Commit a9481f4b authored by Rafael Monnerat's avatar Rafael Monnerat

Removing files and entries from tapVPN [WIP]

This commit should be eventually rebased and this msg edited
parent 07dcae19
...@@ -14,10 +14,6 @@ install: all ...@@ -14,10 +14,6 @@ install: all
cp slapos-test $(DESTDIR)/usr/sbin/ cp slapos-test $(DESTDIR)/usr/sbin/
cp $(DESTDIR)/opt/slapos/bin/slapos $(DESTDIR)/usr/bin/ cp $(DESTDIR)/opt/slapos/bin/slapos $(DESTDIR)/usr/bin/
# Open VPN configuration # Open VPN configuration
mkdir -p $(DESTDIR)/etc/openvpn/
cp -r template/openvpn/* $(DESTDIR)/etc/openvpn/
mkdir -p $(DESTDIR)/etc/opt/slapos/ mkdir -p $(DESTDIR)/etc/opt/slapos/
# By default, we want to activate openvpn usage
touch $(DESTDIR)/etc/opt/openvpn-needed
clean: clean:
# cd slapos; make clean # cd slapos; make clean
...@@ -25,19 +25,9 @@ if [ $ONLY_SLAPFORMAT = false ]; then ...@@ -25,19 +25,9 @@ if [ $ONLY_SLAPFORMAT = false ]; then
ping -c 2 $IPV4CHECK >/dev/null 2>&1 ping -c 2 $IPV4CHECK >/dev/null 2>&1
done done
# Launch openvpn
if [ -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then
echo "Starting openvpn..."
/etc/init.d/openvpn start
fi
# Wait for ipv6 connection to be ready # Wait for ipv6 connection to be ready
echo "Checking IPv6 connectivity. This may take a few seconds..." echo "Checking IPv6 connectivity. This may take a few seconds..."
if [ -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then PING6_COMMAND="ping6 -c 2 $IPV6CHECK"
PING6_COMMAND="ping6 -I tapVPN -c 2 $IPV6CHECK"
else
PING6_COMMAND="ping6 -c 2 $IPV6CHECK"
fi
$PING6_COMMAND $PING6_COMMAND
while [ $? != 0 ]; while [ $? != 0 ];
do do
......
-----BEGIN CERTIFICATE-----
MIIDYDCCAsmgAwIBAgIJAKdgIUTuXOGkMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV
BAYTAkZSMQ4wDAYDVQQIEwVQQVJJUzEOMAwGA1UEBxMFUGFyaXMxFjAUBgNVBAMT
DUlwdjYtcHJvdmlkZXIxFjAUBgNVBCkTDUlwdjYtcHJvdmlkZXIxHzAdBgkqhkiG
9w0BCQEWEGxlbmluaXZpQGVuc3QuZnIwHhcNMTIwMTI0MTQzOTMxWhcNMjIwMTIx
MTQzOTMxWjB+MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUEFSSVMxDjAMBgNVBAcT
BVBhcmlzMRYwFAYDVQQDEw1JcHY2LXByb3ZpZGVyMRYwFAYDVQQpEw1JcHY2LXBy
b3ZpZGVyMR8wHQYJKoZIhvcNAQkBFhBsZW5pbml2aUBlbnN0LmZyMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQC62AycFcv1x+QHmv+mFeHuum5mg0wg+E2rXCJw
vzEBV9LBuv0xWztXNrSvBBQXIkuvgqStqiKH6dcuQvGBxArnM3Gma+czaj/3ugY8
W0q4/oU26Qaldxzm6Z0e/h25fZivuHwzIQ5YF9GveUv5GqbLtUM02dBqda7zi3GF
+FWQ0QIDAQABo4HlMIHiMB0GA1UdDgQWBBS601oP70QMQmCFeWpO+QxBVGubbjCB
sgYDVR0jBIGqMIGngBS601oP70QMQmCFeWpO+QxBVGubbqGBg6SBgDB+MQswCQYD
VQQGEwJGUjEOMAwGA1UECBMFUEFSSVMxDjAMBgNVBAcTBVBhcmlzMRYwFAYDVQQD
Ew1JcHY2LXByb3ZpZGVyMRYwFAYDVQQpEw1JcHY2LXByb3ZpZGVyMR8wHQYJKoZI
hvcNAQkBFhBsZW5pbml2aUBlbnN0LmZyggkAp2AhRO5c4aQwDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQUFAAOBgQAbSPWtbxf9ysfVlr81qx/VjIOx0N1hK90SOgbY
yttM6r3G3MaBMrMo79WEZ4ns2PrrvAUO3aDl/hbHVZAMT2SxL0wQ6xFP96llPn6B
3x8/1oM2rhyR5qsI+miRfb8l951qwJDr0sAHEs0u+M+XVkrNvRk3yUGuvgP5tPYZ
Iw3D9Q==
-----END CERTIFICATE-----
\ No newline at end of file
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, ST=PARIS, L=Paris, CN=Ipv6-provider/name=Ipv6-provider/emailAddress=leninivi@enst.fr
Validity
Not Before: Jan 24 14:52:25 2012 GMT
Not After : Jan 21 14:52:25 2022 GMT
Subject: C=FR, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=CLient/name=Client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c8:bf:8d:ec:37:3f:c3:a3:53:57:a3:9f:c9:93:
bf:bc:f4:ff:5b:b9:c2:ca:14:b9:21:2d:75:5d:46:
d2:9a:52:31:83:3d:b8:a3:49:4f:2c:92:44:6e:e1:
d6:43:27:c0:d6:31:43:7a:fc:4b:29:0f:29:5c:44:
b5:c5:01:90:0f:99:ff:e4:e1:3d:37:04:06:7e:09:
ae:d4:36:ac:4f:d9:37:7c:ac:e3:66:11:5d:78:48:
b0:32:4d:c8:e1:72:a7:76:2e:3b:87:a3:43:33:5d:
15:6c:33:f9:e0:ab:07:a1:20:d2:4b:12:33:69:33:
ef:ee:3f:bc:a2:90:85:2f:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
47:C1:C8:5B:DD:E8:E7:90:66:B8:40:F3:CE:A7:BC:E5:E7:34:D8:CC
X509v3 Authority Key Identifier:
keyid:BA:D3:5A:0F:EF:44:0C:42:60:85:79:6A:4E:F9:0C:41:54:6B:9B:6E
DirName:/C=FR/ST=PARIS/L=Paris/CN=Ipv6-provider/name=Ipv6-provider/emailAddress=leninivi@enst.fr
serial:A7:60:21:44:EE:5C:E1:A4
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
4f:7f:eb:6f:86:49:17:9e:13:c1:5a:52:c3:8b:6b:1c:06:15:
06:d1:bd:c4:95:f4:4c:91:0c:4b:17:ea:fa:1d:00:72:fb:fd:
5c:1f:9d:26:fe:7a:66:2c:f4:3f:55:e6:21:7e:0f:b9:b7:27:
65:92:95:d5:38:e4:b9:75:b2:3b:ad:f4:24:67:da:8b:6e:10:
b5:ad:47:58:31:4e:c7:e5:3e:c0:be:99:59:65:89:bd:ff:93:
c7:11:1e:07:07:7a:23:33:3a:8d:bc:cb:6a:9a:07:45:3a:c4:
24:00:f5:37:f5:dc:e8:22:47:dc:6c:63:f5:61:0c:fb:b2:fd:
24:08
-----BEGIN CERTIFICATE-----
MIIDlDCCAv2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJGUjEO
MAwGA1UECBMFUEFSSVMxDjAMBgNVBAcTBVBhcmlzMRYwFAYDVQQDEw1JcHY2LXBy
b3ZpZGVyMRYwFAYDVQQpEw1JcHY2LXByb3ZpZGVyMR8wHQYJKoZIhvcNAQkBFhBs
ZW5pbml2aUBlbnN0LmZyMB4XDTEyMDEyNDE0NTIyNVoXDTIyMDEyMTE0NTIyNVow
ajELMAkGA1UEBhMCRlIxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lz
Y28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEPMA0GA1UEAxMGQ0xpZW50MQ8wDQYD
VQQpEwZDbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMi/jew3P8Oj
U1ejn8mTv7z0/1u5wsoUuSEtdV1G0ppSMYM9uKNJTyySRG7h1kMnwNYxQ3r8SykP
KVxEtcUBkA+Z/+ThPTcEBn4JrtQ2rE/ZN3ys42YRXXhIsDJNyOFyp3YuO4ejQzNd
FWwz+eCrB6Eg0ksSM2kz7+4/vKKQhS9TAgMBAAGjggE0MIIBMDAJBgNVHRMEAjAA
MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
HQYDVR0OBBYEFEfByFvd6OeQZrhA886nvOXnNNjMMIGyBgNVHSMEgaowgaeAFLrT
Wg/vRAxCYIV5ak75DEFUa5tuoYGDpIGAMH4xCzAJBgNVBAYTAkZSMQ4wDAYDVQQI
EwVQQVJJUzEOMAwGA1UEBxMFUGFyaXMxFjAUBgNVBAMTDUlwdjYtcHJvdmlkZXIx
FjAUBgNVBCkTDUlwdjYtcHJvdmlkZXIxHzAdBgkqhkiG9w0BCQEWEGxlbmluaXZp
QGVuc3QuZnKCCQCnYCFE7lzhpDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
BAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAT3/rb4ZJF54TwVpSw4trHAYVBtG9xJX0
TJEMSxfq+h0Acvv9XB+dJv56Ziz0P1XmIX4PubcnZZKV1TjkuXWyO630JGfai24Q
ta1HWDFOx+U+wL6ZWWWJvf+TxxEeBwd6IzM6jbzLapoHRTrEJAD1N/Xc6CJH3Gxj
9WEM+7L9JAg=
-----END CERTIFICATE-----
\ No newline at end of file
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDIv43sNz/Do1NXo5/Jk7+89P9bucLKFLkhLXVdRtKaUjGDPbij
SU8skkRu4dZDJ8DWMUN6/EspDylcRLXFAZAPmf/k4T03BAZ+Ca7UNqxP2Td8rONm
EV14SLAyTcjhcqd2LjuHo0MzXRVsM/ngqwehINJLEjNpM+/uP7yikIUvUwIDAQAB
AoGAFcjz1daJDOoEeVZAWNe3zwGnVITsJpHpJTiRq/WrlSOmS9++0bl65hNZac8I
OXFu88+Uyxvl7CbBDkpGj4KD53xSNG+hd52fa0neqPTbrzRdsqMSAfziUdnOWjP1
DeXBTd8AudX0F2pQehUXFKo2ENcjAYL7ArxIgp1AvPluy0ECQQDlMY3TPtv1Gqcp
kjKymfofOt0XupXqondUyKz+VCQQIpC+TXiJMsN/bU9B7gq/XlyFX6KaiXLlfDUE
Qt0KBoqtAkEA4DpMnzPxsjtI3N/EzxAsQgRvLVM/69StlSgrGDGT0SBEKpTCjQlV
JH/thN2yvhCJiAQOeqsyOnc4BFqXX3vh/wJBANE8OhPeUQQkfvMuquXuODAGlw0w
o+h+xZ47TeMpgXrRc36oTyBBncRZUIAKBvnJ9YE1W8blMGVczTHEsPKUIkkCQD7y
Xtw6mtlsJzJKZ1extJr737IbstAjrm83DZIHKPYGVtyVUmCBhDNw7l7kVe9heRqD
+QSa1sju+vzN6bzWbEUCQAdhz+m51y2W447yjyn3KqU0LnIVErdPkKW9ct1WO4f1
fDzyybocUpZGSVKld0ScAlsuZ6CeWq/nR8ugYorMUj4=
-----END RSA PRIVATE KEY-----
\ No newline at end of file
client
dev tapVPN
proto tcp
remote 176.31.103.87
port 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/vifib-keys/ca.crt
cert /etc/openvpn/vifib-keys/client-vifib.crt
key /etc/openvpn/vifib-keys/client-vifib.key
ns-cert-type server
verb 3
# Retry slapformat in case of failure
script-security 3 system
up-restart
up 'ONLY_SLAPFORMAT=true /usr/sbin/slapos-start & echo foo'
log /var/log/openvpn.log
\ No newline at end of file
...@@ -11,7 +11,3 @@ MAILTO="" ...@@ -11,7 +11,3 @@ MAILTO=""
# Run "Check/add IPs and so on" once per hour # Run "Check/add IPs and so on" once per hour
0 * * * * root /opt/slapos/bin/slapos node format >> /opt/slapos/log/slapos-node-format.log 2>&1 0 * * * * root /opt/slapos/bin/slapos node format >> /opt/slapos/log/slapos-node-format.log 2>&1
# Make sure we have only good network routes if we use VPN
* * * * * root if [ -f /etc/opt/slapos/openvpn-needed ]; then ifconfig tapVPN | grep "Scope:Global" > /dev/null ;if [ $? = 0 ]; then ROUTES=$(ip -6 r l | grep default | awk '{print $5}'); for GW in $ROUTES ; do if [ ! $GW = tapVPN ]; then /sbin/ip -6 route del default dev $GW > /dev/null 2>&1;fi ;done ;fi ;fi
...@@ -38,16 +38,9 @@ done ...@@ -38,16 +38,9 @@ done
IPV6CHECK=ipv6.google.com IPV6CHECK=ipv6.google.com
IPV4CHECK=google.com IPV4CHECK=google.com
IPV6WAITTIME=5 IPV6WAITTIME=5
SLAPVPN="ipv6_interface = tapVPN"
SLAPOS_CONFIGURATION='%(slapos_configuration)s' SLAPOS_CONFIGURATION='%(slapos_configuration)s'
# Test ipv4/ipv6 connectivity and if not working use openvpn
# and wait for it to be ready
if [ ! -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then
/etc/init.d/openvpn stop
fi
ping -c 2 $IPV4CHECK ping -c 2 $IPV4CHECK
while [ $? != 0 ]; do while [ $? != 0 ]; do
sleep 5 sleep 5
...@@ -66,24 +59,6 @@ do ...@@ -66,24 +59,6 @@ do
ping6 -c 2 $IPV6CHECK ping6 -c 2 $IPV6CHECK
done done
if [ $? != 0 ] || [ -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then
echo """ Starting openVPN """
/etc/init.d/openvpn start
sleep 10
ping6 -I tapVPN -c 2 $IPV6CHECK
while [[ $? != 0 ]]; do
ping6 -I tapVPN -c 2 $IPV6CHECK
done
# Ask slapos to use openvpn as ipv6 provider
sed -i "/${SLAPVPN}/ s/# *//" $SLAPOS_CONFIGURATION/slapos.cfg
# Use tapVPN as default interface for ipv6 traffic
/sbin/ip -6 route del default dev br0
sleep 2
else
# OpenVPN not needed, comment line about he_ipv6 (if not ailready done)
sed -i "/${SLAPVPN}/ s/^\([^#]\)/#\1/g" $SLAPOS_CONFIGURATION/slapos.cfg
fi
SLAP_INSTALL_LOG=/opt/slapos/slapos-install.log SLAP_INSTALL_LOG=/opt/slapos/slapos-install.log
while :; do while :; do
......
client
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
verb 0
dev tun
remote 88.191.151.195
proto tcp
port 443
ca /etc/openvpn/vifib-keys/ca.crt
cert /etc/openvpn/vifib-keys/client-vifib.crt
key /etc/openvpn/vifib-keys/client-vifib.key
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment