re6stnet:4c2284e2aa0e26ccbcb5e788c81afd6447979acc commitshttps://lab.nexedi.com/nexedi/re6stnet/-/commits/4c2284e2aa0e26ccbcb5e788c81afd6447979acc2015-12-27T17:56:22+01:00https://lab.nexedi.com/nexedi/re6stnet/-/commit/4c2284e2aa0e26ccbcb5e788c81afd6447979accdist: refactoring, ship systemd services for Debian, fix section of re6stnet ...2015-12-27T17:56:22+01:00Julien Muchembledjm@nexedi.com
debian/rules is split into reusable parts for SlapOS-based packages.https://lab.nexedi.com/nexedi/re6stnet/-/commit/77c9df3b775ca5d8d920facdf8ca8ad79bd96ab3demo: don't show meaningless 'odot' arrows for routes2015-12-02T21:32:51+01:00Julien Muchembledjm@nexedi.com
Unexpectedly, and contrary to 'dot', Graphviz does not draw it with penwidth=0
(without, that of the other side is striked). And anyway, we can just look at
the label to see if there's a route.https://lab.nexedi.com/nexedi/re6stnet/-/commit/06f33ff2eb8142ab187ee5999e00c70bc47dd113demo: fix nemu with recent iproute2015-12-02T21:23:08+01:00Julien Muchembledjm@nexedi.com
iproute now shows the name of the paired interface for type veth. For example:
172: NETNSif-476f004@NETNSif-476f003: ...https://lab.nexedi.com/nexedi/re6stnet/-/commit/aed51ca6a238a0b1502c03cfc52f18707ceea962New upstream release of babeld2015-08-14T13:59:26+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/c7846fdcaf672550da599debd7bacea9aa9ee668Fix babeld-only setup so that 'lo' only accepts configured ipv4 and not the w...2015-07-09T11:57:59+02:00Julien Muchembledjm@nexedi.com
When 10.42.3.1/24 was configured on 'lo', the kernel accepted packets to
any ip of 10.42.3.0/24, instead of only 10.42.3.1https://lab.nexedi.com/nexedi/re6stnet/-/commit/f08512259a3bb8734c108e9e88abd9865a1bf3d6Add support for recent iproute, which now recognizes babel protocol2015-07-09T11:51:24+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/06b1340626271defe9314ead2178d6037f2e3b31Document the levels of --verbose option2015-07-08T17:34:07+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/285c7aebed5658d71a9fb507ae575a3f11d0fd47dist: fix inclusion of ovpn-* scripts for setuptools < 0.6.292015-06-11T18:50:47+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/1c354e6c5612548a3c60a1171699afb4880d6473dist: use new entry_points['console_scripts'] way to ship scripts2015-06-10T22:48:11+02:00Julien Muchembledjm@nexedi.com
The old distutils way is not compatible with zc.recipe.egg in develop mode,
because egg_info does not provide any information about such scripts.https://lab.nexedi.com/nexedi/re6stnet/-/commit/274d7bd2c7266084cf1596e3c7d4fbf439518ce6dist: fix typo in MANIFEST.in2015-06-10T21:13:04+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/45e4d3ca29884c32488d724bba93a2585382265fOpenVPN >= 2.3 is required2015-05-28T17:47:00+02:00Julien Muchembledjm@nexedi.com
2.2.x branch has a patch[1] that renders tls_serial_* environment variables
in base 16, causing a ValueError exception in ovpn-server hook.
[1] <a href="https://github.com/OpenVPN/openvpn/commit/7d5e26cbb53e2700c966e6b6e815f0c824da8956" rel="nofollow noreferrer noopener" target="_blank">https://github.com/OpenVPN/openvpn/commit/7d5e26cbb53e2700c966e6b6e815f0c824da8956</a>https://lab.nexedi.com/nexedi/re6stnet/-/commit/ab3300c30becbd517979a2b81f7801d9cf85f706Lower again MTU for UDPv4 tunnels2015-04-27T17:29:59+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/15471c016ef4634e8c85f5d9d517b63b08213aebdoc: update 'Troubleshooting' section2015-04-16T19:45:28+02:00Julien Muchembledjm@nexedi.com
It doesn't matter anymore if there are many off nodes, because the registry
only queries the addresses of nodes that are in the routing table.https://lab.nexedi.com/nexedi/re6stnet/-/commit/4a6580b1436f2341bebab2821c9743102df99b30doc: update 'Setting a new network' howto2015-04-16T16:49:19+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/79c1db1b5dbd4731b46f14ee0da8eecfc8cb4711New upstream release of babeld2015-04-14T16:51:18+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/abae0b5d4df37157b56859164f5479b07587d7c9Remove assert that was only there to debug the demo2015-04-14T16:18:59+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/358837993c5acf1fde141dc4a401aa11e859737dComment the method selecting the tunnel to kill2015-04-10T16:46:40+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/b4a9a612356b6fa321fc4d22618963aafa989ee1Change egg versioning scheme to comply with PEP 4402015-04-10T15:29:52+02:00Rafael Monneratrafael@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/766ad6c8751afc0dec7bb304a099d3a630a01783Increase strength of hashes used for certificate signing2015-04-09T14:50:28+02:00Julien Muchembledjm@nexedi.com
This does not increase of any packet because the size of certificate signature
only depends on the size of the certificate key.
