2017-03-10 15:21:32 +00:00
|
|
|
#!/usr/bin/lua
|
|
|
|
|
2017-08-11 18:47:35 +00:00
|
|
|
local site = require 'gluon.site'
|
2017-03-10 15:21:32 +00:00
|
|
|
local users = require 'gluon.users'
|
|
|
|
local util = require 'gluon.util'
|
|
|
|
|
|
|
|
local uci = require('simple-uci').cursor()
|
|
|
|
|
2020-08-16 16:03:21 +00:00
|
|
|
local vpn_core = require 'gluon.mesh-vpn'
|
2017-03-10 15:21:32 +00:00
|
|
|
|
|
|
|
uci:section('network', 'interface', 'mesh_vpn', {
|
2020-08-16 16:03:21 +00:00
|
|
|
ifname = vpn_core.get_interface(),
|
2017-03-10 15:21:32 +00:00
|
|
|
proto = 'gluon_mesh',
|
|
|
|
transitive = true,
|
|
|
|
fixed_mtu = true,
|
|
|
|
macaddr = util.generate_mac(7),
|
2017-08-11 18:47:35 +00:00
|
|
|
mtu = site.mesh_vpn.mtu(),
|
2017-03-10 15:21:32 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
uci:save('network')
|
|
|
|
|
|
|
|
|
|
|
|
-- The previously used user and group are removed, we now have a generic group
|
|
|
|
users.remove_user('gluon-fastd')
|
|
|
|
users.remove_group('gluon-fastd')
|
|
|
|
|
|
|
|
uci:section('firewall', 'include', 'mesh_vpn_dns', {
|
|
|
|
type = 'restore',
|
|
|
|
path = '/lib/gluon/mesh-vpn/iptables.rules',
|
|
|
|
family = 'ipv4',
|
|
|
|
})
|
|
|
|
|
|
|
|
uci:save('firewall')
|
2017-03-10 18:10:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
-- VPN migration
|
2019-06-11 13:44:29 +00:00
|
|
|
if not uci:get('gluon', 'mesh_vpn') then
|
2020-08-16 16:03:21 +00:00
|
|
|
local vpn, _ = vpn_core.get_active_provider()
|
2017-03-10 18:10:01 +00:00
|
|
|
|
2019-06-11 13:44:29 +00:00
|
|
|
local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
|
|
|
|
local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
|
|
|
|
|
|
|
|
local enabled
|
|
|
|
|
|
|
|
-- If the installed VPN package has its enabled state set, keep the value
|
|
|
|
if vpn == 'fastd' and fastd_enabled then
|
|
|
|
enabled = fastd_enabled == '1'
|
|
|
|
elseif vpn == 'tunneldigger' and tunneldigger_enabled then
|
|
|
|
enabled = tunneldigger_enabled == '1'
|
|
|
|
-- Otherwise, migrate the other package's value if any is set
|
|
|
|
elseif fastd_enabled or tunneldigger_enabled then
|
|
|
|
enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
|
|
|
|
-- If nothing is set, use the default
|
|
|
|
else
|
|
|
|
enabled = site.mesh_vpn.enabled(false)
|
|
|
|
end
|
2021-09-14 23:25:59 +00:00
|
|
|
-- wireguard is not listed here, as it didn't exist before the uci section
|
|
|
|
-- gluon.mesh_vpn was introduced. Therefore no migration is necessary.
|
2019-06-11 13:44:29 +00:00
|
|
|
|
|
|
|
|
|
|
|
local limit_enabled = tonumber((uci:get('simple-tc', 'mesh_vpn', 'enabled')))
|
|
|
|
if limit_enabled == nil then
|
|
|
|
limit_enabled = site.mesh_vpn.bandwidth_limit.enabled(false)
|
2018-07-25 23:26:00 +00:00
|
|
|
end
|
2019-06-11 13:44:29 +00:00
|
|
|
|
|
|
|
local limit_ingress = tonumber((uci:get('tunneldigger', 'mesh_vpn', 'limit_bw_down')))
|
|
|
|
if limit_ingress == nil then
|
|
|
|
limit_ingress = tonumber((uci:get('simple-tc', 'mesh_vpn', 'limit_ingress')))
|
|
|
|
end
|
|
|
|
if limit_ingress == nil then
|
|
|
|
limit_ingress = site.mesh_vpn.bandwidth_limit.ingress()
|
|
|
|
end
|
|
|
|
|
|
|
|
local limit_egress = tonumber((uci:get('simple-tc', 'mesh_vpn', 'limit_egress')))
|
|
|
|
if limit_egress == nil then
|
|
|
|
limit_egress = site.mesh_vpn.bandwidth_limit.egress()
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
uci:section('gluon', 'mesh_vpn', 'mesh_vpn', {
|
|
|
|
enabled = enabled,
|
|
|
|
limit_enabled = limit_enabled,
|
|
|
|
limit_ingress = limit_ingress,
|
|
|
|
limit_egress = limit_egress,
|
|
|
|
})
|
|
|
|
uci:save('gluon')
|
2017-08-07 23:28:53 +00:00
|
|
|
end
|
2019-06-11 13:44:29 +00:00
|
|
|
|
|
|
|
os.execute('exec /lib/gluon/mesh-vpn/update-config')
|