diff --git a/build-images.sh b/build-images.sh
index 1b175f2..8174657 100755
--- a/build-images.sh
+++ b/build-images.sh
@@ -9,7 +9,7 @@ images=()
repobase="${REPOBASE:-ghcr.io/nethserver}"
# Configure the image name
reponame="nethsecurity-controller"
-controller_version="2.1.1"
+controller_version="2.2.0"
promtail_image="docker.io/grafana/promtail:3.6.1"
loki_image="docker.io/grafana/loki:2.9.17"
prometheus_image="docker.io/prom/prometheus:v3.7.3"
diff --git a/imageroot/actions/configure-module/20configure b/imageroot/actions/configure-module/20configure
index 81d570e..9f9b594 100755
--- a/imageroot/actions/configure-module/20configure
+++ b/imageroot/actions/configure-module/20configure
@@ -101,6 +101,8 @@ set_route_data = {
if 'lets_encrypt' in request:
set_route_data['lets_encrypt'] = request['lets_encrypt']
+agent.set_route(set_route_data)
+
config["allowed_ips"] = request.get("allowed_ips", [])
# Save configuration to JSON for later user and backup
@@ -131,6 +133,11 @@ with open('config.env', 'w') as env:
if 'maxmind_license' in request:
env.write(f'MAXMIND_LICENSE={request["maxmind_license"]}\n')
env.write(f'RETENTION_DAYS={metrics_retention_days}\n')
+ # OpenVPN MTU and MSSFIX settings
+ tun_mtu = request.get('tun_mtu', 1500)
+ mssfix = request.get('mssfix', 1450)
+ env.write(f'OVPN_TUN_MTU={tun_mtu}\n')
+ env.write(f'OVPN_MSSFIX={mssfix}\n')
server_address = request["ovpn_network"].removesuffix('.0') + '.1'
with open('promtail.env', 'w') as promtail:
diff --git a/imageroot/actions/configure-module/validate-input.json b/imageroot/actions/configure-module/validate-input.json
index 8ce3567..0584b48 100644
--- a/imageroot/actions/configure-module/validate-input.json
+++ b/imageroot/actions/configure-module/validate-input.json
@@ -14,7 +14,11 @@
"loki_retention": 180,
"prometheus_retention": 15,
"maxmind_license": "1234567890",
- "allowed_ips": ["1.2.3.0/24"]
+ "allowed_ips": [
+ "1.2.3.0/24"
+ ],
+ "tun_mtu": 1500,
+ "mssfix": 1450
}
],
"type": "object",
@@ -75,9 +79,21 @@
"description": "List of allowed IPs for the controller",
"items": {
"type": "string",
- "format": "cidr"
+ "format": "cidr"
},
"minItems": 0
+ },
+ "tun_mtu": {
+ "type": "integer",
+ "description": "OpenVPN TUN interface MTU size, default is 1500",
+ "minimum": 576,
+ "default": 1500
+ },
+ "mssfix": {
+ "type": "integer",
+ "description": "OpenVPN MSSFIX value, default is 1450",
+ "minimum": 0,
+ "default": 1450
}
}
}
diff --git a/imageroot/actions/get-configuration/20read b/imageroot/actions/get-configuration/20read
index e972360..f05b949 100755
--- a/imageroot/actions/get-configuration/20read
+++ b/imageroot/actions/get-configuration/20read
@@ -30,7 +30,7 @@ else:
foctet=random.randrange(16,31)
soctet=random.randrange(1,254)
- config = {'host': '', 'lets_encrypt': False, 'ovpn_network': f'172.{foctet}.{soctet}.0', 'ovpn_netmask': '255.255.255.0', 'ovpn_cn': 'nethsec', 'api_user': 'admin', 'api_password': '', 'loki_retention': 180, 'prometheus_retention': 15, 'vpn_port': '', 'allowed_ips': []}
+ config = {'host': '', 'lets_encrypt': False, 'ovpn_network': f'172.{foctet}.{soctet}.0', 'ovpn_netmask': '255.255.255.0', 'ovpn_cn': 'nethsec', 'api_user': 'admin', 'api_password': '', 'loki_retention': 180, 'prometheus_retention': 15, 'vpn_port': '', 'allowed_ips': [], 'tun_mtu': 1500, 'mssfix': 1450}
characters = list(string.ascii_letters + string.digits + "!@#%^+_")
random.shuffle(characters)
diff --git a/imageroot/actions/get-configuration/validate-output.json b/imageroot/actions/get-configuration/validate-output.json
index cd1b1fb..c6724e2 100644
--- a/imageroot/actions/get-configuration/validate-output.json
+++ b/imageroot/actions/get-configuration/validate-output.json
@@ -14,7 +14,11 @@
"ovpn_cn": "nethsec",
"loki_retention": 180,
"maxmind_license": "1234567890",
- "allowed_ips": ["1.2.3.0/24"]
+ "allowed_ips": [
+ "1.2.3.0/24"
+ ],
+ "tun_mtu": 1500,
+ "mssfix": 1450
}
],
"type": "object"
diff --git a/ui/public/i18n/en/translation.json b/ui/public/i18n/en/translation.json
index c7a3fcb..a6fe410 100644
--- a/ui/public/i18n/en/translation.json
+++ b/ui/public/i18n/en/translation.json
@@ -58,9 +58,16 @@
"vpn_port_description": "Units will connect to controller using a VPN connection. Make sure the units can reach the controller on UDP port {port}",
"maxmind_license": "MaxMind license key",
"maxmind_license_helper": "The license key is required to use the MaxMind GeoIP2 database",
+ "maxmind_license_tooltip": "Enable IP geolocations inside Grafana dashboards",
"allowed_ips": "Allowed IPs",
"allowed_ips_helper": "One IPv4 or CIDR per line. Leave empty to allow all IPs",
- "allowed_ips_tooltip": "Required unit version: 8.6 or above. This field is used to restrict the access to the controller. When the access is restriced, units will contact the public register endpoint, then all traffic will go through the VPN."
