mlvpn: Add package (Multi-Link Virtual Public Network)

[azuwis]

Maintainer: me / @azuwis
Compile tested: (ramips/mt7621, ZBT-WG3526, LEDE r3972)
Run tested: (ramips/mt7621, ZBT-WG3526, LEDE r3972, tests done)

Description:
mlvpn is Multi-Link Virtual Public Network, MLVPN will do its best to achieve the following tasks:

• Bond your internet links to increase bandwidth (unlimited).
• Secure your internet connection by actively monitoring your links and removing the faulty ones, without loosing your TCP connections.
• Secure your internet connection to the aggregation server using strong cryptography.
• Scriptable automation and monitoring.

See mlvpn homepage for more info.

[diizzyy]

Please assign copyright to yourself and/or omit it. Change gz to xz and add PKG_MIRROR_HASH.

[azuwis]

All done. Please check the amended commit.

[diizzyy]

@hnyman
Does the .upgrade stuff apply to LEDE/OpenWRT?

[azuwis]

The sysupgrade code is copied from openvpn package, see OpenWRT openvpn package and LEDE openvpn package

[hauke]

Add this instead manually adding the file to /lib/upgrade/keep.d/mlvpn please:
define Package/mlvpn/conffiles
/etc/mlvpn/
endef

It will have the same effect.

[azuwis]

Done.

[trungpham]

Will this be merged soon? How about LEDE?

[Stratehm]

Hi,

I have build this package for LEDE x86_64 (running on KVM). I use it as a client, but I have a bug when I try to bind a tunnel to an interface address with the "bindhost" option. Without this option, all works fine.

When I try mlvpn on Debian 9, all works fine with the same configuration file.

Here are the output of his command:
root@LEDE:~# mlvpn --config /etc/mlvpn/mlvpn0.conf --user nobody --debug -vv

2017-11-24T22:54:48 [ DBG] absolute maximum mtu: 1444
2017-11-24T22:54:48 [INFO/config] new password set
2017-11-24T22:54:48 [INFO/config] reorder_buffer_size changed from 0 to 64
2017-11-24T22:54:48 [INFO/config] adsl tunnel added
2017-11-24T22:54:48 [INFO/config] 4g tunnel added
2017-11-24T22:54:48 [INFO] created interface `mlvpn0'
2017-11-24T22:54:48 [ DBG/wrr] 4g weight = 26.315789 (100000 380000)
2017-11-24T22:54:48 [ DBG/wrr] adsl weight = 73.684211 (280000 380000)
2017-11-24T22:54:48 [ DBG/protocol] adsl mlvpn_rtun_challenge_send
2017-11-24T22:54:48 [INFO] 4g bind to 192.168.15.1
2017-11-24T22:54:48 [WARN] 4g bind error: Invalid argument
2017-11-24T22:54:48 [ DBG/net] > adsl sent 46 bytes (size=2, type=0, seq=0, reorder=1)
2017-11-24T22:54:48 [ DBG/rtt] 17ms srtt 17ms loss ratio: 0
2017-11-24T22:54:48 [ DBG/net] < adsl recv 46 bytes (type=1, seq=0, reorder=1)
2017-11-24T22:54:48 [INFO/protocol] adsl authenticated
2017-11-24T22:54:49 [ DBG/reorder] adjusting reordering drain timeout to 112ms
2017-11-24T22:54:49 [INFO] 4g bind to 192.168.15.1

The command ends after the last line.

When I read the log, I can see a segfault:
Thu Nov 23 09:33:37 2017 kern.info kernel: [469203.403092] mlvpn[32650]: segfault at 10 ip 0000000000407ff3 sp 00007ffe7574b2c0 error 4 in mlvpn[400000+f000]

I saw you have already added a patch for musl compatibility...
Do you think it may be an incompatibility with the bind() or getaddrinfo() functions of musl?

Here is the config file:

[general]
statuscommand = "/etc/mlvpn/mlvpn0_updown.sh"
tuntap = "tun"
mode = "client"
interface_name = "mlvpn0"
timeout = 30
password = "xxxxxxxxxxxxxxxxxxxxxx"
reorder_buffer_size = 64
loss_tolerence = 10

[filters]

[adsl]
remotehost = "xxxxxxxxxx"
remoteport = 5080
bandwidth_upload = 280000

[4g]
remotehost = "xxxxxxxxxx"
remoteport = 5081
bindhost = "192.168.15.1"
bandwidth_upload = 100000

Thank you.

