Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ffbs-mesh-vpn-parker #142

Merged
merged 24 commits into from
Feb 9, 2025
Merged

Add ffbs-mesh-vpn-parker #142

merged 24 commits into from
Feb 9, 2025

Conversation

SmithChart
Copy link
Contributor

This is the core package of gluon-parker,
a Gluon fork that uses routing between the nodes
(aka. Router devices) and the infrastructure.
It is currently in use at Freifunk Braunschweig.
Other communities are interested in adopting it as well.

This package installs the nodeconfig and noderoute services together
with a set of new firewall-rules.

@SmithChart SmithChart requested a review from grische November 6, 2024 20:54
@SmithChart
Copy link
Contributor Author

Well, some of the shellcheck messages for files in /etc/init.d look fun. Will look into that later on..

@SmithChart SmithChart marked this pull request as draft November 7, 2024 06:49
@SmithChart
Copy link
Contributor Author

FTR: @maurerle provided some changes to this package we are currently discussing here. Will un-draft once I have an updated package.

This was referenced Nov 8, 2024
Merged
Merged
grische
grische reviewed Nov 8, 2024
View reviewed changes
Copy link
Contributor

@grische grische left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some comments on the shell code

@blocktrron
Copy link
Member

Please see #139 (comment)

SmithChart and others added 10 commits November 20, 2024 20:22
@SmithChart
Add ffbs-parker-nodeconfig
94c4fe6 
This adds ffbs-parker-nodeconfig - a package of the *parker*-flavor
of Gluon.

Previously this package has been managed in
https://gitli.stratum0.org/ffbs/ffbs-packages under the name
`gluon-ffbsnext-nodeconfig`.
Last commit-id: 4f83ee2f2571a2baa5493038da7c6fb3cc0b8016
@SmithChart
ffbs-parker-nodeconfig: Get NTP server from site
f66665d 
This removes a hard-coded value.
Previously, this scripts have only been used by Freifunk Braunschweig.
There hard-coding was no issue.
Now, with more communities wanting to try parker out, we have to fix
those.

The `ntp_servers` list has already been introduced by Gluon upstream.
With this change we re-use this value here.

This also means that the NTP-server for the nodes should be accessible
for the clients as well.
@SmithChart
ffbs-parker-nodeconfig: firewall: Allow respondd from all internal addr
2f48599 
This firewall rules make sure, that respondd is only accessible from
inside the Freifunk network (client network or VPN) - but not from other
interfaces (e.g. `br-wan`).

While we were only using it for Freifunk Braunschweig the `src_ip`
limitation did not really matter:
Per definition these are the only IPv6 addresses on these interfaces
anyway.

But while preparing this tooling for a wider use we should rethink this
decision.
There is no need to limit access to a specific IPv6 range, as long as
the requests are still coming from the inside.
@maurerle @SmithChart
add parker provider to ffbs-parker-nodeconfig
537609b
@maurerle @SmithChart
rename ffbs-parker-nodeconfig to ffbs-mesh-vpn-parker
c8460a6
@maurerle @SmithChart
make backwards compatible by providing former package name
ca7eea1
@maurerle @SmithChart
fix duplicate dependency
2f4d446
@maurerle @SmithChart
move luasrc around, fix wrong provider folder location
ca674f5
@maurerle @SmithChart
fixes for luacheck
b4f01b6
@SmithChart
ffbs-mesh-vpn-parker: Drop legacy route check
35b7dc7 
This check was intended to check if the IPv6 address/routing
configuration is sane.
But it currently relies on a hard-coded value for ffbs, so it does not
make sense to have it for all communities.

Lately we did not see this diagnosis trigger, so it's probably safe to
remove anyway.

If we encounter problems later on we can still add a generic check.
@SmithChart SmithChart force-pushed the ffbs-parker-nodeconfig branch from db1097b to 35b7dc7 Compare November 20, 2024 19:25
@SmithChart
Copy link
Contributor Author

FTR: Appended commits from SmithChart#1 . Thx @maurerle

Also added one change from me while I was on it.

@SmithChart SmithChart changed the title Add ffbs-parker-nodeconfig Add ffbs-mesh-vpn-parker Nov 20, 2024
@maurerle
Copy link
Member

Wouldn't it be useful to also add the additional uci settings required for parker to one of the packages?

Specifically:

and adding

uci:delete_all('firewall', 'rule', function(rule)
	return rule['.name']:find('^mesh_respondd_siteprefix')
end)

instead of having this here:
ffbs/gluon-parker@2e53380#diff-70c0178fef0afe6aa581fdd24bcd19c5ad4f04874648698469f5f5896dc1b500

This would further reduce the required delta of gluon.

This was referenced Nov 27, 2024
Merged
Merged
@SmithChart
Copy link
Contributor Author

Wouldn't it be useful to also add the additional uci settings required for parker to one of the packages?

Specifically:

* [ffbs/gluon-parker@1722bc5](https://github.com/ffbs/gluon-parker/commit/1722bc53f5b6612927ee6f49d6c4713321003c63)

* and [ffbs/gluon-parker@42987a0](https://github.com/ffbs/gluon-parker/commit/42987a057518d9b409cd502e37145ae1b8c30e0a)

and adding

uci:delete_all('firewall', 'rule', function(rule)
	return rule['.name']:find('^mesh_respondd_siteprefix')
end)

instead of having this here: ffbs/gluon-parker@2e53380#diff-70c0178fef0afe6aa581fdd24bcd19c5ad4f04874648698469f5f5896dc1b500

This would further reduce the required delta of gluon.

Do not get me wrong: This suggestion is totally right, but I would like to get forward to get this PR ready to merge at the moment.

I would suggest to open an issue against https://github.com/ffbs/gluon-parker/issues and track this suggestion there. After we have got this merged once we can continue to work on reducing the delta of gluon-parker against upstream gluon.

@grische
Copy link
Contributor

grische commented Dec 15, 2024

@SmithChart the suggestions should have been implemented already with the two PRs you merged today

@maurerle
Copy link
Member

I think if we test the current packages with the latest https://github.com/ffbs/gluon-parker
and it works on your side, we can merge the related packages and this :)

@SmithChart
Copy link
Contributor Author

@maurerle For now it does not work on our side. It is building - but the firmware on the nodes does not work.
My investigation is based on Gluon + site.

On the bright side: The problem seems trivial:
In production mode br-wan is not in table 1. We are missing a network.wan.ip4table='1'.

(On the other hand my automated tests are broken due to the changes in handling of the wg-key. So more error reports are to expect.)

@SmithChart SmithChart force-pushed the ffbs-parker-nodeconfig branch from 87b86c2 to b5fa9e1 Compare February 9, 2025 13:30
@SmithChart
Copy link
Contributor Author

SmithChart commented Feb 9, 2025
edited
Loading

@maurerle For now it does not work on our side. It is building - but the firmware on the nodes does not work. My investigation is based on Gluon + site.

On the bright side: The problem seems trivial: In production mode br-wan is not in table 1. We are missing a network.wan.ip4table='1'.

This was fixed by: 7a44727

grische and others added 10 commits February 9, 2025 15:04
@grische @SmithChart
ffbs-mesh-vpn-parker: check uci for config_server
46cc67c
@grische @SmithChart
ffbs-mesh-vpn-parker: fix default parker config
de9b244
@grische @SmithChart
ffbs-mesh-vpn-parker: make sure wg-pubkey exists
748d3e3
@grische @jluebbe @SmithChart
ffbs-mesh-vpn-parker: configure unreachable routes
655959f 
Co-Authored-By: Jan Luebbe <jlu@pengutronix.de>
@grische @jluebbe @SmithChart
ffbs-mesh-vpn-parker: place ipv4 wan routes into table 1
2bc4460 
Co-Authored-By: Jan Luebbe <jlu@pengutronix.de>
@grische @SmithChart
ffbs-mesh-vpn-parker: move parker pubkey to uci
b2e19a7 
Also moving the pubkey file to /tmp/ as it will be written every
time that nodeconfig is run.
@grische @SmithChart
ffbs-mesh-vpn-parker: delete prefix6 firewall rule
a320cf1 
The mesh_respondd_siteprefix and mesh_respondd_extraprefix[0-9]+ rules
do not make sense in the context of parker as there are no prefix4
and prefix6 attributes anymore.

Based on
ffbs/gluon-parker@2e53380#diff-70c0178fef0afe6aa581fdd24bcd19c5ad4f04874648698469f5f5896dc1b500L36-L43
@SmithChart
ffbs-mesh-vpn-parker: Rename respondd-dependency
0a1beb4 
The name of the dependency has been changed during cleanup. So let's
change the dependency here, too.
@SmithChart
ffbs-mesh-vpn-parker: Mark files in gluon/upgrade as executable
382049e 
These new files have been marked as executed, thus they were net
executed when upgrading.
This commit sets them +x.
@SmithChart
ffbs-mesh-vpn-parker: Drop files in /etc/rc.d
e57234c 
Files in rc.d are placed by the build system (as symlinks) anyway and
these files never made it to the target.
@SmithChart SmithChart force-pushed the ffbs-parker-nodeconfig branch 2 times, most recently from 3408b6f to ce1765e Compare February 9, 2025 14:11
@SmithChart SmithChart force-pushed the ffbs-parker-nodeconfig branch from ce1765e to 4f321ed Compare February 9, 2025 15:34
@SmithChart SmithChart marked this pull request as ready for review February 9, 2025 15:59
@SmithChart SmithChart merged commit 375fa1c into freifunk-gluon:master Feb 9, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grische grische grische left review comments

@jluebbe jluebbe jluebbe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SmithChart @blocktrron @maurerle @grische @jluebbe