Add support for IPv6 mesh VPN connections

The support is still very limited (IPv6-only DNS on WAN doesn't work yet), and
we now need fastd running as root, but apart from that, is should work.

package/gluon-core/files/lib/gluon/upgrade/core/invariant/011-network

@@ -4,8 +4,40 @@ local uci = require('luci.model.uci').cursor()
 local sysctl = require 'gluon.sysctl'
 
 
+if not uci:get('network', 'interface', 'wan6') then
+   uci:section('network', 'interface', 'wan6',
+	       {
+		  ifname = 'br-wan',
+		  proto = 'dhcpv6',
+	       }
+   )
+end
+
+
 uci:set('network', 'wan', 'peerdns', '0')
 
+uci:set('network', 'wan6', 'peerdns', '0')
+uci:set('network', 'wan6', 'ip6table', '1')
+
+
+uci:section('network', 'rule6', 'wan6_lookup',
+	    {
+	       mark = '0x01/0x01',
+	       lookup = 1,
+	    }
+)
+
+uci:section('network', 'route6', 'wan6_unreachable',
+	    {
+	       type = 'unreachable',
+	       interface = 'loopback',
+	       target = '::/0',
+	       gateway = '::',
+	       table = 1,
+	       metric = 65535,
+	    }
+)
+
 uci:save('network')
 uci:commit('network')
 

package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/010-mesh-vpn-fastd

@@ -10,20 +10,22 @@ local uci = require 'luci.model.uci'
 local c = uci.cursor()
 
 
-users.add_user('gluon-fastd', 800, 100)
+-- The previously used user is removed, we need root privileges to use the packet_mark option
+users.remove_user('gluon-fastd')
 
 
 c:section('fastd', 'fastd', 'mesh_vpn',
 	  {
-		  user = 'gluon-fastd',
 		  syslog_level = 'verbose',
 		  interface = 'mesh-vpn',
 		  mode = 'tap',
 		  mtu = site.fastd_mesh_vpn.mtu,
 		  secure_handshakes = '1',
 		  method = site.fastd_mesh_vpn.methods,
+		  packet_mark = 1,
 	  }
 )
+c:delete('fastd', 'mesh_vpn', 'user')
 
 c:delete('fastd', 'mesh_vpn_backbone')
 c:section('fastd', 'peer_group', 'mesh_vpn_backbone',