With 512-bit hashes, it's still possible to use RSA keys as small as 768 bits.https://lab.nexedi.com/nexedi/re6stnet/-/commit/40d4e4969bbf8718fb7933b9514e77fcfab4f50bBackward compatibility for Python 2.62015-04-08T17:17:10+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/2fb63515d602b77c684c30dfc9b8e680ae427bbcAdd support for ipv4 payload2015-04-08T17:17:10+02:00Julien Muchembledjm@nexedi.com
There is no plan for a default ipv4 route.https://lab.nexedi.com/nexedi/re6stnet/-/commit/f128ba9ddb85ac162c85327340f23056e54af1c3demo: show default route on the route graph2015-04-08T17:17:10+02:00Julien Muchembledjm@nexedi.com
This is useful because the default one is not always the same as the route
to the registry.
Before, arrows were filled dot. Now only the default one is filled.https://lab.nexedi.com/nexedi/re6stnet/-/commit/9dc1707eb0e8ce18474e464531f0a7a3b40c3b7fOur fork of Babeld can now override RTA_(PREF)SRC locally2015-04-08T17:17:10+02:00Julien Muchembledjm@nexedi.com
This simplify network configuration a lot, and on recent kernels, this fixes
wrong source address for extra interfaces that already have a public IP.https://lab.nexedi.com/nexedi/re6stnet/-/commit/cfb2c159823f538472135f08682b8e5d89858a35demo: duplicate code from Nemu for future monkey-patching2015-04-03T18:21:04+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/16f87a3008735324c1c46996f9cdb7afa5f305a8Stop specifying a rxcost for old nodes since there's none left with the new p...2015-04-03T18:16:09+02:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/bec6b3cf2c530c3d45e9023e99f43ed85a6c80bere6st-conf: generate private key compatible with the network2015-03-27T19:23:40+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/f7d04fc4fb26bc62d3b5c2a2cb2ebb209347857cBy default, get DH parameters from the registry instead of requiring each nod...2015-03-07T18:54:51+01:00Julien Muchembledjm@nexedi.com
Generating them takes a lot of time and there's no reason to do this by default.
We keep --dh option in 're6stnet' to not break existing configuration.https://lab.nexedi.com/nexedi/re6stnet/-/commit/8ebdd500ede1ec25d36307bd8c8300f44e6c9cb6Certificate revocation, with broadcast of CRL2015-03-07T18:54:51+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/f73c51ec7dbd77c8fa526eb471f2452e0fc11dacMove runtime files to a subdirectory and simplify command-line options2015-03-07T18:54:50+01:00Julien Muchembledjm@nexedi.com
We consider using sockets to communicate with OpenVPN, via --management option.https://lab.nexedi.com/nexedi/re6stnet/-/commit/1257f36c4a4d1a420a6259afdaa8c07141c55dc9Some network option should be the same everywhere so move them to the registry2015-03-06T19:45:10+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/ef5401a443a141a06b6f032d5f7fab68efa99b74Add a way to define network parameters in the registry and propagate them eff...2015-03-06T19:45:05+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/aba0e94d0a34f4d8ed7954b61b11ceb979587ff3Network parameters will be also cached so rename a few things2015-03-06T19:42:52+01:00Julien Muchembledjm@nexedi.com
db.py -> cache.py
PeerDB -> Cache
peers.db -> cache.dbhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/acc0568a96c988dea040fc3125f87a0108d4c51cGenerate certificates with 2 serials for future needs (crl & ivp4)2015-03-06T19:42:52+01:00Julien Muchembledjm@nexedi.com
And automatic renewal of existing certificates.https://lab.nexedi.com/nexedi/re6stnet/-/commit/37943a2684bb2cee8964c3a49e44bcb45230e029Remove type specifier on config.value column2015-03-06T19:42:52+01:00Julien Muchembledjm@nexedi.com
For the registry at least, we'll want to store integers
without having to convert to/from strings.
To upgrade 'registry.db':
- dump it to a file
- fix create table statements
- load it
Nodes will restart with an empty cache.https://lab.nexedi.com/nexedi/re6stnet/-/commit/648e677431dc48e76c74dffd79f8e02ae2fcfb08Forget peers whose certificate expires2015-03-06T19:42:52+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/a7a863412521848082d9d96ccfe9da6cf1178f70New protocol between nodes with authentication2015-02-25T20:56:00+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/32ebb80ba7b08052b68a042118399f31ed6b746ere6st-conf: new --fingerprint option2015-02-24T19:31:20+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/b2040ea0c15467cd27bc45c5e9bc01f3275d7096Make --client & --client-count=0 modes process UDP/326 messages2015-02-24T19:31:20+01:00Julien Muchembledjm@nexedi.com
These modes are partly unified with the normal one by splitting TunnelManager.https://lab.nexedi.com/nexedi/re6stnet/-/commit/9717eb0e3fe29a68424a03d0ee4e8dc0fdd0d680re6stnet: verify certificate with CA at startup2015-02-24T19:31:20+01:00Julien Muchembledjm@nexedi.comhttps://lab.nexedi.com/nexedi/re6stnet/-/commit/7977404ac7502121d55ea58235857199efe7836erefactoring: move crypto code to a new file2015-02-24T19:31:20+01:00Julien Muchembledjm@nexedi.com