Commit d868f09a authored by Killian Lufau's avatar Killian Lufau Committed by Julien Muchembled

demo: add another re6st network

The purpose is to check that HMAC prevents routes from being exchanged
between the 2 networks. This happened when 2 nodes of 2 different re6st
networks are in the same LAN, and it caused many issues.

/reviewed-on nexedi/re6stnet!15
parent 296762dd
...@@ -2,31 +2,45 @@ ...@@ -2,31 +2,45 @@
import argparse, math, nemu, os, re, signal import argparse, math, nemu, os, re, signal
import socket, subprocess, sys, time, weakref import socket, subprocess, sys, time, weakref
from collections import defaultdict from collections import defaultdict
from contextlib import contextmanager
IPTABLES = 'iptables' IPTABLES = 'iptables'
SCREEN = 'screen' SCREEN = 'screen'
VERBOSE = 4 VERBOSE = 4
REGISTRY='10.0.0.2' REGISTRY = '10.0.0.2'
REGISTRY2 = '10.3.0.2'
REGISTRY_SERIAL = '0x120010db80042'
REGISTRY2_SERIAL = '0x120010db80043'
CA_DAYS = 1000 CA_DAYS = 1000
# Quick check to avoid wasting time if there is an error. # Quick check to avoid wasting time if there is an error.
with open(os.devnull, "wb") as f: with open(os.devnull, "wb") as f:
for x in 're6stnet', 're6st-conf', 're6st-registry': for x in 're6stnet', 're6st-conf', 're6st-registry':
subprocess.check_call(('./py', x, '--help'), stdout=f) subprocess.check_call(('./py', x, '--help'), stdout=f)
#
# registry # Underlying network:
# |.2 #
# |10.0.0 # registry .2------ ------.2 registry2
# |.1 # | |
# 10.0.0| |10.3.0
# .1 | |.1
# ---------------Internet---------------- # ---------------Internet----------------
# |.1 |.1 |.1 # |.1 |.1 |.1
# |10.1.0 |10.2.0 | # |10.1.0 |10.2.0 |
# |.2 |.2 | # |.2 |.2 |
# gateway1 gateway2 s3:10.0.1 # gateway1 gateway2 s3:10.0.1
# |.1 |.1 |.2 |.3 |.4 # |.1 |.1 |.2 |.3 |.4
# s1:10.1.1 s2:10.2.1 m6 m7 m8 # s1:10.1.1 --s2:10.2.1-- m6 m7 m8
# |.2 |.3 |.2 |.3 |.4 | # |.2 |.3 |.2 |.3 |.4 |.5 |
# m1 m2 m3 m4 m5 m9 # m1 m2 m3 m4 m5 m10 m9
# #
# Overlay re6st network:
# 2001:db8::1
# registry--------internet-------registry2
# |::1 ::1|
# |2001:db8:42 2001:db8:43|
# :1:: :3:: |:5:: :7:: :1::1|
# m1-m2-m3-m4-m5-m6-m7-m8 m10
# :2:: :4:: :6:: :8::
def disable_signal_on_children(sig): def disable_signal_on_children(sig):
pid = os.getpid() pid = os.getpid()
...@@ -62,6 +76,7 @@ for name in """internet=I registry=R ...@@ -62,6 +76,7 @@ for name in """internet=I registry=R
gateway1=g1 machine1=1 machine2=2 gateway1=g1 machine1=1 machine2=2
gateway2=g2 machine3=3 machine4=4 machine5=5 gateway2=g2 machine3=3 machine4=4 machine5=5
machine6=6 machine7=7 machine8=8 machine9=9 machine6=6 machine7=7 machine8=8 machine9=9
registry2=R2 machine10=10
""".split(): """.split():
name, short = name.split('=') name, short = name.split('=')
globals()[name] = node = nemu.Node() globals()[name] = node = nemu.Node()
...@@ -85,6 +100,7 @@ re_if_0, in_if_0 = nemu.P2PInterface.create_pair(registry, internet) ...@@ -85,6 +100,7 @@ re_if_0, in_if_0 = nemu.P2PInterface.create_pair(registry, internet)
in_if_1, g1_if_0 = nemu.P2PInterface.create_pair(internet, gateway1) in_if_1, g1_if_0 = nemu.P2PInterface.create_pair(internet, gateway1)
in_if_2, g2_if_0 = nemu.P2PInterface.create_pair(internet, gateway2) in_if_2, g2_if_0 = nemu.P2PInterface.create_pair(internet, gateway2)
m6_if_1, m9_if_0 = nemu.P2PInterface.create_pair(machine6, machine9) m6_if_1, m9_if_0 = nemu.P2PInterface.create_pair(machine6, machine9)
r2_if_0, in_if_4 = nemu.P2PInterface.create_pair(registry2, internet)
g1_if_0_name = g1_if_0.name g1_if_0_name = g1_if_0.name
gateway1.Popen((IPTABLES, '-t', 'nat', '-A', 'POSTROUTING', '-o', g1_if_0_name, '-j', 'MASQUERADE')).wait() gateway1.Popen((IPTABLES, '-t', 'nat', '-A', 'POSTROUTING', '-o', g1_if_0_name, '-j', 'MASQUERADE')).wait()
...@@ -92,6 +108,8 @@ gateway1.Popen((IPTABLES, '-t', 'nat', '-N', 'MINIUPNPD')).wait() ...@@ -92,6 +108,8 @@ gateway1.Popen((IPTABLES, '-t', 'nat', '-N', 'MINIUPNPD')).wait()
gateway1.Popen((IPTABLES, '-t', 'nat', '-A', 'PREROUTING', '-i', g1_if_0_name, '-j', 'MINIUPNPD')).wait() gateway1.Popen((IPTABLES, '-t', 'nat', '-A', 'PREROUTING', '-i', g1_if_0_name, '-j', 'MINIUPNPD')).wait()
gateway1.Popen((IPTABLES, '-N', 'MINIUPNPD')).wait() gateway1.Popen((IPTABLES, '-N', 'MINIUPNPD')).wait()
machine9.Popen(('sysctl', 'net.ipv6.conf.%s.accept_ra=2' % m9_if_0.name)).wait() machine9.Popen(('sysctl', 'net.ipv6.conf.%s.accept_ra=2' % m9_if_0.name)).wait()
# Enable forwarding for communication between registry and registry2
internet.Popen(('sysctl', '-q', 'net.ipv6.conf.all.forwarding=1')).wait()
in_if_3 = nemu.NodeInterface(internet) in_if_3 = nemu.NodeInterface(internet)
g1_if_1 = nemu.NodeInterface(gateway1) g1_if_1 = nemu.NodeInterface(gateway1)
...@@ -104,6 +122,7 @@ m5_if_0 = nemu.NodeInterface(machine5) ...@@ -104,6 +122,7 @@ m5_if_0 = nemu.NodeInterface(machine5)
m6_if_0 = nemu.NodeInterface(machine6) m6_if_0 = nemu.NodeInterface(machine6)
m7_if_0 = nemu.NodeInterface(machine7) m7_if_0 = nemu.NodeInterface(machine7)
m8_if_0 = nemu.NodeInterface(machine8) m8_if_0 = nemu.NodeInterface(machine8)
m10_if_0 = nemu.NodeInterface(machine10)
# connect to switch # connect to switch
switch1.connect(g1_if_1) switch1.connect(g1_if_1)
...@@ -114,6 +133,7 @@ switch2.connect(g2_if_1) ...@@ -114,6 +133,7 @@ switch2.connect(g2_if_1)
switch2.connect(m3_if_0) switch2.connect(m3_if_0)
switch2.connect(m4_if_0) switch2.connect(m4_if_0)
switch2.connect(m5_if_0) switch2.connect(m5_if_0)
switch2.connect(m10_if_0)
switch3.connect(in_if_3) switch3.connect(in_if_3)
switch3.connect(m6_if_0) switch3.connect(m6_if_0)
...@@ -123,10 +143,13 @@ switch3.connect(m8_if_0) ...@@ -123,10 +143,13 @@ switch3.connect(m8_if_0)
# setting everything up # setting everything up
switch1.up = switch2.up = switch3.up = True switch1.up = switch2.up = switch3.up = True
