Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boris Kocherov
re6stnet
Commits
de0b065e
Commit
de0b065e
authored
Jun 25, 2013
by
Jondy Zhao
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' into cygwin
parents
819b530b
cd99197e
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
45 additions
and
14 deletions
+45
-14
debian/control
debian/control
+1
-1
docs/re6stnet.rst
docs/re6stnet.rst
+21
-0
re6st-conf
re6st-conf
+7
-4
re6st/ovpn-client
re6st/ovpn-client
+3
-0
re6st/registry.py
re6st/registry.py
+6
-6
re6st/tunnel.py
re6st/tunnel.py
+4
-0
re6stnet.spec
re6stnet.spec
+2
-2
setup.py
setup.py
+1
-1
No files found.
debian/control
View file @
de0b065e
...
@@ -7,7 +7,7 @@ Standards-Version: 3.9.1
...
@@ -7,7 +7,7 @@ Standards-Version: 3.9.1
Package: re6stnet
Package: re6stnet
Architecture: all
Architecture: all
Depends: ${misc:Depends}, python (>= 2.6.6-3), python (<< 2.8), python-argparse, python-openssl, openvpn (>= 2.1.3), babeld (>= 1.3.1), iproute, openssl
Depends: ${misc:Depends}, python (>= 2.6.6-3), python (<< 2.8), python-argparse, python-openssl
(>= 0.13)
, openvpn (>= 2.1.3), babeld (>= 1.3.1), iproute, openssl
Recommends: ${python:Recommends}
Recommends: ${python:Recommends}
Suggests: ndisc6
Suggests: ndisc6
Description: resilient, scalable, IPv6 network application
Description: resilient, scalable, IPv6 network application
docs/re6stnet.rst
View file @
de0b065e
...
@@ -137,6 +137,27 @@ Its IP is the first unicast address::
...
@@ -137,6 +137,27 @@ Its IP is the first unicast address::
re6st-registry --private 2001:db8:42::1 ...
re6st-registry --private 2001:db8:42::1 ...
re6stnet --registry http://localhost/ --ip re6st.example.com ...
re6stnet --registry http://localhost/ --ip re6st.example.com ...
TROUBLESHOOTING
===============
On networks with very few working nodes compared to the total number of
registered nodes, it may take some time to bootstrap. However, if you really
think something goes wrong, you should first enable OpenVPN logs and increase
verbosity: see commented directives in configuration generated by `re6st-conf`.
A common failure is caused by a misconfigured firewall:
- re6st launches several OpenVPN processes. Those in client mode may connect to
any TCP/UDP port in IPv4. Server processes only listen to ports specified
by ``--pp`` option.
- OpenVPN always aborts due to inactivity timeout when Babel paquets are
filtered. UDP port 6696 must be open on link-local IPv6 of all interfaces
managed by Babel.
Other security components may also break re6st. For example, default SELinux
configuration on Fedora prevents execution of OpenVPN server processes.
SEE ALSO
SEE ALSO
========
========
...
...
re6st-conf
View file @
de0b065e
...
@@ -93,15 +93,18 @@ def main():
...
@@ -93,15 +93,18 @@ def main():
cert_fd
=
token_advice
=
None
cert_fd
=
token_advice
=
None
try
:
try
:
token
=
config
.
token
if
config
.
anonymous
:
if
config
.
anonymous
:
if
not
(
config
.
token
is
config
.
email
is
None
):
if
not
(
token
is
config
.
email
is
None
):
parser
.
error
(
"--anonymous conflicts with --email/--token"
)
parser
.
error
(
"--anonymous conflicts with --email/--token"
)
elif
not
config
.
token
:
token
=
''
elif
not
token
:
if
not
config
.
email
:
if
not
config
.
email
:
config
.
email
=
raw_input
(
'Please enter your email address: '
)
config
.
email
=
raw_input
(
'Please enter your email address: '
)
s
.
requestToken
(
config
.
email
)
s
.
requestToken
(
config
.
email
)
token_advice
=
"Use --token to retry without asking a new token
\
n
"
token_advice
=
"Use --token to retry without asking a new token
\
n
"
config
.
token
=
raw_input
(
'Please enter your token: '
)
while
not
token
:
token
=
raw_input
(
'Please enter your token: '
)
try
:
try
:
with
open
(
key_path
)
as
f
:
with
open
(
key_path
)
as
f
:
...
@@ -125,7 +128,7 @@ def main():
...
@@ -125,7 +128,7 @@ def main():
# to avoid using our token for nothing.
# to avoid using our token for nothing.
cert_fd
=
os
.
open
(
cert_path
,
os
.
O_CREAT
|
os
.
O_WRONLY
,
0666
)
cert_fd
=
os
.
open
(
cert_path
,
os
.
O_CREAT
|
os
.
O_WRONLY
,
0666
)
print
"Requesting certificate ..."
print
"Requesting certificate ..."
cert
=
s
.
requestCertificate
(
config
.
token
,
req
)
cert
=
s
.
requestCertificate
(
token
,
req
)
if
not
cert
:
if
not
cert
:
token_advice
=
None
token_advice
=
None
sys
.
exit
(
"Error: invalid or expired token"
)
sys
.
exit
(
"Error: invalid or expired token"
)
...
...
re6st/ovpn-client
View file @
de0b065e
...
@@ -2,6 +2,9 @@
...
@@ -2,6 +2,9 @@
import
os
,
sys
import
os
,
sys
if
os
.
environ
[
'script_type'
]
==
'up'
:
if
os
.
environ
[
'script_type'
]
==
'up'
:
# OpenVPN unsets PATH before calling hooks
# which is equivalent to set /bin:/usr/bin
os
.
environ
[
'PATH'
]
=
'/bin:/sbin:/usr/bin:/usr/sbin'
os
.
execlp
(
'ip'
,
'ip'
,
'link'
,
'set'
,
os
.
environ
[
'dev'
],
'up'
)
os
.
execlp
(
'ip'
,
'ip'
,
'link'
,
'set'
,
os
.
environ
[
'dev'
],
'up'
)
# Write into pipe external ip address received
# Write into pipe external ip address received
...
...
re6st/registry.py
View file @
de0b065e
...
@@ -179,12 +179,7 @@ class RegistryServer(object):
...
@@ -179,12 +179,7 @@ class RegistryServer(object):
req
=
crypto
.
load_certificate_request
(
crypto
.
FILETYPE_PEM
,
req
)
req
=
crypto
.
load_certificate_request
(
crypto
.
FILETYPE_PEM
,
req
)
with
self
.
lock
:
with
self
.
lock
:
with
self
.
db
:
with
self
.
db
:
if
token
is
None
:
if
token
:
prefix_len
=
self
.
config
.
anonymous_prefix_length
if
not
prefix_len
:
return
email
=
None
else
:
try
:
try
:
token
,
email
,
prefix_len
,
_
=
self
.
db
.
execute
(
token
,
email
,
prefix_len
,
_
=
self
.
db
.
execute
(
"SELECT * FROM token WHERE token = ?"
,
"SELECT * FROM token WHERE token = ?"
,
...
@@ -193,6 +188,11 @@ class RegistryServer(object):
...
@@ -193,6 +188,11 @@ class RegistryServer(object):
return
return
self
.
db
.
execute
(
"DELETE FROM token WHERE token = ?"
,
self
.
db
.
execute
(
"DELETE FROM token WHERE token = ?"
,
(
token
,))
(
token
,))
else
:
prefix_len
=
self
.
config
.
anonymous_prefix_length
if
not
prefix_len
:
return
email
=
None
prefix
=
self
.
_getPrefix
(
prefix_len
)
prefix
=
self
.
_getPrefix
(
prefix_len
)
self
.
db
.
execute
(
"UPDATE cert SET email = ? WHERE prefix = ?"
,
self
.
db
.
execute
(
"UPDATE cert SET email = ? WHERE prefix = ?"
,
(
email
,
prefix
))
(
email
,
prefix
))
...
...
re6st/tunnel.py
View file @
de0b065e
...
@@ -246,6 +246,8 @@ class TunnelManager(object):
...
@@ -246,6 +246,8 @@ class TunnelManager(object):
self
.
_countRoutes
()
self
.
_countRoutes
()
disconnected
=
self
.
_disconnected
disconnected
=
self
.
_disconnected
if
disconnected
is
not
None
:
if
disconnected
is
not
None
:
logging
.
info
(
"No route to registry (%u neighbours, %u distant"
" peers)"
,
len
(
disconnected
),
len
(
distant_peers
))
# We aren't the registry node and we have no tunnel to or from it,
# We aren't the registry node and we have no tunnel to or from it,
# so it looks like we are not connected to the network, and our
# so it looks like we are not connected to the network, and our
# neighbours are in the same situation.
# neighbours are in the same situation.
...
@@ -290,6 +292,8 @@ class TunnelManager(object):
...
@@ -290,6 +292,8 @@ class TunnelManager(object):
bootstrap
=
True
bootstrap
=
True
for
peer
,
address
in
self
.
_peer_db
.
getPeerList
():
for
peer
,
address
in
self
.
_peer_db
.
getPeerList
():
if
peer
not
in
disconnected
:
if
peer
not
in
disconnected
:
logging
.
info
(
"Try to bootstrap using peer %u/%u"
,
int
(
peer
,
2
),
len
(
peer
))
bootstrap
=
False
bootstrap
=
False
if
self
.
_makeTunnel
(
peer
,
address
):
if
self
.
_makeTunnel
(
peer
,
address
):
new
+=
1
new
+=
1
...
...
re6stnet.spec
View file @
de0b065e
...
@@ -11,8 +11,8 @@ Requires: babeld >= 1.3.1
...
@@ -11,8 +11,8 @@ Requires: babeld >= 1.3.1
Requires: iproute
Requires: iproute
Requires: openssl
Requires: openssl
Requires: openvpn
Requires: openvpn
Requires: python = 2.7
Requires: python
>
= 2.7
Requires: pyOpenSSL
Requires: pyOpenSSL
>= 0.13
%description
%description
...
...
setup.py
View file @
de0b065e
...
@@ -38,7 +38,7 @@ setup(
...
@@ -38,7 +38,7 @@ setup(
'ovpn-client'
,
'ovpn-client'
,
],
],
},
},
install_requires
=
[
'pyOpenSSL'
,
'miniupnpc'
],
install_requires
=
[
'pyOpenSSL
>= 0.13
'
,
'miniupnpc'
],
#dependency_links = [
#dependency_links = [
# "http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.7.20120714.tar.gz#egg=miniupnpc-1.7",
# "http://miniupnp.free.fr/files/download.php?file=miniupnpc-1.7.20120714.tar.gz#egg=miniupnpc-1.7",
# ],
# ],
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment