T_RELEASE_v1.4.0rc2

- update bmxd to version 1.1
	- parameter changed/added
	- retrigger gw selection
	- fix community gw selection
	- disable bmxd debug traces (syslog)
	- change script to keep created container to regenerate deb-packages
- sysinfo: prevent synatax error then we use sh/dash

T_RELEASE_v1.4.0rc1

- remove ubuntu 16.04 support
- add support for debian 11
- update missing deps for ubuntu 20.04 support
- update fastd2 to v22
- update bmxd to version 1.0
	- move bmxd build script to [ffdd-bmxd repo](https://github.com/Freifunk-Dresden/ffdd-bmxd)
- add ipip tunnel as alternative to bat0
- add check-script for new uci config options
- add speedtest-backend for speedtest.ffdd
- some small bug fixes

T_RELEASE_v1.3.0

version 1.3.0

Notice:
In the current version the configuration management changes from nvram (/etc/nvram.conf) to uci (/etc/config/ffdd)!
You can find a complete example configuration in /etc/config/ffdd_sample.

The current nvram.conf will be migrated automatically to uci!

This update is not carried out automatically and must be done manually be performed.
use: bash -c "$(wget http://2ffd.de/ffdd-server_manuell_update -O -)" or freifunk-manuell_update.sh

we also update development commands in the init_server.sh - please see readme.md part.

Please reboot the Server after upgrade.

version 1.3.0rc10

- typo fix in README.md
- optimize fastd.sls
- apache: ssl dhparm creation fix
- uci: add develop mode option to disable automatic salt runs and autoupdates.
- monitorix/vnstat: add tbb_wg backbone interface
- sysinfo:
	- update to v17
	- display wg_pubkey
- wireguard:
	- optimize wg-backbone / wg.cgi apache directory solution
	- add /usr/local/bin/wg-backbone.sh start after boot
	- update wg.cgi and add config file

version 1.3.0rc9

- reduce amount of looging to /var/log/* for openvpn and fastd (disk-full)
- add missing parameter when updating server (init_server.sh)

version 1.3.0rc8

- logrotate after 1M log file sizes (avoid disk-full issues)

version 1.3.0rc7

- Fix MTU for wireguard interface on DS-Lite
- wg-register API added (still testing)

version 1.3.0rc6

- add ubuntu 20.04 support
- add wireguard outgoing connections
- change some options for init_server.sh (so it does not start installation without "-i" option. this is more secure and analog to other tools like dpkg, apt-get, apt and more. This is crucial to avoid accidental installations on wrong systems (the Y/N questions did not help me, to prevent that). Also user will see that there is a "help" provided with this script. I also added an option to define debug level during salt operation. vpn1, vpn12 and node 0 are running this version currently

version 1.3.0rc5

This release adds an extra rule to redirect local generated icmp "fragmentation needed" to vpn tunnel instead of server network interface.
The problem is that Hetzner "disconnects" the host from network when it detects traffic that does not belong to any traffic it knows.

When a freifunk client makes a request to external web servers, this request goes out through a VPN tunnel. Answers that are too big to fit into tbb_fastd2 network interface because of the lower MTU 1200, will cause the kernel to generate icmp "fragmentation needed". Normally those packets travel through the gateway. But those answers must go back through the VPN tunnel.

version 1.3.0rc4

- fastd build process
- wireguard repo Ausschluss (unstable)
- salt repo for Debian 9 und Ubuntu 16.04 (update)

version 1.3.0rc3

- fix openvpn dns

version 1.3.0rc2

- fix openvpn bind configuration
- fix wireguard-backbone script source and cronjob

version 1.3.0rc1

- add uci config management
	- change nvram to uci
- bmxd:
	- change from manuell build to package installation
	- allow to define a list of mesh interfaces (ffdd.sys.bmxd_mesh_if)
- fastd:
	- update to v21
	- add white/blacklists for better connection control
	- fix `add_connect`
- internal dns:
	- update zone .ffdd
	- add wildcard entries for gateway subdomains
- apache:
	- add option to disable apache ddos prevention
	- allow additional config for virtualhost on port 80 and 443
- add wan-traffic stat to sysinfo.json
- optimize freifunk-manuell_update.sh to use init_server.sh
- reduced process priority for salt
- increase fail2ban maxretry
- fix ntp.service to wait for bat0 interface
- fix pb requirement
- fix some bugs in network and firewall scripts
- some small code optimizations

T_RELEASE_v1.3.0rc10

- typo fix in README.md
- optimize fastd.sls
- apache: ssl dhparm creation fix
- uci: add develop mode option to disable automatic salt runs and autoupdates.
- monitorix/vnstat: add tbb_wg backbone interface
- sysinfo:
	- update to v17
	- display wg_pubkey
- wireguard:
	- optimize wg-backbone / wg.cgi apache directory solution
	- add /usr/local/bin/wg-backbone.sh start after boot
	- update wg.cgi and add config file

T_RELEASE_v1.3.0rc

version 1.3.0

Notice:
In the current version the configuration management changes from nvram (/etc/nvram.conf) to uci (/etc/config/ffdd)!
You can find a complete example configuration in /etc/config/ffdd_sample.

The current nvram.conf will be migrated automatically to uci!

This update is not carried out automatically and must be done manually be performed.
use: bash -c "$(wget http://2ffd.de/ffdd-server_manuell_update -O -)" or freifunk-manuell_update.sh

we also update development commands in the init_server.sh - please see readme.md part.

Please reboot the Server after upgrade.

version 1.3.0rc10

- typo fix in README.md
- optimize fastd.sls
- apache: ssl dhparm creation fix
- uci: add develop mode option to disable automatic salt runs and autoupdates.
- monitorix/vnstat: add tbb_wg backbone interface
- sysinfo:
	- update to v17
	- display wg_pubkey
- wireguard:
	- optimize wg-backbone / wg.cgi apache directory solution
	- add /usr/local/bin/wg-backbone.sh start after boot
	- update wg.cgi and add config file

version 1.3.0rc9

- reduce amount of looging to /var/log/* for openvpn and fastd (disk-full)
- add missing parameter when updating server (init_server.sh)

version 1.3.0rc8

- logrotate after 1M log file sizes (avoid disk-full issues)

version 1.3.0rc7

- Fix MTU for wireguard interface on DS-Lite
- wg-register API added (still testing)

version 1.3.0rc6

- add ubuntu 20.04 support
- add wireguard outgoing connections
- change some options for init_server.sh (so it does not start installation without "-i" option. this is more secure and analog to other tools like dpkg, apt-get, apt and more. This is crucial to avoid accidental installations on wrong systems (the Y/N questions did not help me, to prevent that). Also user will see that there is a "help" provided with this script. I also added an option to define debug level during salt operation. vpn1, vpn12 and node 0 are running this version currently

version 1.3.0rc5

This release adds an extra rule to redirect local generated icmp "fragmentation needed" to vpn tunnel instead of server network interface.
The problem is that Hetzner "disconnects" the host from network when it detects traffic that does not belong to any traffic it knows.

When a freifunk client makes a request to external web servers, this request goes out through a VPN tunnel. Answers that are too big to fit into tbb_fastd2 network interface because of the lower MTU 1200, will cause the kernel to generate icmp "fragmentation needed". Normally those packets travel through the gateway. But those answers must go back through the VPN tunnel.

version 1.3.0rc4

- fastd build process
- wireguard repo Ausschluss (unstable)
- salt repo for Debian 9 und Ubuntu 16.04 (update)

version 1.3.0rc3

- fix openvpn dns

version 1.3.0rc2

- fix openvpn bind configuration
- fix wireguard-backbone script source and cronjob

version 1.3.0rc1

- add uci config management
	- change nvram to uci
- bmxd:
	- change from manuell build to package installation
	- allow to define a list of mesh interfaces (ffdd.sys.bmxd_mesh_if)
- fastd:
	- update to v21
	- add white/blacklists for better connection control
	- fix `add_connect`
- internal dns:
	- update zone .ffdd
	- add wildcard entries for gateway subdomains
- apache:
	- add option to disable apache ddos prevention
	- allow additional config for virtualhost on port 80 and 443
- add wan-traffic stat to sysinfo.json
- optimize freifunk-manuell_update.sh to use init_server.sh
- reduced process priority for salt
- increase fail2ban maxretry
- fix ntp.service to wait for bat0 interface
- fix pb requirement
- fix some bugs in network and firewall scripts
- some small code optimizations

T_RELEASE_v1.3.0rc9

• reduce amount of looging to /var/log/* for openvpn and fastd (disk-full)
• add missing parameter when updating server (init_server.sh)

T_RELEASE_v1.3.0rc8

• logrotate after 1M log file sizes (avoid disk-full issues)

T_RELEASE_v1.3.0rc7

• Fix MTU for wireguard interface on DS-Lite
• wg-register API added (still testing)

T_RELEASE_v1.3.0rc6

• add ubuntu 20.04 support
• add wireguard outgoing connections
• change some options for init_server.sh (so it does not start installation without "-i" option. this is more secure and analog to other tools like dpkg, apt-get, apt and more. This is crucial to avoid accidental installations on wrong systems (the Y/N questions did not help me, to prevent that). Also user will see that there is a "help" provided with this script. I also added an option to define debug level during salt operation.
  vpn1, vpn12 and node 0 are running this version currently

T_RELEASE_v1.3.0rc5

This release adds an extra rule to redirect local generated icmp "fragmentation needed" to vpn tunnel instead of server network interface.
The problem is that Hetzner "disconnects" the host from network when it detects traffic that does not belong to any traffic it knows.

When a freifunk client makes a request to external web servers, this request goes out through a VPN tunnel. Answers that are too big to fit into tbb_fastd2 network interface because of the lower MTU 1200, will cause the kernel to generate icmp "fragmentation needed". Normally those packets travel through the gateway. But those answers must go back through the VPN tunnel.