Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
2
Issues
2
List
Boards
Labels
Milestones
Merge Requests
4
Merge Requests
4
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
re6stnet
Commits
dfbb4ec5
Commit
dfbb4ec5
authored
Jul 23, 2012
by
Ulysse Beaugnon
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of
https://git.erp5.org/repos/vifibnet
parents
0de723ac
b9f25552
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
296 additions
and
73 deletions
+296
-73
README
README
+186
-3
TODO
TODO
+30
-13
db.py
db.py
+16
-8
plib.py
plib.py
+3
-4
setup.py
setup.py
+4
-3
tunnel.py
tunnel.py
+1
-0
utils.py
utils.py
+1
-1
vifibnet.py
vifibnet.py
+55
-41
No files found.
README
View file @
dfbb4ec5
Vifibnet is a daemon setting up a resilient virtual private network over the
Vifibnet is a daemon setting up a resilient virtual private network over the
internet
internet
To use vifibnet, you need to launch the registry.py on a server to provide the
HOW TO:
certificates. Then you should run setup.py on each clients tu prepare the
Vifibnet ( sic ) has three separate components : a setup, a server and
clients and then run vifibnet.py on each client
a client.
Lambda users only have to launch the setup and then their client.
The server is meant to be started once on a node which also will be running
a client instance.
The organisation of the code
The organisation of the code
vifibnet.py Just contain the main loop and the init
vifibnet.py Just contain the main loop and the init
...
@@ -13,4 +16,184 @@ The organisation of the code
...
@@ -13,4 +16,184 @@ The organisation of the code
tunnel.py To choose wich connection delete/keep/...
tunnel.py To choose wich connection delete/keep/...
upnpigd.py To open a port
upnpigd.py To open a port
OPTIONS : REGISTRY.PY
usage : ./registry port [options...]
port
The port on which the server will listen
--db path
Path to the server Database file. A new DB file will be created
and correctly initialized if the file doesn't exists.
One can give ":memory" as path, the database is then temporary
--ca path
Path to the certificate authority file. The certificate authority
MUST contain the VPN network prefix in its serial number. To
generate correct ca and key files for the 2001:db8:42:: prefix,
the following command can be used :
openssl req -nodes -new -x509 -key ca.key -set_serial
0x120010db80042 -days 365 -out ca.crt
--key path
Path to the server key file. To generate a key file, see the --ca
option
--mailhost mailhost
Mailhost to be used to send email containing token for registration
OPTIONS : SETUP.PY
usage : ./setup [options...]
--server address
Ip address of the machine running the vifibnet server. Both ipv4
and ipv6 addresses are supported.
--port port
Port to connect to on the machine running the vifibnet server.
-d, --dir directory
Path of a directory where will be stored the files generated by the
setup. The Setup genereates the following files, in the explicit
order :
- ca.pem : certificate authority file downloaded from the server
- peers.db : peers database initialized for vifibnet.py
- cert.key : private key generated by the script
- cert.crt : individual certificate file generated by the server
- dh2048.pem : dh file for oenvpn server
-r, --req name value
Specify an attribute to add to the certificate request sent to the
server. Can be used multiple times.
Each use of the --req name value, will add the attribute name with
the associated value in the sugbject of the certificate request.
--ca-only
Stop the script after downloading the certificate authority file
from the server
--db-only
Stop the script after creating the peers DB and downloading the
connection information of a bootstrap node of the VPN.
--no-boot
Does not re'quest a bootstrap peer to the peer discovery server
(useful in debug when the server does not have any peer in his
database). When requesting a bootstrap peer to a server whoch does
not have any, an execption will occur, and the script will stop
OPTIONS : VIFIBNET.PY
usage : ./vifibnet.py [options...]
--ip address port proto
Specify connection information to be advertised to other nodes.
address MUST be a ipv4 address since as of now openvpn does not
support ipv6 addresses.
proto should be either udp or tcp-client
--internal-port port
Specify the port on which will be launched the openvpn server(s)
Can differ from port given in the --ip option.
Default : 1194
--peers-db-refresh duration
Duration in seconds of the peers DB refresh interval.
