Commits · 5240f60ba6907d2aa3ee8d050103ab4f46f2ed39 · Nicolas Wavrant / re6stnet

25 Jan, 2016 2 commits
- defines interfaces for re6st components · 5240f60b
  Nicolas Wavrant authored Jan 08, 2016
  
  5240f60b
- Fix issues with DH parameters · f4427cf4
  Julien Muchembled authored Jan 25, 2016
```
- registry: make --dh mandatory
- node: retry if the registry returns nothing (instead of writing an empty file)
```
  f4427cf4
21 Jan, 2016 1 commit

registry: remove incomplete migration code · cc3b7794

Julien Muchembled authored Jan 21, 2016

I forgot the case where 'config' has slightly different schema.
Now, we don't have any old network left to upgrade.

cc3b7794

20 Jan, 2016 2 commits
- upnp: fix hangs with routers that don't have any free port · cd21c7f9
  Julien Muchembled authored Jan 20, 2016
  
  cd21c7f9
- Fix parsing of --registry url with ipv6 host · 91f8fb8a
  Julien Muchembled authored Jan 20, 2016
  
  91f8fb8a
13 Jan, 2016 1 commit
- Document bug causing new version to not be propagated in --client mode · 0614d1d7
  Julien Muchembled authored Jan 13, 2016
  
  0614d1d7
30 Dec, 2015 1 commit
- Use python2 instead python and fix install for a custom Python interpreter · 8df410f7
  Julien Muchembled authored Dec 29, 2015
  
  8df410f7
28 Dec, 2015 1 commit
- doc: give examples of command to create key/dh files · 9f01d5d1
  Julien Muchembled authored Dec 28, 2015
  
  9f01d5d1
14 Aug, 2015 1 commit
- New upstream release of babeld · aed51ca6
  Julien Muchembled authored Aug 14, 2015
  
  aed51ca6
09 Jul, 2015 2 commits
- Fix babeld-only setup so that 'lo' only accepts configured ipv4 and not the whole assigned range · c7846fdc
  Julien Muchembled authored Jul 09, 2015
```
When 10.42.3.1/24 was configured on 'lo', the kernel accepted packets to
any ip of 10.42.3.0/24, instead of only 10.42.3.1
```
  c7846fdc
- Add support for recent iproute, which now recognizes babel protocol · f0851225
  Julien Muchembled authored Jul 09, 2015
  
  f0851225
08 Jul, 2015 1 commit
- Document the levels of --verbose option · 06b13406
  Julien Muchembled authored Jul 08, 2015
  
  06b13406
10 Jun, 2015 1 commit

dist: use new entry_points['console_scripts'] way to ship scripts · 1c354e6c

Julien Muchembled authored Jun 10, 2015

The old distutils way is not compatible with zc.recipe.egg in develop mode,
because egg_info does not provide any information about such scripts.

1c354e6c

27 Apr, 2015 1 commit
- Lower again MTU for UDPv4 tunnels · ab3300c3
  Julien Muchembled authored Apr 27, 2015
  
  ab3300c3
14 Apr, 2015 2 commits
- New upstream release of babeld · 79c1db1b
  Julien Muchembled authored Apr 14, 2015
  
  79c1db1b
- Remove assert that was only there to debug the demo · abae0b5d
  Julien Muchembled authored Apr 14, 2015
  
  abae0b5d
10 Apr, 2015 1 commit
- Comment the method selecting the tunnel to kill · 35883799
  Julien Muchembled authored Apr 10, 2015
  
  35883799
09 Apr, 2015 1 commit

Increase strength of hashes used for certificate signing · 766ad6c8

Julien Muchembled authored Apr 09, 2015

This does not increase of any packet because the size of certificate signature
only depends on the size of the certificate key.

With 512-bit hashes, it's still possible to use RSA keys as small as 768 bits.

