Makefile:
* remove pbr-iptables flavour
Init-script:
* improve detection of wireguard server and client instances
* integrate wg_server_and_client into init script
* remove traffic_killswitch() and trap() and related options/code
* remove internal nft_file_support variable as fw4 nft file is the only running mode
* improve debug() and is_supported_interface() functions
* improve detection of incompatible user script files
* double-quote some strings due to shellcheck errors
* flush ip rules from pbr tables instead of deleting last one
Other files:
* remove /usr/share/pbr/pbr.user.wg_server_and_client as obsolete
* remove references to the file above in config on update thru uci-defaults
* minor updates to netifd uci-defaults script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Adjust openssh's versioning to be compatible with apk:
8.9p1-r2 --> 8.9_p1-r2
"_p" is an allowed semantic suffix, so use that.
(Alternative might have been 8.9.1-r2)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The commit adds options for static mapping, which is essential for
464xlat(clat) usage. But be noted that routes and firewall rules have
to be configured manually, for now.
To use tayga as clat/nat46:
0. specify $ipv4_addr, $prefix, $map_{ipv4,ipv6} properly, and
set $noroutes to 1 to prevent creating routes for nat64
1. add custom IPv4 routes to tayga, possibly with a reasonable metric
for default route
2. add a SNAT firewall rule for processing IPv4 traffic destined for
tayga
3. add firewall rules to allow FORWARD traffic between tayga and WAN6
4. add a $map_ipv6 route to tayga for guiding return traffic
Signed-off-by: Hung-I Wang <whygowe@gmail.com>
Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This adds an additional OpenWrt specific backend to use lpac with the
uqmi tooling used by OpenWrt to manage QMI based modems.
This allows lpac to manage eUICC chips without the need for other,
potentially bigger, software using the installed modem.
Also set this backend as the new default, as users probably expect being
able to download profiles using their cellular modem.
Profile-Switching
-----------------
With some eUICC modem combinations you might require to powercycle the
UIM slot using uqmi after changing the active profile. To do this,
simply execute
$ uqmi -d /dev/cdc-wdm0 --uim-power-off --uim-slot=1
$ uqmi -d /dev/cdc-wdm0 --uim-power-on --uim-slot=1
Note
----
SM-DP+ might use encryption parameters which are incompatible with
mbedtls which cURL is by default compiled for.
This was observed when attempting to download a profile from
Vodafone DE.
If you encounter issues in that regard, try to install a version of
libcurl which is compiled with OpenSSL support.
Signed-off-by: David Bauer <david.bauer@uniberg.com>
netbird supports the wireguard kernel module, but it can work without it in userspace,
losing some performance, but we know in advance that netbird will run as root,
therefore supporting the wireguard kernelspace with better performance.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
This commit updates the mstflint package to the latest 4.29.0
release, including the new binaries mstfwctrl, mstlink, mstreg,
and libexpat as a new dependency.
Signed-off-by: Til Kaiser <mail@tk154.de>
Jon Henrik Bjørnstad