Default : 3600 ( 1 hour )
-l, --log directory
Path to the directory used for log files. Will create one file
for babel logging and one file for each openvpn server and client
started.
Default : /var/log
-s, --state directory
Path to the directory used for state files. State files include :
- peers.db : the peers db used to establish connection
- vifibnet.babeld.state : babeld state file
Default : /var/lib/vifibnet
-v, --verbose level
Defines the verbose level, level should be an integer between 0
and 5 ( including ). There is no precise convention for verbode
level for now, except an increased number means more log messages.
This parameter is also given to openvpn and babel for their log.
Default : 0
--server address
Ip address of the peer discovery server. SHOULD be an ipv6 address
belonging to the VPN network, as the server only allows requests
from inside the VPN (feature not used now for debugging purposes)
--server-port port
Port number on the peer discovery server to which we connect
--hello duration
Set hello interval, in seconds, for both wired and wireless
connections. Openvpn ping-exit option is set to 4 times the hello
interval. Argument passed down to the babel daemon, equivalent
to :
-h duration -H duration
in babeld ( for more information, see babeld man page )
Default : 30
-w, --wireless
Consider all interfaces as being wireless interfaces. Argument
directly passed down to the babeld daemon
--proto p [p']
Protocol used by the openvpn server(s). Start one openvpn server
for each protocl specified.
p (and p') should be either udp or tcp-server
Default : udp
--tunnel-refresh duration
Interval in seconds between two tunnel refresh. Refreshing tunnels
mean :
- killing all dead tunnels ( detected via the ping-exit option
if openvpn )
- killing the 'worst' tunnels, so that at least the ratio of
tunnels set by the --refresh-rate option have been killed
- creating new tunnels to other clients randomly choosen in the
peers database, to reach the number of connection specified by
the connection-count option ( There can be less tunnels if the
peers DB does not contain enough peers )
Default : 300
--dh path
Path to the dh file to be used by the openvpn server
(for more information see the openvpn man page)
--ca path
Path to the certificate authority file delivered by the vifibnet
server. The prefix of the VPN network is included in the serial
number of the file.
--cert path
Path to the individual certificate file delivered by the vifibnet
server. The prefix of the machine is included in the certificate's
subject common name.
--connection-count number
The maximum number of openvpn clients to start.
Default : 20
--refresh-rate ratio
The ratio of connection to kill each time we refresh tunnels.
For more information see the --tunnel-refresh option
ratio should be a float between 0 and 1 ( included )
Default : 0.05
openvpn_args
Additional arguments to be passed down to all openvpn processes
can be given at the end of the command line.
In that case, insert '--' to delimit vifibnet regular options
from the additional openvpn arguments. The list of arguments will
be passed down to ALL openvpn processes ( including servers )
exactly as they are given
One SHOULD give a --key argument with the key file delivered by the
vifibnet server
@file
You can give to vifibnet a config file as a regular argument
(meaning before giving optional openvpn arguments)
The file should contain one option per line, possibly ommitting
the '--'. Only long option are allowed (i.e "v 3" will not work
while "verbose 3" will)
TODO
View file @
dfbb4ec5
G : We should focus on clearing the TODO List, then go to testing phase,
since the end is nearing... ( I finish on august, 3 )
To be done :
To be done :
Add options to start udp server, tcp server or both
Catch a more precise exception thant Exception at line 108 in vifibnet.py
( UPnP forwarding )
Upgrade the logging function in order to be able to log message like
"Refreshing peers DB ... done", or add log messages to specify that an
action advertised by a previous log message has been completed
use the server as a bootstrap node
use the server as a bootstrap node -> switch peer discovery to be done
by vifibnet directly ?
Use an algorithm to choose which connections to keep and/or establish
Use an algorithm to choose which connections to keep and/or establish
instead of pure randomness
instead of pure randomness
...
@@ -13,25 +22,18 @@ To be done :
...