+ "allowed_ips_tooltip": "Required unit version: 8.6 or above. This field is used to restrict the access to the controller. When the access is restricted, units will contact the public register endpoint, then all traffic will go through the VPN.",
+ "tun_mtu": "TUN MTU",
+ "tun_mtu_helper": "Maximum Transmission Unit for the VPN TUN interface",
+ "tun_mtu_tooltip": "Lower this value if you experience connectivity issues with units",
+ "mssfix": "MSS Fix",
+ "mssfix_helper": "Maximum Segment Size fix for the VPN connections",
+ "mssfix_tooltip": "Change only if you have troubles connecting to units"
},
"about": {
"title": "About"
@@ -100,6 +107,8 @@
"loki_retention_min": "Logs retention must be greater than 1 day",
"invalid_network": "Invalid network, it mus be a class C network like 192.168.200.0",
"invalid_netmask": "Invalid netmask, it must be a valid netmask like 255.255.255.0",
- "invalid_allowed_ips": "Invalid allowed IPs, each entry must be a and IP or CIDR network."
+ "invalid_allowed_ips": "Invalid allowed IPs, each entry must be a and IP or CIDR network.",
+ "tun_mtu_min": "TUN MTU must be at least 576",
+ "mssfix_min": "MSS Fix must be at least 0"
}
}
diff --git a/ui/public/i18n/es/translation.json b/ui/public/i18n/es/translation.json
index f688828..dec8a58 100644
--- a/ui/public/i18n/es/translation.json
+++ b/ui/public/i18n/es/translation.json
@@ -12,7 +12,9 @@
"404": "Recurso no encontrado",
"invalid_user": "Nombre de usuario no válido: debe contener sólo letras y números",
"network_error": "Error de red",
- "validation_error": "Error de validación"
+ "validation_error": "Error de validación",
+ "tun_mtu_min": "TUN MTU debe ser al menos 576",
+ "mssfix_min": "MSS Fix debe ser al menos 0"
},
"settings": {
"user": "Usuario administrador",
diff --git a/ui/public/i18n/it/translation.json b/ui/public/i18n/it/translation.json
index 5b11311..8c9bc9e 100644
--- a/ui/public/i18n/it/translation.json
+++ b/ui/public/i18n/it/translation.json
@@ -12,7 +12,9 @@
"403": "Operazione non autorizzata",
"invalid_cn": "Nome controller non valido: deve contenere solo lettere e numeri",
"invalid_user": "Nome utente non valido: deve contenere solo lettere e numeri",
- "invalid_host": "Nome host non valido: deve essere un FQDN valido"
+ "invalid_host": "Nome host non valido: deve essere un FQDN valido",
+ "tun_mtu_min": "TUN MTU deve essere almeno 576",
+ "mssfix_min": "MSS Fix deve essere almeno 0"
},
"settings": {
"title": "Impostazioni",
diff --git a/ui/src/views/Settings.vue b/ui/src/views/Settings.vue
index 82e9eef..5997a80 100644
--- a/ui/src/views/Settings.vue
+++ b/ui/src/views/Settings.vue
@@ -206,6 +206,23 @@
:passwordHideLabel="$t('password.hide_password')"
:passwordShowLabel="$t('password.show_password')"
>
+ {{
+ $t("settings.maxmind_license_tooltip")
+ }}
+
+
+ {{
+ $t("settings.tun_mtu_tooltip")
+ }}
+
+
+ {{
+ $t("settings.mssfix_tooltip")
+ }}
@@ -231,7 +248,7 @@
ref="allowed_ips"
:invalid-message="$t(error.allowed_ips)"
:helper-text="$t('settings.allowed_ips_helper')"
- :disabled="loading.configureModule"
+ :disabled="stillLoading"
:rows="4"
>
> ip.trim())