[savalyksergey]

regarding this error it happens in the trunk version which uses the last linux kernel, try to use Chaos Calmer and the segfault will go away, and please, share your configs and setup if you have a successful run

[diizzyy]

Does it still segfault on a recent version (master) of OpenWrt?

[savalyksergey]

sorry, i did not check it for months but it should, because there was no commits since then

[diizzyy]

@hnyman @thess
Close due to submitter timeout

[neheb]

ping @azuwis If you want this in, please rebase against current master

[azuwis]

@Stratehm @savalyksergey Sorry for the late replay. I've no idea about the segfault. The musl patch was a trivial one.

@neheb I've rebased and force-pushed, also updated mlvpn to 2.3.2. Compile tested, but not run tested.

I don't use mlvpn any longer, so I'd like to leave it here for anyone interested to continue the work.

[neheb]

Interestingly enough, there's a version 2.3.3 as part of the debian-stretch branch.

[azuwis]

It seems 2.3.3 is only for Debian packaging, git diff --stat 2.3.2..origin/debian-unstable gives no c code changes, only Debian packaging stuff.

[neheb]

This is implicit. Remove.

[neheb]

This is implicit. Remove.

[neheb]

Swap order between PKG_LICENSE and PKG_MAINTAINER.

Add PKG_LICENSE_FILES:=LICENCE

[neheb]

shellcheck throws numerous instances of:

SC2236: Use -n instead of ! -z.

https://github.com/koalaman/shellcheck/wiki/SC2236

[neheb]

shellcheck says $via should be quoted.

[neheb]

shellcheck says $via should be quoted.

[mamakok]

Suggested change

	include $(TOPDIR)/rules.mk
	include $(TOPDIR)/rules.mk

[mamakok]

Suggested change

	include $(INCLUDE_DIR)/package.mk
	include $(INCLUDE_DIR)/package.mk

[mamakok]

Suggested change

	define Package/mlvpn
	define Package/mlvpn

[diizzyy]

@neheb @BKPepe @hnyman
I think we can close this as it's broken on trunk?

[neheb]

We have plenty of VPNs already

[neheb]

Going to close this. There doesn't seem to be anyone interested.

[ghost]

We have plenty of VPNs already

This is not yet another VPN, it's mainly used for aggregation.
ubond seems to be updated fork.

[arinc9]

Tuning in here for interest. I'd love to see MLVPN on upstream.

[arinc9]

MLVPN on OpenWrt authenticates with server and can transmit packets over the tunnel just fine.
However, it will exit with exitcode 1 when trying to bind to an interface IP.

I wanted to see if this would happen on ubond as well because of it being based off of MLVPN.

Referring from markfoodyburton/ubond#7

There's this error on the log:

ubond.c: In function 'ubond_rtun_bind':
ubond.c:1150:56: error: format not a string literal and no format arguments [-Werror=format-security]
       snprintf(ifr.ifr_name, sizeof(ifr.ifr_name) - 1, t->binddev);
                                                        ^

MLVPN will compile fine without this error but will exit with exitcode 1 when trying to bind to an interface IP.

Might there be something wrong with binding to interface IPs on MLVPN and ubond which makes this feature break on OpenWrt?

I believe a patch in the right place could solve this issue for compiling and make binding work on OpenWrt.

paging @azuwis @markfoodyburton @zehome

[markfoodyburton]

While MLVPN and Ubond 'diverged' somewhat significantly, I'm afraid much of the boilerplate remains the same, so it's likely that both will suffer the same issues with devices - however, millage may differ.

(Ubond tries to do a few things that MLVPN does not - it tries to load balance better, and it tries to 'auto adjust' to speeds - it also tries to reduce packet loss on noisy channels, and it tries to fail-over seamlessly. All good, the bad is that "it works for me", parts of the support for different things that MLVPN had, are just 'left dangling' and probably broken in ubond - YMMV)