@@ -13,25 +22,18 @@ To be done :
Replace comments at the beginning of functions with docstrings & give all
Replace comments at the beginning of functions with docstrings & give all
fn docstrings
fn docstrings
Use the server events ( client connection/deconnection ) to do something
In peers DB, flag the dead peers so we only choose them if necessary and we
useful
can remove them if we have enought peers
In peers DB, flag the dead peers so we only choose them if necessary and we can remove them if we have enought peers
Use a timeout for the server peersDB so we can
r
flag unreachable peers and
Use a timeout for the server peersDB so we can flag unreachable peers and
remove the peers whose certificate is no longer valid
remove the peers whose certificate is no longer valid
Specify a lease duration in ForwardViaUPnP
Specify a lease duration in ForwardViaUPnP
Handle LAN internally in order not to have catastrophic results ....
Handle LAN internally in order not to have catastrophic results ....
( avahi could be used )
To be discussed:
To be discussed:
G : Database structure for bith vifibnet and registry have been changed.
Index is now always on the prefix ( there is no id anymore ). And
the (ip, port, proto) tuples have been replaced with addresses :
it is a list of ip, port, proto, that way a peer can announce
different (port, proto) combination.
G, J : To get traffic stats ( bytes in/out ), you can use
G, J : To get traffic stats ( bytes in/out ), you can use
/sys/class/net/interface/statistics/rx_bytes, etc...
/sys/class/net/interface/statistics/rx_bytes, etc...
or /proc/net/dev/snmp6/interface ( all in one file ). This can be enough
or /proc/net/dev/snmp6/interface ( all in one file ). This can be enough
...
@@ -61,6 +63,12 @@ To be discussed:
...
@@ -61,6 +63,12 @@ To be discussed:
45% of the problems dont last more than 2 minutes, 55% no more than
45% of the problems dont last more than 2 minutes, 55% no more than
3 minutes If it takes 2 min to detect a dead connection, then we wont be
3 minutes If it takes 2 min to detect a dead connection, then we wont be
solving many problems with our overlay network
solving many problems with our overlay network
G : ok, so babel hello-interval should be set to a lower value,
we should do some tests to pinpoint the best compromise between
speed and bandwith usage.
Btw, is there a doc ( pdf, image, file ) resuming Raphael's stats
on nexedi's server downtime ? it could be useful for the internship
rapport
U : The peer DB size should depend on the number of connection and the
U : The peer DB size should depend on the number of connection and the
refresh time
refresh time
...
@@ -71,6 +79,7 @@ To be discussed:
...
@@ -71,6 +79,7 @@ To be discussed:
enought DB to ensure we can still choose a peer as if it was choosen
enought DB to ensure we can still choose a peer as if it was choosen
directly from the server. The requiered db size can be calculated from
directly from the server. The requiered db size can be calculated from
the number of connections and the refresh time.
the number of connections and the refresh time.
G : ok, you can erase this talk
U : Why are --ip and internal-port mutually exclusive ?
U : Why are --ip and internal-port mutually exclusive ?
Currently upnp only forward via UDP. Should he also forward via TCP ?
Currently upnp only forward via UDP. Should he also forward via TCP ?
...
@@ -78,3 +87,11 @@ To be discussed:
...
@@ -78,3 +87,11 @@ To be discussed:
No error should be raised when no upnp is detected : we should allow
No error should be raised when no upnp is detected : we should allow
machines having public IP to do an automatic configuration using the
machines having public IP to do an automatic configuration using the
discovery by an other peer
discovery by an other peer
G : Actually, i was wrong, --ip and internal-port are no longer exclusive
Julien said udp might not be used by some people because of
restrictions imposed by the ISP ( FAI in french ), so we should
allow both, and act according to the options specifying which servers
to start (upd, tcp-server)
G : I think the number of route going through an interface should be a
Connection attribute, not a dict in tunnelManager
db.py
View file @
dfbb4ec5
import
sqlite3
,
xmlrpclib
,
time
import
sqlite3
,
socket
,
xmlrpclib
,
time
,
os
import
utils
import
utils
class
PeerManager
:
class
PeerManager
:
# internal ip = temp arg/attribute
# internal ip = temp arg/attribute
def
__init__
(
self
,
db_path
,
server
,
server_port
,
refresh_time
,
address
,
internal_ip
,
prefix
,
manual
,
db_size
):
def
__init__
(
self
,
db_dir_path
,
server
,
server_port
,
refresh_time
,
address
,
internal_ip
,
prefix
,
manual
,
proto
,
db_size
):
self
.