re_if_0.up = in_if_0.up = in_if_1.up = g1_if_0.up = in_if_2.up = g2_if_0.up = True re_if_0.up = in_if_0.up = in_if_1.up = g1_if_0.up = in_if_2.up = g2_if_0.up = True
in_if_3.up = g1_if_1.up = g2_if_1.up = m1_if_0.up = m2_if_0.up = m3_if_0.up = m4_if_0.up = m5_if_0.up = m6_if_0.up = m6_if_1.up = m7_if_0.up = m8_if_0.up = m9_if_0.up = True in_if_3.up = g1_if_1.up = g2_if_1.up = m1_if_0.up = m2_if_0.up = m3_if_0.up = True
m4_if_0.up = m5_if_0.up = m6_if_0.up = m6_if_1.up = m7_if_0.up = m8_if_0.up = True
m9_if_0.up = m10_if_0.up = in_if_4.up = r2_if_0.up = True
# Add IPv4 addresses # Add IPv4 addresses
re_if_0.add_v4_address(address=REGISTRY, prefix_len=24) re_if_0.add_v4_address(address=REGISTRY, prefix_len=24)
r2_if_0.add_v4_address(address=REGISTRY2, prefix_len=24)
in_if_0.add_v4_address(address='10.0.0.1', prefix_len=24) in_if_0.add_v4_address(address='10.0.0.1', prefix_len=24)
in_if_1.add_v4_address(address='10.1.0.1', prefix_len=24) in_if_1.add_v4_address(address='10.1.0.1', prefix_len=24)
in_if_2.add_v4_address(address='10.2.0.1', prefix_len=24) in_if_2.add_v4_address(address='10.2.0.1', prefix_len=24)
...@@ -141,10 +164,12 @@ m2_if_0.add_v4_address(address='10.1.1.3', prefix_len=24) ...@@ -141,10 +164,12 @@ m2_if_0.add_v4_address(address='10.1.1.3', prefix_len=24)
m3_if_0.add_v4_address(address='10.2.1.2', prefix_len=24) m3_if_0.add_v4_address(address='10.2.1.2', prefix_len=24)
m4_if_0.add_v4_address(address='10.2.1.3', prefix_len=24) m4_if_0.add_v4_address(address='10.2.1.3', prefix_len=24)
m5_if_0.add_v4_address(address='10.2.1.4', prefix_len=24) m5_if_0.add_v4_address(address='10.2.1.4', prefix_len=24)
m10_if_0.add_v4_address(address='10.2.1.5', prefix_len=24)
m6_if_0.add_v4_address(address='10.0.1.2', prefix_len=24) m6_if_0.add_v4_address(address='10.0.1.2', prefix_len=24)
m7_if_0.add_v4_address(address='10.0.1.3', prefix_len=24) m7_if_0.add_v4_address(address='10.0.1.3', prefix_len=24)
m8_if_0.add_v4_address(address='10.0.1.4', prefix_len=24) m8_if_0.add_v4_address(address='10.0.1.4', prefix_len=24)
m6_if_1.add_v4_address(address='192.168.241.1', prefix_len=24) m6_if_1.add_v4_address(address='192.168.241.1', prefix_len=24)
in_if_4.add_v4_address(address='10.3.0.1', prefix_len=24)
# Add IPv6 addresses to test UDP6 between m8 and m6/m7 # Add IPv6 addresses to test UDP6 between m8 and m6/m7
m6_if_0.add_v6_address(address='fc42:6::1', prefix_len=16) m6_if_0.add_v6_address(address='fc42:6::1', prefix_len=16)
...@@ -160,14 +185,17 @@ def add_llrtr(iface, peer, dst='default'): ...@@ -160,14 +185,17 @@ def add_llrtr(iface, peer, dst='default'):
# setup routes # setup routes
add_llrtr(re_if_0, in_if_0) add_llrtr(re_if_0, in_if_0)
add_llrtr(r2_if_0, in_if_4)
add_llrtr(in_if_0, re_if_0, '2001:db8:42::/48') add_llrtr(in_if_0, re_if_0, '2001:db8:42::/48')
add_llrtr(in_if_4, r2_if_0, '2001:db8:43::/48')
registry.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.0.0.1') registry.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.0.0.1')
