re6stnet.git
6 years agoAdd re6st/ovpn-* to source distribution
Jondy Zhao [Sun, 30 Jun 2013 18:04:47 +0000 (02:04 +0800)]
Add re6st/ovpn-* to source distribution

6 years agoMerge branch 'master' into cygwin
Jondy Zhao [Wed, 26 Jun 2013 08:06:52 +0000 (16:06 +0800)]
Merge branch 'master' into cygwin

6 years agoAdd /usr/local/bin to PATH in the ovpv-client script
Jondy Zhao [Wed, 26 Jun 2013 05:20:39 +0000 (13:20 +0800)]
Add /usr/local/bin to PATH in the ovpv-client script
Fix show replay messages when using wireless network

6 years agoFix OverflowError on Windows
Julien Muchembled [Tue, 25 Jun 2013 14:43:53 +0000 (16:43 +0200)]
Fix OverflowError on Windows

Traceback (most recent call last):
  File "/opt/re6stnet/re6stnet", line 403, in main
    tunnel_manager.handlePeerEvent()
  File "/cygdrive/d/slapos/opt/git/re6stnet/re6st/tunnel.py", line 472, in handlePeerEvent
    self.sock.sendto('\1' + ''.join(msg), address)

6 years agoMerge branch 'master' into cygwin
Jondy Zhao [Tue, 25 Jun 2013 13:02:58 +0000 (21:02 +0800)]
Merge branch 'master' into cygwin

6 years agoAdd TROUBLESHOOTING section in man page
Julien Muchembled [Tue, 18 Jun 2013 16:59:47 +0000 (18:59 +0200)]
Add TROUBLESHOOTING section in man page

6 years agoFix anomymous registration
Julien Muchembled [Tue, 18 Jun 2013 13:10:10 +0000 (15:10 +0200)]
Fix anomymous registration

This fixes a regression introduced with new protocol to registry (commit
e24eb3f588660a97226730602051ebf7a9a89135), which can't transport None value.

6 years agoFix server tunnels on dists for which 'ip' command is not in /bin (e.g. Fedora)
Julien Muchembled [Tue, 11 Jun 2013 17:11:22 +0000 (19:11 +0200)]
Fix server tunnels on dists for which 'ip' command is not in /bin (e.g. Fedora)

6 years agoLoosen version contraint to Python for Fedora
Julien Muchembled [Tue, 11 Jun 2013 11:54:19 +0000 (13:54 +0200)]
Loosen version contraint to Python for Fedora

6 years agoLog more information when trying to (re)bootstrap
Julien Muchembled [Mon, 3 Jun 2013 13:26:07 +0000 (15:26 +0200)]
Log more information when trying to (re)bootstrap

6 years agoTighten pyOpenSSL dependency for OpenSSL.crypto.verify()
Julien Muchembled [Mon, 3 Jun 2013 13:23:49 +0000 (15:23 +0200)]
Tighten pyOpenSSL dependency for OpenSSL.crypto.verify()

6 years agoDisable check_no_default_route thread.
Jondy Zhao [Mon, 27 May 2013 23:24:19 +0000 (07:24 +0800)]
Disable check_no_default_route thread.

6 years agoMerge branch 'master' into cygwin
Jondy Zhao [Mon, 27 May 2013 23:18:11 +0000 (07:18 +0800)]
Merge branch 'master' into cygwin

Conflicts:
re6stnet

6 years agoFix logged message when openssl fails to decrypt bootstrap peer
Julien Muchembled [Mon, 20 May 2013 15:33:30 +0000 (17:33 +0200)]
Fix logged message when openssl fails to decrypt bootstrap peer

6 years agoAbort in case of unexpected default route
Julien Muchembled [Mon, 13 May 2013 16:33:25 +0000 (18:33 +0200)]
Abort in case of unexpected default route

This is a common misconfiguration that may break internet acces for other peers.

We also stop checking for child process termination when used without tunnel
manager (i.e. with --client or --client-count=0) because it conflicts with the
'ip route' command that is called every minute if --table=0 is used.
Anyway, with a tunnel manager, only openvpn client are watched.

6 years agoDetect when network prefix has changed
Julien Muchembled [Sun, 12 May 2013 20:52:36 +0000 (22:52 +0200)]
Detect when network prefix has changed

6 years agoImplement automatic renewal of client certificate
Julien Muchembled [Tue, 7 May 2013 15:46:03 +0000 (17:46 +0200)]
Implement automatic renewal of client certificate

6 years agoINCOMPATIBLE: change registry protocol
Julien Muchembled [Tue, 7 May 2013 12:44:06 +0000 (14:44 +0200)]
INCOMPATIBLE: change registry protocol

- authenticated communications with registered clients
- XML-RPC is dropped
- multi-threaded server

6 years agodemo: generate CA cert automatically instead of providing 1 in repository
Julien Muchembled [Mon, 13 May 2013 13:54:16 +0000 (15:54 +0200)]
demo: generate CA cert automatically instead of providing 1 in repository

6 years agoFix restart of re6stnet daemon
Julien Muchembled [Tue, 7 May 2013 15:45:05 +0000 (17:45 +0200)]
Fix restart of re6stnet daemon

6 years agoAdd self route for my subnet
Jondy Zhao [Mon, 29 Apr 2013 15:33:24 +0000 (23:33 +0800)]
Add self route for my subnet

6 years agoNo blackroute for my subnet.
Jondy Zhao [Mon, 29 Apr 2013 07:42:39 +0000 (15:42 +0800)]
No blackroute for my subnet.

6 years agoDo nor add route for myself.
Jondy Zhao [Mon, 29 Apr 2013 07:01:52 +0000 (15:01 +0800)]
Do nor add route for myself.

6 years agoTransfer prefix of route from str to bin
Jondy Zhao [Mon, 29 Apr 2013 05:00:39 +0000 (13:00 +0800)]
Transfer prefix of route from str to bin

6 years agoRemove option --tls-timeout of openvpn in the Cygwin.
Jondy Zhao [Mon, 29 Apr 2013 03:30:47 +0000 (11:30 +0800)]
Remove option --tls-timeout of openvpn in the Cygwin.
Keep option --persist-tun of openvpn in the Cygwin.
Add tap-drivers before babeld opened.

6 years agoAdd all tap-drivers at startup;
Jondy Zhao [Fri, 26 Apr 2013 00:52:26 +0000 (08:52 +0800)]
Add all tap-drivers at startup;
Add subnet route at artup;
Remove --persist-tun for openvpn;

6 years agoTODO: by default, non-routable IPs should be filtered
Julien Muchembled [Tue, 23 Apr 2013 12:04:36 +0000 (14:04 +0200)]
TODO: by default, non-routable IPs should be filtered

6 years agoMore sanity check
Julien Muchembled [Tue, 23 Apr 2013 12:03:07 +0000 (14:03 +0200)]
More sanity check

6 years agoON DELETE CASCADE does not work with attached databases
Julien Muchembled [Mon, 22 Apr 2013 10:20:42 +0000 (12:20 +0200)]
ON DELETE CASCADE does not work with attached databases

6 years agoON DELETE CASCADE requires to enable foreign keys
Julien Muchembled [Mon, 22 Apr 2013 10:23:43 +0000 (12:23 +0200)]
ON DELETE CASCADE requires to enable foreign keys

6 years agoAdd missing import module 'platform'
Jondy Zhao [Fri, 19 Apr 2013 07:32:41 +0000 (15:32 +0800)]
Add missing import module 'platform'

6 years agoUse subprocess.STDOUT other than subprocess.OUTPUT in the Cygwin;
Jondy Zhao [Thu, 18 Apr 2013 13:52:58 +0000 (21:52 +0800)]
Use subprocess.STDOUT other than subprocess.OUTPUT in the Cygwin;
When get ipv6 route table, netsh return interface index other than
name in the Windows 7.

