re6stnet.git
3 years agoAdd support for recent iproute, which now recognizes babel protocol legacy
Julien Muchembled [Thu, 9 Jul 2015 09:46:21 +0000 (11:46 +0200)]
Add support for recent iproute, which now recognizes babel protocol

(cherry picked from commit f08512259a3bb8734c108e9e88abd9865a1bf3d6)

4 years agoUpdate TODO
Julien Muchembled [Tue, 24 Feb 2015 18:25:38 +0000 (19:25 +0100)]
Update TODO

4 years agodemo: abort quickly if there's an obvious error
Julien Muchembled [Thu, 19 Feb 2015 10:00:39 +0000 (11:00 +0100)]
demo: abort quickly if there's an obvious error

4 years agodemo: generate certs that expire quickly to check renewal
Julien Muchembled [Tue, 17 Feb 2015 15:45:22 +0000 (16:45 +0100)]
demo: generate certs that expire quickly to check renewal

4 years agodemo: add wrapper to easily monkey-patch re6st
Julien Muchembled [Tue, 17 Feb 2015 15:28:06 +0000 (16:28 +0100)]
demo: add wrapper to easily monkey-patch re6st

Also:
- use '/usr/bin/env python' to easily use a Python interpreter different than
  /usr/bin/python
- demo must be run by root so "dont_write_bytecode" to avoid having *.pyc files
  owned by root in the working copy

4 years agodemo: print executed command when re6stnet crashes
Julien Muchembled [Sat, 14 Feb 2015 19:54:10 +0000 (20:54 +0100)]
demo: print executed command when re6stnet crashes

This is then easier to restart it manually.

4 years agoregistry: increase/fix timeouts for requests done by getBootstrapPeer/topology RPC
Julien Muchembled [Fri, 13 Feb 2015 13:39:09 +0000 (14:39 +0100)]
registry: increase/fix timeouts for requests done by getBootstrapPeer/topology RPC

4 years agoLimit number of client tunnels if NAT is not configured properly
Julien Muchembled [Mon, 2 Feb 2015 19:30:34 +0000 (20:30 +0100)]
Limit number of client tunnels if NAT is not configured properly

If too many nodes create client tunnels without serving any, working servers
saturate and the network collapses.

4 years agoUPnP: randomize external port
Julien Muchembled [Mon, 2 Feb 2015 17:19:23 +0000 (18:19 +0100)]
UPnP: randomize external port

Some routers are so broken that UPnP NAT don't report ConflictInMappingEntry
when redirecting the same port several times.

Here is for example what we had with a Numericable Box (France):

0 (1024, 'TCP', ('192.168.0.29', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
1 (1024, 'TCP', ('192.168.0.16', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
2 (1024, 'TCP', ('192.168.0.33', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
3 (1024, 'TCP', ('192.168.0.20', 1194), 're6stnet openvpn server (1194/tcp)', '1', '', 0)
('192.168.0.29', 1194, 're6stnet openvpn server (1194/tcp)', True, 0)

Obviously, this can't work.

It seems that this router also accepts a limited number of NAT rules, far less
than we'd like, so even if there's still a probability of conflict with this
commit, it will be good enough for our use.

4 years agologging: higher severity for UDP errors other than ENETUNREACH
Julien Muchembled [Tue, 30 Dec 2014 11:11:08 +0000 (12:11 +0100)]
logging: higher severity for UDP errors other than ENETUNREACH

ENETUNREACH is the only error I've ever seen since the beginning of the project.

4 years agoReread routing table when a established tunnel breaks
Julien Muchembled [Mon, 29 Dec 2014 21:14:55 +0000 (22:14 +0100)]
Reread routing table when a established tunnel breaks

The main reason is to speed up recovery from temporary network cut:
- by not wasting time trying remaining distant peers that were collected during
  the last read of the routing table.
- by not blacklisting good peers, which would happen if too many of them were
  retried before network is back

4 years agoDo not send TERM signal to a process that has already been waited on
Julien Muchembled [Thu, 11 Dec 2014 21:28:55 +0000 (22:28 +0100)]
Do not send TERM signal to a process that has already been waited on

4 years agoRotate babeld log
Julien Muchembled [Fri, 26 Dec 2014 14:14:48 +0000 (15:14 +0100)]
Rotate babeld log

4 years agoFaster recovery of registry node (e.g. restart or temporary network cut)
Julien Muchembled [Mon, 22 Dec 2014 00:14:57 +0000 (01:14 +0100)]
Faster recovery of registry node (e.g. restart or temporary network cut)

4 years agoWhen logging that a tunnel broke, format prefix in CN format (base10/len10) instead...
Julien Muchembled [Sun, 21 Dec 2014 15:40:25 +0000 (16:40 +0100)]
When logging that a tunnel broke, format prefix in CN format (base10/len10) instead of base2

For consistency with other log messages.

4 years agoLog when the destruction of a tunnel is aborted
Julien Muchembled [Fri, 19 Dec 2014 19:33:00 +0000 (20:33 +0100)]
Log when the destruction of a tunnel is aborted

4 years agoDo not hardcode executable path in re6st-registry.service
Julien Muchembled [Thu, 18 Dec 2014 16:57:15 +0000 (17:57 +0100)]
Do not hardcode executable path in re6st-registry.service

To be consistent with re6stnet.service

4 years agoAdd 2 new experimental commands: re6st-cn & re6st-geo
Julien Muchembled [Thu, 18 Dec 2014 16:30:31 +0000 (17:30 +0100)]
Add 2 new experimental commands: re6st-cn & re6st-geo

4 years agoOn exit, stop babeld first to give a change to send wildcard retractions
Julien Muchembled [Thu, 18 Dec 2014 14:07:39 +0000 (15:07 +0100)]
On exit, stop babeld first to give a change to send wildcard retractions

4 years agoSend User-Agent header when querying the registry
Julien Muchembled [Thu, 18 Dec 2014 14:00:16 +0000 (15:00 +0100)]
Send User-Agent header when querying the registry

4 years agoregistry: increase grace period when cleaning old certs
Julien Muchembled [Wed, 17 Dec 2014 16:33:39 +0000 (17:33 +0100)]
registry: increase grace period when cleaning old certs

4 years agoregistry: fix security of some RPC when serving behind proxy
Julien Muchembled [Wed, 17 Dec 2014 16:03:20 +0000 (17:03 +0100)]
registry: fix security of some RPC when serving behind proxy

4 years agoregistry: document that workaround is only useful for old Python
Julien Muchembled [Wed, 17 Dec 2014 15:55:58 +0000 (16:55 +0100)]
registry: document that workaround is only useful for old Python

4 years agoFix creation of tunnel ignoring routing table updates until all peers are tried
Julien Muchembled [Fri, 14 Nov 2014 14:33:36 +0000 (15:33 +0100)]
Fix creation of tunnel ignoring routing table updates until all peers are tried

4 years agoLower MTU for UDPv4 tunnels behind SFR ADSL (France)
Julien Muchembled [Mon, 3 Nov 2014 13:42:12 +0000 (14:42 +0100)]
Lower MTU for UDPv4 tunnels behind SFR ADSL (France)

4 years agoregistry: fix stuck requests leading to "Too many open files" errors
Julien Muchembled [Mon, 3 Nov 2014 13:40:57 +0000 (14:40 +0100)]
registry: fix stuck requests leading to "Too many open files" errors

4 years agoFix startup from working copy when Git is too old
Julien Muchembled [Thu, 23 Oct 2014 15:48:47 +0000 (17:48 +0200)]
Fix startup from working copy when Git is too old

4 years agoregistry: do not retry/wait forever if something goes wrong with babeld
Julien Muchembled [Wed, 22 Oct 2014 09:08:35 +0000 (11:08 +0200)]
registry: do not retry/wait forever if something goes wrong with babeld

babeld could be in bad state, or it could be incompatible (too old or too new).