registry2.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.3.0.1')
internet.add_route(prefix='10.2.0.0', prefix_len=16, nexthop='10.2.0.2') internet.add_route(prefix='10.2.0.0', prefix_len=16, nexthop='10.2.0.2')
gateway1.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.1.0.1') gateway1.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.1.0.1')
gateway2.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.2.0.1') gateway2.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.2.0.1')
for m in machine1, machine2: for m in machine1, machine2:
m.add_route(nexthop='10.1.1.1') m.add_route(nexthop='10.1.1.1')
for m in machine3, machine4, machine5: for m in machine3, machine4, machine5, machine10:
m.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.2.1.1') m.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.2.1.1')
for m in machine6, machine7, machine8: for m in machine6, machine7, machine8:
m.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.0.1.1') m.add_route(prefix='10.0.0.0', prefix_len=8, nexthop='10.0.1.1')
...@@ -185,22 +213,24 @@ else: ...@@ -185,22 +213,24 @@ else:
nodes = [] nodes = []
gateway1.screen('miniupnpd -d -f miniupnpd.conf -P miniupnpd.pid' gateway1.screen('miniupnpd -d -f miniupnpd.conf -P miniupnpd.pid'
' -a %s -i %s' % (g1_if_1.name, g1_if_0_name)) ' -a %s -i %s' % (g1_if_1.name, g1_if_0_name))
if 1: @contextmanager
def new_network(registry, reg_addr, serial, ca):
from OpenSSL import crypto from OpenSSL import crypto
import hashlib, sqlite3 import hashlib, sqlite3
os.path.exists('ca.crt') or subprocess.check_call( os.path.exists(ca) or subprocess.check_call(
"openssl req -nodes -new -x509 -key registry/ca.key -out ca.crt" "openssl req -nodes -new -x509 -key %s/ca.key -out %s"
" -subj /CN=re6st.example.com/emailAddress=re6st@example.com" " -subj /CN=re6st.example.com/emailAddress=re6st@example.com"
" -set_serial 0x120010db80042 -days %u" % CA_DAYS, shell=True) " -set_serial %s -days %u"
with open('ca.crt') as f: % (registry.name, ca, serial, CA_DAYS), shell=True)
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) with open(ca) as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
fingerprint = "sha256:" + hashlib.sha256( fingerprint = "sha256:" + hashlib.sha256(
crypto.dump_certificate(crypto.FILETYPE_ASN1, ca)).hexdigest() crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)).hexdigest()
db_path = 'registry/registry.db' db_path = "%s/registry.db" % registry.name
registry.screen('./py re6st-registry @registry/re6st-registry.conf' registry.screen("./py re6st-registry @%s/re6st-registry.conf"
' --db %s --mailhost %s -v%u' " --db %s --mailhost %s -v%u"
% (db_path, os.path.abspath('mbox'), VERBOSE)) % (registry.name, db_path, os.path.abspath('mbox'), VERBOSE))
registry_url = 'http://%s/' % REGISTRY registry_url = 'http://%s/' % reg_addr
registry.Popen(('python', '-c', """if 1: registry.Popen(('python', '-c', """if 1:
import socket, time import socket, time
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
...@@ -212,7 +242,7 @@ if 1: ...@@ -212,7 +242,7 @@ if 1:
time.sleep(.1) time.sleep(.1)
""")).wait() """)).wait()
db = sqlite3.connect(db_path, isolation_level=None) db = sqlite3.connect(db_path, isolation_level=None)
def re6stnet(node, folder, args='', prefix_len=None, registry=registry_url): def new_node(node, folder, args='', prefix_len=None, registry=registry_url):
nodes.append(node) nodes.append(node)
if not os.path.exists(folder + '/cert.crt'): if not os.path.exists(folder + '/cert.crt'):
dh_path = folder + '/dh2048.pem' dh_path = folder + '/dh2048.pem'
...@@ -236,27 +266,35 @@ if 1: ...@@ -236,27 +266,35 @@ if 1:
node.screen('./py re6stnet @%s/re6stnet.conf -v%u --registry %s' node.screen('./py re6stnet @%s/re6stnet.conf -v%u --registry %s'
' --console %s/run/console.sock %s' % ( ' --console %s/run/console.sock %s' % (
folder, VERBOSE, registry, folder, args)) folder, VERBOSE, registry, folder, args))
re6stnet(registry, 'registry', '--ip ' + REGISTRY, registry='http://localhost/') new_node(registry, registry.name, '--ip ' + reg_addr, registry='http://localhost/')
re6stnet(machine1, 'm1', '-I%s' % m1_if_0.name) yield new_node
re6stnet(machine2, 'm2', '--remote-gateway 10.1.1.1', prefix_len=80)
re6stnet(machine3, 'm3', '-i%s' % m3_if_0.name)
re6stnet(machine4, 'm4', '-i%s' % m4_if_0.name)
re6stnet(machine5, 'm5', '-i%s' % m5_if_0.name)
re6stnet(machine6, 'm6', '-I%s' % m6_if_1.name)
re6stnet(machine7, 'm7')
re6stnet(machine8, 'm8')
db.close() db.close()
with new_network(registry, REGISTRY, REGISTRY_SERIAL, 'ca.crt') as new_node:
new_node(machine1, 'm1', '-I%s' % m1_if_0.name)
new_node(machine2, 'm2', '--remote-gateway 10.1.1.1', prefix_len=80)
new_node(machine3, 'm3', '-i%s' % m3_if_0.name)
new_node(machine4, 'm4', '-i%s' % m4_if_0.name)
new_node(machine5, 'm5', '-i%s' % m5_if_0.name)
new_node(machine6, 'm6', '-I%s' % m6_if_1.name)
new_node(machine7, 'm7')
new_node(machine8, 'm8')
with new_network(registry2, REGISTRY2, REGISTRY2_SERIAL, 'ca2.crt') as new_node:
new_node(machine10, 'm10', '-i%s' % m10_if_0.name)
if args.ping: if args.ping:
for j, machine in enumerate(nodes): for j, machine in enumerate(nodes):
ips = [ ips = [
'2001:db8:42::1' if i == 0 else '2001:db8:42::1' if i == 0 else
'2001:db8:42:2::' if i == 2 else '2001:db8:42:2::' if i == 2 else
'2001:db8:43::1' if i == 9 else
'2001:db8:43:1::1' if i == 10 else
# Only 1 address for machine2 because prefix_len = 80,+48 = 128 # Only 1 address for machine2 because prefix_len = 80,+48 = 128
'2001:db8:42:%s::1' % i '2001:db8:42:%s::1' % i
for i in xrange(9) for i in xrange(11)
if i != j] if i != j]
name = 'm' + machine.short if machine.short != 'R' else 'registry' name = machine.name if machine.short[0] == 'R' else 'm' + machine.short
machine.screen('python ping.py {} {}'.format(name, ' '.join(ips))) machine.screen('python ping.py {} {}'.format(name, ' '.join(ips)))
_ll = {} _ll = {}
......
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA3M5AShAyBJPwQzF29mA+2ua+yIeZF5PNa0HKbOD7jZy4Q+5G
rTSnMDGJ0LBnLbcdmf3kZjhEABx8OA/ZO+/gj5nhPLvZ+RerX0626xXz855KwQXE
ENJolzEkFHXsVu7ka9UjiWkOZSjXAwSJTzyO48VjstoUCduKfMlSAlAzdDSrhbJp
41xbKvjF/7/Rypr7/BdVZ8TTJ21A1eWcCL5Ke8vqZowerq5AdAaZ8Gl9hETWdqud
PWJuVu40/waYbFVmuQ2eWtPJ139CgfcUKN/kTPp965cvUIZJ1QYSVxcqmjwxWd7P
TF6YUyU8VupdeSvIsXi5O+AXYHwIOtOFNENNnQIDAQABAoIBAFKke5l84EuoV0e+
7sieE0h5DrUdU2ZosnzPfgUsW9qP6sO6Hgfb6it2jx9ltuh8Xf7x8Rd1PbZQ8wlE
nUj6qjD1JkFGCfpaKpEcdAgfClSHTXFbSBwHtI/KG7fwvwl2llXpy0g14uZn17nQ
a9gVUWHc0kjxqIhb/ERiUWh+PhPipLGnwEuUG7l4Pak/7rNX+dSGNhCx9TtVE5x7
REaJwo9+MToW3ivyzzm+MlS2sYBrmIpcTLbo2bpqLG7VU6n1d0GDjkHCjqyheD2m
M810/jJ4rURY5M+yQamO6zb7HWHkWJwGcXGfBYGxZi9g1Kn9iHaQsGB8KG/movfe
dX3MBD0CgYEA9cmOQpDh31ycoLyMqR/HxMfXeYzXZr652ci55RJ0Tm4zFwa457il
0TvvpOC5P3tPnrdjoppyZWa7QNCpEYr0HH1CFcUWJRG76Jd5D4biBKCsrYzACbqI
wFTtNWf51s7Zqp7lWPf0VEvfSdcOqOCgYPUOrqIo50V9GvCR6Vzb/K8CgYEA5fr3
DrWMk9tCjbeynIglxH1rklnbgSoWl8OH/Mj+YXE6Qyh33DTB3DP5JkVac3V6FjxS
9SUGN25A7hizj6zsmIeDxhBU0vaK2UMwQrFIkn/zGf18Y2VYNO8wXmFsaYtZO4J9
qyNuYF3onSFStr9oks6ShpNH8dmxbQdybXKspXMCgYEAyryolYvAZGeV4pfkRpSq
SUy2FdLw0hU8Y8HIZIVmXlNT3Qh0eN68F+yibZPX+d8S+841ZyiSd8XXa00ySAAf
/2fqnN5mt8j7AI4BE6ekw0BtbvIMbXnp1wu2ZjkPwfn5XV2XvF06slWrJtM3imFO
qOs6Yx3rM2kEGraZBK7N3o0CgYB73PPtDyi8hY3NyA9BsS4uKqKiOxU29tUePehi
5FnlX1dSzlvn1N5IXBGnZBj4MGBl022WrK8xcYc09UbYbfkrmWkGZstYqAJWS5KV
iOgeRx1GdTjmS7H7KIvzeSMroSqZG4nVf4q2Cj37SvRCisqmru1J388S2f1uTGF7
wxRrMwKBgA4GnLLnV9ekqXvHdNgyW6hnGJrnCthgARwNj0e9vWC1C5en064XPwdI
TPx/yILuxTY9F0nkRhM9DpTBk8HkKSO4W4yh/FqT4uSHNkLU/52r1zrpHkLFUYZj
LnCXYu5dzUoylnw3+UNGKOa5671Jr0WgLR3pf1GaEAnB/x6RYe+H
-----END RSA PRIVATE KEY-----
log m10/
run m10/run
state m10/
ca ca2.crt
cert m10/cert.crt
key m10/cert.key
default
client-count 2
max-clients 2
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDtUCjUUvdTyyYr
jrO2DcXJSHjxzp62Eu7OnhhReZlSXjRMIAJE+GR8hidQJ/44uM+g2EkiF19eRNcS
vFVu6CJi45DavDrYxnk7YRmsY0us4uqFzdlEqGuTCUJEJsCkKvoxSOm3RYjY8kFp
fYaTvcWN04GzuUVxYHKt4GQqFCWyiE/iZYagNADDnc7zJTBNLtwyYFunjZxN4Oe4
JksPFqyVsVyUNIyTH/zBIhCQyjrZ4MjWAesuQFc4jZgJ9WYOPN5E5ElghbTu1bKx
y+pdWg1K54DahtliXUrp+ZJVl32vbqJ1BwSqqh6lLK/sDwVqiQ287pn+Yozoaemf
RsidW6mPAgMBAAECggEAchebyZipt+tvSnmtBNXSRVdGblq8CyVHEqcHYgRoJiWM
Vxz8elRBW2zT8cGIg5S2ncnePzmlbBkEnclV+aA5B/oIZmEgmZ+yIU4pnauPcmsV
/YZd8phWP7av2TwYWdUfvBol4yrXBBZURHdJADa4h9sr/FAShtOrztSW03QkO5RI
VRAN3CLNRk/dunJCc43D8/4njYQiS4owRvV7C5GTVfvEOeOAizvzjtfM1cTiRClp
phwa5W1sBs2tTpQJK0fnRwxDTMM2+p6F4eFogy5ajCXHju69Az/8bA7P+YTCWxC4
ANIJxs1RPL9Q/SyhGgS2BqljQq5CrjDigZ+byKaswQKBgQD+YR4e4vRvSjq4AL0S
jMF1navzbPaHGy4qJdgIjkZn2oqjs81pdUKYP7RKIgqHNugP3EclaSuUoNf1dxIf
/HkcP/OdRC76zvyoe6JZicLyUHkVVSiXEYOllVZ7aQKa3XMKEWksv4GywgLNdbI9
NvobwKpt7xvXY43tvq3oo6BtdwKBgQDu0zUd3a14gV9qtljue35m7JEVbB9KXsOL
WaT8MqWSounuCFjh7rx68K4xLmsB2tdUpyI1+pKvQOOWtZYnbYCoYrSYBH7/CpSw
YRFVgoNEO4aJgywMJ7rfDLizmjiveOBNmEgvh+lGNBVUqYlJwZE4SY4ohENAxsWu
9nPIBWlKqQKBgQCz98W1mF/S9LNCRtN9cjPUoG5s1CQ+Rc6NZyTGONI623TGiIjF
GX659Cf7YsYMD55yyidTomqAxqLDOTCLjLWqdNxH4VtTemlqUb30lvBjOufPXeZP
qsZ2uYbr3MlJA29GKjc8v2hlLbmJ3sDxahnc1Jw/FrGd2wMotoSXWFxB1QKBgEHL
cBu9QZgsVCQq/k8dOJKUY9f6BJjRiJ+wX7KXJWRDe5z3Mb10rvpTqjmkZxiIuL/6
l4M1eAnOH6Uae7Z7BXHeV5B11KLgwFvjMgpTvWQj3gmuWIk0vNfMQmpAd5NoAqt9
440srUiI+sNrPYZTTHWsVfy1i22iFT4BaZ5WV06ZAoGBAMF67k6WkjmjG86EqrY4
Fc48TczNmgUW9NPArRSYcqlgUNA0QK/hNQz72lWx5XbjxeWYBky7csrgSprNDy3M
WXl56tq6Oo1XCQCFFxmyZ89s6O084I7TBfNEaCNrBVX4qBTRKH9DNyYemu9fGAAK
1cBQp/DJVIBpnOu1ga2YuA58
-----END PRIVATE KEY-----
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvFkywZvNyAZFoUou+e5e5fFmBi1IpfouItb+4d4OjfLfqsz9
oOsEhlv+t08gs68n0UvJtk2XkgUZMYVQsEZvaMUC20R0wi9LLCCurpNldqx7eZeD
0auo8FjWUS3FRn/ceU15dI8oFy1SYE2gfcui7tTDa2rcFn7pR9AIfv0oGIc8TIZk
BWz9C5oQ8trl9SXj2HShmk11Hxq/rEDod+iYZL4E6lRnrPpmm7CpiEm7QVSyMYtf
4EXhsSnB10nXJ2IaazhLjyh839UdfGuk3JzKraPp08ZaLNvV38DpNwPf9HXnGzHp
fYAZz2adykiyqddvRChSGrwUmhx8Edu3bZJyMQIDAQABAoIBAAgA/mAt38vNQG4/
OcnTMGMzI/PFPt4WyJkga8prZlDv7kNS3MBW3GVdSXC+wxP/sIB7aQH/QB6rasuo
76neBGP+Y0WwHgoWempQpTuz9c7aO5EKOEbTtaUpEUp32HdLfbIF8dBbOQfrHCIN
inFuEul1TyykaN/n2r/7fjDvTyHjoqaHrofUqC/8/+jaPASflRpNP+vKWM8YbD2E
PGiBhtobk4AOfdCM9afRpisAQI4C0RsGCHZL54vF7LbyPtAjgau+trwggj9ErILn
U+DjbhnHmB+GeMd7+56YjZccUTjtamHVBMrVdC0qNy+Na0x7rmfGGiN5S+qurP7p
FdROQvECgYEA47RQQWoRUMUCrcO2ZfsjeDu1r69qdBhzzjU7P9FDfsjxVWLl+cVT
uGxHxfDvh0J3NnoEhXsf7cVFoDZd8vQLIERZy3PbcgyEAj4TkSS+oNhQ/R7pTg5X
3ccamQmy2vqXGlwm3z5ZW5jh0vlJNWfvXP024UgpOHmg485ti6bTtr0CgYEA08Dm
5Mnx3sXifwzAOdqb9CApF+CRI6O5S+u3zwF4Bp1Spo31YZVnDVgCxBgv3k0OSFkE
7JCvY6KWOrwiPSUQCBnH74ePvheHiz39vRvZefgZHYFsyKc5UdmTc8gHLR9/0SK9
lcvcGitEsOp/Ft3Ob4j82NL+R5WgqyUuT1BXqoUCgYA8eeFu3jrnFswVVouVHlRX
VJR2qsI9P1lShTTNSEkC3V+ra+7knZIUwz10xv73D6IV5+ZXhVH/lotdd9MP+d0S
ntSygnzgF47gAZi0zeuLUKiB8bnJL2oKzxyzVK4aFsAXEi6I0EhvWXVw0SCufIJI
UkBHKSE5jKQ8nNDfbFmCiQKBgFuYCUfVgmXWOs6x+UQNJ4BFmQDXBnDgFPqeD3ff
LsfNrT6WERoQwe6nryqbO7lwo0jwGI0rWHJEla76SeUg7vpSDIWzoZ2cF+lG+0ad
kUiM5HA6149DpiudbYabc181TNhtqovtDlvTc3cDN83wS6c7HgO74HmeY00kXA+6
tPDxAoGBANtrY9fLqECgv3XRoQhE0xp4V8fr8iRG2QwKcZ0F1O0jfDMH/pfbl7IP
BjQsmuM6gORKDYdZHZ8bmpa5kzJCM+Oxf4y0bzgF9mE0gUd3LU9W2qLqidCBAveW
n4FwYaNHHUDEGNdJMPB8EB9n5FC3TUZIobz16/jn7DZghdag9e3c
-----END RSA PRIVATE KEY-----
ca ca2.crt
key registry2/ca.key
dh dh2048.pem
logfile registry2/registry2.log
run registry2/run
hello 4
client-count 2
tunnel-refresh 100
ipv4 10.42.0.0/16 8
log registry2/
run registry2/run
state registry2/
dh dh2048.pem
ca ca2.crt
cert registry2/cert.crt
key registry2/cert.key
gateway
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment