
proto_add_ipv6_address "$wireguard_ip" "128"
|
||
|
proto_send_update "$ifname"
|
||
|
|
||
|
## wgpeerselector
|
||
|
|
||
|
json_init
|
||
|
json_add_string name "${ifname}_peerselector"
|
||
|
json_add_string ifname "$ifname"
|
||
|
json_add_string proto 'wgpeerselector'
|
||
|
json_add_string unix_group 'gluon-mesh-vpn'
|
||
|
json_add_boolean transitive 1
|
||
|
json_close_object
|
||
|
ubus call network add_dynamic "$(json_dump)"
|
||
|
|
||
|
## vxlan
|
||
|
|
||
|
json_init
|
||
|
json_add_string name "mesh-vpn"
|
||
|
json_add_string proto 'vxlan6'
|
||
|
json_add_string tunlink "$ifname"
|
||
|
# ip6addr (the lower interface ip6) is used by the vxlan.sh proto
|
||
|
json_add_string ip6addr "$wireguard_ip"
|
||
|
json_add_string peer6addr "fe80::1"
|
||
|
json_add_int vid "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vxlan", 3), 16))')"
|
||
|
json_add_boolean rxcsum '0'
|
||
|
json_add_boolean txcsum '0'
|
||
|
json_close_object
|
||
|
ubus call network add_dynamic "$(json_dump)"
|
||
|
|
||
|
proto_init_update "$ifname" 1
|
||
|
proto_send_update "$config"
|
||
|
}
|
||
|
|
||
|
proto_gluon_wireguard_teardown() {
|
||
|
local config="$1"
|
||
|
|
||
|
proto_init_update "*" 0
|
||
|
proto_send_update "$config"
|
||
|
}
|
||
|
|
||
|
add_protocol gluon_wireguard
|