Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ffbs/ffbs-gluon
  • parabol1337/ffbs-gluon
  • darkbit/ffbs-gluon
3 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 2060 additions and 8 deletions
docs/releases/v2020.2.3.rst 0 → 100644
View file @ e13ecb01
Gluon 2020.2.3
==============
Bugfixes
--------
- LEDs on the ASUS RT-AC51 are now fully functional.
- Netgear EX6150v1 randomly booting into failsafe mode has been fixed.
This happened dependent on the state of the mode setting switch.
- Dnsmasq has been patched against multiple security issues in its DNS response validation.
See the OpenWrt advisory at https://openwrt.org/advisory/2021-01-19-1
Other changes
-------------
- Linux kernel has been updated to 4.14.224
- batman-adv fixes were backported from its 2021.0 release
- OpenSSL has been updated to 1.1.1k
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations not using VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).
docs/releases/v2020.2.rst 0 → 100644
View file @ e13ecb01
Gluon 2020.2
============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
* GL.iNet
- GL-AR750S
* TP-Link
- CPE220 (v3)
ipq40xx-generic
~~~~~~~~~~~~~~~
* EnGenius
- ENS620EXT [#outdoor]_
* Linksys
- EA6350 (v3)
lantiq-xrx200
~~~~~~~~~~~~~
* TP-Link
- TD-W8970
lantiq-xway
~~~~~~~~~~~
* NETGEAR
- DGN3500B
ramips-mt76x8
~~~~~~~~~~~~~
* Cudy
- WR1000
x86-legacy [#newtarget]_
~~~~~~~~~~~~~~~~~~~~~~~~
* Devices older than the Pentium 4
.. [#newtarget]
This is a new target.
.. [#outdoor]
This device is supposed to be set up outdoors and will therefore have its outdoor mode flag automatically enabled.
Major changes
-------------
Device Classes
~~~~~~~~~~~~~~
Devices are now categorized into device classes. This device class can determine which features
as well as packages are installed on the device when building images.
Currently there are two classes used in Gluon, *tiny* and *standard*. All devices with less than 64M of RAM or
less than 7M of usable firmware space are assigned to the tiny class.
WPA3 support for Private WLAN
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The private WLAN now supports WPA3-SAE key exchange as well as management frame protection (802.11w).
For this to work, the firmware needs to be built with the *wireless-encryption-wpa3* feature.
OWE on Client Network
~~~~~~~~~~~~~~~~~~~~~
Gluon now allows to configure a VAP for the client network which supports opportunistic encryption on the
client network for devices which support the OWE security type (also known as Enhanced Open).
This encrypted VAP can be the only available access point or be configured in addition to an unencrypted VAP.
In the latter case, the transition mode can be enabled, which enables compatible devices to automatically
connect to the encrypted VAP while legacy devices continue to use the unencrypted connection.
There are issues with some devices running Android 9 when connecting to a transition mode enabled network. See the site documentation for more information.
SAE Encrypted Mesh Links
~~~~~~~~~~~~~~~~~~~~~~~~
Mesh links can now be operated in an encrypted mode using SAE authentication. For this to work, a common shared secret
has to be distributed to all participating nodes using the site.conf.
Responsive status page
~~~~~~~~~~~~~~~~~~~~~~
The status page design is now responsive and reflows better on mobile devices.
Primary domain code
~~~~~~~~~~~~~~~~~~~
The primary domain code is now visible on the node status page as well as in the respondd information
emitted by the node.
Logging
~~~~~~~
The new *gluon-logging* package allows to configure a remote syslog server using the site.conf.
This package can only be included when *gluon-web-logging* is excluded.
Peer cleanup in fastd
~~~~~~~~~~~~~~~~~~~~~
fastd peers and groups are now removed on update in case they do not exist in the new site configuration.
To preserve a custom peer across updates, add the *preserve* key to the peer's UCI configuration and set it to ``1``.
Bugfixes
--------
- The WAN MAC address now matches the one defined in OpenWrt if VXLAN is enabled for the selected domain.
- *gluon-reload* now reloads all relevant services.
- Disabling outdoor mode and enabling meshing in the config mode can now be performed in a single step.
- Fixed section visibility with enabled outdoor mode in config mode.
Site changes
------------
site.mk
~~~~~~~
Starting with version 19.07 OpenWrt ships the urngd entropy daemon by default.
It replaces the haveged daemon, for which we removed the support in Gluon. Remove ``haveged`` from your package selection.
Internal
--------
Editorconfig
~~~~~~~~~~~~
Gluon now ships a *editorconfig* file to allow compatible editors to automatically apply key aspects of Gluon's code style.
Continuous Integration
~~~~~~~~~~~~~~~~~~~~~~
* Jenkins
- The CI now has a test stage to verify Gluons runtime functionality.
* GitHub Actions
- GitHub actions is now enabled for the Gluon project, build-testing all available targets.
Build system
~~~~~~~~~~~~
- Source code minification can now be skipped by enabling the GLUON_MINIFY flag.
- Enabling the GLUON_AUTOREMOVE flag will remove package build directories after they are built.
This reduces space consumption at the expense of subsequent builds being slower.
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations not using VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).
docs/releases/v2021.1.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2021.1.1
==============
Important notes
---------------
Upgrades to v2021.1 and later releases are only supported from releases v2018.2 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
* Joy-IT
- JT-OR750i
ramips-mt76x8
~~~~~~~~~~~~~
* Xiaomi
- Mi Router 4A (100M Edition)
Bugfixes
--------
- Missing bandwidth limit settings resulted in a respondd crash for v2021.1.
- The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations.
- Disabling Radio interfaces in v2021.1 could lead to null pointer dereferences in the respondd airtime module, as the survey returns no data in this case.