6 years agoFix different prefix name in windows 7 when getting ipv6 route table.
Jondy Zhao [Thu, 18 Apr 2013 01:34:26 +0000 (09:34 +0800)]
Fix different prefix name in windows 7 when getting ipv6 route table.

6 years agoMerge branch 'cygwin' of https://git.erp5.org/repos/re6stnet into cygwin
Jondy Zhao [Wed, 17 Apr 2013 23:49:38 +0000 (07:49 +0800)]
Merge branch 'cygwin' of https://git.erp5.org/repos/re6stnet into cygwin

6 years agore6stnet: new --disable-proto option
Julien Muchembled [Wed, 17 Apr 2013 14:16:59 +0000 (16:16 +0200)]
re6stnet: new --disable-proto option

6 years agoUse --dev-node other than --dev when run openvpn in the Cygwin;
Jondy Zhao [Tue, 16 Apr 2013 09:59:01 +0000 (17:59 +0800)]
Use --dev-node other than --dev when run openvpn in the Cygwin;
Add function TunnelManager._get_win32_ipv6_route_table.

6 years agoFix ip value got from window ipv6 route table.
Jondy Zhao [Wed, 17 Apr 2013 10:26:23 +0000 (18:26 +0800)]
Fix ip value got from window ipv6 route table.

6 years agoFix use of alternate addresses
Julien Muchembled [Tue, 16 Apr 2013 17:23:03 +0000 (19:23 +0200)]
Fix use of alternate addresses

When a peer advertised several addresses, a node trying to create a tunnel to
it never tried any other address than the first one.

Before, we wrongly assumed OpenVPN would try all addresses before aborting
(--ping-exit). New code reexecutes OpenVPN until all addresses are tried
and update the peer db to reorder addresses if the first one failed.

6 years agoUse --dev-node other than --dev when run openvpn in the Cygwin; cygwin1
Jondy Zhao [Tue, 16 Apr 2013 09:59:01 +0000 (17:59 +0800)]
Use --dev-node other than --dev when run openvpn in the Cygwin;
Add function TunnelManager._get_win32_ipv6_route_table.

6 years agoFix bootstrap issue when cache contains "many" and only down peers
Julien Muchembled [Wed, 27 Mar 2013 13:52:03 +0000 (14:52 +0100)]
Fix bootstrap issue when cache contains "many" and only down peers

6 years agoWarning about NetworkManager
Julien Muchembled [Mon, 25 Mar 2013 17:07:45 +0000 (18:07 +0100)]
Warning about NetworkManager

6 years agoAdd documentation about ways to daemonize re6stnet
Julien Muchembled [Tue, 19 Mar 2013 13:23:20 +0000 (14:23 +0100)]
Add documentation about ways to daemonize re6stnet

6 years agodebian: fix detection of already started daemon in init.d script
Julien Muchembled [Tue, 19 Mar 2013 11:27:40 +0000 (12:27 +0100)]
debian: fix detection of already started daemon in init.d script

6 years agoNetworkManager/ifupdown: stop using pid file to find daemon
Julien Muchembled [Mon, 18 Mar 2013 18:37:34 +0000 (19:37 +0100)]
NetworkManager/ifupdown: stop using pid file to find daemon

6 years agoAdd a warning about a possible misuse of multiple --ip arguments
Julien Muchembled [Mon, 18 Mar 2013 14:29:09 +0000 (15:29 +0100)]
Add a warning about a possible misuse of multiple --ip arguments

'--ip any' was also broken due to missing parenthesis.

6 years agoFix possible bootstrap issue
Julien Muchembled [Mon, 18 Mar 2013 13:51:46 +0000 (14:51 +0100)]
Fix possible bootstrap issue

When 2 nodes were started for the first time whereas:
- one of them is in client-only mode, connected to the other one
- the registry node is temporarily down
then the normal node never tried to rebootstrap or connect directly to the
only node it knows (the registry node).
Such case required to restart the daemon when the registry is back.

