[LEDE-DEV] Questions about netifd, ip rules and VPN
mt
mt at i3o.de
Fri Sep 15 08:31:07 PDT 2017
Hi,
I'm trying to wrap my head around what is possible with only declarative
settings in netifd / uci for VPN connections.
At the moment it looks like scripts in /etc/hotplug.d/iface are the only
solution for my setup: A Freifunk VPN as a netifd proto i.e. wireguard):
- Use ip4table, ip6table in the vpn uci settings to set the default gw
to a different routing table
- If wan is active start the vpn interface: Call ifup vpn in
/etc/hotplug.d/iface/99-vpn.sh when wan is up, call ifdown vpn if wan is
down.
- Set/remove my manual ip rules for forwarding mesh / ap traffic to the
vpn in /etc/hotplug.d/iface/99-vpn.sh
Is this a sane way to do this? I'd like to move as much setup as
possible to uci/netifd
It's also possible to define ip rules in uci but these are independed of
the interface state and always set on boot? It's not possible to set
"dynamic" ip rules depending on the interface state?
Is fw3 able to set/remove rules depending on the interface state? But
from my limited knowledge ip rules are faster than iptables fwmark?
Is this approach recommended or is there a better way(tm)?
thanks for any hints!
regards
Martin
More information about the Lede-dev
mailing list