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2021.1.2.rst 0 → 100644
View file @ e13ecb01
Gluon 2021.1.2
==============
Important notes
---------------
This release fixes a **critical security vulnerability** in Gluon's
autoupdater.
Upgrades to v2021.1 and later releases are only supported from releases v2018.2
and later. Migration code for upgrades from older versions has been removed to
simplify maintenance.
Updates
-------
- The Linux kernel was updated to version 4.14.275
- The mac80211 wireless driver stack was updated to a version based on kernel
4.19.237
Various minor package updates are not listed here and can be found in the commit
log.
Bugfixes
--------
* **[SECURITY]** Autoupdater: Fix signature verification
A recently discovered issue (CVE-2022-24884) in the *ecdsautils* package
allows forgery of cryptographic signatures. This vulnerability can be
exploited to create a manifest accepted by the autoupdater without knowledge
of the signers' private keys. By intercepting nodes' connections to the update
server, such a manifest allows to distribute malicious firmware updates.
This is a **critical** vulnerability. All nodes with autoupdater must be
updated. Requiring multiple signatures for an update does *not* mitigate the
issue.
As a temporary workaround, the issue can be mitigated on individual nodes by
disabling the autoupdater via config mode or using the following commands::
uci set autoupdater.settings.enabled=0
uci commit autoupdater
A fixed firmware should be installed manually before enabling the autoupdater
again.
See security advisory `GHSA-qhcg-9ffp-78pw
<https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw>`_
for further information on this vulnerability.
* **[SECURITY]** Config Mode: Prevent Cross-Site Request Forgery (CSRF)
The Config Mode was not validating the *Origin* header of POST requests.
This allowed arbitrary websites to modify configuration (including SSH keys)
on a Gluon node in Config Mode reachable from a user's browser by sending POST
requests with form data to 192.168.1.1.
The impact of this issue is considered low, as nodes are only vulnerable while
in Config Mode.
* Config Mode: Fix occasionally hanging page load after submitting the
configuration wizard causing the reboot message and VPN key not to be
displayed
* Config Mode (OSM): Update default OpenLayers source URL
The OSM feature of the Config Mode was broken when the default source URL was
used for OpenLayers, as the old URL has become unavailable. The default was
updated to a URL that should not become unavailable again.
* Config Mode (OSM): Fix error when using ``"`` character in attribution text
* respondd-module-airtime: Fix respondd crash on devices with disabled WLAN
interfaces
Several improvements were made to the error handling of the
*respondd-module-airtime* package. The "PHY ID" field (introduced in Gluon
2021.1) was removed again.
* ipq40xx: Fix bad WLAN performance on Plasma Cloud PA1200 and PA2200 devices
* Fix occasional build failure in "perl" package with high number of threads
(``-j32`` or higher)
Other improvements
------------------
* Several improvements were made to the status page:
- WLAN channel display does not require the *respondd-module-airtime* package
anymore
- The "gateway nexthop" label now links to the status page of the nexthop node
- The timeout to retrieve information from neighbour nodes was increased,
making the display of the name
of overloaded, slow or otherwise badly reachable nodes more likely to
succeed
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a
soft-bricked state due to bad blocks on the NAND flash which the NAND driver
before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page.
(`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to
account for the new throughput metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are
unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is
modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected
(like VMware when promiscuous mode is disallowed).
docs/releases/v2021.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2021.1
============
Important notes
---------------
Upgrades to v2021.1 and later releases are only supported from releases v2018.2 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
* Plasma Cloud
- PA300 [#outdoor]_
- PA300E [#outdoor]_
* TP-Link
- Archer C2 v3
- Archer D50 v1
ipq40xx-generic
~~~~~~~~~~~~~~~
* AVM
- FRITZ!Box 7530
* Plasma Cloud
- PA1200 [#outdoor]_
- PA2200
ramips-mt7620
~~~~~~~~~~~~~
* Netgear
- EX3700
- EX3800
.. [#outdoor]
This device is supposed to be set up outdoors and will therefore have its outdoor mode flag automatically enabled.
Major changes
-------------
Multicast optimizations (batman-adv)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this release, we reenable the multicast optimizations, that have gone through another round of bug squashing upstream. With this feature batman-adv will distribute IPv6 link-local multicast packets via individual unicast packets instead of flooding them through the whole mesh as long as the number of subscribed nodes does not exceed 16. This reduces layer 2 overhead, especially for IPv6 Neighbor Discovery.
We also relaxed the firewall for IPv6 multicast packets: Instead of always dropping non-essential multicast packets we now allow all IPv6 link-local multicast packets to pass when the destination group has up to 16 subscribers
Status page
~~~~~~~~~~~
The status page has received much attention in this release and now exposes many more details that help to understand a node's setup remotely.
Among other things, we now expose wireless client count per radio, the mac80211 identifiers, the frequencies radios are tuned to, as well as information about the VPN provider and details on the mesh protocol stack.
gluon-switch-domain utility
~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``gluon-switch-domain`` utility has been introduced to allow for a standard way to encapsulate the steps required for safely switching between domains. Existing packages like the hoodselector and the scheduled-domain-switch have been tied in with gluon-switch-domain.
It has an experimental ``--no-reboot`` flag that requires further testing, to ensure it doesn't accidentally bridge separate domains.
Other changes
-------------
- The private WLAN interface is now assigned the interface name `wan_radioX` where X is the phy index.
- Linux kernel has been updated to 4.14.235
- The kernel's mac80211 stack has been updated to 4.19.193-test1 to mitigate the `FragAttacks <https://www.fragattacks.com/>`_ vulnerabilities
- OpenSSL has been updated to 1.1.1k, fixing CVE-2021-3449 and CVE-2021-3450
- Dropbear has been patched against mishandling of special filenames in its scp component (CVE-2020-36524)
Bugfixes
--------
- The firmware partition lookup in gluon-web-admin's firmware update page was using an old partition label and therefore failed to look up the available flash size. This resulted in misleading error messages in case the uploaded firmware file exceeds the flash size.
- Android 9 and higher do not properly wake up to renew their MLD subscriptions, therefore dropping out of the Neighbor Discovery MLD group, which leads to broken IPv6 connectivity after the device has slept for a while. A workaround has been deployed to wake these devices up in regular intervals to prevent this regression.
Internal
--------
Mesh-VPN Abstraction Layer
~~~~~~~~~~~~~~~~~~~~~~~~~~
In preparation for the introduction of new tunneling protocols, the gluon-mesh-vpn framework has been modularized. This allows for providers to use a standard interface and keep their implementation details in a dedicated package.
Continuous Integration
~~~~~~~~~~~~~~~~~~~~~~
* GitHub Actions
- GitHub actions is now enabled for the Gluon project, build-testing all available targets.
- CI jobs are now run based on which paths have been modified.
- Linters for lua and shell scripts have been integrated.
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2022.1.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2022.1.1
==============
Important notes
---------------
This release mitigates multiple flaws in the Linux wireless stack fixing RCE and DoS vulnerabilities.
Added hardware support
----------------------
ipq40xx-generic
~~~~~~~~~~~~~~~
- GL.iNet
- GL-AP1300
mpc85xx-p1010
~~~~~~~~~~~~~
- TP-Link
- TL-WDR4900 (v1)
ramips-mt7621
~~~~~~~~~~~~~
- ZyXEL
- NWA50AX
rockchip-armv8
~~~~~~~~~~~~~~
- FriendlyElec
- NanoPi R4S (4GB LPDDR4)
Bugfixes
--------
* Multiple mitigations for (`critical vulnerabilities <https://seclists.org/oss-sec/2022/q4/20>`_) in the Linux kernel WLAN stack. This only concerns Gluon v2022.1, older Gluon versions are unaffected.
* CVE-2022-41674
* CVE-2022-42719
* CVE-2022-42720
* CVE-2022-42721
* CVE-2022-42722
* Fixes `security issues in WolfSSL <https://openwrt.org/releases/22.03/notes-22.03.1#security_fixes>`_. People who have installed additional, non-Gluon packages which rely on WolfSSL's TLS 1.3 implementation might be affected. Firmwares using either gluon-mesh-wireless-sae or gluon-wireless-encryption-wpa3 are unaffected by these issues, since only WPA-Enterprise relies on the affected TLS functionality.
* CVE-2022-38152
* CVE-2022-39173
* Fixes the update path for GL-AR300M and NanoStation Loco M2/M5 (XW) devices.
Known issues
------------
* A workaround for Android devices not waking up to their MLD subscriptions was removed,
potentially breaking IPv6 connectivity for these devices after extended sleep periods.
(`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2022.1.2.rst 0 → 100644
View file @ e13ecb01
Gluon 2022.1.2
==============
Bugfixes
--------
* Various build-errors which sporadically occur when building with a large thread-count have been fixed
* Android devices do not lose their IPv6 connectivity after extended idle-time
* The 802.11s mesh network is now using 802.11ax HE-modes when supported by hardware
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2022.1.3.rst 0 → 100644
View file @ e13ecb01
Gluon 2022.1.3
==============
Bugfixes
--------
* Ipq40xx Wave2 devices temporarily use non-ct firmware again to work around 802.11s unicast package loss in ath10k-ct
(`#2692 <https://github.com/freifunk-gluon/gluon/issues/2692>`_)
* Modify kernel builds slightly to work around a boot hang on various devices based on the QCA9563 SoC - especially the Unifi AC-* devices
(`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784>`_)
* Work around an issue with wifi setup timing by waiting a bit while device initialisation is ongoing
(`#2779 <https://github.com/freifunk-gluon/gluon/issues/2779>`_)
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2022.1.4.rst 0 → 100644
View file @ e13ecb01
Gluon 2022.1.4
==============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- LibreRouter
- LibreRouter (v1)
- Teltonika
- RUT230 (v1)
ath79-nand
~~~~~~~~~~
- Aerohive
- HiveAP 121
- NETGEAR
- WNDR4300 (v1)
lantiq-xrx200
~~~~~~~~~~~~~
- Arcadyan
- o2 Box 6431
ramips-mt7621
~~~~~~~~~~~~~
- Cudy
- X6 (v1, v2)
- D-Link
- DAP-X1860 (A1)
- GL.iNet
- GL-MT1300
- Mercusys
- MR70X (v1)
- Xiaomi
- Mi Router 3G
ramips-mt76x8
~~~~~~~~~~~~~
- TP-Link
- RE200 (v3)
realtek-rtl838x
~~~~~~~~~~~~~~~
- D-Link
- DGS-1210-10P
ipq40xx-generic
~~~~~~~~~~~~~~~
- AVM
- FRITZ!Box 7520
ipq40xx-mikrotik
~~~~~~~~~~~~~~~~
- Mikrotik
- hAP ac2
Bugfixes
--------
* Enterasys WS-AP3705i now uses the correct image-name for use with the autoupdater
(`#2819 <https://github.com/freifunk-gluon/gluon/issues/2819>`_)
* Reduce memory Usage for ath10k on ZyXEL WRE6606 devices
(`#2842 <https://github.com/freifunk-gluon/gluon/issues/2842>`_)
* Replace the Workaround for failed boots on ath79 with a proper fix.
(`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784#issuecomment-1452126501>`_)
* AVM FRITZ!Box 7360 v2 flashed with the incorrect image for v1 will automatically update to the correct image.
