print FILE "secret \"$settings{'FASTD_SECRET'}\";\n";
print FILE "secure handshakes yes;\n\n";
- print FILE "# Ciphers\n";
- my $ciphers = $network->{'ciphers'};
- foreach my $cipher (@$ciphers) {
- print FILE "method \"$cipher\";\n";
- }
- print FILE "\n";
-
- print FILE "# Upstream connection\n";
- print FILE "mtu $network->{'mtu-vpn'};\n";
+ my @ciphers = ();
+ my $mtu = 1500;
my $nodes = $network->{'supernodes'};
foreach my $node (@$nodes) {
+ # We only support fastd for now
+ if ($node->{'protocol'} ne 'fastd') {
+ next;
+ }
+
print FILE "peer \"$node->{'peer'}\" {\n";
print FILE "\tkey \"$node->{'key'}\";\n";
print FILE "\tremote \"$node->{'remote'}\" port $node->{'port'};\n";
print FILE "}\n";
+
+ # XXX This will take the ciphers and put them all
+ # in a huge list and pass them to fastd. The order
+ # is not respected very well and it is not guaranteed
+ # that the best cipher will be first in the list.
+ my $node_ciphers = $node->{'ciphers'};
+ foreach my $cipher (@$node_ciphers) {
+ unless ($cipher ~~ @ciphers) {
+ push(@ciphers, $cipher);
+ }
+ }
+
+ my $node_mtu = $node->{'mtu'} ? $node->{'mtu'} : $node->{'mtu-vpn'};
+ if ($node_mtu) {
+ $mtu = $node_mtu < $mtu ? $node_mtu : $mtu;
+ }
}
print FILE "\n";
+ print FILE "# Ciphers\n";
+ foreach my $cipher (@ciphers) {
+ print FILE "method \"$cipher\";\n";
+ }
+ print FILE "\n";
+
+ print FILE "# Upstream connection\n";
+ print FILE "mtu $mtu;\n\n";
+
print FILE "# Hooks\n";
foreach my $hook ("pre-up", "up") {
print FILE "on $hook \"/etc/init.d/fastd on-$hook\";\n";
projects / people / ms / ipfire-2.x.git / commitdiff
