Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libreswan: uci configuration support #19233

Merged
merged 1 commit into from
Oct 31, 2023
Merged

libreswan: uci configuration support #19233

merged 1 commit into from
Oct 31, 2023

Conversation

jempatel
Copy link
Contributor

@jempatel jempatel commented Aug 22, 2022
edited
Loading

Maintainer: @lucize @feckert
Run tested: x86-64, aarch64, virtual box, marvell_armada-3720-db

Description:
Add libreswan UCI configuration and hotplug support

packaged uci config (/etc/config/libreswan) file provides examples/details with commented sections.

Continuation from #19079

@feckert

  • handled iptables and nftables based firewall rules from hotplug
  • added all files to be copied to packages in a Makefile
  • changed hotplug hook to libreswan
  • removed default config of uci-defaults

@jempatel jempatel mentioned this pull request Aug 22, 2022
Merged
feckert
feckert reviewed Aug 23, 2022
View reviewed changes
net/libreswan/Makefile Outdated Show resolved Hide resolved
feckert
feckert reviewed Aug 23, 2022
View reviewed changes
Copy link
Member

@feckert feckert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fw4 has recently added a new feature where other packages can add additional rules.
https://git.openwrt.org/?p=project/firewall4.git;a=commit;

Adding the rules to fw4 directly has certain advantages.

  • the rules are still there after a firewall reload
  • you don't have to work with the command handle from the nftables

I have already prepared the strongswan to use this new feature.
https://github.com/openwrt/packages/pull/18559/files

net/libreswan/Makefile Outdated Show resolved Hide resolved
net/libreswan/patches/051-nftables.patch Outdated Show resolved Hide resolved
@jempatel jempatel force-pushed the improve_libreswan-uci branch 4 times, most recently from ed98628 to ad8b48c Compare August 30, 2022 14:28
@jempatel
Copy link
Contributor Author

@feckert All comments have been addressed, Pls comment If anything else is there to consider.

@jempatel jempatel mentioned this pull request Aug 30, 2022
Closed
@jempatel jempatel force-pushed the improve_libreswan-uci branch 3 times, most recently from 7e09cf6 to d5afe4c Compare August 31, 2022 09:37
@feckert
Copy link
Member

feckert commented Sep 1, 2022

It will be difficult to test this in my setup. I am not useing libreswan. I'll have to see if I have time to test it.

@jempatel jempatel force-pushed the improve_libreswan-uci branch from d5afe4c to 542d886 Compare September 1, 2022 17:37
@jempatel jempatel force-pushed the improve_libreswan-uci branch from 542d886 to 6469cf5 Compare October 18, 2022 20:05
@jempatel jempatel force-pushed the improve_libreswan-uci branch 2 times, most recently from c1a9fbe to 9a2a88e Compare November 20, 2022 10:51
@jempatel jempatel requested review from feckert and lucize and removed request for feckert and lucize November 20, 2022 10:53
@jempatel jempatel force-pushed the improve_libreswan-uci branch 3 times, most recently from 7c2ee11 to b5bc60f Compare November 23, 2022 07:28
@jempatel jempatel force-pushed the improve_libreswan-uci branch from b5bc60f to 2e514f7 Compare January 25, 2023 10:41
@lucize
Copy link
Contributor

lucize commented Jan 29, 2023

Good stuff!
LGTM
Tested in conjunction with luci interface

@jempatel jempatel force-pushed the improve_libreswan-uci branch from 2e514f7 to 4984149 Compare January 31, 2023 09:24
@lucize
Copy link
Contributor

lucize commented Oct 2, 2023

@feckert ping about this

feckert
feckert reviewed Oct 4, 2023
View reviewed changes
Copy link
Member

@feckert feckert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately I still don't have a setup for libreswan, but from what I've seen it looks good. I think we can give it a try after you have answered my comments.

net/libreswan/Makefile Show resolved Hide resolved
net/libreswan/files/etc/config/libreswan Show resolved Hide resolved
net/libreswan/files/etc/hotplug.d/libreswan/02-vti Show resolved Hide resolved
@feckert feckert self-assigned this Oct 4, 2023
@jempatel jempatel force-pushed the improve_libreswan-uci branch from 4984149 to e32fe0c Compare October 29, 2023 10:47
@jempatel jempatel requested a review from feckert October 29, 2023 12:08
@feckert
Copy link
Member

feckert commented Oct 30, 2023

Now you have to increment the PKG_RELEASE by one. Then we can merge and give the pullrequest a chance.

@jempatel
libreswan: uci configuration support
52af24f 
Add libreswan UCI configuration and hotplug support

Signed-off-by: Jaymin Patel <[email protected]>
@jempatel jempatel force-pushed the improve_libreswan-uci branch from e32fe0c to 52af24f Compare October 30, 2023 18:14
@jempatel
Copy link
Contributor Author

Now you have to increment the PKG_RELEASE by one. Then we can merge and give the pullrequest a chance.

Updated.

@feckert feckert merged commit c7ed124 into openwrt:master Oct 31, 2023
12 checks passed
@feckert
Copy link
Member

feckert commented Oct 31, 2023

Thank you for your patience.
Merged! 👏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lucize lucize lucize left review comments

@feckert feckert Awaiting requested review from feckert

Assignees

@feckert feckert

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jempatel @feckert @lucize