* Revert OOM inducing switch of ath79 Wave2 firmware back to -ct
(`#2879 <https://github.com/freifunk-gluon/gluon/pull/2879>`_)
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2022.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2022.1
============
Important notes
---------------
Upgrades to v2022.1 and later releases are only supported from releases v2020.1 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- D-Link
- DAP-2660 A1
- Enterasys
- WS-AP3705i
- Siemens
- WS-AP3610
- TP-Link
- Archer A7 v5
- CPE510 v2
- CPE510 v3
- CPE710 v1
- EAP225-Outdoor v1
- WBS210 v2
ath79-mikrotik
~~~~~~~~~~~~~~
- Mikrotik
- RB951Ui-2nD
ipq40xx-generic
~~~~~~~~~~~~~~~
- Aruba Networks
- AP-303H
- AP-365
- InstantOn AP11D
- InstantOn AP17
ipq40xx-mikrotik
~~~~~~~~~~~~~~~~
- Mikrotik
- SXTsq-5-AC
ramips-mt7620
~~~~~~~~~~~~~
- Xiaomi
- Mi Router 3G (v2)
ramips-mt7621
~~~~~~~~~~~~~
- Cudy
- WR2100
- Netgear
- R6260
- WAC104
- WAX202
- TP-Link
- RE500
- RE650 v1
- Ubiquiti
- UniFi 6 Lite
- Xiaomi
- Mi Router 4A (Gigabit Edition)
ramips-mt7622
~~~~~~~~~~~~~
- Linksys
- E8450
- Xiaomi
- AX3200
- Ubiquiti
- UniFi 6 LR
ramips-mt76x8
~~~~~~~~~~~~~
- GL.iNet
- microuter-N300
- Netgear
- R6020
- RAVPower
- RP-WD009
- TP-Link
- Archer C20 v4
- Archer C20 v5
- RE200 v2
- RE305 v1
- Xiaomi
- Mi Router 4C
- Mi Router 4A (100M Edition)
rockchip-armv8
~~~~~~~~~~~~~~
- FriendlyElec
- NanoPi R2S
mpc85xx-p1010
~~~~~~~~~~~~~
- Sophos
- RED 15w rev. 1
mpc85xx-p1020
~~~~~~~~~~~~~
- Extreme Networks
- WS-AP3825i
Removed Devices
---------------
This list contains devices which do not have enough memory or flash to
be operated with this Gluon release.
- D-Link
- DIR-615 (C1, D1, D2, D3, D4, H1)
- Linksys
- WRT160NL
- TP-Link
- TL-MR13U (v1)
- TL-MR3020 (v1)
- TL-MR3040 (v1, v2)
- TL-MR3220 (v1, v2)
- TL-MR3420 (v1, v2)
- TL-WA701N/ND (v1, v2)
- TL-WA730RE (v1)
- TL-WA750RE (v1)
- TL-WA801N/ND (v1, v2, v3)
- TL-WA830RE (v1, v2)
- TL-WA850RE (v1)
- TL-WA860RE (v1)
- TL-WA901N/ND (v1, v2, v3, v4, v5)
- TL-WA7210N (v2)
- TL-WA7510N (v1)
- TL-WR703N (v1)
- TL-WR710N (v1, v2)
- TL-WR740N (v1, v3, v4, v5)
- TL-WR741N/ND (v1, v2, v4, v5)
- TL-WR743N/ND (v1, v2)
- TL-WR840N (v2)
- TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
- TL-WR841N/ND (v1, v2)
- TL-WR843N/ND (v1)
- TL-WR940N (v1, v2, v3, v4, v5, v6)
- TL-WR941ND (v2, v3, v4, v5, v6)
- TL-WR1043N/ND (v1)
- WDR4900
- Ubiquiti
- AirGateway
- AirGateway Pro
- AirRouter
- Bullet
- LS-SR71
- Nanostation XM
- Nanostation Loco XM
- Picostation
- Unknown
- A5-V11
- VoCore
- VoCore (8M, 16M)
Atheros target migration
------------------------
All Atheros MIPS devices built with the ``ar71xx-generic``,
``ar71xx-nand`` as well as ``ar71xx-tiny`` were deprecated upstream and
are therefore not available with Gluon anymore.
Many devices previously built with ``ar71xx-generic`` and
``ar71xx-nand`` are now available with the ``ath79-generic`` as well as
``ath79-nand`` target respectively.
Missing devices
~~~~~~~~~~~~~~~
The following devices have not yet been integrated into Gluons ath79
targets.
- 8Devices
- Carambola 2
- Aerohive
- HiveAP 121
- Allnet
- ALL0315
- Buffalo
- WZR-HP-G300NH2
- WZR-HP-G450H
- GL.iNet
- 6408A v1
- NETGEAR
- WNDR4300
- WNDRMAC
- WNDRMAC v2
- TP-Link
- WR2543
- Ubiquiti
- Rocket
- WD
- MyNet N600
- MyNet N750
- ZyXEL
- NB6616
- NB6716
Features
--------
WireGuard
~~~~~~~~~
Gluon got WireGuard support. This allows offloading **encrypted**
connections into kernel space, increasing performance by forwarding
packets without the need for context switches between user and kernel
space.
In order to reuse existing (already verified) fastd-keypairs for
WireGuard, a key derivation procedure is `currently being
developed <https://github.com/freifunk-gluon/gluon/pull/2601>`__. This
should ease migration from fastd to WireGuard in case whitelisting VPN
keys is desired.
fastd L2TP
~~~~~~~~~~
fastd can now act as a connection broker for unencrypted L2TP-based
tunneling within Gluons mesh-vpn framework. This new ``null@l2tp``
connection method allows for increased performance within existing
fastd setups.
In addition to a sufficiently
:ref:`configured fastd-based VPN server<vpn-gateway-configuration>`,
this requires further modifications to a sites :ref:`VPN fastd methods<VPN fastd methods>`.
Major changes
-------------
OpenWrt
~~~~~~~
This release is based on the newest OpenWrt 22.03 release branch.
It ships with Linux kernel 5.10 as well as wireless-backports 5.15.
Network changes (DSA / Upgrade-Behavior)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``ramips-mt7621`` and ``lantiq-xrx200`` targets now use the upstream DSA
subsystem instead of OpenWrt swconfig for managing ethernet switches.
Gluon detects the existing user-intent and automatically applies it over
to DSA syntax. See the section about network reconfiguration for more
details.
System reconfiguration
~~~~~~~~~~~~~~~~~~~~~~
The network and system-LED configurations are now re-generated after
each update / invocation of ``gluon-reconfigure``.
The user-intent is preserved within Gluon’s implemented functionality
(Wired-Mesh / Client access / WAN).
As an additional feature, Gluon now supports assigning roles to
interfaces. This behavior is explained
:ref:`here<wired-mesh-commandline>`.
Site changes
------------
VPN provider MTU
~~~~~~~~~~~~~~~~
To account for multiple VPN methods available for a site, the MTU used
for the VPN tunnel connection is now moved to the specific VPN provider
configuration. For fastd this means that ``mesh_vpn.mtu`` needs to be
moved to ``mesh_vpn.fastd.mtu``. (`#2352 <https://github.com/freifunk-gluon/gluon/pull/2352>`__)
Preconfigured Interfaces Roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instead of ``mesh_on_wan`` and ``mesh_on_lan`` there is now an
``interfaces`` block to configure the default behavior of network
interfaces. Details can be found in the
:ref:`documentation<user-site-interfaces>`.
Minor changes
-------------
- The ``brcm2708-bcm2708`` ``brcm2708-bcm2709`` ``brcm2708-bcm2710``
targets were renamed to ``bcm27xx-bcm2708`` ``bcm27xx-bcm2709`` and
``bcm27xx-bcm2710``
- The GL.iNet GL-AR750S was moved to the ``ath79-nand`` subtarget
- Gluon now ships the ath10k-ct firmware derivation for
QCA9886 / QCA9888 / QCA9896 / QCA9898 / QCA9984 /
QCA9994 / IPQ4018 / IPQ4028 / IPQ4019 / IPQ4029
radios (`#2541 <https://github.com/freifunk-gluon/gluon/pull/2541>`__)
- WolfSSL instead of OpenSSL is now used when built with WPA3 support
- The option to configure the wireless-channel independent from the
site-selected channel was moved from
``gluon-core.wireless.preserve_channels`` to
``gluon.wireless.preserve_channels``
- ``gluon-info`` is a new command that provides information about the
current node
- ``GLUON_DEPRECATED`` is now set to 0 by default
- To reboot a running gluon-node into setup-mode, Gluon now offers the
``gluon-enter-setup-mode`` command
- Devices without WLAN do not show the private-wifi configuration
anymore
- The Autoupdater now uses the site default branch in case it is
configured to use a non-existent / invalid branch
Known issues
------------
* A workaround for Android devices not waking up to their MLD subscriptions was removed,
potentially breaking IPv6 connectivity for these devices after extended sleep periods.
(`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2023.1.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.1.1
==============
This is the first service release for the Gluon 2023.1.x line, fixing regressions reported by
the community.
Important notes
---------------
Upgrades to this version are only supported from releases v2021.1 and later.
**Note:**
This release was found to be soft-bricking AVM Fritz!Box 7520 and 7530.
We advice to not offer the release for these two devices until this gets fixed.
Affected devices can be recovered to Fritz!OS and then reinstalled by using the (`AVM Recovery Tool <http://ftp.avm.de/fritzbox/fritzbox-7530/other/recover/>`_)
Bugfixes
--------
- x86: fix config loss during direct upgrades from v2021.1.x to v2023.1.x (`#2972 <https://github.com/freifunk-gluon/gluon/pull/2972>`_)
- tunneldigger: fix regression in v2023.1 caused by a always failing watchdog script resulting in endless restarts (`#2987 <https://github.com/freifunk-gluon/gluon/pull/2987>`_)
- tunneldigger: fix regression in v2023.1 with DNS lookups not using the wan-dnsmasq (`#3001 <https://github.com/freifunk-gluon/gluon/pull/3001>`_)
- gluon-wan-dnsmasq: fix regression in v2023.1 with restart handling and disable DNS caching on the WAN side (`#2991 <https://github.com/freifunk-gluon/gluon/pull/2991>`_)
- D-Link DIR-860L B1: fix regression in v2023.1 that prevented direct upgrades from v2021.1.x to v2023.1.x (`#2990 <https://github.com/freifunk-gluon/gluon/pull/2990>`_)
- Fix build issues with groff 1.23.0+ on the build host (`#3001 <https://github.com/freifunk-gluon/gluon/pull/3001>`_)
Known issues
------------
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
* EFI only systems won't boot due to removed EFI support (introduced in v2023.1). This was necessary to work around a bug that
causes a config loss during direct upgrades from v2021.1.x to v2023.1.x with the *x86-64*, *x86-generic* and *x86-legacy* targets
(`#2967 <https://github.com/freifunk-gluon/gluon/issues/2967>`_).
It is planned that the next major release will reintroduce EFI support.
* AVM Fritz!Box 7520 and 7530 get soft-bricked by this release. The issue was introduced by a kernel bump.
(`#3023 <https://github.com/freifunk-gluon/gluon/issues/3023>`_)
docs/releases/v2023.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.1
============
Important notes
---------------
Upgrades to v2023.1 and later releases are only supported from releases v2021.1 and later.
This is due to migrations that have been removed to simplify maintenance.
**Note:**
Due to a bug, configuration is lost on upgrades from Gluon v2021.1.x on the *x86-64*,
*x86-generic* and *x86-legacy* targets, returning nodes to config mode. If your
network is still running a Gluon version older than v2022.1, it is recommended to
skip v2023.1 and wait for the v2023.1.1 release.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- Extreme Networks
- WS-AP3805i
ath79-nand
~~~~~~~~~~
- GL.iNet
- GL-XE300
ramips-mt7621
~~~~~~~~~~~~~
- TP-Link
- EAP615-Wall
- Wavlink
- WS-WN572HP3 4G
ramips-mt76x8
~~~~~~~~~~~~~
- TP-Link
- TL-MR6400 (v5)
Features
--------
DNS Caching
~~~~~~~~~~~
DNS caching using the dnsmasq resolver is reintroduced.
See the :ref:`DNS caching documentation <dns-caching>` section for
details on how to enable this feature.
Cellular Modem Support
~~~~~~~~~~~~~~~~~~~~~~
Support for using cellular data connections as the primary uplink connection has been added
to Gluon. This is supported for hardware that comes with a built-in cellular modem. The required user
configuration for the APN and SIM-PIN can be performed in the Advanced Settings in Config Mode.
To use this feature in config-mode, the ``web-cellular`` needs to be enabled in ``site.mk``.
Interface Role UI
~~~~~~~~~~~~~~~~~
Interface Roles can now be assigned from the Network page of the Advanced Settings
in Config Mode. This configuration is preserved on Gluon upgrades.
WireGuard Key Translation
~~~~~~~~~~~~~~~~~~~~~~~~~
This release adds a new mechanism for seamlessly translating existing fastd private keys on the nodes into
equivalent WireGuard keys. The corresponding public keys can be translated **separately** on the servers.
This mitigates the need to re-exchange public keys for communities when migrating to WireGuard-based VPN.
See the :ref:`gluon-mesh-vpn-key-translate <gluon-mesh-vpn-key-translate>` section for details.
Bugfixes
--------
- Custom channel lists using a radios ``channels`` UCI option are now preserved on upgrade
in case ``gluon.wireless.preserve_channels`` is set.
- Custom HT modes for radios are now preserved when ``gluon.wireless.preserve_channels``
is set.
- Broken mesh links between MediaTek 11ax and Qualcomm 11ac hardware are worked around. (`#2905 <https://github.com/freifunk-gluon/gluon/pull/2905>`_)
- Fixed a bug in the MediaTek MT7621 NAND driver that caused devices to end in a bootlooping state
after the initial installation.
Minor changes
-------------
- .. rst-class:: strike
Images built for the ``x86`` targets are now natively bootable on
EFI systems without CSM or BIOS support modes.
EFI support was found to break upgrades from Gluon v2021.1.x. It will be removed from
v2023.1.x to be reintroduced in a later release.
Known issues
------------
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
* Configuration is lost on upgrades from Gluon v2021.1.x on the *x86-64*, *x86-generic* and *x86-legacy* targets,
returning nodes to config mode
(`#2967 <https://github.com/freifunk-gluon/gluon/issues/2967>`_)
docs/releases/v2023.2.1.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.2.1
==============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- Ubiquiti
- UniFi Swiss Army Knife Ultra
ramips-mt7621
~~~~~~~~~~~~~
- D-Link
- COVR-X1860 (A1)
Minor changes
-------------
* Nodes using a fastd VPN connection now report the negotiated method on the status page
(`#2465 <https://github.com/freifunk-gluon/gluon/issues/2465>`_)
Bugfixes
--------
* Fixed hostapd being unable to start an AP when selecting channel 116/120 with HT40
(`#3165 <https://github.com/freifunk-gluon/gluon/issues/3165>`_)
* Fixed occasional reboot issues on some TP-Link WDR3600 and WDR4300 devices
(`Upstream <https://github.com/openwrt/openwrt/issues/13043>`_)
(`#2904 <https://github.com/freifunk-gluon/gluon/issues/2904>`_)
Known issues
------------
* Unstable wireless with certain MediaTek devices (`#3154 <https://github.com/freifunk-gluon/gluon/issues/3154>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2023.2.2.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.2.2
==============
Bugfixes
--------
* Fixed a bug where nodes connected using VXLAN would lose connectivity to all but one neighbor
(`#3191 <https://github.com/freifunk-gluon/gluon/issues/3191>`_)
* fastd-l2tp VPN did not re-generate the flow-label for the inner-tunnel traffic,
breaking QoS mechanisms
(`#3203 <https://github.com/freifunk-gluon/gluon/issues/3203>`_)
* Fixed silent-failures when image-customization files were not valid
(`#3218 <https://github.com/freifunk-gluon/gluon/issues/3218>`_)
* Multicast-snooping did stop working after extended uptime periods
(`#3176 <https://github.com/freifunk-gluon/gluon/issues/3176>`_)
Known issues
------------
* Unstable wireless with certain MediaTek devices (`#3154 <https://github.com/freifunk-gluon/gluon/issues/3154>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2023.2.3.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.2.3
==============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- NETGEAR
- WNDRMAC v2
mpc85xx-p1020
~~~~~~~~~~~~~
- Hewlett-Packard
- MSM460
Bugfixes
--------
* Factory images for TP-Link Archer C7 v2 now contain the correct region code
(`#3260 <https://github.com/freifunk-gluon/gluon/issues/3260>`_)
* Fixed an issue where some bootloader versions of the NETGEAR EX6150 v2 failed
to boot Gluon images in rare cases
(`Upstream <https://github.com/openwrt/openwrt/commit/de59fc45402ff03e320264c8204f6928090534ad>`_)
* Fixed boot procedure becoming stuck on Enterasys WS-AP3710i devices
(`#3248 <https://github.com/freifunk-gluon/gluon/issues/3248>`_)
Known issues
------------
* Unstable wireless with certain MediaTek devices (`#3154 <https://github.com/freifunk-gluon/gluon/issues/3154>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2023.2.4.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.2.4
==============
Added hardware support
----------------------
ramips-mt7620
~~~~~~~~~~~~~
- NETGEAR
- EX6130
ramips-mt7621
~~~~~~~~~~~~~
- Xiaomi
- Mi Router 4A (Gigabit Edition v2)
ramips-mt76x8
~~~~~~~~~~~~~
- TP-Link
- RE200 (v4)
Bugfixes
--------
* Fixed an issue where Enterasys WS-AP3710i devices regularly boot with all-zero MAC-addresses in previous releases
* Detection of `swconfig` based switch architecture has been fixed (`#3309 <https://github.com/freifunk-gluon/gluon/pull/3309>`_)
* Fixed an issue where the AVM FRITZ!Box 4040 used an incorrect primary MAC address
(`Upstream <https://github.com/openwrt/openwrt/commit/87fbb5085d7e290b0ba536ad7d0876c4224723a6>`_)
Known issues
------------
* Unstable wireless with certain MediaTek devices (`#3154 <https://github.com/freifunk-gluon/gluon/issues/3154>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/releases/v2023.2.rst 0 → 100644
View file @ e13ecb01
Gluon 2023.2
============
Important notes
---------------
Upgrades to v2023.2 and later releases are only supported from releases v2022.1 and later.
This is due to migrations that have been removed to simplify maintenance.
Deprecation of Tunneldigger VPN
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tunneldigger is set to be removed from the Gluon base repository in the next major Gluon release. It is recommended
to migrate to fastd or WireGuard. Tunneldigger will be moved to the
community-packages repository and can be installed from there as an alternative.
Site changes
------------
Image customization
~~~~~~~~~~~~~~~~~~~
``GLUON_FEATURES`` and ``GLUON_PACKAGES`` have been replaced by a more flexible customization framework
based on Lua. Feature and Package selection can be specified more granularly at both target and device level.
All site configs need to be updated. Configuration like the following
must be removed from ``site.mk``:
.. code-block:: make
GLUON_FEATURES := \
autoupdater \
mesh-batman-adv-15 \
mesh-vpn-fastd \
respondd \
status-page \
web-advanced \
web-wizard
GLUON_FEATURES_standard := \
wireless-encryption-wpa3
GLUON_SITE_PACKAGES := iwinfo
It is replaced by a new file ``image-customization.lua`` with content
like the following:
.. code-block:: lua
features({
'autoupdater',
'mesh-batman-adv-15',
'mesh-vpn-fastd',
'respondd',
'status-page',
'web-advanced',
'web-wizard',
})
if not device_class('tiny') then
features({
'wireless-encryption-wpa3',
})
end
packages({'iwinfo'})
Additionally, this framework also allows communities to specify which devices should or should not be built.
For more information, see the :ref:`image customization documentation <site-image-customization>`.
Added hardware support
----------------------
armsr-armv7
~~~~~~~~~~~
- Arm
- Arm SystemReady 32-bit (EFI) [#virt]_
armsr-armv8
~~~~~~~~~~~
- Arm
- Arm SystemReady 64-bit (EFI) [#virt]_
.. [#virt]
The ArmSR targets can be used for running Gluon as a Virtual Machine on
Arm systems.
ath79-generic
~~~~~~~~~~~~~
- AVM
- FRITZ!Repeater 1750E
- Sophos
- AP100
- AP100c
- AP55
- AP55c
- TP-Link
- Archer C60 (v1)
- EAP225-Outdoor v3
- TL-WR2543N/ND (v1)
ath79-mikrotik
~~~~~~~~~~~~~~
- MikroTik
- wAPR-2nD (wAP R)
ipq40xx-generic
~~~~~~~~~~~~~~~
- ZTE
- MF289F
mediatek-filogic
~~~~~~~~~~~~~~~~
- ASUS
- TUF-AX4200
- Cudy
- WR3000 (v1)
- GL.iNet
- GL-MT3000
- NETGEAR
- WAX220
- Ubiquiti
- Unifi 6 Plus
- ZyXEL
- NWA50AX Pro
mpc85xx-p1010
~~~~~~~~~~~~~
- Enterasys
- WS-AP3715i
ramips-mt7621
~~~~~~~~~~~~~
- TP-Link
- EAP615-Wall
- Wavlink
- WS-WN572HP3 4G
ramips-mt76x8
~~~~~~~~~~~~~
- ASUS
- RT-AX53U
- ZyXEL
- WSM20
Removed hardware support
------------------------
ath79-generic
~~~~~~~~~~~~~
- TP-Link
- Archer C60 (v1)
- RE355
- RE450 (v1)
- Ubiquiti
- NanoBeam 5AC 19 (XC) [#airmax]_
- NanoBeam M5 (XW) [#airmax]_
- NanoStation Loco M2/M5 (XW) [#airmax]_
- NanoStation M2/M5 (XW) [#airmax]_
.. [#airmax]
Ubiquiti airMax devices have been removed temporarily due to an unsolved issue with the flash write-protect.
They will eventually be re-added once the issue has been fixed upstream.
(`#2939 <https://github.com/freifunk-gluon/gluon/issues/2939>`_)
ramips-mt7621
~~~~~~~~~~~~~
- TP-Link
- RE305
Features
--------
TLS support
~~~~~~~~~~~
Gluon now provides HTTPS client support when the `tls` feature is included in the site
configuration, allowing nodes to establish encrypted connections to autoupdater mirrors,
opkg repositories and other HTTPS servers.
Existing site configurations that add libustream TLS packages should switch to the `tls`
feature instead, which will always include the recommended TLS implementation as well
as common CA certificates (`ca-bundle`).
EFI images
~~~~~~~~~~
Gluon x86-64 images now support systems using EFI boot. The same images are still compatible
with legacy MBR boot methods.
Support for CAKE with fastd
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gluon now supports CAKE as a QoS mechanism with fastd. It is automatically enabled with devices
offering at least 200MB of system memory. CAKE is enabled when throughput limits are configured
for the mesh-VPN.
For more information about the technical details, see the
(`OpenWrt wiki <https://openwrt.org/docs/guide-user/network/traffic-shaping/sqm>`_).
Support can be activated by including the `mesh-vpn-sqm` feature in the site configuration.
Docker container
~~~~~~~~~~~~~~~~
The Gluon build-container is now published to the GitHub container registry.
The container contains all the tools required to build Gluon images from source.
See the (`container registry <https://github.com/freifunk-gluon/gluon/pkgs/container/gluon-build>`_) for more information.
GitHub actions
~~~~~~~~~~~~~~
Gluon build tests now run inside a Docker container built from the gluon-build Dockerfile of the same version.
Bugfixes
--------
- Fixed script failure when reconfiguring interface groups without an assigned role.
- Host tools used to be built twice on first compilation.
Major changes
-------------
This release is based on the newest OpenWrt 23.05 release branch.
It ships with Linux kernel 5.15.y, wireless-backports 6.1.24 and batman-adv 2023.1.
Minor changes
-------------
- D-Link DIR-825 B1 factory images are no longer built due to size constraints.
Please use a recent OpenWrt 23.05 image for factory installation and install Gluon
using sysupgrade.
- The robots.txt now prohibits crawling the status page.
- Changed the order in which Gluon installs packages into the OpenWrt build system
to favor Gluon and site packages over upstream OpenWrt packages.
- If enough nodes are updated, the batman-adv multicast optimizations originally introduced in Gluon 2021.1 for link-local IPv6 multicast addresses
will be applied within the domain to routable IPv6 multicast addresses.
- Gluon now uses mbedtls instead of WolfSSL for hostapd and wpa-supplicant.
Known issues
------------
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
docs/requirements.txt 0 → 100644
View file @ e13ecb01
Sphinx==7.1.2
sphinx-rtd-theme==2.0.0
docs/site-example/i18n/de.po
View file @ e13ecb01
......@@ -45,11 +45,11 @@ msgstr ""
"selbstverständlich vertraulich behandelt und nicht weitergegeben."
"</p>"
"<div class=\"the-key\">"
"# <%= pcdata(hostname) %><br />"
"# <%= pcdata(hostname) %><br>"
"<%= pubkey %>"
"</div>"
"<p>Dein Knoten startet gerade neu und wird anschließend versuchen, sich mit "
"anderen Freifunkknoten in seiner Nähe über WLAN sowie über deine"
"anderen Freifunkknoten in seiner Nähe über WLAN sowie über deine "
"Internetverbindung über das VPN-Gateway zu verbinden.</p>"
"<p>Vergiss nicht das Netzwerkkabel vom LAN Port in den WAN Port "
"umzustecken.</p>"
......@@ -58,10 +58,10 @@ msgid "gluon-config-mode:novpn"
msgstr ""
"<p><strong>Du hast ausgewählt die Internetverbindung (Mesh-VPN) nicht zu "
"nutzen</strong>. Dein Knoten kann also nur dann eine Verbindung zum "
"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind."
"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind.</p>"
"<p>Bitte schicke uns eine E-Mail mit dem Namen deines Knotens "
"(<em><%= pcdata(hostname) %></em>) und ein paar Informationen an <a href="
"\"mailto:freifunk-keys@lists.in-kiel.de?"
"\"mailto:kontakt@alpha-centauri.freifunk.net?"
"subject=<%= urlencode('Anmeldung: ' .. hostname) %>&amp;"
"body=<%= urlencode('# ' .. hostname .. '\n# ' .. sysconfig.primary_mac .. '\n# kein mesh-VPN') %>"
"<%= urlencode('\n\nIch habe zur Kenntnis genommen, dass der im ') %>"
......
docs/site-example/i18n/en.po
View file @ e13ecb01
......@@ -41,7 +41,7 @@ msgstr ""
"\">keys@alpha-centauri.freifunk.net</a>. Of course, your e-mail address will "
"be treated confidentially and will not be passed on.</p>"
"<div class=\"the-key\">"
" # <%= pcdata(hostname) %><br />"
" # <%= pcdata(hostname) %><br>"
"<%= pubkey %>"
"</div>"
"<p>Your node <em><%= pcdata(hostname) %></em> is currently rebooting and will "
......@@ -55,9 +55,9 @@ msgstr ""
"<p>You have selected <strong>not</strong> to use the mesh VPN. "
"Your node will only be able to connect to the Freifunk network if other nodes "
"in reach already have a connection.</p>"
"Please send an e-mail with the name of your node "
"<p>Please send an e-mail with the name of your node "
"(<em><%=pcdata(hostname)%></em>) and some additional information to "
"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject="
"<a href=\"mailto:kontakt@alpha-centauri.freifunk.net?subject="
"<%= urlencode('Registration: ' .. hostname) %>&amp;body="
"<%= urlencode('# ' .. hostname .. '\n# ' .. sysconfig.primary_mac .. '\nkey ') %>"
"%22<%= pubkey %>%22;"
......@@ -65,7 +65,7 @@ msgstr ""
"<%= urlencode('node is publicly available on the Internet and can be ') %>"
"<%= urlencode('used by any services (e.g. the meshviewer map).') %>"
"<%= urlencode('\n\nThanks, \n\n') %>"
"\">keys@alpha-centauri.freifunk.net</a>. Of course, your e-mail address will "
"\">kontakt@alpha-centauri.freifunk.net</a>. Of course, your e-mail address will "
"be treated confidentially and will not be passed on.</p>"
"<p>Your node <em><%= pcdata(hostname) %></em> is currently rebooting and will "
"try to connect to other nearby Freifunk nodes after that.</p>"
......