Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tunspace: bunch of improvements #438

Merged
merged 2 commits into from
Sep 23, 2024
Merged

tunspace: bunch of improvements #438

merged 2 commits into from
Sep 23, 2024

Conversation

pktpls
Copy link
Contributor

@pktpls pktpls commented Sep 22, 2024

Compile tested: ipq40xx, ath79
Run tested: Fritzbox 4040, Glinet GL-XE300

Description of your changes:

These changes came about while setting up the XE300's internal LTE modem.

  • Handling of the uplink interface in various difficult situations is now much more robust, it recovers more reliably, etc.
  • Some types of uplink interfaces can't be added to a bridge, for various reasons. We now support a "direct" uplink mode which doesn't clone a macvlan bridge interface, and instead moves the uplink interface itself directly to the namespace.
    • The downside of this mode is that the fully configured and functional uplink interface will definitely leak out of the namespace on tunspace restart or stop.
  • The wg-installer servers on each gateway have a timeout based on a client's private key, which rejects reconnections (as in: re-registration) for 10 minutes or so. This can easily lead to situations where all available servers reject our private key for an annoyingly long time.
    • The tunspace client now generates a fresh new private key whenever it registers with a server. This circumvents the re-registration timeout, and there's also really no need for the wireguard keys to be permanent.

@pktpls pktpls changed the title Tunspace sep24 tunspace: bunch of improvements Sep 22, 2024
Akira25
Akira25 approved these changes Sep 23, 2024
View reviewed changes
Copy link
Member

@Akira25 Akira25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

For the Server-Timeout: Is there a good reason, why not abolishing that timeout?

@Akira25
Copy link
Member

Akira25 commented Sep 23, 2024

The CI got fixed in #441. You may rebase on the current master branch.

@pktpls
Copy link
Contributor Author

pktpls commented Sep 23, 2024
edited
Loading

For the Server-Timeout: Is there a good reason, why not abolishing that timeout?

I just dont want to touch wg-installer unless I must :) And the timeout does have its purpose (cleaning up unused interfaces), it's just that it should not reject reconnections.

@pktpls
tunspace: always use a new ephemeral private key
6ea3e55 
- filesystem access not need anymore
- don't run into wginstaller's key registration timeouts
@pktpls
tunspace: more robust uplink handling, and direct interface support
1c54296
@pktpls pktpls merged commit 484dd0d into freifunk-berlin:main Sep 23, 2024
5 checks passed
@pktpls pktpls deleted the tunspace-sep24 branch September 23, 2024 15:39
@pktpls
Copy link
Contributor Author

pktpls commented Sep 23, 2024

also backported to openwrt-23.05 branch (along with 355a923)

@pktpls pktpls mentioned this pull request Sep 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Akira25 Akira25 Akira25 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pktpls @Akira25