766ad6c8

08 Apr, 2015 3 commits
- Backward compatibility for Python 2.6 · 40d4e496
  Julien Muchembled authored Apr 08, 2015
  
  40d4e496
- Add support for ipv4 payload · 2fb63515
  Julien Muchembled authored Apr 07, 2015
```
There is no plan for a default ipv4 route.
```
  2fb63515
- Our fork of Babeld can now override RTA_(PREF)SRC locally · 9dc1707e
  Julien Muchembled authored Apr 07, 2015
```
This simplify network configuration a lot, and on recent kernels, this fixes
wrong source address for extra interfaces that already have a public IP.
```
  9dc1707e
03 Apr, 2015 1 commit
- Stop specifying a rxcost for old nodes since there's none left with the new protocol · 16f87a30
  Julien Muchembled authored Apr 03, 2015
  
  16f87a30
07 Mar, 2015 3 commits
- By default, get DH parameters from the registry instead of requiring each node to generate them · f7d04fc4
  Julien Muchembled authored Mar 07, 2015
```
Generating them takes a lot of time and there's no reason to do this by default.
We keep --dh option in 're6stnet' to not break existing configuration.
```
  f7d04fc4
- Certificate revocation, with broadcast of CRL · 8ebdd500
  Julien Muchembled authored Mar 06, 2015
  
  8ebdd500
- Move runtime files to a subdirectory and simplify command-line options · f73c51ec
  Julien Muchembled authored Feb 27, 2015
```
We consider using sockets to communicate with OpenVPN, via --management option.
```
  f73c51ec
06 Mar, 2015 6 commits
- Some network option should be the same everywhere so move them to the registry · 1257f36c
  Julien Muchembled authored Feb 26, 2015
  
  1257f36c
- Add a way to define network parameters in the registry and propagate them efficiently · ef5401a4
  Julien Muchembled authored Feb 26, 2015
  
  ef5401a4
- Network parameters will be also cached so rename a few things · aba0e94d
  Julien Muchembled authored Feb 24, 2015
```
db.py -> cache.py
PeerDB -> Cache
peers.db -> cache.db
```
  aba0e94d
- Generate certificates with 2 serials for future needs (crl & ivp4) · acc0568a
  Julien Muchembled authored Feb 19, 2015
```
And automatic renewal of existing certificates.
```
  acc0568a
- Remove type specifier on config.value column · 37943a26
  Julien Muchembled authored Feb 19, 2015
```
For the registry at least, we'll want to store integers
without having to convert to/from strings.

To upgrade 'registry.db':
- dump it to a file
- fix create table statements
- load it

Nodes will restart with an empty cache.
```
  37943a26
- Forget peers whose certificate expires · 648e6774
  Julien Muchembled authored Feb 17, 2015
  
  648e6774
25 Feb, 2015 1 commit
- New protocol between nodes with authentication · a7a86341
  Julien Muchembled authored Feb 24, 2015
  
  a7a86341
24 Feb, 2015 4 commits
- re6st-conf: new --fingerprint option · 32ebb80b
  Julien Muchembled authored Feb 24, 2015
  
  32ebb80b
- Make --client & --client-count=0 modes process UDP/326 messages · b2040ea0
  Julien Muchembled authored Feb 16, 2015
```
These modes are partly unified with the normal one by splitting TunnelManager.
```
  b2040ea0
- re6stnet: verify certificate with CA at startup · 9717eb0e
  Julien Muchembled authored Feb 05, 2015
  
  9717eb0e
- refactoring: move crypto code to a new file · 7977404a
  Julien Muchembled authored Feb 05, 2015
  
  7977404a
19 Feb, 2015 1 commit
- demo: generate certs that expire quickly to check renewal · e803749b
  Julien Muchembled authored Feb 17, 2015
  
  e803749b
13 Feb, 2015 1 commit
- registry: increase/fix timeouts for requests done by getBootstrapPeer/topology RPC · 3ada47f8
  Julien Muchembled authored Feb 13, 2015
  
  3ada47f8
02 Feb, 2015 2 commits

Limit number of client tunnels if NAT is not configured properly · 58204ee8
Julien Muchembled authored Feb 02, 2015
```
If too many nodes create client tunnels without serving any, working servers
saturate and the network collapses.
```
58204ee8

UPnP: randomize external port · 3a9e668c

Julien Muchembled authored Feb 02, 2015

Some routers are so broken that UPnP NAT don't report ConflictInMappingEntry
when redirecting the same port several times.

Here is for example what we had with a Numericable Box (France):

0 (1024, 'TCP', ('192.168.0.29', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
1 (1024, 'TCP', ('192.168.0.16', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
2 (1024, 'TCP', ('192.168.0.33', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
3 (1024, 'TCP', ('192.168.0.20', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
('192.168.0.29', 1194, 're6stnet openvpn server (1194/tcp)', True, 0)

Obviously, this can't work.

It seems that this router also accepts a limited number of NAT rules, far less
than we'd like, so even if there's still a probability of conflict with this
commit, it will be good enough for our use.

3a9e668c