_refresh_time
=
refresh_time
self
.
_refresh_time
=
refresh_time
self
.
_address
=
address
self
.
_address
=
address
self
.
_internal_ip
=
internal_ip
self
.
_internal_ip
=
internal_ip
...
@@ -12,12 +13,14 @@ class PeerManager:
...
@@ -12,12 +13,14 @@ class PeerManager:
self
.
_server
=
server
self
.
_server
=
server
self
.
_server_port
=
server_port
self
.
_server_port
=
server_port
self
.
_db_size
=
db_size
self
.
_db_size
=
db_size
self
.
_proto
=
proto
self
.
_manual
=
manual
self
.
_manual
=
manual
self
.
_proxy
=
xmlrpclib
.
ServerProxy
(
'http://%s:%u'
%
(
server
,
server_port
))
self
.
_proxy
=
xmlrpclib
.
ServerProxy
(
'http://%s:%u'
%
(
server
,
server_port
))
utils
.
log
(
'Connectiong to peers database'
,
4
)
utils
.
log
(
'Connectiong to peers database'
,
4
)
self
.
_db
=
sqlite3
.
connect
(
db_path
,
isolation_level
=
None
)
self
.
_db
=
sqlite3
.
connect
(
os
.
path
.
join
(
db_dir_path
,
'peers.db'
),
isolation_level
=
None
)
utils
.
log
(
'Preparing peers database'
,
4
)
utils
.
log
(
'Preparing peers database'
,
4
)
try
:
try
:
self
.
_db
.
execute
(
"UPDATE peers SET used = 0"
)
self
.
_db
.
execute
(
"UPDATE peers SET used = 0"
)
...
@@ -29,9 +32,14 @@ class PeerManager:
...
@@ -29,9 +32,14 @@ class PeerManager:
def
refresh
(
self
):
def
refresh
(
self
):
utils
.
log
(
'Refreshing the peers DB'
,
2
)
utils
.
log
(
'Refreshing the peers DB'
,
2
)
try
:
self
.
_declare
()
self
.
_declare
()
self
.
_populate
()
self
.
_populate
()
self
.
next_refresh
=
time
.
time
()
+
self
.
_refresh_time
self
.
next_refresh
=
time
.
time
()
+
self
.
_refresh_time
except
socket
.
error
,
e
:
utils
.
log
(
str
(
e
),
4
)
utils
.
log
(
'Connection to server failed, retrying in 30s'
,
2
)
self
.
next_refresh
=
time
.
time
()
+
30
def
_declare
(
self
):
def
_declare
(
self
):
if
self
.
_address
!=
None
:
if
self
.
_address
!=
None
:
...
@@ -68,8 +76,8 @@ class PeerManager:
...
@@ -68,8 +76,8 @@ class PeerManager:
elif
script_type
==
'route-up'
:
elif
script_type
==
'route-up'
:
if
not
self
.
_manual
:
if
not
self
.
_manual
:
external_ip
,
external_port
=
arg
.
split
(
','
)
external_ip
,
external_port
=
arg
.
split
(
','
)
new_address
=
[[
external_ip
,
external_port
,
'udp'
],
new_address
=
list
([
external_ip
,
external_port
,
proto
]
[
external_ip
,
external_port
,
'tcp-client'
]]
for
proto
in
self
.
_proto
)
if
self
.
_address
!=
new_address
:
if
self
.
_address
!=
new_address
:
self
.
_address
=
new_address
self
.
_address
=
new_address
utils
.
log
(
'Received new external configuration : %s:%s'
%
(
external_ip
,
external_port
),
3
)
utils
.
log
(
'Received new external configuration : %s:%s'
%
(
external_ip
,
external_port
),
3
)
...
...
plib.py
View file @
dfbb4ec5
...
@@ -43,7 +43,7 @@ def client(server_address, pipe_fd, hello_interval, *args, **kw):
...
@@ -43,7 +43,7 @@ def client(server_address, pipe_fd, hello_interval, *args, **kw):
return
openvpn
(
hello_interval
,
*
remote
,
**
kw
)
return
openvpn
(
hello_interval
,
*
remote
,
**
kw
)
def
router
(
network
,
internal_ip
,
interface_list
,
def
router
(
network
,
internal_ip
,
interface_list
,
wireless
,
hello_interval
,
**
kw
):
wireless
,
hello_interval
,
state_path
,
**
kw
):
utils
.
log
(
'Starting babel'
,
3
)
utils
.
log
(
'Starting babel'
,
3
)
args
=
[
'babeld'
,
args
=
[
'babeld'
,
'-C'
,
'redistribute local ip %s'
%
(
internal_ip
),
'-C'
,
'redistribute local ip %s'
%
(
internal_ip
),
...
@@ -59,10 +59,9 @@ def router(network, internal_ip, interface_list,
...
@@ -59,10 +59,9 @@ def router(network, internal_ip, interface_list,
'-d'
,
str
(
verbose
),
'-d'
,
str
(
verbose
),
'-h'
,
str
(
hello_interval
),
'-h'
,
str
(
hello_interval
),
'-H'
,
str
(
hello_interval
),
'-H'
,
str
(
hello_interval
),
'-S'
,
state_path
,
'-s'
,
'-s'
,
]
]
#if utils.config.babel_state:
# args += '-S', utils.config.babel_state
if
wireless
:
if
wireless
:
args
.
append
(
'-w'
)
args
.
append
(
'-w'
)
args
=
args
+
interface_list
args
=
args
+
interface_list
...
...
setup.py
View file @
dfbb4ec5
...
@@ -42,9 +42,6 @@ def main():
...
@@ -42,9 +42,6 @@ def main():
used INTEGER NOT NULL DEFAULT 0,
used INTEGER NOT NULL DEFAULT 0,
date INTEGER DEFAULT (strftime('%s', 'now')))"""
)
date INTEGER DEFAULT (strftime('%s', 'now')))"""
)
db
.
execute
(
"CREATE INDEX _peers_used ON peers(used)"
)
db
.
execute
(
"CREATE INDEX _peers_used ON peers(used)"
)
if
not
config
.
no_boot
:
prefix
,
address
=
s
.
getBootstrapPeer
()
db
.
execute
(
"INSERT INTO peers (prefix, address) VALUES (?,?)"
,
(
prefix
,
address
))
except
sqlite3
.
OperationalError
,
e
:
except
sqlite3
.
OperationalError
,
e
:
if
e
.
args
[
0
]
==
'table peers already exists'
:
if
e
.
args
[
0
]
==
'table peers already exists'
:
print
"Table peers already exists, leaving it as it is"
print
"Table peers already exists, leaving it as it is"
...
@@ -52,6 +49,10 @@ def main():
...
@@ -52,6 +49,10 @@ def main():
print
"sqlite3.OperationalError :"
+
e
.
args
[
0
]
print
"sqlite3.OperationalError :"
+
e
.
args
[
0
]
sys
.
exit
(
1
)
sys
.
exit
(
1
)
if
not
config
.
no_boot
:
prefix
,
address
=
s
.
getBootstrapPeer
()
db
.
execute
(
"INSERT INTO peers (prefix, address) VALUES (?,?)"
,
(
prefix
,
address
))
if
config
.
db_only
:
if
config
.
db_only
:
sys
.
exit
(
0
)
sys
.
exit
(
0
)
...
...
tunnel.py
View file @
dfbb4ec5
...
@@ -5,6 +5,7 @@ log = None
...
@@ -5,6 +5,7 @@ log = None
smooth
=
0.3
smooth
=
0.3
class
Connection
:
class
Connection
:
def
__init__
(
self
,
address
,
write_pipe
,
hello
,
iface
,
prefix
,
def
__init__
(
self
,
address
,
write_pipe
,
hello
,
iface
,
prefix
,
ovpn_args
):
ovpn_args
):
self
.
process
=
plib
.
client
(
address
,
write_pipe
,
hello
,
'--dev'
,
iface
,
self
.
process
=
plib
.
client
(
address
,
write_pipe
,
hello
,
'--dev'
,
iface
,
...
...
utils.py
View file @
dfbb4ec5
...
@@ -41,5 +41,5 @@ def address_list(address_set):
...
@@ -41,5 +41,5 @@ def address_list(address_set):
return
';'
.
join
(
map
(
','
.
join
,
address_set
))
return
';'
.
join
(
map
(
','
.
join
,
address_set
))
def
address_set
(
address_list
):
def
address_set
(
address_list
):
return
se
t
(
tuple
(
address
.
split
(
','
))
return
lis
t
(
tuple
(
address
.
split
(
','
))
for
address
in
address_list
.
split
(
';'
))
for
address
in
address_list
.
split
(
';'
))
vifibnet.py
View file @
dfbb4ec5
#!/usr/bin/env python
#!/usr/bin/env python
import
argparse
,
errno
,
math
,
os
,
select
,
subprocess
,
sys
,
time
,
traceback
import
argparse
,
errno
,
os
,
select
,
subprocess
,
time
from
argparse
import
ArgumentParser
from
argparse
import
ArgumentParser
from
OpenSSL
import
crypto
import
db
,
plib
,
upnpigd
,
utils
,
tunnel
import
db
,
plib
,
upnpigd
,
utils
,
tunnel
class
ArgParser
(
ArgumentParser
):
class
ArgParser
(
ArgumentParser
):
...
@@ -27,46 +26,53 @@ def getConfig():
...
@@ -27,46 +26,53 @@ def getConfig():
parser
=
ArgParser
(
fromfile_prefix_chars
=
'@'
,
parser
=
ArgParser
(
fromfile_prefix_chars
=
'@'
,
description
=
'Resilient virtual private network application'
)
description
=
'Resilient virtual private network application'
)
_
=
parser
.
add_argument
_
=
parser
.
add_argument
# Server address SHOULD be a vifib address ( else requests will be denied )
# General Configuration options
_
(
'--ip'
,
default
=
None
,
dest
=
'address'
,
action
=
'append'
,
nargs
=
3
,
help
=
'Ip address, port and protocol advertised to other vpn nodes'
)
_
(
'--internal-port'
,
default
=
1194
,
help
=
'Port on the machine to listen on for incomming connections'
)
_
(
'--peers-db-refresh'
,
default
=
3600
,
type
=
int
,
help
=
'the time (seconds) to wait before refreshing the peers db'
)
_
(
'-l'
,
'-log'
,
default
=
'/var/log'
,
help
=
'Path to vifibnet logs directory'
)
_
(
'-s'
,
'--state'
,
default
=
'/var/lib/vifibnet'
,
help
=
'Path to VPN state directory'
)
_
(
'--verbose'
,
'-v'
,
default
=
0
,
type
=
int
,
help
=
'Defines the verbose level'
)
#_('--babel-state', default='/var/lib/vifibnet/babel_state',
# help='Path to babeld state-file')
#_('--db', default='/var/lib/vifibnet/peers.db',
# help='Path to peers database')
_
(
'--server'
,
required
=
True
,
_
(
'--server'
,
required
=
True
,
help
=
"VPN address of the discovery peer server"
)
help
=
"VPN address of the discovery peer server"
)
_
(
'--server-port'
,
required
=
True
,
type
=
int
,
_
(
'--server-port'
,
required
=
True
,
type
=
int
,
help
=
"VPN port of the discovery peer server"
)
help
=
"VPN port of the discovery peer server"
)
_
(
'-log'
,
'-l'
,
default
=
'/var/log'
,
help
=
'Path to vifibnet logs directory'
)
# Routing algorithm options
_
(
'--hello'
,
type
=
int
,
default
=
30
,
help
=
'Hello interval for babel, in seconds'
)
_
(
'-w'
,
'--wireless'
,
action
=
'store_true'
,
help
=
'''Set all interfaces to be treated as wireless interfaces
for the routing protocol'''
)
# Tunnel options
_
(
'--proto'
,
choices
=
[
'udp'
,
'tcp-server'
],
nargs
=
'+'
,
default
=
[
'udp'
],
help
=
'Protocol(s) to be used by other peers to connect'
)
_
(
'--tunnel-refresh'
,
default
=
300
,
type
=
int
,
_
(
'--tunnel-refresh'
,
default
=
300
,
type
=
int
,
help
=
'the time (seconds) to wait before changing the connections'
)
help
=
'the time (seconds) to wait before changing the connections'
)
_
(
'--peers-db-refresh'
,
default
=
3600
,
type
=
int
,
help
=
'the time (seconds) to wait before refreshing the peers db'
)
_
(
'--db'
,
default
=
'/var/lib/vifibnet/peers.db'
,
help
=
'Path to peers database'
)
_
(
'--dh'
,
required
=
True
,
_
(
'--dh'
,
required
=
True
,
help
=
'Path to dh file'
)
help
=
'Path to dh file'
)
_
(
'--babel-state'
,
default
=
'/var/lib/vifibnet/babel_state'
,
help
=
'Path to babeld state-file'
)
_
(
'--hello'
,
type
=
int
,
default
=
30
,
help
=
'Hello interval for babel, in seconds'
)
_
(
'-w'
,
'--wireless'
,
action
=
'store_true'
,
help
=
'Set all interfaces to be treated as wireless interfaces ( in babel )'
)
_
(
'--verbose'
,
'-v'
,
default
=
0
,
type
=
int
,
help
=
'Defines the verbose level'
)
_
(
'--ca'
,
required
=
True
,
_
(
'--ca'
,
required
=
True
,
help
=
'Path to the certificate authority file'
)
help
=
'Path to the certificate authority file'
)
_
(
'--cert'
,
required
=
True
,
_
(
'--cert'
,
required
=
True
,
help
=
'Path to the certificate file'
)
help
=
'Path to the certificate file'
)
ipconfig
=
parser
.
add_mutually_exclusive_group
()
__
=
ipconfig
.
add_argument
__
(
'--ip'
,
default
=
None
,
dest
=
'address'
,
action
=
'append'
,
nargs
=
3
,
help
=
'Ip address, port and protocol advertised to other vpn nodes'
)
__
(
'--internal-port'
,
default
=
1194
,
help
=
'Internal port to listen on for incomming connections'
)
# args to be removed ?
# args to be removed ?
_
(
'--proto'
,
default
=
'udp'
,
help
=
'The protocol used by other peers to connect'
)
_
(
'--connection-count'
,
default
=
20
,
type
=
int
,
_
(
'--connection-count'
,
default
=
20
,
type
=
int
,
help
=
'Number of tunnels'
)
help
=
'Number of tunnels'
)
_
(
'--refresh-rate'
,
default
=
0.05
,
type
=
float
,
_
(
'--refresh-rate'
,
default
=
0.05
,
type
=
float
,
help
=
'The ratio of connections to drop when refreshing the connections'
)
help
=
'''The ratio of connections to drop when refreshing the
connections'''
)
# Openvpn options
# Openvpn options
_
(
'openvpn_args'
,
nargs
=
argparse
.
REMAINDER
,
_
(
'openvpn_args'
,
nargs
=
argparse
.
REMAINDER
,
help
=
"Common OpenVPN options (e.g. certificates)"
)
help
=
"Common OpenVPN options (e.g. certificates)"
)
...
@@ -95,33 +101,41 @@ def main():
...
@@ -95,33 +101,41 @@ def main():
else
:
else
:
utils
.
log
(
'Attempting automatic configuration via UPnP'
,
4
)
utils
.
log
(
'Attempting automatic configuration via UPnP'
,
4
)
try
:
try
:
ext
ernal_ip
,
external
_port
=
upnpigd
.
ForwardViaUPnP
(
config
.
internal_port
)
ext
_ip
,
ext
_port
=
upnpigd
.
