The previous commit, which adds --ipv6, has the issue
that it does not check whether given IPs are valid.
Since IPv4 & IPv6 use completely different address
representation, --ip can be used for both.

When re6st attempts to use UPnP and IPv6 is enabled at the same time,
the external IPv4 was published for IPv6 protocols.
For example, machine6 in the demo had:
  10.0.1.3,1194,tcp;10.0.1.3,1194,udp;10.0.1.3,1195,udp6

This caused re6stnet to crash (socket.gaierror) if GEOIP2_MMDB is set.

With this commit, IPv4 & IPv6 are now processed independently.

/reviewed-on !19

The purpose is to check that HMAC prevents routes from being exchanged
between the 2 networks. This happened when 2 nodes of 2 different re6st
networks are in the same LAN, and it caused many issues.

/reviewed-on !15

/reviewed-on !11

See "./demo --help" for more information.

/reviewed-on !8

Unexpectedly, and contrary to 'dot', Graphviz does not draw it with penwidth=0
(without, that of the other side is striked). And anyway, we can just look at
the label to see if there's a route.

iproute now shows the name of the paired interface for type veth. For example:

  172: NETNSif-476f004@NETNSif-476f003: ...

This does not increase of any packet because the size of certificate signature
only depends on the size of the certificate key.

With 512-bit hashes, it's still possible to use RSA keys as small as 768 bits.

There is no plan for a default ipv4 route.

This is useful because the default one is not always the same as the route
to the registry.

Before, arrows were filled dot. Now only the default one is filled.

This simplify network configuration a lot, and on recent kernels, this fixes
wrong source address for extra interfaces that already have a public IP.

Generating them takes a lot of time and there's no reason to do this by default.
We keep --dh option in 're6stnet' to not break existing configuration.

We consider using sockets to communicate with OpenVPN, via --management option.

Also:
- use '/usr/bin/env python' to easily use a Python interpreter different than
  /usr/bin/python
- demo must be run by root so "dont_write_bytecode" to avoid having *.pyc files
  owned by root in the working copy

This is then easier to restart it manually.

This is a workaround waiting that we have better criteria to select tunnels
to create or destroy.

UDP protocol is useless if nothing is done to prevent fragmentation.
Otherwise, it is at best unefficient.

There exist routers on the internet that filter fragmented packets with specific
data. This is hard to debug because TCP connections hang randomly when there is
no OpenVPN encryption.

Now, only TCP is enabled by default. A second protocol should be there for
better performance when possible, either existing UDP one (provided it is
guaranteed there is no fragmentation) or something better (GRE ?).

This reverts commit 7dbc38d7.

Fixed upstream in version 0.2
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725344

The way peer addresses were exchanged polluted caches with information about
dead nodes. In particular, bootstrapping often took a long time because the
cache of the primary node was mostly useless.

This also fixes bootstrap of registry.

This is a common misconfiguration that may break internet acces for other peers.

We also stop checking for child process termination when used without tunnel
manager (i.e. with --client or --client-count=0) because it conflicts with the
'ip route' command that is called every minute if --table=0 is used.
Anyway, with a tunnel manager, only openvpn client are watched.

- authenticated communications with registered clients
- XML-RPC is dropped
- multi-threaded server