23 Mar
2018
23 Mar
'18
8:14 a.m.
I am aware that wireguard is the last cool thing in terms of VPN, but I am
very doubtfull about it's usefulness in our setup, in librenet6 we use tinc in
switch mode, this way we can run any routing protocol on top of it, I already
know that some Routing Protocol has started woking on doing routing on top of
unicast only devices too but that is very limiting in term of RP choice and
still an investigation topic.
In LiMe we always try to be RP agnostic so que can eventually switch to a
better fitting solution without redesign everithing from scratch like we did
(non RP) from adhoc to 80211s that became as easy as to change a line in the
config file.
I would rather investigate how does it fit the new tinc 1.1 with our needs and
if with some configuration we could prevent it from doing L2 routing behing the
scenes as we already need to run an L3 RP on top of it, and also explore how
latency based metrics behave on such setup (mixing both phisical and tunnel
links)
Cheers
Gio
On Thursday, 22 March 2018 00:36:12 CET Paul Spooren wrote:
Dear all,
as some may know I've been working last year [1] in GSoC and like to
repeat that. I checked the Freifunk project page [2] and found the
following project of LibreMesh I liked most: LibreNet6 integration [3].
As discussed on GitHub [4] wireguard [5] could be a slim & fast
replacement for Tinc. Problem is the missing auto provisioning of the
clients, as stated on the official website as well [6]. I came up with
a small PoC [7] as a centralized solution for the following tasks:
* Granting administrators/supporters device access to help with network
issues
* Secure connection over an unencrypted mesh network
* Offer public IPv4/6 to routers
A second approach could be to use bmx7-sms plugin to distribute public
keys within the mesh and enable not only the three points above but
also secure connections between all nodes. The second approach may
become obsolete as bmx7 might use `ip xfrm` [8] to encrypt tunnels
directly.
I'm aware that focus shouldn't be the coolest project but the one most
usable for the (Libre)Mesh community. So please share you thoughts if
you find other (not listed) project ideas I could work on. Please keep
in mind the deadline to apply is within the next weeks.
Best,
Paul
[1] https://github.com/aparcar/attendedsysupgrade-server
[2] https://projects.freifunk.net/#/projects
[3]
https://projects.freifunk.net/#/projects?project=libremesh_librenet6_integra
tions&lang=en [4] https://github.com/libremesh/lime-packages/issues/99
[5] http://wireguard.com/
[6] https://www.wireguard.com/todo/#dynamic-web-app-for-provisioning
[7] https://github.com/aparcar/wireguard-provisioning
[8] http://man7.org/linux/man-pages/man8/ip-xfrm.8.html#DESCRIPTION
_______________________________________________
lime-dev mailing list
lime-dev(a)lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-dev