ForwardViaUPnP
(
config
.
internal_port
)
config
.
address
=
[[
external_ip
,
external_port
,
'udp'
],
config
.
address
=
list
([
ext_ip
,
ext_port
,
proto
]
[
external_ip
,
external_port
,
'tcp-client'
]]
for
proto
in
config
.
proto
)
except
Exception
:
except
Exception
:
utils
.
log
(
'An atempt to forward a port via UPnP failed'
,
4
)
utils
.
log
(
'An atempt to forward a port via UPnP failed'
,
4
)
peer_db
=
db
.
PeerManager
(
config
.
db
,
config
.
server
,
config
.
server_port
,
peer_db
=
db
.
PeerManager
(
config
.
state
,
config
.
server
,
config
.
server_port
,
config
.
peers_db_refresh
,
config
.
address
,
internal_ip
,
prefix
,
manual
,
200
)
config
.
peers_db_refresh
,
config
.
address
,
internal_ip
,
prefix
,
tunnel_manager
=
tunnel
.
TunnelManager
(
write_pipe
,
peer_db
,
openvpn_args
,
config
.
hello
,
manual
,
config
.
proto
,
200
)
config
.
tunnel_refresh
,
config
.
connection_count
,
config
.
refresh_rate
)
tunnel_manager
=
tunnel
.
TunnelManager
(
write_pipe
,
peer_db
,
openvpn_args
,
config
.
hello
,
config
.
tunnel_refresh
,
config
.
connection_count
,
config
.
refresh_rate
)
# Launch
babel on all interfaces
. WARNING : you have to be root to start babeld
# Launch
routing protocol
. WARNING : you have to be root to start babeld
interface_list
=
[
'vifibnet'
]
+
list
(
tunnel_manager
.
free_interface_set
)
interface_list
=
[
'vifibnet'
]
+
list
(
tunnel_manager
.
free_interface_set
)
router
=
plib
.
router
(
network
,
internal_ip
,
interface_list
,
config
.
wireless
,
config
.
hello
,
router
=
plib
.
router
(
network
,
internal_ip
,
interface_list
,
config
.
wireless
,
config
.
hello
,
os
.
path
.
join
(
config
.
state
,
'vifibnet.babeld.state'
),
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.babeld.log'
),
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.babeld.log'
),
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
),
stderr
=
subprocess
.
STDOUT
)
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
),
stderr
=
subprocess
.
STDOUT
)
# Establish connections
# Establish connections
server_process
=
plib
.
server
(
internal_ip
,
network
,
config
.
connection_count
,
config
.
dh
,
write_pipe
,
server_process
=
list
(
plib
.
server
(
internal_ip
,
network
,
config
.
internal_port
,
config
.
proto
,
config
.
hello
,
'--dev'
,
'vifibnet'
,
*
openvpn_args
,
config
.
connection_count
,
config
.
dh
,
write_pipe
,
config
.
internal_port
,
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.server.log'
),
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
))
proto
,
config
.
hello
,
'--dev'
,
'vifibnet'
,
*
openvpn_args
,
stdout
=
os
.
open
(
os
.
path
.
join
(
config
.
log
,
'vifibnet.server.%s.log'
%
(
proto
,)),
os
.
O_WRONLY
|
os
.
O_CREAT
|
os
.
O_TRUNC
))
for
proto
in
config
.
proto
)
tunnel_manager
.
refresh
()
# main loop
# main loop
try
:
try
:
while
True
:
while
True
:
ready
,
tmp1
,
tmp2
=
select
.
select
([
read_pipe
],
[],
[],
ready
,
tmp1
,
tmp2
=
select
.
select
([
read_pipe
],
[],
[],
max
(
0
,
min
(
tunnel_manager
.
next_refresh
,
peer_db
.
next_refresh
)
-
time
.
time
()))
max
(
0
,
min
(
tunnel_manager
.
next_refresh
,
peer_db
.
next_refresh
)
-
time
.
time
()))
if
ready
:
if
ready
:
peer_db
.
handle_message
(
read_pipe
.
readline
())
peer_db
.
handle_message
(
read_pipe
.
readline
())
if
time
.
time
()
>=
peer_db
.
next_refresh
:
if
time
.
time
()
>=
peer_db
.
next_refresh
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment