Commit 06974788 authored by Killian Lufau's avatar Killian Lufau Committed by Julien Muchembled

Switch to OpenVPN 2.4

The behaviour of --link-mtu has changed and we increase the values to
at least have interface MTU greater than IPv6 minimum.
We'll see later to have even greater values in ovpn_link_mtu_dict
(so that the resulting MTU is closer to what we had with 2.3)
or review the whole MTU part completely.
parent 96ab35a9
...@@ -54,7 +54,7 @@ Requirements ...@@ -54,7 +54,7 @@ Requirements
- Python 2.6 or 2.7 - Python 2.6 or 2.7
- OpenSSL binary and development libraries - OpenSSL binary and development libraries
- OpenVPN >= 2.3 - OpenVPN >= 2.4
- Babel_ (with Nexedi patches) - Babel_ (with Nexedi patches)
- geoip2: `python library`_ and `country lite database`_ (optional) - geoip2: `python library`_ and `country lite database`_ (optional)
- python-miniupnpc for UPnP support (optional) - python-miniupnpc for UPnP support (optional)
......
...@@ -8,7 +8,7 @@ X-Python-Version: >= 2.7 ...@@ -8,7 +8,7 @@ X-Python-Version: >= 2.7
Package: re6stnet Package: re6stnet
Architecture: all Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, python-pkg-resources, python-openssl (>= 0.13), openvpn (>= 2.3), babeld (= 1.6.2-nxd1), iproute2 | iproute, openssl Depends: ${misc:Depends}, ${python:Depends}, python-pkg-resources, python-openssl (>= 0.13), openvpn (>= 2.4), babeld (= 1.6.2-nxd1), iproute2 | iproute, openssl
Recommends: ${python:Recommends}, logrotate Recommends: ${python:Recommends}, logrotate
Suggests: ${python:Suggests}, ndisc6 Suggests: ${python:Suggests}, ndisc6
Conflicts: re6st-node Conflicts: re6st-node
......
...@@ -23,13 +23,14 @@ def openvpn(iface, encrypt, *args, **kw): ...@@ -23,13 +23,14 @@ def openvpn(iface, encrypt, *args, **kw):
logging.debug('%r', args) logging.debug('%r', args)
return utils.Popen(args, **kw) return utils.Popen(args, **kw)
ovpn_link_mtu_dict = {'udp': 1432, 'udp6': 1450} ovpn_link_mtu_dict = {'udp4': 1500, 'udp6': 1500}
def server(iface, max_clients, dh_path, fd, port, proto, encrypt, *args, **kw): def server(iface, max_clients, dh_path, fd, port, proto, encrypt, *args, **kw):
if proto == 'udp':
proto = 'udp4'
client_script = '%s %s' % (ovpn_server, fd) client_script = '%s %s' % (ovpn_server, fd)
try: try:
args = ('--link-mtu', str(ovpn_link_mtu_dict[proto]), args = ('--link-mtu', str(ovpn_link_mtu_dict[proto]),
# mtu-disc ignored for udp6 due to a bug in OpenVPN
'--mtu-disc', 'yes') + args '--mtu-disc', 'yes') + args
except KeyError: except KeyError:
proto += '-server' proto += '-server'
...@@ -50,6 +51,8 @@ def client(iface, address_list, encrypt, *args, **kw): ...@@ -50,6 +51,8 @@ def client(iface, address_list, encrypt, *args, **kw):
# XXX: We'd like to pass <connection> sections at command-line. # XXX: We'd like to pass <connection> sections at command-line.
link_mtu = set() link_mtu = set()
for ip, port, proto in address_list: for ip, port, proto in address_list:
if proto == 'udp':
proto = 'udp4'
remote += '--remote', ip, port, proto remote += '--remote', ip, port, proto
link_mtu.add(ovpn_link_mtu_dict.get(proto)) link_mtu.add(ovpn_link_mtu_dict.get(proto))
link_mtu, = link_mtu link_mtu, = link_mtu
......
...@@ -12,7 +12,7 @@ BuildArch: noarch ...@@ -12,7 +12,7 @@ BuildArch: noarch
Requires: babeld = 1.6.2-nxd1 Requires: babeld = 1.6.2-nxd1
Requires: iproute Requires: iproute
Requires: openssl Requires: openssl
Requires: openvpn >= 2.3 Requires: openvpn >= 2.4
Requires: python >= 2.7 Requires: python >= 2.7
Requires: pyOpenSSL >= 0.13 Requires: pyOpenSSL >= 0.13
Requires: python-setuptools Requires: python-setuptools
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment