gluon-alt-esc: add client + provider package #1094
Conversation
|
Pictures for provider side:
Pictures for client side:
|
|
I guess the question will arise, so trying to answer it beforehand: Why an extra ESSID? Two reasons:
|
|
|
||
| PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) | ||
|
|
||
| include $(INCLUDE_DIR)/package.mk |
There was a problem hiding this comment.
This needs to be include ../gluon.mk with LEDE based builds. Same applies to the provider package.
|
/var/gluon/firewall.wan-nat6 should be located in /lib/gluon/firewall.wan-nat6 or even better /lib/gluon/alt-esc/iptables.rules like in gluon-mesh-vpn-core https://github.com/freifunk-gluon/gluon/pull/1094/files#diff-d015fd309cc74651d3e87ac021f94017R66 |
| local name = "altesc_" .. radio | ||
|
|
||
| if enabled.data then | ||
| local macaddr = util.get_wlan_mac(radio, index, 4) |
There was a problem hiding this comment.
get_wlan_mac() changed and now needs the UCI config as additional parameter c4613c4
| uci:commit('gluon-alt-esc-client') | ||
|
|
||
| i=0 | ||
| util.iterate_radios( |
There was a problem hiding this comment.
iterate_radios() changed and now needs the UCI config as additional parameter f48d10b
|
Wow. That's huge, both technically (haven't had a closer look yet but am baffled how this works) and politically. Thank you so much! Politically, I partially disagree with your reasoning for a (forced) separate ESSID. I would vote for the option to be a regular gateway, unset by default, as this still satisfies argument 2 I think, and doesn't blindly force your gateway onto others by default. That first argument actually is quite weak IMO, because it is technically possible to set up a gateway that will be chosen by neighbors (and without radv-filterd even by everybode in the mesh in the case of IPv6). |
|
|
||
|
|
||
| get_gw_hosts() { | ||
| for gw in `batctl gwl | tail -n +2 | sed "s/.* \(..:..:..:..:..:..\) (.*/\1/"`; do |
There was a problem hiding this comment.
Since batman-adv 2017.0 the header of batctl gwl consists of 3 lines.
There was a problem hiding this comment.
Also the output of batctl tg changed completely. The following works for my.
get_gw_hosts() {
for gw in `batctl gwl | tail -n +3 | sed "s/.* \(..:..:..:..:..:..\) (.*/\1/"`; do
batctl tg | egrep "^ \* .*$gw"
done | tr -s ' ' | sed -r -e 's/\( +/\(/g' | cut -d ' ' -f 3 | sort | uniq
}
|
As the English language, contrary to the German language, likes to repeat itself, I would recommend:
|
|
i would suggest a renaming of this package to BoSE (S stands for steel, E for Exit). |
|
Thanks for all the feedback and eager bug hunting so far! Found one more and I hope they are fixed now (@belzebub40k, can you check that the new regex-ing works for you and your compat15 setup, too?). |
|
@jplitza: Thanks for your valuable input! I like the idea of extending Alt-ESC with an option to provide an exit mesh wide for the standard ESSID. Yes, that should satisfy argument 2. However, so far I couldn't think of a way to use the DNAT-ing trick for that without causing potential roaming issues for the standard ESSID. If you have an idea, maybe we can discuss that on IRC or the Gluon mailinglist? |
|
If i understand correct, this will only affect (ap-)clients of the local node, correct? If so, i would preferr an option, to signalize this exit with a very low bandwidth, in plus putting some additional hop penalty on the meshvpn link, so that clients in the local mesh use this local exit. |
|
@T-X the sed statement to get the MACs from transglobal still does not work. With |
|
does this exist as an "optional package" somewhere for simply integration via site.mk? |
rotanid
added
the
2. status: merge conflict
|
I am also interested, it there is there an easy way to use this as external package, that we could add to our site.mk and modules? It seems there are only two changes in other files in gluon. Why do you have to change this here in |
|
I created a standalone package at: https://github.com/rubo77/gluon-alt-esc these are the needed changes in our site.conf to include this package from my rubo77-repository: freifunk-kiel/site-ffki@ab47b6b...db9e873 |
| @@ -19,8 +19,7 @@ uci:section('network', 'device', 'local_node_dev', { | |||
| local ip4, ip6 | |||
|
|
|||
| if site.next_node.ip4 then | |||
| local plen = site.prefix4:match('/%d+$') | |||
| ip4 = site.next_node.ip4 .. plen | |||
| ip4 = site.next_node.ip4 .. '/32' | |||
There was a problem hiding this comment.
Why did you remove site.prefix4:match('/%d+$') ?
There was a problem hiding this comment.
The br-client needs a more specific route than the local-node one (/24 vs. /32) as otherwise the kernel would select the wrong interface for outputting de-nat'ed packets coming back.
|
I renamed the upgrade files umbenannt: one number higher. 311 and 321 with the new content. this is a bit ugly, but should work and keep most of the original PR in the external package for now. The firmware is build sucessfully and is running. Now I wonder what are the correct settings I have to put into config mode. Can I just copy the Mac from the provider-section into the client section? And do I have to activate all checkboxes? What about mesh-VPN, do I have to enable that if I want to use the alt-esc? The router starts now in normal mode. And i can connect to the alternative ESSID ;) Seems to run fine! 🎉 |
|
I changed the texts, so they are more intuitive for not so advanced users: rubo77/gluon-alt-esc@e6c5246#diff-68586350a587e33d8e4ec7b3ca599fbdR43 Maybe you can take these changes into account in your PR?
|
|
This is a great job ! Does it works like this http://paste.debian.net/hidden/8866b304/ ? Alt-ESC is a Point-to-MultiPoints wireless link. So if the uplink node die all downlink nodes will be unreachable. |
|
@jerix777 your paste is not accessible. what is your question? |
|
@T-X: Good Idea! You pointed out in IRC
|
|
I updated my standalone package at https://github.com/rubo77/gluon-alt-esc New screenshots:
|
|
Nice +1 |
|
@CodeFetch: See @MPW1412's question here: And my response here: Anything to add to that? |
|
@T-X Yes, you need to filter 172.16.0.0/12, 10.0.0.0/8, 192.168.0.0/16 and maybe also compatibility/dummy addresses 192.0.0.8/32 and 192.0.0.0/29. |
|
Changelog v3:
Dependencies: #1472 and packages/#191 |
I'm using the (still pending) gluon-alt-esc package [0] here in Lübeck and for that it'd be nice to have the extra_prefixes6 added. Another potential user of this value is the gluon-ebtables-source-filter package. However that one is not in use in Lübeck by anyone so far as far as I know. [0]: freifunk-gluon/gluon#1094
|
@T-X : can you add your changes to my repo here? https://github.com/rubo77/gluon-alt-esc/commits/2018.1.x |
|
marking this as needs work as per discussin in #1472 |
The client package allows to create a new wifi interface with direct access to the local Freifunk network but with alternative exit gateways for internet connectivity. A custom ESSID can be chosen. The provider package is the counterpart to the client package and configures the firewall of the selected Gluon node to grant permission to route packets between the client and wan zone. Note that the Gluon Alt-ESC provider package is not mandatory for the Gluon Alt-ESC client package. In fact, any client device in the mesh network can be chosen and configured to provide internet access for the Alt-ESC client package. Signed-off-by: Linus Lüssing <[email protected]>
T-X
force-pushed
the
pr-gluon-alt-esc
branch
from
99f178c
to
3d6cd44
Compare
|
Changelog v4:
Note, that this pull-request should now only be merged after #1472 and #1568 were merged. This pull-request was retested together with #1472 and #1568 on top of current master. |
rotanid
added
2. status: blocked
|
thanks. i removed the "needs work" label and added the "blocked" label (as both of the other PRs have to be merged before this one) and the "needs testing" label |
|
I like your idea <3 - unfortunatly, I won't be able to test it in the next weeks. At a quick glance, the UX appears a little bit complicated, but that won't be a problem for a first try. |
|
This package is intended for the community repository, which is soon to be created. |
|
@mweinelt sharing of the local internet connection could be a nice core feature! In combination with ddhcp or xlat. So people can be able to easy turn a gluon node into a supernode. |
|
It could be, what we're not quite there yet. And alt-escape being in community packages will not make that impossible either. If this use case turns out to be practical there is not much that would prevent a package to migrate from community repos to the main repo. A current issue we have with this package is that it makes use of L2 NAT via ebt_dnat, which we consider to be a hack. |
|
Are all changes in Gluon accepted, so this can become a stand-alone package? |
|
It looks like they will be, we've just discussed what is necessary and what needs to be reviewed again. Blockers are here: |
|
Closing as we will not accept this into the core repository, as stated above. |
|
That really is a pitty. Is there another way, how we could re-implement a local exit then this into gluon? |
|
I followed @AlylonPrime's link in response to my feature request to this module and, well, what can I say, it reads fantastic. And I wish this thread had a Hollywood ending. So, I can only second @rubo77 and ask for just anything, really :o/ |
the blockers statet by mweinelt in #1094 (comment) were quite clear. |
The client package allows to create a new wifi interface with direct access
to the local Freifunk network but with alternative exit gateways for internet
connectivity. A custom ESSID can be chosen.
The provider package is the counterpart to the client package and
configures the firewall of the selected Gluon node to grant permission to
route packets between the client and wan zone.
Note that the Gluon Alt-ESC provider package is not mandatory for the
Gluon Alt-ESC client package. In fact, any client device in the mesh network
can be chosen and configured to provide internet access for the Alt-ESC
client package.