Route traffic over Serval proxy for end-to-end encryption.

[jheretic]

The Serval Project is implementing a generic proxy for network traffic. We should, by default for a secure network, route all traffic over this proxy so that it is end-to-end encrypted.

[westbywest]

Would it make sense to offer the option to explicitly select serval-encrypted tunnels in QuickStart? Likewise, implement a straightforward on/off checkbox in luci to toggle serval tunnels for nodes that have already completed Quickstart? serval is definitely a viable option for encrypted tunnels, like tinc or even n2n, but it has so far shown to have large memory demands and affect nodes' stability.

[jheretic]

I guess if we have robust per-interface configuration, we might want to select on a per-interface basis whether ALL traffic is routed over Serval, or whether we just provide a proxy. That's largely a UI and documentation issue. I'll go ahead and flag this for the UI review, so that we can address the question. Thanks, that's a good point about how we present options.

We could potentially support a different tunneling solution, but I would like to focus on bugfixing and improving one cryptosystem vs. supporting multiple in parallel, as much as possible. But ultimately, I see all of this as fairly pluggable, so that even if OTI doesn't implement, say, a tinc or ipsec or n2n based backhaul transport for v1, someone else could write a Commotiond plugin that would implement that functionality without having to rewrite all the interfaces and other pieces.

[critzo]

Once this functionality is in place within Serval, we need these UI options in Commotion OpenWRT:

• Disable/Enable SOCKS proxy on this interface
• Route all traffic on this interface through SOCKS proxy

Not an R1 target. Tagging for future point release.