4 years agoregistry: new RPC to get versions of all running nodes
Julien Muchembled [Tue, 21 Oct 2014 18:19:37 +0000 (20:19 +0200)]
registry: new RPC to get versions of all running nodes

4 years agoregistry: fix use of socket connection to babeld
Julien Muchembled [Tue, 21 Oct 2014 18:19:26 +0000 (20:19 +0200)]
registry: fix use of socket connection to babeld

- getBootstrapPeer was stuck as long as there was no other request being served
- registry crashed when re6stnet is stopped

4 years agoFix code of message sending back the version
Julien Muchembled [Tue, 21 Oct 2014 14:34:59 +0000 (16:34 +0200)]
Fix code of message sending back the version

Code 4 was reused by mistake for 'kill' messages.

4 years agoFix typo in RPM spec
Julien Muchembled [Mon, 20 Oct 2014 13:58:00 +0000 (15:58 +0200)]
Fix typo in RPM spec

4 years agobabeld with new control socket is required
Julien Muchembled [Thu, 16 Oct 2014 16:38:40 +0000 (18:38 +0200)]
babeld with new control socket is required

4 years agoDo not delete a tunnel if there are still routes through it
Cédric Le Ninivin [Tue, 16 Sep 2014 16:32:03 +0000 (18:32 +0200)]
Do not delete a tunnel if there are still routes through it

Co-authored-by: Julien Muchembled <jm@nexedi.com>
4 years agoUse new control socket of babeld to get routes
Julien Muchembled [Tue, 9 Sep 2014 16:11:33 +0000 (18:11 +0200)]
Use new control socket of babeld to get routes

4 years agoAdd support for writeable selectable objects
Julien Muchembled [Thu, 9 Oct 2014 13:04:55 +0000 (15:04 +0200)]
Add support for writeable selectable objects

4 years agoReview API between the main loop and the various select-able objects
Julien Muchembled [Fri, 12 Sep 2014 17:50:01 +0000 (19:50 +0200)]
Review API between the main loop and the various select-able objects

4 years agoregistry: whitelist RPCs rather than blacklist methods to not publish
Julien Muchembled [Wed, 8 Oct 2014 17:27:57 +0000 (19:27 +0200)]
registry: whitelist RPCs rather than blacklist methods to not publish

Here, it's simpler and safer. We will also want to have private methods that
don't start with an underscore.

4 years agoregistry: fix condition to decide when to refresh list of peers
Julien Muchembled [Thu, 9 Oct 2014 13:47:42 +0000 (15:47 +0200)]
registry: fix condition to decide when to refresh list of peers

4 years agodemo: fix command to start recent versions of miniupnpd
Julien Muchembled [Mon, 6 Oct 2014 15:17:51 +0000 (17:17 +0200)]
demo: fix command to start recent versions of miniupnpd

4 years agoTODO & code documentation
Julien Muchembled [Wed, 3 Sep 2014 16:03:05 +0000 (18:03 +0200)]
TODO & code documentation

4 years agoNew version of babeld: 1.5.1
Julien Muchembled [Tue, 2 Sep 2014 15:09:30 +0000 (17:09 +0200)]
New version of babeld: 1.5.1

4 years agoregistry: delete unused accounts and old tokens automatically
Julien Muchembled [Sat, 23 Aug 2014 19:33:05 +0000 (21:33 +0200)]
registry: delete unused accounts and old tokens automatically

Certificates are deleted 30 days after they get invalid,
so that unused prefixes can be reallocated.