Moreover, there was no reason to query the registry node immediately after
having open new tunnels to peers found in cache, when this number is less than
expected.

6 years agoSelect gateway in turns instead of randomly
Julien Muchembled [Mon, 18 Mar 2013 10:22:50 +0000 (11:22 +0100)]
Select gateway in turns instead of randomly

This reduces the probability to lose all connections at the same time when a
gateway becomes out-of-order.

6 years agoFix stuck connections when hostname resolve fails
Julien Muchembled [Fri, 15 Mar 2013 19:56:06 +0000 (20:56 +0100)]
Fix stuck connections when hostname resolve fails

This bug could even freeze re6st completely when trying to rejoin the network.

6 years agoUpdate TODO
Julien Muchembled [Wed, 13 Mar 2013 14:51:05 +0000 (15:51 +0100)]
Update TODO

6 years agotypos
Julien Muchembled [Wed, 13 Mar 2013 14:41:55 +0000 (15:41 +0100)]
typos

6 years agoAccept multiple --ip arguments
Julien Muchembled [Wed, 13 Mar 2013 14:06:03 +0000 (15:06 +0100)]
Accept multiple --ip arguments

6 years agoDo not resolve remote address in multi-gateway mode
Julien Muchembled [Wed, 13 Mar 2013 11:00:29 +0000 (12:00 +0100)]
Do not resolve remote address in multi-gateway mode

Non-numerical address should be rare and this could even be counter-productive:
such remotes are more likely to host other services and forcing routes may
break already opened non-re6st connections.

6 years agoTry not to break server connections in multi-gateway mode
Julien Muchembled [Wed, 13 Mar 2013 10:28:54 +0000 (11:28 +0100)]
Try not to break server connections in multi-gateway mode

6 years agoNew --is-needed option to test whether re6st should be setup or not
Julien Muchembled [Tue, 12 Mar 2013 20:08:09 +0000 (21:08 +0100)]
New --is-needed option to test whether re6st should be setup or not

6 years agoNew --remote-gateway option for network redundancy with multiple ISP
Julien Muchembled [Tue, 12 Mar 2013 18:13:56 +0000 (19:13 +0100)]
New --remote-gateway option for network redundancy with multiple ISP

6 years agoGenerate DEB snapshot packages with version derived from Git revision
Julien Muchembled [Wed, 12 Dec 2012 14:07:14 +0000 (15:07 +0100)]
Generate DEB snapshot packages with version derived from Git revision

6 years agoAdd missing copyright for Debian packaging
Julien Muchembled [Wed, 12 Dec 2012 14:48:11 +0000 (15:48 +0100)]
Add missing copyright for Debian packaging

6 years agoPackage for RPM-based distributions and add missing licence file
Julien Muchembled [Mon, 10 Dec 2012 14:25:31 +0000 (15:25 +0100)]
Package for RPM-based distributions and add missing licence file

6 years agoinit.d: fix restart & force-reload when re6stnet is not bound to loopback
Julien Muchembled [Thu, 6 Dec 2012 13:51:49 +0000 (14:51 +0100)]
init.d: fix restart & force-reload when re6stnet is not bound to loopback

6 years agoAdd NetworkManager/ifupdown support for setups that are bound to an interface
Julien Muchembled [Mon, 3 Dec 2012 15:40:16 +0000 (16:40 +0100)]
Add NetworkManager/ifupdown support for setups that are bound to an interface

Also provides systemd units.

