OpenWISP 1.x Backend

The OpenWISP 1.x Backend is based on the OpenWRT backend, therefore it inherits all its features with some differences that are explained in this page.

Generate method

The generate method of the OpenWisp backend differs from the OpenWrt backend in a few ways.

  1. the generated tar.gz archive is not designed to be installed with sysupgrade -r
  2. the generate method will automatically add a few additional executable scripts:
  • install.sh to install the configuration
  • uninstall.sh to uninstall the configuration
  • tc_script.sh to start/stop traffic control settings
  • one “up” script for each tap VPN configured
  • one “down” script for each tap VPN configured
  1. the openvpn certificates are expected to be located the following path: /openvpn/x509/
  2. the crontabs are expected in to be located at the following path: /crontabs/

General settings

The hostname attribute in the general key is required.

Traffic Control

For backward compatibility with OpenWISP Manager the schema of the OpenWisp backend allows to define a tc_options section that will be used to generate tc_script.sh.

The tc_options key must be a list, each element of the list must be a dictionary which allows the following keys:

key name type function
name string required, name of the network interface that needs to be limited
input_bandwidth integer maximum input bandwidth in kbps
output_bandwidth integer maximum output bandwidth in kbps

Traffic control example

The following configuration dictionary:

{
    "tc_options": [
        {
            "name": "tap0",
            "input_bandwidth": 2048,
            "output_bandwidth": 1024
        }
    ]
}

Will generate the following tc_script.sh:

#!/bin/sh /etc/rc.common

KERNEL_VERSION=`uname -r`
KERNEL_MODULES="sch_htb sch_prio sch_sfq cls_fw sch_dsmark sch_ingress sch_tbf sch_red sch_hfsc act_police cls_tcindex cls_flow cls_route cls_u32"
KERNEL_MPATH=/lib/modules/$KERNEL_VERSION/

TC_COMMAND=/usr/sbin/tc

check_prereq() {
    echo "Checking prerequisites..."

    echo "Checking kernel modules..."
    for kmod in $KERNEL_MODULES; do
    if [ ! -f $KERNEL_MPATH/$kmod.ko ]; then
        echo "Prerequisite error: can't find kernel module '$kmod' in '$KERNEL_MPATH'"
        exit 1
    fi
    done

    echo "Checking tc tool..."
    if [ ! -x $TC_COMMAND ]; then
        echo "Prerequisite error: can't find traffic control tool ($TC_COMMAND)"
        exit 1
    fi

    echo "Prerequisites satisfied."
}

load_modules() {
    for kmod in $KERNEL_MODULES; do
        insmod $KERNEL_MPATH/$kmod.ko  >/dev/null 2>&1
    done
}

unload_modules() {
    for kmod in $KERNEL_MODULES; do
        rmmod $kmod  >/dev/null 2>&1
    done
}


stop() {

    tc qdisc del dev tap0 root


    tc qdisc del dev tap0 ingress


    unload_modules
}

start() {
    check_prereq
    load_modules


    # shaping output traffic for tap0
    # creating parent qdisc for root
    tc qdisc add dev tap0 root handle 1: htb default 2

    # aggregated traffic shaping parent class

    tc class add dev tap0 parent 1 classid 1:1 htb rate 1024kbit burst 191k


    # default traffic shaping class
    tc class add dev tap0 parent 1:1 classid 1:2 htb rate 512kbit ceil 1024kbit


    # policing input traffic for tap0
    # creating parent qdisc for ingress
    tc qdisc add dev tap0 ingress


    # default policer with lowest preference (last checked)
    tc filter add dev tap0 parent ffff: preference 0 u32 match u32 0x0 0x0 police rate 2048kbit burst 383k drop flowid :1

}

boot() {
    start
}

restart() {
    stop
    start
}

Full OpenWISP configuration example

The following example shows a full working configuration dictionary for the OpenWisp backend.

{
    "general": {
        "hostname": "OpenWISP"
    },
    "interfaces": [
        {
            "name": "tap0",
            "type": "virtual"
        },
        {
            "network": "service",
            "name": "br-service",
            "type": "bridge",
            "bridge_members": [
                "tap0"
            ]
        },
        {
            "name": "wlan0",
            "type": "wireless",
            "wireless": {
                "radio": "radio0",
                "mode": "access_point",
                "ssid": "provinciawifi",
                "isolate": True,
                "network": ["service"]
            }
        }
    ],
    "radios": [
        {
            "name": "radio0",
            "phy": "phy0",
            "driver": "mac80211",
            "protocol": "802.11g",
            "channel": 11,
            "channel_width": 20,
            "tx_power": 10,
            "country": "IT"
        }
    ],
    "openvpn": [
        {
            "name": "2693",
            "cipher": "AES-128-CBC",
            "ca": "/tmp/owispmanager/openvpn/x509/ca_1_service.pem",
            "mute_replay_warnings": True,
            "script_security": 1,
            "proto": "tcp-client",
            "mute": 10,
            "up_delay": 1,
            "cert": "/tmp/owispmanager/openvpn/x509/l2vpn_client_2693.pem",
            "up": "/tmp/owispmanager/openvpn/vpn_2693_script_up.sh",
            "log": "/tmp/openvpn_2693.log",
            "verb": 1,
            "dev_type": "tap",
            "persist_tun": True,
            "keepalive": "5 40",
            "key": "/tmp/owispmanager/openvpn/x509/l2vpn_client_2693.pem",
            "ns_cert_type": "server",
            "mode": "p2p",
            "pull": True,
            "enabled": True,
            "comp_lzo": "yes",
            "down": "/tmp/owispmanager/openvpn/vpn_2693_script_down.sh",
            "dev": "tap0",
            "nobind": True,
            "remote": [
                {
                    "host": "vpn.openwisp.org",
                    "port": 12128
                }
            ],
            "tls_client": True,
            "resolv_retry": True,
            "up_restart": True
        }
    ],
    "tc_options": [
        {
            "name": "tap0",
            "input_bandwidth": 2048,
            "output_bandwidth": 1024
        }
    ],
    "files": [
        {
            "path": "/openvpn/x509/ca.pem",
            "mode": "0644",
            "contents": "-----BEGIN CERTIFICATE-----\nstripped_down\n-----END CERTIFICATE-----\n"
        },
        {
            "path": "/openvpn/x509/l2vpn_client_1_2325_2693.pem",
            "mode": "0644",
            "contents": "-----BEGIN CERTIFICATE-----\nstripped_down\n-----END CERTIFICATE-----\n-----BEGIN RSA PRIVATE KEY-----\nstripped_down\n-----END RSA PRIVATE KEY-----\n"
        },
        {
            "path": "/crontabs/root",
            "mode": "0644",
            "contents": "* * * * * echo 'test' > /tmp/test-cron"
        }
    ]
}