4 years agoDo not fail on unexpected 'route_up' notifications from OpenVPN clients
Julien Muchembled [Wed, 20 Aug 2014 12:07:29 +0000 (14:07 +0200)]
Do not fail on unexpected 'route_up' notifications from OpenVPN clients

This fixes the following error:

  TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'
  Traceback (most recent call last):
    File "/usr/sbin/re6stnet", line 438, in main
      tunnel_manager.handleTunnelEvent(read_pipe.readline())
    File "/usr/lib/python2.7/dist-packages/re6st/tunnel.py", line 389, in handleTunnelEvent
      m(*args)
    File "/usr/lib/python2.7/dist-packages/re6st/tunnel.py", line 412, in _ovpn_route_up
      self._connection_dict[prefix].connected()
    File "/usr/lib/python2.7/dist-packages/re6st/tunnel.py", line 76, in connected
      i = self._retry - 1

What happened is probably that a route_up notification was received just before
killing/recreating the connection for the same node, and then process twice
the same OpenVPN notification: in this case, the first was for a previous
connection and should have been ignored.

4 years agoregistry: fix permission of 'topology' RPC
Julien Muchembled [Thu, 31 Jul 2014 15:36:44 +0000 (17:36 +0200)]
registry: fix permission of 'topology' RPC

4 years agoFix typos in README
Julien Muchembled [Thu, 31 Jul 2014 14:06:49 +0000 (16:06 +0200)]
Fix typos in README

4 years agoAvoid fragmentation when using UDP
Julien Muchembled [Tue, 29 Jul 2014 14:21:03 +0000 (16:21 +0200)]
Avoid fragmentation when using UDP

We'll have to revive UDP because we experienced congestion with TCP.
This should make UDP efficient in good environment.
MTU discovery is required however to enable UDP by default.

4 years agoDo not fail on messages received from link-local ipv6
Julien Muchembled [Tue, 29 Jul 2014 09:27:10 +0000 (11:27 +0200)]
Do not fail on messages received from link-local ipv6

5 years agoFix TypeError when the system lacks memory
Julien Muchembled [Tue, 22 Jul 2014 08:22:02 +0000 (10:22 +0200)]
Fix TypeError when the system lacks memory

This fixes up commit e3781aff443b7504f09bd818ebeafe90285b5990
(Reduce probability of dying when the system lacks memory").

5 years agoUpdate comment after changed systemd's TODO
Julien Muchembled [Fri, 18 Jul 2014 15:20:01 +0000 (17:20 +0200)]
Update comment after changed systemd's TODO

5 years agoNew re6st.version module
Julien Muchembled [Fri, 18 Jul 2014 13:13:17 +0000 (15:13 +0200)]
New re6st.version module

- new -V/--version command line option
- protocol extended to get the version of any node in the network,
  which will allow to track those running an old version of re6st

5 years agoOld clients are in the minority now so avoid them
Julien Muchembled [Wed, 16 Jul 2014 17:43:20 +0000 (19:43 +0200)]
Old clients are in the minority now so avoid them

5 years agoRemove network suffix from 're6stnet_ip' environment variable
Julien Muchembled [Wed, 16 Jul 2014 17:36:02 +0000 (19:36 +0200)]
Remove network suffix from 're6stnet_ip' environment variable

It's already in 're6stnet_subnet' and it's useful to bind to 're6stnet_ip'
without having to edit it first.

5 years agoIncrease rtt-decay factor to match our higher hello interval
Julien Muchembled [Fri, 11 Jul 2014 18:29:05 +0000 (20:29 +0200)]
Increase rtt-decay factor to match our higher hello interval

256 * (1 - (1-42/256.)**(15/4.)) ≈ 125
where:
- 42 is default rtt-decay
- 4 is default hello in babeld
- 15 is default hello in re6st

5 years agoDo not advertise any IPv6 when UPnP is used
Julien Muchembled [Fri, 11 Jul 2014 13:56:22 +0000 (15:56 +0200)]
Do not advertise any IPv6 when UPnP is used

5 years agoCode cleanup
Julien Muchembled [Fri, 11 Jul 2014 13:43:33 +0000 (15:43 +0200)]
Code cleanup

5 years agore6st-conf: add warning about the importance of the private key
Julien Muchembled [Fri, 11 Jul 2014 13:10:45 +0000 (15:10 +0200)]
re6st-conf: add warning about the importance of the private key

5 years agoAdd support for OpenVPN tunnels over IPv6
Julien Muchembled [Wed, 9 Jul 2014 19:26:46 +0000 (21:26 +0200)]
Add support for OpenVPN tunnels over IPv6

5 years agoFix server-less mode (--max-clients=0)
Julien Muchembled [Mon, 7 Jul 2014 15:21:19 +0000 (17:21 +0200)]
Fix server-less mode (--max-clients=0)

5 years agoAdd timeout when communicating with the registry
Julien Muchembled [Thu, 3 Jul 2014 09:29:27 +0000 (11:29 +0200)]
Add timeout when communicating with the registry

This makes sure re6st does not stop working because a connection is stuck.

5 years agoSwitch RTT-based metric for routing
Julien Muchembled [Tue, 24 Jun 2014 14:43:15 +0000 (16:43 +0200)]
Switch RTT-based metric for routing

5 years agoDocument that firewall must accept UDPv6 port 326
Julien Muchembled [Wed, 2 Jul 2014 10:21:08 +0000 (12:21 +0200)]
Document that firewall must accept UDPv6 port 326

5 years agosecurity: drop UDP packets that are empty or from outside same re6st network
Julien Muchembled [Tue, 29 Apr 2014 14:47:01 +0000 (16:47 +0200)]
security: drop UDP packets that are empty or from outside same re6st network

Also accepts packets from loopback.

5 years agoiproute shipped by CentOS 6 is too old and does not provide 'tuntap' subcommand
Julien Muchembled [Thu, 20 Feb 2014 10:37:54 +0000 (11:37 +0100)]
iproute shipped by CentOS 6 is too old and does not provide 'tuntap' subcommand

5 years agoLower severity of getBootstrapPeer failure when it has no UDP answer
Julien Muchembled [Wed, 19 Feb 2014 19:13:51 +0000 (20:13 +0100)]
Lower severity of getBootstrapPeer failure when it has no UDP answer

It's normal such failure happens occasionally and re6st retries later so:
- do not frighten user/admin with 500 status and ssl errors
- do not waste resources by killing session with registry

5 years agoDebian: 'iproute' package is deprecated
Julien Muchembled [Wed, 19 Feb 2014 13:20:39 +0000 (14:20 +0100)]
Debian: 'iproute' package is deprecated

5 years agoReset --tunnel-refresh countdown when a tunnel is created
Julien Muchembled [Mon, 3 Feb 2014 10:36:23 +0000 (11:36 +0100)]
Reset --tunnel-refresh countdown when a tunnel is created

This prevents re6stnet from killing tunnels prematurely.

5 years agoDisable clean up of unused tap interface
Julien Muchembled [Sat, 1 Feb 2014 16:40:08 +0000 (17:40 +0100)]
Disable clean up of unused tap interface

Current implementation is too aggressive and after some time, babeld stops
working properly, with log full of:

  setsockopt(IPV6_JOIN_GROUP): Cannot allocate memory
  setsockopt(IPV6_LEAVE_GROUP): Cannot assign requested address

5 years agoReduce probability of dying when the system lacks memory
Julien Muchembled [Thu, 16 Jan 2014 16:00:53 +0000 (17:00 +0100)]
Reduce probability of dying when the system lacks memory

Some servers can only be accessed via their re6st IP. re6st itself uses little
memory so it should not die when it fails to fork.

5 years agoFix compatibility issue with Python < 2.7
Julien Muchembled [Mon, 23 Dec 2013 13:06:42 +0000 (14:06 +0100)]
Fix compatibility issue with Python < 2.7

5 years agoNew --neighbour option to make sure given peers are reachable directly
Julien Muchembled [Mon, 25 Nov 2013 17:46:45 +0000 (18:46 +0100)]
New --neighbour option to make sure given peers are reachable directly

This is a workaround waiting that we have better criteria to select tunnels
to create or destroy.

5 years agoFix most race conditions causing bad cleanup
Julien Muchembled [Wed, 20 Nov 2013 16:04:11 +0000 (17:04 +0100)]
Fix most race conditions causing bad cleanup

5 years agoDisable UDP protocol by default for OpenVPN tunnels
Julien Muchembled [Wed, 20 Nov 2013 14:13:14 +0000 (15:13 +0100)]
Disable UDP protocol by default for OpenVPN tunnels

UDP protocol is useless if nothing is done to prevent fragmentation.
Otherwise, it is at best unefficient.

There exist routers on the internet that filter fragmented packets with specific
data. This is hard to debug because TCP connections hang randomly when there is
no OpenVPN encryption.

Now, only TCP is enabled by default. A second protocol should be there for
better performance when possible, either existing UDP one (provided it is
guaranteed there is no fragmentation) or something better (GRE ?).

5 years agoApply tun_mtu when starting TAP interfaces
Julien Muchembled [Tue, 19 Nov 2013 16:58:36 +0000 (17:58 +0100)]
Apply tun_mtu when starting TAP interfaces

For the moment, this does nothing since it should always be 1500.

5 years agoRevert "Monkey-patch NEMU to fix demo with recent iproute"
Julien Muchembled [Wed, 13 Nov 2013 13:29:37 +0000 (14:29 +0100)]
Revert "Monkey-patch NEMU to fix demo with recent iproute"

This reverts commit 7dbc38d7e3e429ece35daa1fd34c52eed4557d45.

Fixed upstream in version 0.2
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725344

5 years agoMonkey-patch NEMU to fix demo with recent iproute
Julien Muchembled [Tue, 1 Oct 2013 12:39:39 +0000 (14:39 +0200)]
Monkey-patch NEMU to fix demo with recent iproute

5 years agoSpeed up bootstrap and reconnection
Julien Muchembled [Fri, 27 Sep 2013 13:09:05 +0000 (15:09 +0200)]
Speed up bootstrap and reconnection

The way peer addresses were exchanged polluted caches with information about
dead nodes. In particular, bootstrapping often took a long time because the
cache of the primary node was mostly useless.

This also fixes bootstrap of registry.

5 years agoIf possible, preserve ownership when renewing certificates
Julien Muchembled [Fri, 9 Aug 2013 09:27:39 +0000 (11:27 +0200)]
If possible, preserve ownership when renewing certificates

5 years agosystemd: drop everything from standard output/error (mostly OpenVPN errors)
Julien Muchembled [Fri, 2 Aug 2013 18:12:03 +0000 (20:12 +0200)]
systemd: drop everything from standard output/error (mostly OpenVPN errors)

5 years agoFix stuck TCP connections
Julien Muchembled [Fri, 2 Aug 2013 18:08:32 +0000 (20:08 +0200)]
Fix stuck TCP connections

6 years agoFix OverflowError on Windows
Julien Muchembled [Tue, 25 Jun 2013 14:43:53 +0000 (16:43 +0200)]
Fix OverflowError on Windows

Traceback (most recent call last):
  File "/opt/re6stnet/re6stnet", line 403, in main
    tunnel_manager.handlePeerEvent()
  File "/cygdrive/d/slapos/opt/git/re6stnet/re6st/tunnel.py", line 472, in handlePeerEvent
    self.sock.sendto('\1' + ''.join(msg), address)

6 years agoAdd TROUBLESHOOTING section in man page
Julien Muchembled [Tue, 18 Jun 2013 16:59:47 +0000 (18:59 +0200)]
Add TROUBLESHOOTING section in man page

6 years agoFix anomymous registration
Julien Muchembled [Tue, 18 Jun 2013 13:10:10 +0000 (15:10 +0200)]
Fix anomymous registration

This fixes a regression introduced with new protocol to registry (commit
e24eb3f588660a97226730602051ebf7a9a89135), which can't transport None value.

6 years agoFix server tunnels on dists for which 'ip' command is not in /bin (e.g. Fedora)
Julien Muchembled [Tue, 11 Jun 2013 17:11:22 +0000 (19:11 +0200)]
Fix server tunnels on dists for which 'ip' command is not in /bin (e.g. Fedora)

6 years agoLoosen version contraint to Python for Fedora
Julien Muchembled [Tue, 11 Jun 2013 11:54:19 +0000 (13:54 +0200)]
Loosen version contraint to Python for Fedora

6 years agoLog more information when trying to (re)bootstrap
Julien Muchembled [Mon, 3 Jun 2013 13:26:07 +0000 (15:26 +0200)]
Log more information when trying to (re)bootstrap

6 years agoTighten pyOpenSSL dependency for OpenSSL.crypto.verify()
Julien Muchembled [Mon, 3 Jun 2013 13:23:49 +0000 (15:23 +0200)]
Tighten pyOpenSSL dependency for OpenSSL.crypto.verify()

6 years agoFix logged message when openssl fails to decrypt bootstrap peer
Julien Muchembled [Mon, 20 May 2013 15:33:30 +0000 (17:33 +0200)]
Fix logged message when openssl fails to decrypt bootstrap peer

6 years agoAbort in case of unexpected default route
Julien Muchembled [Mon, 13 May 2013 16:33:25 +0000 (18:33 +0200)]
Abort in case of unexpected default route

This is a common misconfiguration that may break internet acces for other peers.

We also stop checking for child process termination when used without tunnel
manager (i.e. with --client or --client-count=0) because it conflicts with the
'ip route' command that is called every minute if --table=0 is used.
Anyway, with a tunnel manager, only openvpn client are watched.

6 years agoDetect when network prefix has changed
Julien Muchembled [Sun, 12 May 2013 20:52:36 +0000 (22:52 +0200)]
Detect when network prefix has changed

6 years agoImplement automatic renewal of client certificate
Julien Muchembled [Tue, 7 May 2013 15:46:03 +0000 (17:46 +0200)]
Implement automatic renewal of client certificate

6 years agoINCOMPATIBLE: change registry protocol
Julien Muchembled [Tue, 7 May 2013 12:44:06 +0000 (14:44 +0200)]
INCOMPATIBLE: change registry protocol

- authenticated communications with registered clients
- XML-RPC is dropped
- multi-threaded server

6 years agodemo: generate CA cert automatically instead of providing 1 in repository
Julien Muchembled [Mon, 13 May 2013 13:54:16 +0000 (15:54 +0200)]
demo: generate CA cert automatically instead of providing 1 in repository

6 years agoFix restart of re6stnet daemon
Julien Muchembled [Tue, 7 May 2013 15:45:05 +0000 (17:45 +0200)]
Fix restart of re6stnet daemon

6 years agoTODO: by default, non-routable IPs should be filtered
Julien Muchembled [Tue, 23 Apr 2013 12:04:36 +0000 (14:04 +0200)]
TODO: by default, non-routable IPs should be filtered

6 years agoMore sanity check
Julien Muchembled [Tue, 23 Apr 2013 12:03:07 +0000 (14:03 +0200)]
More sanity check

6 years agoON DELETE CASCADE does not work with attached databases
Julien Muchembled [Mon, 22 Apr 2013 10:20:42 +0000 (12:20 +0200)]
ON DELETE CASCADE does not work with attached databases

6 years agoON DELETE CASCADE requires to enable foreign keys
Julien Muchembled [Mon, 22 Apr 2013 10:23:43 +0000 (12:23 +0200)]
ON DELETE CASCADE requires to enable foreign keys

6 years agore6stnet: new --disable-proto option
Julien Muchembled [Wed, 17 Apr 2013 14:16:59 +0000 (16:16 +0200)]
re6stnet: new --disable-proto option

6 years agoFix use of alternate addresses
Julien Muchembled [Tue, 16 Apr 2013 17:23:03 +0000 (19:23 +0200)]
Fix use of alternate addresses

When a peer advertised several addresses, a node trying to create a tunnel to
it never tried any other address than the first one.

Before, we wrongly assumed OpenVPN would try all addresses before aborting
(--ping-exit). New code reexecutes OpenVPN until all addresses are tried
and update the peer db to reorder addresses if the first one failed.