1. 06 May, 2019 1 commit
    • Killian Lufau's avatar
      Remove old fix in ovpn-client · 24fea8cd
      Killian Lufau authored
      The fix to mark an interface as "up" and indicate its MTU was
      useful for machines with a single client, because OpenVPN would fail
      to configure them this way in OpenVPN 2.3. It has been fixed in 2.4
      so the fix has been removed.
      
      /reviewed-on nexedi/re6stnet!14
      24fea8cd
  2. 03 May, 2019 1 commit
    • Killian Lufau's avatar
      Fix deactivation of encryption with recent OpenVPN · 114a1763
      Killian Lufau authored
      Passing `--cipher none` to OpenVPN is not enough anymore because
      clients and servers can still negotiate the algorithm to use for
      encryption (by default not empty). We pass the option `--ncp-disable`
      to disable cipher negotiation.
      
      /reviewed-on !12
      114a1763
  3. 29 Apr, 2019 1 commit
    • Killian Lufau's avatar
      Switch to OpenVPN 2.4 · 06974788
      Killian Lufau authored
      The behaviour of --link-mtu has changed and we increase the values to
      at least have interface MTU greater than IPv6 minimum.
      We'll see later to have even greater values in ovpn_link_mtu_dict
      (so that the resulting MTU is closer to what we had with 2.3)
      or review the whole MTU part completely.
      06974788
  4. 10 Apr, 2019 1 commit
  5. 12 Mar, 2019 1 commit
  6. 21 Feb, 2019 1 commit
  7. 05 Feb, 2019 1 commit
  8. 14 Dec, 2018 1 commit
    • Jérome Perrin's avatar
      x509: gracefully handle ENOMEM when running openssl · 2b0d5043
      Jérome Perrin authored
      prevent this kind of errors when running openssl fail:
      
      ```
      10-12-2018 19:04:02 ERROR     AttributeError: 'NoneType' object has no attribute 'splitlines'
      Traceback (most recent call last):
        File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/cli/node.py", line 428, in main
          s(*args)
        File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/utils.py", line 191, in select
          R[r]()
        File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/tunnel.py", line 399, in handlePeerEvent
          True, crypto.FILETYPE_ASN1)
        File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/x509.py", line 136, in loadVerify
          for x in err.splitlines():
      ```
      
      /reviewed-on nexedi/re6stnet!6
      2b0d5043
  9. 17 Oct, 2018 2 commits
  10. 02 Oct, 2018 1 commit
  11. 25 Sep, 2018 2 commits
  12. 30 Aug, 2018 3 commits
  13. 09 Aug, 2018 1 commit
  14. 07 Aug, 2018 1 commit
    • Julien Muchembled's avatar
      Log signals that are sent to kill subprocesses and increase default log level · 9e6ece7a
      Julien Muchembled authored
      We currently have issues with OpenVPN hook scripts that aren't always killed
      at exit. Such orphan processes prevent re6st from starting again (EADDRINUSE).
      
      We want to know if it's an OpenVPN that does not exit cleanly on TERM,
      or if it sometimes does not exit at all after 5s (then re6st sends a KILL
      signal and at that point we should indeed make sure that any subprocess is
      also KILLed).
      9e6ece7a
  15. 01 Aug, 2018 3 commits
    • Julien Muchembled's avatar
      29d7fc03
    • Julien Muchembled's avatar
      Update comments · 20f89677
      Julien Muchembled authored
      20f89677
    • Julien Muchembled's avatar
      Fix crash caused by buggy UPnP · 2938a7c6
      Julien Muchembled authored
      gaierror: [Errno -2] Name or service not known
      Traceback (most recent call last):
       File "re6st/cli/node.py", line 271, in main
         remote_gateway, config.disable_proto, config.neighbour)
       File "re6st/tunnel.py", line 663, in __init__
         cache, cert, address)
       File "re6st/tunnel.py", line 236, in __init__
         self._updateCountry(address)
       File "re6st/tunnel.py", line 643, in _updateCountry
         family, ip = resolve(*address)
       File "re6st/tunnel.py", line 30, in resolve
         for x in socket.getaddrinfo(ip, port, family, 0, proto))
      
      where ip is '-a'
      2938a7c6
  16. 03 Jul, 2018 1 commit
  17. 02 Jul, 2018 3 commits
  18. 29 Jun, 2018 1 commit
  19. 26 Jun, 2018 1 commit
  20. 01 Jun, 2018 1 commit
  21. 15 Mar, 2018 1 commit
  22. 13 Mar, 2018 1 commit
  23. 12 Mar, 2018 2 commits
  24. 26 Feb, 2018 1 commit
  25. 05 Jan, 2018 1 commit
  26. 23 Oct, 2017 1 commit
  27. 20 Jul, 2017 2 commits
  28. 07 Mar, 2017 3 commits
    • Rafael Monnerat's avatar
      registry: new --authorized-origin option · 0ed6077d
      Rafael Monnerat authored
      The list of authorized IPs for private RPCs is now configurable.
      This is required when the registry is not bound to localhost.
      0ed6077d
    • Rafael Monnerat's avatar
      registry: add some IPv4/IPv6 helper API · 5a377d05
      Rafael Monnerat authored
      With this API, a client can query IPv6/IPv4 information outside re6stnet/babel
      for reporting.
      
      The API considers that the email is unique, else it returns the first
      occurrence. For SlapOS integration, it is more than enough to consider
      that email will not be repeated.
      5a377d05
    • Rafael Monnerat's avatar
      registry: Add API for add/delete/is a specific Token · 10f22751
      Rafael Monnerat authored
          addToken, isToken and DeleteToken are introduced to manage tokens created
          by other system (like SlapOS for example).
      
      If token is present, raise conflict instead loop until timeout.
      10f22751