diff --git a/slapos-node/Makefile b/slapos-node/Makefile index 127d748a399631a075ffd6bd3877ca672ea61caa..c724fbf129de04b1d11bdd72d8232449586d6a56 100644 --- a/slapos-node/Makefile +++ b/slapos-node/Makefile @@ -14,10 +14,6 @@ install: all cp slapos-test $(DESTDIR)/usr/sbin/ cp $(DESTDIR)/opt/slapos/bin/slapos $(DESTDIR)/usr/bin/ # Open VPN configuration - mkdir -p $(DESTDIR)/etc/openvpn/ - cp -r template/openvpn/* $(DESTDIR)/etc/openvpn/ mkdir -p $(DESTDIR)/etc/opt/slapos/ - # By default, we want to activate openvpn usage - touch $(DESTDIR)/etc/opt/openvpn-needed clean: # cd slapos; make clean diff --git a/slapos-node/slapos-start b/slapos-node/slapos-start index 2fa518ba2642dd72162af190a567dd492a00e4dd..40f72001d438d211543cc1d731aa0394c706b444 100755 --- a/slapos-node/slapos-start +++ b/slapos-node/slapos-start @@ -25,19 +25,9 @@ if [ $ONLY_SLAPFORMAT = false ]; then ping -c 2 $IPV4CHECK >/dev/null 2>&1 done - # Launch openvpn - if [ -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then - echo "Starting openvpn..." - /etc/init.d/openvpn start - fi - # Wait for ipv6 connection to be ready echo "Checking IPv6 connectivity. This may take a few seconds..." - if [ -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then - PING6_COMMAND="ping6 -I tapVPN -c 2 $IPV6CHECK" - else - PING6_COMMAND="ping6 -c 2 $IPV6CHECK" - fi + PING6_COMMAND="ping6 -c 2 $IPV6CHECK" $PING6_COMMAND while [ $? != 0 ]; do diff --git a/slapos-node/template/openvpn/vifib-keys/ca.crt b/slapos-node/template/openvpn/vifib-keys/ca.crt deleted file mode 100644 index e7b0293be8795b4f4554141ab789b33175c7fce2..0000000000000000000000000000000000000000 --- a/slapos-node/template/openvpn/vifib-keys/ca.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDYDCCAsmgAwIBAgIJAKdgIUTuXOGkMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNV -BAYTAkZSMQ4wDAYDVQQIEwVQQVJJUzEOMAwGA1UEBxMFUGFyaXMxFjAUBgNVBAMT -DUlwdjYtcHJvdmlkZXIxFjAUBgNVBCkTDUlwdjYtcHJvdmlkZXIxHzAdBgkqhkiG -9w0BCQEWEGxlbmluaXZpQGVuc3QuZnIwHhcNMTIwMTI0MTQzOTMxWhcNMjIwMTIx -MTQzOTMxWjB+MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUEFSSVMxDjAMBgNVBAcT -BVBhcmlzMRYwFAYDVQQDEw1JcHY2LXByb3ZpZGVyMRYwFAYDVQQpEw1JcHY2LXBy -b3ZpZGVyMR8wHQYJKoZIhvcNAQkBFhBsZW5pbml2aUBlbnN0LmZyMIGfMA0GCSqG -SIb3DQEBAQUAA4GNADCBiQKBgQC62AycFcv1x+QHmv+mFeHuum5mg0wg+E2rXCJw -vzEBV9LBuv0xWztXNrSvBBQXIkuvgqStqiKH6dcuQvGBxArnM3Gma+czaj/3ugY8 -W0q4/oU26Qaldxzm6Z0e/h25fZivuHwzIQ5YF9GveUv5GqbLtUM02dBqda7zi3GF -+FWQ0QIDAQABo4HlMIHiMB0GA1UdDgQWBBS601oP70QMQmCFeWpO+QxBVGubbjCB -sgYDVR0jBIGqMIGngBS601oP70QMQmCFeWpO+QxBVGubbqGBg6SBgDB+MQswCQYD -VQQGEwJGUjEOMAwGA1UECBMFUEFSSVMxDjAMBgNVBAcTBVBhcmlzMRYwFAYDVQQD -Ew1JcHY2LXByb3ZpZGVyMRYwFAYDVQQpEw1JcHY2LXByb3ZpZGVyMR8wHQYJKoZI -hvcNAQkBFhBsZW5pbml2aUBlbnN0LmZyggkAp2AhRO5c4aQwDAYDVR0TBAUwAwEB -/zANBgkqhkiG9w0BAQUFAAOBgQAbSPWtbxf9ysfVlr81qx/VjIOx0N1hK90SOgbY -yttM6r3G3MaBMrMo79WEZ4ns2PrrvAUO3aDl/hbHVZAMT2SxL0wQ6xFP96llPn6B -3x8/1oM2rhyR5qsI+miRfb8l951qwJDr0sAHEs0u+M+XVkrNvRk3yUGuvgP5tPYZ -Iw3D9Q== ------END CERTIFICATE----- \ No newline at end of file diff --git a/slapos-node/template/openvpn/vifib-keys/client-vifib.crt b/slapos-node/template/openvpn/vifib-keys/client-vifib.crt deleted file mode 100644 index 7c4befa694cec9abfafe3fb1761b039c09ae838e..0000000000000000000000000000000000000000 --- a/slapos-node/template/openvpn/vifib-keys/client-vifib.crt +++ /dev/null @@ -1,71 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=FR, ST=PARIS, L=Paris, CN=Ipv6-provider/name=Ipv6-provider/emailAddress=leninivi@enst.fr - Validity - Not Before: Jan 24 14:52:25 2012 GMT - Not After : Jan 21 14:52:25 2022 GMT - Subject: C=FR, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=CLient/name=Client - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:c8:bf:8d:ec:37:3f:c3:a3:53:57:a3:9f:c9:93: - bf:bc:f4:ff:5b:b9:c2:ca:14:b9:21:2d:75:5d:46: - d2:9a:52:31:83:3d:b8:a3:49:4f:2c:92:44:6e:e1: - d6:43:27:c0:d6:31:43:7a:fc:4b:29:0f:29:5c:44: - b5:c5:01:90:0f:99:ff:e4:e1:3d:37:04:06:7e:09: - ae:d4:36:ac:4f:d9:37:7c:ac:e3:66:11:5d:78:48: - b0:32:4d:c8:e1:72:a7:76:2e:3b:87:a3:43:33:5d: - 15:6c:33:f9:e0:ab:07:a1:20:d2:4b:12:33:69:33: - ef:ee:3f:bc:a2:90:85:2f:53 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - Easy-RSA Generated Certificate - X509v3 Subject Key Identifier: - 47:C1:C8:5B:DD:E8:E7:90:66:B8:40:F3:CE:A7:BC:E5:E7:34:D8:CC - X509v3 Authority Key Identifier: - keyid:BA:D3:5A:0F:EF:44:0C:42:60:85:79:6A:4E:F9:0C:41:54:6B:9B:6E - DirName:/C=FR/ST=PARIS/L=Paris/CN=Ipv6-provider/name=Ipv6-provider/emailAddress=leninivi@enst.fr - serial:A7:60:21:44:EE:5C:E1:A4 - - X509v3 Extended Key Usage: - TLS Web Client Authentication - X509v3 Key Usage: - Digital Signature - Signature Algorithm: sha1WithRSAEncryption - 4f:7f:eb:6f:86:49:17:9e:13:c1:5a:52:c3:8b:6b:1c:06:15: - 06:d1:bd:c4:95:f4:4c:91:0c:4b:17:ea:fa:1d:00:72:fb:fd: - 5c:1f:9d:26:fe:7a:66:2c:f4:3f:55:e6:21:7e:0f:b9:b7:27: - 65:92:95:d5:38:e4:b9:75:b2:3b:ad:f4:24:67:da:8b:6e:10: - b5:ad:47:58:31:4e:c7:e5:3e:c0:be:99:59:65:89:bd:ff:93: - c7:11:1e:07:07:7a:23:33:3a:8d:bc:cb:6a:9a:07:45:3a:c4: - 24:00:f5:37:f5:dc:e8:22:47:dc:6c:63:f5:61:0c:fb:b2:fd: - 24:08 ------BEGIN CERTIFICATE----- -MIIDlDCCAv2gAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJGUjEO -MAwGA1UECBMFUEFSSVMxDjAMBgNVBAcTBVBhcmlzMRYwFAYDVQQDEw1JcHY2LXBy -b3ZpZGVyMRYwFAYDVQQpEw1JcHY2LXByb3ZpZGVyMR8wHQYJKoZIhvcNAQkBFhBs -ZW5pbml2aUBlbnN0LmZyMB4XDTEyMDEyNDE0NTIyNVoXDTIyMDEyMTE0NTIyNVow -ajELMAkGA1UEBhMCRlIxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lz -Y28xFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEPMA0GA1UEAxMGQ0xpZW50MQ8wDQYD -VQQpEwZDbGllbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMi/jew3P8Oj -U1ejn8mTv7z0/1u5wsoUuSEtdV1G0ppSMYM9uKNJTyySRG7h1kMnwNYxQ3r8SykP -KVxEtcUBkA+Z/+ThPTcEBn4JrtQ2rE/ZN3ys42YRXXhIsDJNyOFyp3YuO4ejQzNd -FWwz+eCrB6Eg0ksSM2kz7+4/vKKQhS9TAgMBAAGjggE0MIIBMDAJBgNVHRMEAjAA -MC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw -HQYDVR0OBBYEFEfByFvd6OeQZrhA886nvOXnNNjMMIGyBgNVHSMEgaowgaeAFLrT -Wg/vRAxCYIV5ak75DEFUa5tuoYGDpIGAMH4xCzAJBgNVBAYTAkZSMQ4wDAYDVQQI -EwVQQVJJUzEOMAwGA1UEBxMFUGFyaXMxFjAUBgNVBAMTDUlwdjYtcHJvdmlkZXIx -FjAUBgNVBCkTDUlwdjYtcHJvdmlkZXIxHzAdBgkqhkiG9w0BCQEWEGxlbmluaXZp -QGVuc3QuZnKCCQCnYCFE7lzhpDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E -BAMCB4AwDQYJKoZIhvcNAQEFBQADgYEAT3/rb4ZJF54TwVpSw4trHAYVBtG9xJX0 -TJEMSxfq+h0Acvv9XB+dJv56Ziz0P1XmIX4PubcnZZKV1TjkuXWyO630JGfai24Q -ta1HWDFOx+U+wL6ZWWWJvf+TxxEeBwd6IzM6jbzLapoHRTrEJAD1N/Xc6CJH3Gxj -9WEM+7L9JAg= ------END CERTIFICATE----- \ No newline at end of file diff --git a/slapos-node/template/openvpn/vifib-keys/client-vifib.key b/slapos-node/template/openvpn/vifib-keys/client-vifib.key deleted file mode 100644 index bbfcff2793991d012db3ded638242d45b12b95f1..0000000000000000000000000000000000000000 --- a/slapos-node/template/openvpn/vifib-keys/client-vifib.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDIv43sNz/Do1NXo5/Jk7+89P9bucLKFLkhLXVdRtKaUjGDPbij -SU8skkRu4dZDJ8DWMUN6/EspDylcRLXFAZAPmf/k4T03BAZ+Ca7UNqxP2Td8rONm -EV14SLAyTcjhcqd2LjuHo0MzXRVsM/ngqwehINJLEjNpM+/uP7yikIUvUwIDAQAB -AoGAFcjz1daJDOoEeVZAWNe3zwGnVITsJpHpJTiRq/WrlSOmS9++0bl65hNZac8I -OXFu88+Uyxvl7CbBDkpGj4KD53xSNG+hd52fa0neqPTbrzRdsqMSAfziUdnOWjP1 -DeXBTd8AudX0F2pQehUXFKo2ENcjAYL7ArxIgp1AvPluy0ECQQDlMY3TPtv1Gqcp -kjKymfofOt0XupXqondUyKz+VCQQIpC+TXiJMsN/bU9B7gq/XlyFX6KaiXLlfDUE -Qt0KBoqtAkEA4DpMnzPxsjtI3N/EzxAsQgRvLVM/69StlSgrGDGT0SBEKpTCjQlV -JH/thN2yvhCJiAQOeqsyOnc4BFqXX3vh/wJBANE8OhPeUQQkfvMuquXuODAGlw0w -o+h+xZ47TeMpgXrRc36oTyBBncRZUIAKBvnJ9YE1W8blMGVczTHEsPKUIkkCQD7y -Xtw6mtlsJzJKZ1extJr737IbstAjrm83DZIHKPYGVtyVUmCBhDNw7l7kVe9heRqD -+QSa1sju+vzN6bzWbEUCQAdhz+m51y2W447yjyn3KqU0LnIVErdPkKW9ct1WO4f1 -fDzyybocUpZGSVKld0ScAlsuZ6CeWq/nR8ugYorMUj4= ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/slapos-node/template/openvpn/vifib.conf b/slapos-node/template/openvpn/vifib.conf deleted file mode 100644 index 1ffe5b1c8a0ce629092daccfda12efa288bee11d..0000000000000000000000000000000000000000 --- a/slapos-node/template/openvpn/vifib.conf +++ /dev/null @@ -1,20 +0,0 @@ -client -dev tapVPN -proto tcp -remote 176.31.103.87 -port 443 -resolv-retry infinite -nobind -persist-key -persist-tun -ca /etc/openvpn/vifib-keys/ca.crt -cert /etc/openvpn/vifib-keys/client-vifib.crt -key /etc/openvpn/vifib-keys/client-vifib.key -ns-cert-type server -verb 3 - -# Retry slapformat in case of failure -script-security 3 system -up-restart -up 'ONLY_SLAPFORMAT=true /usr/sbin/slapos-start & echo foo' -log /var/log/openvpn.log \ No newline at end of file diff --git a/slapos-node/template/slapos-node.cron.d b/slapos-node/template/slapos-node.cron.d index b9b9cd4cd3b9f856c6853628a82ead7e098a66e8..895d7005277a4506fe0963056543f34018aeaa33 100644 --- a/slapos-node/template/slapos-node.cron.d +++ b/slapos-node/template/slapos-node.cron.d @@ -11,7 +11,3 @@ MAILTO="" # Run "Check/add IPs and so on" once per hour 0 * * * * root /opt/slapos/bin/slapos node format >> /opt/slapos/log/slapos-node-format.log 2>&1 - - -# Make sure we have only good network routes if we use VPN -* * * * * root if [ -f /etc/opt/slapos/openvpn-needed ]; then ifconfig tapVPN | grep "Scope:Global" > /dev/null ;if [ $? = 0 ]; then ROUTES=$(ip -6 r l | grep default | awk '{print $5}'); for GW in $ROUTES ; do if [ ! $GW = tapVPN ]; then /sbin/ip -6 route del default dev $GW > /dev/null 2>&1;fi ;done ;fi ;fi diff --git a/slapprepare/slapprepare/script/slapos b/slapprepare/slapprepare/script/slapos index 4edc1b22e14402f32672fa787330ced9066069c8..379585a6c8488f2dba1069cc460e0a805e841f57 100755 --- a/slapprepare/slapprepare/script/slapos +++ b/slapprepare/slapprepare/script/slapos @@ -38,16 +38,9 @@ done IPV6CHECK=ipv6.google.com IPV4CHECK=google.com IPV6WAITTIME=5 -SLAPVPN="ipv6_interface = tapVPN" SLAPOS_CONFIGURATION='%(slapos_configuration)s' -# Test ipv4/ipv6 connectivity and if not working use openvpn -# and wait for it to be ready -if [ ! -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then - /etc/init.d/openvpn stop -fi - ping -c 2 $IPV4CHECK while [ $? != 0 ]; do sleep 5 @@ -66,24 +59,6 @@ do ping6 -c 2 $IPV6CHECK done -if [ $? != 0 ] || [ -f $SLAPOS_CONFIGURATION/openvpn-needed ]; then - echo """ Starting openVPN """ - /etc/init.d/openvpn start - sleep 10 - ping6 -I tapVPN -c 2 $IPV6CHECK - while [[ $? != 0 ]]; do - ping6 -I tapVPN -c 2 $IPV6CHECK - done - # Ask slapos to use openvpn as ipv6 provider - sed -i "/${SLAPVPN}/ s/# *//" $SLAPOS_CONFIGURATION/slapos.cfg - # Use tapVPN as default interface for ipv6 traffic - /sbin/ip -6 route del default dev br0 - sleep 2 -else - # OpenVPN not needed, comment line about he_ipv6 (if not ailready done) - sed -i "/${SLAPVPN}/ s/^\([^#]\)/#\1/g" $SLAPOS_CONFIGURATION/slapos.cfg -fi - SLAP_INSTALL_LOG=/opt/slapos/slapos-install.log while :; do diff --git a/slapprepare/slapprepare/template/clientipv4.conf.in b/slapprepare/slapprepare/template/clientipv4.conf.in deleted file mode 100644 index 2130b725697261e59bb2f6727622e0065f25583b..0000000000000000000000000000000000000000 --- a/slapprepare/slapprepare/template/clientipv4.conf.in +++ /dev/null @@ -1,14 +0,0 @@ -client -comp-lzo -keepalive 10 60 -ping-timer-rem -persist-tun -persist-key -verb 0 -dev tun -remote 88.191.151.195 -proto tcp -port 443 -ca /etc/openvpn/vifib-keys/ca.crt -cert /etc/openvpn/vifib-keys/client-vifib.crt -key /etc/openvpn/vifib-keys/client-vifib.key