Preseeding settings with debconf won't have any effect if the packages
are already installed. Instead, provide an override database to
dpkg-reconfigure.
- Fix code style.
- Keep description and util functions at module level.
- Add license notice to forms file.
- Internationalize and make choice descriptions more informative.
Add a dispatcher script to NetworkManager to configure
B.A.T.M.A.N. Advanced interfaces. This quite a bit hacky at it is
triggered for network connections that have the keyword "BATMAN" in
them. The proper way to implement this is as a core change in
NetworkManager itself (as it lacks plugins). It is done is the hope
that it will garner some more interest in FreedomBox for mesh networks.
Currently, it is possible to create a BATMAN mesh network and shared
existing internet connections on it. Other boxes can then join this
mesh network and use that internet connection.
Known issues:
- Very unintuitive setup process. First create a connection with device
a Wi-Fi device, mode as ad-hoc, with a known frequency and BSSID. The
name of the connection should have contain BATMAN in it. It should
also have IPv4 method as disabled. Second connection should be
created for 'bat0' interface after the first on is successful. It can
be with method 'shared' for sharing internet connection and doing DHCP
requests or 'auto' for aqcuiring IP address from another node in the
mesh network.
- Untested for joining existing mesh networks.
- Requires configuring two network connections and the second one needs
to be manually enabled after the first one is successfully activated.
Select the frequency band (2.4 GHz vs. 5 GHz) is a prerequisite for
selecting the channel. Channel selection is useful primarily as follow:
- Restrict to a particular access point when multiple access points use
the same SSID (AP name) but are available on different frequencies.
- Configure for a particular ad-hoc mesh network.
- Setup multiple access points from a single FreedomBox on multiple
channels to maximize the throughput and number of simultaneous
clients.
Ability to specify a particular BSSID will help associate with a
particular access point when multiple access points use the same
SSID (AP name). This is also makes it slightly harder to trick clients
into connection to a malicious device. Also configuring BATMAN-adv
seems to require setting a particular BSSID.
Disabled IPv4 method allows not configuring IPv4 entirely on network
interfaces as required in some cases.
Also, make sure to internationalize all the choices form values in
network module. There were missed before.
After batman-adv kernel driver takes over the Wi-Fi network interface
and provides a bat0 interface, this interface shows up as device type
'batadv'. This type is not recognized by network manager is dealt with
as a generic device. Configuring this device for IPv4/IPv6 in
auto/shared mode etc. works fine. So, add the ability to configure
generic interfaces.
- Allow users to run regular relays. In addition to that users will be
able to turn them into bridge relays. Like before, by default,
relaying is enabled and the relay type bridge relay.
- Show obfs3/4 transport ports as needing firewall port forwarding only
if bridge relay is enabled.
- Remove pluggable transports configuration from configuration when
bridge rely is disabled.
- Improve description message for relays and bridge relays.
- Do stricter matches when editing configuration file. Earlier
mechanism would match comments etc.
- Move action methods to module core from views.
- During first boot, notify users that console login is restricted and
that they can changed that from security settings.
- Recommend enabling conosle login restrictions. Add message about why
console restrictions are important.
- Show title in security module.
- When Tor hidden service is enable along with regular web server, it is
possible to de-anonymize the server.
- When Tor hidden service is enabled along with Tor relay, the hidden
service can be de-anonymized by sending large traffic observing
traffic patterns published by Tor relay. See:
https://trac.torproject.org/projects/tor/ticket/8742
Warn users not to rely on Tor hidden service functionality for strong
anonymity. We can remove this warning when implement a mechanism to
disable most other services when Tor hidden service is enabled.