6 years agoCreate sample configuration file when registering
Julien Muchembled [Wed, 28 Nov 2012 16:29:40 +0000 (17:29 +0100)]
Create sample configuration file when registering

6 years agoRecover from UPnP failures
Julien Muchembled [Mon, 19 Nov 2012 02:47:26 +0000 (03:47 +0100)]
Recover from UPnP failures

6 years agoAllow to join the network without email/token
Julien Muchembled [Wed, 7 Nov 2012 18:49:39 +0000 (19:49 +0100)]
Allow to join the network without email/token

6 years agoLog environment at startup
Julien Muchembled [Wed, 7 Nov 2012 18:48:40 +0000 (19:48 +0100)]
Log environment at startup

6 years agoDo not fail if OpenVPN calls 'disconnect' hook without having called 'connect' hook...
Julien Muchembled [Fri, 26 Oct 2012 14:26:47 +0000 (16:26 +0200)]
Do not fail if OpenVPN calls 'disconnect' hook without having called 'connect' hook previously

6 years agoFix bug preventing the registry to send its own address for bootstrap
Julien Muchembled [Fri, 12 Oct 2012 11:47:15 +0000 (13:47 +0200)]
Fix bug preventing the registry to send its own address for bootstrap

6 years agoFix typos in README
Julien Muchembled [Wed, 10 Oct 2012 14:14:17 +0000 (16:14 +0200)]
Fix typos in README

6 years agoIgnore 'Invalid Args' error when refreshing UPnP forwarding
Julien Muchembled [Mon, 8 Oct 2012 14:13:45 +0000 (16:13 +0200)]
Ignore 'Invalid Args' error when refreshing UPnP forwarding

6 years agoRFC 6724 obsoletes 3484
Julien Muchembled [Sun, 7 Oct 2012 14:31:52 +0000 (16:31 +0200)]
RFC 6724 obsoletes 3484

6 years agodebian: add missing build-dep to build manpage and suggests ndisc6 for rdisc6
Julien Muchembled [Sun, 7 Oct 2012 14:31:02 +0000 (16:31 +0200)]
debian: add missing build-dep to build manpage and suggests ndisc6 for rdisc6

6 years agoDo not abort when UPnP fails to refresh port forwarding
Julien Muchembled [Mon, 24 Sep 2012 17:54:31 +0000 (19:54 +0200)]
Do not abort when UPnP fails to refresh port forwarding

6 years agoNew --daemon option
Julien Muchembled [Fri, 21 Sep 2012 20:46:04 +0000 (22:46 +0200)]
New --daemon option

6 years agoAlways kill child processes gracefully
Julien Muchembled [Fri, 21 Sep 2012 19:30:31 +0000 (21:30 +0200)]
Always kill child processes gracefully

6 years agoDo not recreate client tap interfaces all the time
Julien Muchembled [Thu, 20 Sep 2012 10:15:56 +0000 (12:15 +0200)]
Do not recreate client tap interfaces all the time

6 years agoAdd TODO notes
Julien Muchembled [Wed, 12 Sep 2012 13:04:39 +0000 (15:04 +0200)]
Add TODO notes

6 years agoRemove automatic fallback when kernel has no support for source address based routing
Julien Muchembled [Wed, 12 Sep 2012 09:57:08 +0000 (11:57 +0200)]
Remove automatic fallback when kernel has no support for source address based routing

It's normally safe to use --table=0 because most nodes use SLAAC and by default,
any existing default route is deleted.
It's better to abort if someone who explicitely wants to use a separate table
whereas the kernel is limited.

6 years agoBetter support of default route
Julien Muchembled [Tue, 11 Sep 2012 20:16:05 +0000 (22:16 +0200)]
Better support of default route

6 years agoPropagate default route
Julien Muchembled [Mon, 10 Sep 2012 19:22:13 +0000 (21:22 +0200)]
Propagate default route

6 years agoNew --up option
Julien Muchembled [Mon, 10 Sep 2012 14:40:27 +0000 (16:40 +0200)]
New --up option

6 years agoSimplify by setting re6st IP on loopback interface by default
Julien Muchembled [Mon, 10 Sep 2012 14:40:08 +0000 (16:40 +0200)]
Simplify by setting re6st IP on loopback interface by default

6 years agoBabel will have to set source address on routes
Julien Muchembled [Mon, 10 Sep 2012 14:40:16 +0000 (16:40 +0200)]
Babel will have to set source address on routes

6 years agoTest single-ip certs and simplify Babel rules
Julien Muchembled [Mon, 10 Sep 2012 11:18:31 +0000 (13:18 +0200)]
Test single-ip certs and simplify Babel rules

6 years agodemo: generate missing certs automatically
Julien Muchembled [Mon, 10 Sep 2012 10:13:27 +0000 (12:13 +0200)]
demo: generate missing certs automatically

6 years ago1 dh file is enough for a demo
Julien Muchembled [Mon, 10 Sep 2012 08:45:04 +0000 (10:45 +0200)]
1 dh file is enough for a demo

6 years agoRemove wrong comments
Julien Muchembled [Mon, 10 Sep 2012 02:56:33 +0000 (04:56 +0200)]
Remove wrong comments

6 years agoFix cleanup on exit when Babel exits prematurely
Julien Muchembled [Mon, 10 Sep 2012 02:11:21 +0000 (04:11 +0200)]
Fix cleanup on exit when Babel exits prematurely

6 years agoFix source address selection when there are temporary addresses
Julien Muchembled [Mon, 10 Sep 2012 01:09:37 +0000 (03:09 +0200)]
Fix source address selection when there are temporary addresses

6 years agoPrevent default route to be followed for nothing
Julien Muchembled [Mon, 10 Sep 2012 01:09:27 +0000 (03:09 +0200)]
Prevent default route to be followed for nothing

6 years agoMake shebang consistent with ovpn scripts
Julien Muchembled [Sun, 9 Sep 2012 21:39:44 +0000 (23:39 +0200)]
Make shebang consistent with ovpn scripts

'/usr/bin/env python' also does not set useful process name for start-stop-daemon

6 years agoPrefer routing via interfaces specified by -i option
Julien Muchembled [Sun, 9 Sep 2012 17:01:22 +0000 (19:01 +0200)]
Prefer routing via interfaces specified by -i option

6 years agoFix OpenVPN server not closing dead tunnels
Julien Muchembled [Sun, 9 Sep 2012 16:59:56 +0000 (18:59 +0200)]
Fix OpenVPN server not closing dead tunnels

This fixes a regression in commit b10674f3620801c6ca1b431af12f506a8afcba8e
("re6stnet: new client-only and routing-only mode").

6 years agoAllow use of short option in option file
Julien Muchembled [Sat, 8 Sep 2012 14:46:48 +0000 (16:46 +0200)]
Allow use of short option in option file

6 years agore6stnet: new --main-interface option
Julien Muchembled [Fri, 7 Sep 2012 17:53:37 +0000 (19:53 +0200)]
re6stnet: new --main-interface option

6 years agoAdd missing dependency to python-argparse for Python < 2.7
Julien Muchembled [Fri, 7 Sep 2012 13:58:35 +0000 (15:58 +0200)]
Add missing dependency to python-argparse for Python < 2.7

6 years agore6stnet: new client-only and routing-only mode
Julien Muchembled [Fri, 7 Sep 2012 14:01:26 +0000 (16:01 +0200)]
re6stnet: new client-only and routing-only mode

6 years agoUPnP: fix AttributeError at exit
Julien Muchembled [Fri, 7 Sep 2012 12:41:01 +0000 (14:41 +0200)]
UPnP: fix AttributeError at exit

6 years agore6stnet: fix network mask of main tunnel interface
Julien Muchembled [Fri, 7 Sep 2012 10:49:54 +0000 (12:49 +0200)]
re6stnet: fix network mask of main tunnel interface

6 years agoFix date of latest release
Julien Muchembled [Thu, 6 Sep 2012 16:31:48 +0000 (18:31 +0200)]
Fix date of latest release

6 years agoReview some re6stnet options and update demo
Julien Muchembled [Thu, 6 Sep 2012 13:35:13 +0000 (15:35 +0200)]
Review some re6stnet options and update demo

6 years agore6st-conf: reusing existing cert or key if possible
Julien Muchembled [Thu, 6 Sep 2012 13:34:13 +0000 (15:34 +0200)]
re6st-conf: reusing existing cert or key if possible