Commit ec7c78d6 authored by Guillaume Bury's avatar Guillaume Bury

corrections in babel function

parent 8cba4e19
...@@ -8,23 +8,24 @@ VIFIB_NET = "2001:db8:42::/48" ...@@ -8,23 +8,24 @@ VIFIB_NET = "2001:db8:42::/48"
# TODO : How do we get our vifib ip ? # TODO : How do we get our vifib ip ?
def babel(network_ip, network_mask, verbose_level): def babel(network_ip, network_mask, verbose_level):
args = ['-I', 'redistribute local ip %s/%s' % (network_ip, network_mask), args = ['babeld',
'-I', 'redistribute local deny', '-C', 'redistribute local ip %s/%s' % (network_ip, network_mask),
'-C', 'redistribute local deny',
# Route VIFIB ip adresses # Route VIFIB ip adresses
'-I', 'in ip %s' % VIFIB_NET, '-C', 'in ip %s' % VIFIB_NET,
# Route only addresse in the 'local' network, # Route only addresse in the 'local' network,
# or other entire networks # or other entire networks
#'-I', 'in ip %s/%s' % (network_ip,network_mask), #'-C', 'in ip %s/%s' % (network_ip,network_mask),
#'-I', 'in ip ::/0 le %s' % network_mask, #'-C', 'in ip ::/0 le %s' % network_mask,
# Don't route other addresses # Don't route other addresses
'-I', 'in ip deny', '-C', 'in ip deny',
'-d', str(verbose_level), '-d', str(verbose_level),
'-s', '-s',
] ]
if config.babel_state: if config.babel_state:
args += '-S', config.babel_state args += '-S', config.babel_state
# TODO : add list of interfaces to use with babel # TODO : add list of interfaces to use with babel
return Popen(args) return subprocess.Popen(args)
def getConfig(): def getConfig():
global config global config
...@@ -41,15 +42,16 @@ def getConfig(): ...@@ -41,15 +42,16 @@ def getConfig():
# Openvpn options # Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER, _('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)") help="Common OpenVPN options (e.g. certificates)")
config = parser.parse_args() openvpn.config = config = parser.parse_args()
if config.openvpn_args[0] == "--":
del config.openvpn_args[0]
def main(): def main():
getConfig() getConfig()
if config.ip != 'none': if config.ip != 'none':
serverProcess = openvpn.server(config, config.ip) serverProcess = openvpn.server(config.ip, "--dev", "server")
else: else:
client1Process = openvpn.client(config, '10.1.4.2') client1Process = openvpn.client('10.1.4.2')
if __name__ == "__main__": if __name__ == "__main__":
main() main()
......
import subprocess import subprocess
def openvpn(config, *args ): def openvpn(*args, **kw):
args = ['openvpn', args = ['openvpn',
'--dev', 'tap', '--dev-type', 'tap',
'--ca', config.ca,
'--cert', config.cert,
'--key', config.key,
'--persist-tun', '--persist-tun',
'--persist-key', '--persist-key',
'--script-security', '2', '--script-security', '2',
'--user', 'nobody', '--user', 'nobody',
'--group', 'nogroup', '--group', 'nogroup',
'--verb', config.verbose '--verb', config.verbose,
] + list(args) + config.openvpn_args ] + list(args) + config.openvpn_args
#stdin = kw.pop('stdin', None) print repr(args)
#stdout = kw.pop('stdout', None) return subprocess.Popen(args, **kw)
#stderr = kw.pop('stderr', None)
#for i in kw.iteritems():
# args.append('--%s=%s' % i)
return subprocess.Popen(args
#stdin=stdin, stdout=stdout, stderr=stderr,
)
# TODO : set iface up when creating a server/client # TODO : set iface up when creating a server/client
# ! check working directory before launching up script ? # ! check working directory before launching up script ?
def server(config, ip): def server(ip, *args):
return openvpn(config, return openvpn(
'--tls-server', '--tls-server',
'--keepalive', '10', '60', '--keepalive', '10', '60',
'--mode', 'server', '--mode', 'server',
'--duplicate-cn', '--duplicate-cn', # XXX : to be removed
'--up', 'up-server ' + ip, '--up', 'up-server ' + ip,
'--dh', config.dh) '--dh', config.dh,
*args)
def client(config, serverIp): def client(serverIp, *args):
return openvpn(config, return openvpn(
'--nobind', '--nobind',
'--tls-client', '--tls-client',
'--remote', serverIp, '--remote', serverIp,
'--up', 'up-client') '--up', 'up-client',
*args)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment