Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Nicolas Wavrant
re6stnet
Commits
39926c6c
Commit
39926c6c
authored
Jul 16, 2012
by
Guillaume Bury
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed certificates CN
parent
8e0a7ede
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
32 additions
and
16 deletions
+32
-16
openvpn.py
openvpn.py
+0
-1
registry.py
registry.py
+5
-2
server/ca.crt
server/ca.crt
+17
-8
setup.py
setup.py
+5
-2
vifibnet.py
vifibnet.py
+5
-3
No files found.
openvpn.py
View file @
39926c6c
...
...
@@ -28,7 +28,6 @@ def server(ip, pipe_fd, *args, **kw):
return
openvpn
(
'--tls-server'
,
'--mode'
,
'server'
,
'--duplicate-cn'
,
# XXX : to be removed
'--up'
,
'up-server %s/%u'
%
(
ip
,
len
(
config
.
vifibnet
)),
'--client-connect'
,
'client-connect '
+
str
(
pipe_fd
),
'--client-disconnect'
,
'client-connect '
+
str
(
pipe_fd
),
...
...
registry.py
View file @
39926c6c
...
...
@@ -6,6 +6,9 @@ from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
from
OpenSSL
import
crypto
import
traceback
# To generate server ca and key with correct serial
# openssl req -nodes -new -x509 -key ca.key -set_serial 0x120010db80042 -days 365 -out ca.crt
IPV6_V6ONLY
=
26
SOL_IPV6
=
41
...
...
@@ -148,7 +151,7 @@ class main(object):
cert
.
gmtime_adj_notAfter
(
self
.
cert_duration
)
cert
.
set_issuer
(
self
.
ca
.
get_subject
())
subject
=
req
.
get_subject
()
subject
.
serialNumber
=
"%u/%u"
%
(
int
(
prefix
,
2
),
prefix_len
)
subject
.
CN
=
"%u/%u"
%
(
int
(
prefix
,
2
),
prefix_len
)
cert
.
set_subject
(
subject
)
cert
.
set_pubkey
(
req
.
get_pubkey
())
cert
.
sign
(
self
.
key
,
'sha1'
)
...
...
@@ -181,7 +184,7 @@ class main(object):
if
client_ip
.
startswith
(
self
.
network
):
prefix
=
client_ip
[
len
(
self
.
network
):]
prefix
,
=
self
.
db
.
execute
(
"SELECT prefix FROM vifib WHERE prefix <= ? ORDER BY prefix DESC LIMIT 1"
,
(
prefix
,)).
next
()
self
.
db
.
execute
(
"INSERT OR REPLACE INTO peers VALUES (?,?,?,?)"
,
(
prefix
,
ip
,
port
,
proto
))
self
.
db
.
execute
(
"INSERT OR REPLACE INTO peers
(prefix, ip, port, proto)
VALUES (?,?,?,?)"
,
(
prefix
,
ip
,
port
,
proto
))
return
True
else
:
# TODO: use log + DO NOT PRINT BINARY IP
...
...
server/ca.crt
View file @
39926c6c
-----BEGIN CERTIFICATE-----
MIIBejBkAgcBIAENuABCMA0GCSqGSIb3DQEBBQUAMAAwHhcNMTIwNzEyMTE1OTQz
WhcNMTMwNzA0MjEyOTQ4WjAeMQswCQYDVQQGEwJGUjEPMA0GA1UEChMGVlBOIEFD
MAgwAwYBAAMBADANBgkqhkiG9w0BAQUFAAOCAQEAFYuU4QGUcs60LlThDqQhhyN8
ZFAaHcPROkUkHE5HNqQ1kOjApzneA7lcEV2gO6vO0qmHW5aBfUYQKGxosqiiCtaT
SD6IltD7qMxx0dtXH0W/SSo7d0JifnZh15isjHi0jEv5Cq3NOKlX0115+HrS/uS2
scI1ujV9PHUUJiwigb2AZ7gHZP/Ug54yYY+w6Ail85CmZ6txmZvC16obqeRmRZyv
g7fvNEg9dmuG8Lj/eXZZTZlrRA5jv2NdWjFl09469t3rGFDFFLop+76H10qR3U/F
Fn8h12o4qLJhIaDV0vRZh9/tg18N0BrBTkX4BET5AD3mqZ6w8xkrs4pVqHM9/A==
MIIDDTCCAfWgAwIBAgIHASABDbgAQjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQG
EwJGUjEPMA0GA1UEAwwGVlBOIENBMB4XDTEyMDcxNjExNTMwNVoXDTEzMDcxNjEx
NTMwNVowHjELMAkGA1UEBhMCRlIxDzANBgNVBAMMBlZQTiBDQTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALMp1ojWB123yI3kxM0x75sq5W3QJ+rfg5SH
TLvc1CbUeNQwMeJT/l2OQG7D5jyrw4wjAK43w+DKnoJ8WK8sfdrjZ5uDEmfaR9Tv
TvyCJsIS4g9YP0ZdCNKA/7swlW/erbiDhhlOxrqUonxjU58/aLa41He/v/cEEiyh
vymJqXaRsuDP3ov5zMOM85WxX5Uf3UySrqQ7uN82k2gEdVJfORClW6nGLzrAQUiu
TOUBhlGZjR9FymuGi8jWIMul2wmxj/LI+B9c0mT3GFOU9Sg3HIfQQ+Ea/QoCslmT
CXN0OPlFVhhwtMSB7fviCvUQgzLN7H+Q3nLVqza1f2XBdNE5zmkCAwEAAaNQME4w
HQYDVR0OBBYEFKAM2cc4IXnFIZuYD1IK6MItGzSdMB8GA1UdIwQYMBaAFKAM2cc4
IXnFIZuYD1IK6MItGzSdMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
AFIqN4FoxebGAd2f60J9s60a7IExmrrGOCEL+x74XCV+4QBI4UQ27KYzGltXgBO6
eyY2urg2b8MyCjU/U/N5iK6QhzIUw9oGY927V/6WxlMX/DzKAx9VQg2oIxDrj+tA
TpUw9MxlhL/VBJDxuJe6tjM0zdevTVeDgQAJa0UGMTqfMDFjN53WY+ZUyI/0TXwg
tDmEguWFuE/1O1lzZIq9Bv+5lsIsXynzshDLX8t5VGHrPQ8kBs6v7wTLfdtJyDZz
/jLm5Us3/tUB71aMUa3+7bJEFdqtdasbhBAJAgI4hKszmZfsI9H4NHKWQ51cQKNh
P7R0fzBg1J/ueLW5vuPCkXE=
-----END CERTIFICATE-----
setup.py
View file @
39926c6c
...
...
@@ -10,6 +10,8 @@ def main():
help
=
'To only get CA form server'
)
_
(
'--db-only'
,
action
=
'store_true'
,
help
=
'To only get CA and setup peer db with bootstrap peer'
)
_
(
'--no-boot'
,
action
=
'store_true'
,
help
=
'Enable to skip getting bootstrap peer'
)
_
(
'--server'
,
required
=
True
,
help
=
'Address of the server delivering certifiactes'
)
_
(
'--port'
,
required
=
True
,
type
=
int
,
...
...
@@ -36,7 +38,6 @@ def main():
sys
.
exit
(
0
)
# Create and initialize peers DB
boot_ip
,
boot_port
,
boot_proto
=
s
.
getBootstrapPeer
()
db
=
sqlite3
.
connect
(
os
.
path
.
join
(
config
.
dir
,
'peers.db'
),
isolation_level
=
None
)
try
:
db
.
execute
(
"""CREATE TABLE peers (
...
...
@@ -48,7 +49,9 @@ def main():
date INTEGER DEFAULT (strftime('%s', 'now')))"""
)
db
.
execute
(
"CREATE INDEX _peers_used ON peers(used)"
)
db
.
execute
(
"CREATE UNIQUE INDEX _peers_address ON peers(ip, port, proto)"
)
db
.
execute
(
"INSERT INTO peers (ip, port, proto) VALUES (?,?,?)"
,
(
boot_ip
,
boot_port
,
boot_proto
))
if
not
config
.
no_boot
:
boot_ip
,
boot_port
,
boot_proto
=
s
.
getBootstrapPeer
()
db
.
execute
(
"INSERT INTO peers (ip, port, proto) VALUES (?,?,?)"
,
(
boot_ip
,
boot_port
,
boot_proto
))
except
sqlite3
.
OperationalError
,
e
:
if
e
.
args
[
0
]
==
'table peers already exists'
:
print
"Table peers already exists, leaving it as it is"
...
...
vifibnet.py
View file @
39926c6c
...
...
@@ -124,17 +124,20 @@ def getConfig():
help
=
"Common OpenVPN options (e.g. certificates)"
)
openvpn
.
config
=
config
=
parser
.
parse_args
()
log
.
verbose
=
config
.
verbose
# Get network prefix from ca.crt
with
open
(
config
.
ca
,
'r'
)
as
f
:
ca
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
config
.
vifibnet
=
bin
(
ca
.
get_serial_number
())[
3
:]
# Get ip from cert.crt
with
open
(
config
.
cert
,
'r'
)
as
f
:
cert
=
crypto
.
load_certificate
(
crypto
.
FILETYPE_PEM
,
f
.
read
())
subject
=
cert
.
get_subject
()
prefix
,
prefix_len
=
subject
.
serialNumber
.
split
(
'/'
)
prefix
,
prefix_len
=
subject
.
CN
.
split
(
'/'
)
config
.
internal_ip
=
ipFromPrefix
(
prefix
,
int
(
prefix_len
))
log
.
log
(
'Intranet ip : %s'
%
(
config
.
internal_ip
,),
3
)
# Treat openvpn arguments
if
config
.
openvpn_args
[
0
]
==
"--"
:
del
config
.
openvpn_args
[
0
]
...
...
@@ -234,8 +237,6 @@ def main():
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.server.log'
),
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
))
startNewConnection
(
config
.
client_count
,
write_pipe
)
peers_db
.
populate
(
10
)
# Timed refresh initializing
next_refresh
=
time
.
time
()
+
config
.
refresh_time
...
...
@@ -248,6 +249,7 @@ def main():
if
ready
:
handle_message
(
read_pipe
.
readline
())
if
time
.
time
()
>=
next_refresh
:
peers_db
.
populate
(
10
)
refreshConnections
(
write_pipe
)
next_refresh
=
time
.
time
()
+
config
.
refresh_time
except
KeyboardInterrupt
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment