Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Rafael Monnerat
re6stnet
Commits
1f6f67aa
Commit
1f6f67aa
authored
Sep 10, 2012
by
Julien Muchembled
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Simplify by setting re6st IP on loopback interface by default
parent
5510b020
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
26 additions
and
45 deletions
+26
-45
re6st/ovpn-server
re6st/ovpn-server
+10
-25
re6st/plib.py
re6st/plib.py
+2
-2
re6st/tunnel.py
re6st/tunnel.py
+0
-1
re6stnet
re6stnet
+14
-17
No files found.
re6st/ovpn-server
View file @
1f6f67aa
#!/usr/bin/python -S
#!/usr/bin/python -S
import
os
import
os
,
sys
import
sys
script_type
=
os
.
environ
[
'script_type'
]
if
os
.
environ
[
'script_type'
]
==
'client-connect'
:
arg1
=
sys
.
argv
[
1
]
if
script_type
==
'up'
:
import
subprocess
def
call
(
*
args
):
r
=
subprocess
.
call
(
args
)
if
r
:
sys
.
exit
(
r
)
dev
=
os
.
environ
[
'dev'
]
call
(
'ip'
,
'link'
,
'set'
,
dev
,
'up'
)
if
arg1
!=
'None'
:
call
(
'ip'
,
'addr'
,
'add'
,
arg1
,
'dev'
,
dev
)
else
:
if
script_type
==
'client-connect'
:
# Send client its external ip address
# Send client its external ip address
with
open
(
sys
.
argv
[
2
],
'w'
)
as
f
:
with
open
(
sys
.
argv
[
2
],
'w'
)
as
f
:
f
.
write
(
'push "setenv-safe external_ip %s"
\
n
'
f
.
write
(
'push "setenv-safe external_ip %s"
\
n
'
%
os
.
environ
[
'trusted_ip'
])
%
os
.
environ
[
'trusted_ip'
])
# Write into pipe connect/disconnect events
# Write into pipe connect/disconnect events
if
arg1
!=
'None'
:
arg1
=
sys
.
argv
[
1
]
if
arg1
!=
'None'
:
os
.
write
(
int
(
arg1
),
'%(script_type)s %(common_name)s
\
n
'
%
os
.
environ
)
os
.
write
(
int
(
arg1
),
'%(script_type)s %(common_name)s
\
n
'
%
os
.
environ
)
re6st/plib.py
View file @
1f6f67aa
...
@@ -13,6 +13,7 @@ def openvpn(iface, encrypt, *args, **kw):
...
@@ -13,6 +13,7 @@ def openvpn(iface, encrypt, *args, **kw):
'--persist-tun'
,
'--persist-tun'
,
'--persist-key'
,
'--persist-key'
,
'--script-security'
,
'2'
,
'--script-security'
,
'2'
,
'--up'
,
ovpn_client
,
#'--user', 'nobody', '--group', 'nogroup',
#'--user', 'nobody', '--group', 'nogroup',
]
+
list
(
args
)
]
+
list
(
args
)
if
ovpn_log
:
if
ovpn_log
:
...
@@ -23,14 +24,13 @@ def openvpn(iface, encrypt, *args, **kw):
...
@@ -23,14 +24,13 @@ def openvpn(iface, encrypt, *args, **kw):
return
subprocess
.
Popen
(
args
,
**
kw
)
return
subprocess
.
Popen
(
args
,
**
kw
)
def
server
(
iface
,
m
y_ip
,
m
ax_clients
,
dh_path
,
pipe_fd
,
port
,
proto
,
encrypt
,
*
args
,
**
kw
):
def
server
(
iface
,
max_clients
,
dh_path
,
pipe_fd
,
port
,
proto
,
encrypt
,
*
args
,
**
kw
):
client_script
=
'%s %s'
%
(
ovpn_server
,
pipe_fd
)
client_script
=
'%s %s'
%
(
ovpn_server
,
pipe_fd
)
if
pipe_fd
is
not
None
:
if
pipe_fd
is
not
None
:
args
=
(
'--client-disconnect'
,
client_script
)
+
args
args
=
(
'--client-disconnect'
,
client_script
)
+
args
return
openvpn
(
iface
,
encrypt
,
return
openvpn
(
iface
,
encrypt
,
'--tls-server'
,
'--tls-server'
,
'--mode'
,
'server'
,
'--mode'
,
'server'
,
'--up'
,
'%s %s'
%
(
ovpn_server
,
my_ip
),
'--client-connect'
,
client_script
,
'--client-connect'
,
client_script
,
'--dh'
,
dh_path
,
'--dh'
,
dh_path
,
'--max-clients'
,
str
(
max_clients
),
'--max-clients'
,
str
(
max_clients
),
...
...
re6st/tunnel.py
View file @
1f6f67aa
...
@@ -15,7 +15,6 @@ class Connection:
...
@@ -15,7 +15,6 @@ class Connection:
'--tls-remote'
,
'%u/%u'
%
(
int
(
prefix
,
2
),
len
(
prefix
)),
'--tls-remote'
,
'%u/%u'
%
(
int
(
prefix
,
2
),
len
(
prefix
)),
'--connect-retry-max'
,
'3'
,
'--tls-exit'
,
'--connect-retry-max'
,
'3'
,
'--tls-exit'
,
'--ping-exit'
,
str
(
timeout
),
'--ping-exit'
,
str
(
timeout
),
'--up'
,
plib
.
ovpn_client
,
'--route-up'
,
'%s %u'
%
(
plib
.
ovpn_client
,
write_pipe
),
'--route-up'
,
'%s %u'
%
(
plib
.
ovpn_client
,
write_pipe
),
*
ovpn_args
)
*
ovpn_args
)
self
.
iface
=
iface
self
.
iface
=
iface
...
...
re6stnet
View file @
1f6f67aa
...
@@ -32,9 +32,9 @@ def getConfig():
...
@@ -32,9 +32,9 @@ def getConfig():
_
(
'-i'
,
'--interface'
,
action
=
'append'
,
dest
=
'iface_list'
,
default
=
[],
_
(
'-i'
,
'--interface'
,
action
=
'append'
,
dest
=
'iface_list'
,
default
=
[],
help
=
"Extra interface for LAN discovery. Highly recommanded if there"
help
=
"Extra interface for LAN discovery. Highly recommanded if there"
" are other re6st node on the same network segment."
)
" are other re6st node on the same network segment."
)
_
(
'-I'
,
'--main-interface'
,
metavar
=
'IFACE'
,
_
(
'-I'
,
'--main-interface'
,
metavar
=
'IFACE'
,
default
=
'lo'
,
help
=
"Set re6stnet IP on given interface. Any interface not used for"
help
=
"Set re6stnet IP on given interface. Any interface not used for"
" tunnelling can be chosen.
(default: first OpenVPN interface)
"
)
" tunnelling can be chosen."
)
_
=
parser
.
add_argument_group
(
'routing'
).
add_argument
_
=
parser
.
add_argument_group
(
'routing'
).
add_argument
_
(
'-B'
,
dest
=
'babel_args'
,
metavar
=
'ARG'
,
action
=
'append'
,
default
=
[],
_
(
'-B'
,
dest
=
'babel_args'
,
metavar
=
'ARG'
,
action
=
'append'
,
default
=
[],
...
@@ -205,27 +205,24 @@ def main():
...
@@ -205,27 +205,24 @@ def main():
# prepare persistent interfaces
# prepare persistent interfaces
if
config
.
client
:
if
config
.
client
:
cleanup
.
append
(
plib
.
client
(
're6stnet'
,
config
.
client
,
cleanup
.
append
(
plib
.
client
(
're6stnet'
,
config
.
client
,
config
.
encrypt
,
config
.
encrypt
,
'--ping-restart'
,
str
(
timeout
),
'--up'
,
'%s %s'
%
(
plib
.
ovpn_server
,
None
if
config
.
main_interface
else
my_ip
),
'--ping-restart'
,
str
(
timeout
),
*
config
.
openvpn_args
).
kill
)
*
config
.
openvpn_args
).
kill
)
elif
server_tunnels
:
elif
server_tunnels
:
required
(
'dh'
)
required
(
'dh'
)
for
iface
,
(
port
,
proto
)
in
server_tunnels
.
iteritems
():
for
iface
,
(
port
,
proto
)
in
server_tunnels
.
iteritems
():
cleanup
.
append
(
plib
.
server
(
iface
,
None
cleanup
.
append
(
plib
.
server
(
iface
,
config
.
max_clients
,
if
config
.
main_interface
or
proto
!=
pp
[
0
][
1
]
config
.
dh
,
write_pipe
,
port
,
proto
,
config
.
encrypt
,
else
my_ip
,
config
.
max_clients
,
config
.
dh
,
write_pipe
,
port
,
proto
,
config
.
encrypt
,
'--ping-exit'
,
str
(
timeout
),
*
config
.
openvpn_args
).
kill
)
'--ping-exit'
,
str
(
timeout
),
*
config
.
openvpn_args
).
kill
)
elif
config
.
iface_list
and
not
config
.
main_interface
:
config
.
main_interface
=
config
.
iface_list
[
0
]
else
:
sys
.
exit
(
"--client, --interface or --main-interface required"
" when --max-clients is 0"
)
if
config
.
main_interface
:
ip
(
'addr'
,
my_ip
,
'dev'
,
config
.
main_interface
)
ip
(
'addr'
,
my_ip
,
'dev'
,
config
.
main_interface
)
if
config
.
main_interface
==
'lo'
:
# WKRD: The kernel does not remove these routes on exit.
# The first one can be removed now.
del_rtr
=
[
'ip'
,
'route'
,
'del'
,
'unreachable'
,
'fe80::/64'
,
'dev'
,
'lo'
]
subprocess
.
call
(
del_rtr
)
del_rtr
[
4
]
=
'%s/%u'
%
(
utils
.
ipFromBin
(
subnet
),
len
(
subnet
))
cleanup
.
append
(
lambda
:
subprocess
.
call
(
del_rtr
))
# main loop
# main loop
if
tunnel_manager
is
None
:
if
tunnel_manager
is
None
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment