-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fastd: add L2TP offload support #2186
Conversation
Preliminary testing is looking promising. I was able to compile a build, run it in a VM and have it connect to a fastd server in L2TP offload mode. Performance is consistent with using Tunneldigger as an L2TP broker (as expected). Thanks! This is looking good so far. |
I've just pushed an update that fixes opkg behaviour for "provides" for non-virtual packages. Without this patch, opkg would always prefer |
As it turns out, the small opkg patch is not sufficient to make this work in all cases. It seems that the package dependency resolution of opkg still can't properly deal with dependencies that are satisfied via "provides" ... Making the build work reliably may take some time. |
As I don't think we can sufficiently improve opkg's dependency resolution wit acceptable effort, I have enabled L2TP support by default in the fastd package now instead of providing two different variants. The L2TP kernel modules are still only installed when the Documentation of the new feature is still TODO. |
Happy to take a first stab at it unless you already started doing it. |
Thanks for the offer, I haven't started yet. |
Stab No. 1: #2251 |
I'm currently testing this on two of my nodes. So far i'm quite happy with it and hadn't any problems. 👍 Once i find some time i will try to add this to the FFRN nightly branch. |
a7fbee1
to
d56c454
Compare
d56c454
to
983512f
Compare
This also drops the GMAC-based methods from gluon-mesh-vpn-fastd's check_site.lua, as they are not supported anymore.
THe "null" and "null@l2tp" methods are considered equivalent and always added and removed together when the method list is "configurable". "null@l2tp" is added before "null", so it is preferred when the peer supports both.
- Restructure page - Add information on how to add L2TPv3 offloading support to a build using configurable ciphers. The null method is not reocmmended anymore. - Add notes and pointers regarding the gateway configuration to provide gateway admins with hints on how to modify their configuration to accommodate this new feature. - Mention wireguard support Based-on-patch-by: Felix Kaechele <[email protected]>
This is still a WIP, in particular because fastd v22 hasn't been released yet.
In addition to more testing, I'm also thinking about (optionally) statically linking the required parts of libmnl into fastd to reduce the size before v22 final.libmnl is linked into fastd statically now.gluon-mesh-vpn-fastd
; the new package/featuregluon-mesh-vpn-fastd-l2tp
only contains a marker fileconfigurable = true
, we always addnull@l2tp
beforenull
, so the L2TP method is preferredmesh-vpn-fastd-l2tp
is included, the following changed are applied to the fastd configuration:offload_l2tp = 1
. This also requirespersisist_interface = 0
andmode = 'multitap'
.peer_limit
is set to 1, as Gluon supports only a singlemesh_vpn
interfaceinterface
of each peer config is set to "mesh_vpn", so the interface for the single connection is correctly named "mesh_vpn" in Multi-TAP modeOn supernodes the following changes are necessary:
By only enabling L2TP offloading on the Gluon nodes and not the super nodes, no other changes are necessary on the super nodes. If CPU performance is problematic on supernodes, L2TP offloading can be enabled on the supernode as well, but this will require more complex config adjustments, as a separate interface will be created for each peer.
Due to the inclusion of the L2TP kernel support, enabling the
mesh-vpn-fastd-l2tp
Gluon feature increases the image size (by roughly 9.2KiB on ar71xx-generic, compared to an image with the same configuration and onlymesh-vpn-fastd
).TODO:
fastd v22 releaseTestingDocumentation