OpenWISP 1.x Backend
The OpenWISP 1.x Backend is based on the OpenWrt backend, therefore it inherits all its features with some differences that are explained in this page.
Generate method
The generate
method of the OpenWisp
backend differs from the
OpenWrt
backend in a few ways.
the generated tar.gz archive is not designed to be installed with
sysupgrade -r
the
generate
method will automatically add a few additional executable scripts:install.sh
to install the configurationuninstall.sh
to uninstall the configurationtc_script.sh
to start/stop traffic control settingsone “up” script for each tap VPN configured
one “down” script for each tap VPN configured
the openvpn certificates are expected to be located the following path:
/openvpn/x509/
the crontabs are expected in to be located at the following path:
/crontabs/
General settings
The hostname
attribute in the general
key is required.
Traffic Control
For backward compatibility with OpenWISP Manager the schema of the
OpenWisp
backend allows to define a tc_options
section that will
be used to generate tc_script.sh
.
The tc_options
key must be a list, each element of the list must be a
dictionary which allows the following keys:
key name |
type |
function |
---|---|---|
|
string |
required, name of the network interface that needs to be limited |
|
integer |
maximum input bandwidth in kbps |
|
integer |
maximum output bandwidth in kbps |
Traffic control example
The following configuration dictionary:
{
"tc_options": [
{
"name": "tap0",
"input_bandwidth": 2048,
"output_bandwidth": 1024,
}
]
}
Will generate the following tc_script.sh
:
#!/bin/sh /etc/rc.common
KERNEL_VERSION=`uname -r`
KERNEL_MODULES="sch_htb sch_prio sch_sfq cls_fw sch_dsmark sch_ingress sch_tbf sch_red sch_hfsc act_police cls_tcindex cls_flow cls_route cls_u32"
KERNEL_MPATH=/lib/modules/$KERNEL_VERSION/
TC_COMMAND=/usr/sbin/tc
check_prereq() {
echo "Checking prerequisites..."
echo "Checking kernel modules..."
for kmod in $KERNEL_MODULES; do
if [ ! -f $KERNEL_MPATH/$kmod.ko ]; then
echo "Prerequisite error: can't find kernel module '$kmod' in '$KERNEL_MPATH'"
exit 1
fi
done
echo "Checking tc tool..."
if [ ! -x $TC_COMMAND ]; then
echo "Prerequisite error: can't find traffic control tool ($TC_COMMAND)"
exit 1
fi
echo "Prerequisites satisfied."
}
load_modules() {
for kmod in $KERNEL_MODULES; do
insmod $KERNEL_MPATH/$kmod.ko >/dev/null 2>&1
done
}
unload_modules() {
for kmod in $KERNEL_MODULES; do
rmmod $kmod >/dev/null 2>&1
done
}
stop() {
tc qdisc del dev tap0 root
tc qdisc del dev tap0 ingress
unload_modules
}
start() {
check_prereq
load_modules
# shaping output traffic for tap0
# creating parent qdisc for root
tc qdisc add dev tap0 root handle 1: htb default 2
# aggregated traffic shaping parent class
tc class add dev tap0 parent 1 classid 1:1 htb rate 1024kbit burst 191k
# default traffic shaping class
tc class add dev tap0 parent 1:1 classid 1:2 htb rate 512kbit ceil 1024kbit
# policing input traffic for tap0
# creating parent qdisc for ingress
tc qdisc add dev tap0 ingress
# default policer with lowest preference (last checked)
tc filter add dev tap0 parent ffff: preference 0 u32 match u32 0x0 0x0 police rate 2048kbit burst 383k drop flowid :1
}
boot() {
start
}
restart() {
stop
start
}
Full OpenWISP configuration example
The following example shows a full working configuration dictionary for
the OpenWisp
backend.
{
"general": {"hostname": "OpenWISP"},
"interfaces": [
{"name": "tap0", "type": "virtual"},
{
"network": "service",
"name": "br-service",
"type": "bridge",
"bridge_members": ["tap0"],
},
{
"name": "wlan0",
"type": "wireless",
"wireless": {
"radio": "radio0",
"mode": "access_point",
"ssid": "provinciawifi",
"isolate": True,
"network": ["service"],
},
},
],
"radios": [
{
"name": "radio0",
"phy": "phy0",
"driver": "mac80211",
"protocol": "802.11g",
"channel": 11,
"channel_width": 20,
"tx_power": 10,
"country": "IT",
}
],
"openvpn": [
{
"name": "2693",
"cipher": "AES-128-CBC",
"ca": "/tmp/owispmanager/openvpn/x509/ca_1_service.pem",
"mute_replay_warnings": True,
"script_security": 1,
"proto": "tcp-client",
"mute": 10,
"up_delay": 1,
"cert": "/tmp/owispmanager/openvpn/x509/l2vpn_client_2693.pem",
"up": "/tmp/owispmanager/openvpn/vpn_2693_script_up.sh",
"log": "/tmp/openvpn_2693.log",
"verb": 1,
"dev_type": "tap",
"persist_tun": True,
"keepalive": "5 40",
"key": "/tmp/owispmanager/openvpn/x509/l2vpn_client_2693.pem",
"ns_cert_type": "server",
"mode": "p2p",
"pull": True,
"enabled": True,
"comp_lzo": "yes",
"down": "/tmp/owispmanager/openvpn/vpn_2693_script_down.sh",
"dev": "tap0",
"nobind": True,
"remote": [{"host": "vpn.openwisp.org", "port": 12128}],
"tls_client": True,
"resolv_retry": True,
"up_restart": True,
}
],
"tc_options": [
{
"name": "tap0",
"input_bandwidth": 2048,
"output_bandwidth": 1024,
}
],
"files": [
{
"path": "/openvpn/x509/ca.pem",
"mode": "0644",
"contents": "-----BEGIN CERTIFICATE-----\nstripped_down\n-----END CERTIFICATE-----\n",
},
{
"path": "/openvpn/x509/l2vpn_client_1_2325_2693.pem",
"mode": "0644",
"contents": "-----BEGIN CERTIFICATE-----\nstripped_down\n-----END CERTIFICATE-----\n-----BEGIN RSA PRIVATE KEY-----\nstripped_down\n-----END RSA PRIVATE KEY-----\n",
},
{
"path": "/crontabs/root",
"mode": "0644",
"contents": "* * * * * echo 'test' > /tmp/test-cron",
},
],
}