Skip to content

R
re6stnet
Commit 0b77e96b authored by Joanne Hugé's avatar Joanne Hugé
Browse files
Options

Push country from openvpn server to openvpn client

parent 0f97c026
Hide whitespace changes
Inline Side-by-side
Showing with 38 additions and 6 deletions
re6st/cache.py
View file @ 0b77e96b
......@@ -249,6 +249,11 @@ class Cache(object):
return prefix, address
logging.warning('Buggy registry sent us our own address')
def removePeer(self, prefix):
with self._db as db:
db.execute("DELETE FROM peer WHERE prefix=?",
(prefix,))
def addPeer(self, prefix, address, set_preferred=False):
logging.debug('Adding peer %s: %s', prefix, address)
with self._db:
......
re6st/ovpn-client
View file @ 0b77e96b
......@@ -13,5 +13,7 @@ if script_type == 'up':
if script_type == 'route-up':
import time
country = os.environ['OPENVPN_country'] if 'OPENVPN_country' in os.environ else None
os.write(int(sys.argv[1]), repr((os.environ['common_name'], time.time(),
int(os.environ['tls_serial_0']), os.environ['OPENVPN_external_ip'])))
int(os.environ['tls_serial_0']), os.environ['OPENVPN_external_ip'],
country)))
re6st/ovpn-server
View file @ 0b77e96b
......@@ -10,8 +10,10 @@ os.write(fd, repr((script_type, (os.environ['common_name'], os.environ['dev'],
int(os.environ['tls_serial_0']), external_ip))))
if script_type == 'client-connect':
if os.read(fd, 1) == '\0':
country = os.read(fd, 1)
if country == '\0':
sys.exit(1)
# Send client its external ip address
with open(sys.argv[2], 'w') as f:
f.write('push "setenv-safe external_ip %s"\n' % external_ip)
f.write('push "setenv-safe country %s"\n' % country)
re6st/tunnel.py
View file @ 0b77e96b
......@@ -585,11 +585,11 @@ class BaseTunnelManager(object):
logging.debug("%s%r", event, args)
r = getattr(self, '_ovpn_' + event.replace('-', '_'))(*args)
if r is not None:
sock.send(chr(r))
sock.send(r)
def _ovpn_client_connect(self, common_name, iface, serial, trusted_ip):
if serial in self.cache.crl:
return False
return '\0'
prefix = utils.binFromSubnet(common_name)
self._served[prefix][iface] = serial
if isinstance(self, TunnelManager): # XXX
......@@ -598,7 +598,18 @@ class BaseTunnelManager(object):
if prefix in self._connection_dict and self._prefix < prefix:
self._kill(prefix)
self.cache.connecting(prefix, 0)
return True
family = socket.AF_INET
try:
socket.inet_pton(socket.AF_INET, trusted_ip)
except socket.error:
family = socket.AF_INET6
if self.cache.same_country:
country = self._country.get(family, self._conf_country)
if not country:
return '\0'
return country
return '\1'
def _ovpn_client_disconnect(self, common_name, iface, serial, trusted_ip):
prefix = utils.binFromSubnet(common_name)
......@@ -1015,7 +1026,7 @@ class TunnelManager(BaseTunnelManager):
def handleClientEvent(self):
msg = self._read_sock.recv(65536)
logging.debug("route_up%s", msg)
common_name, time, serial, ip = eval(msg)
common_name, time, serial, ip, country = eval(msg)
prefix = utils.binFromSubnet(common_name)
c = self._connection_dict.get(prefix)
if c and c.time < float(time):
......@@ -1031,6 +1042,18 @@ class TunnelManager(BaseTunnelManager):
if address:
if self._geoiplookup or self._conf_country:
address = self._updateCountry(address)
if country:
my_country = self._country.get(family, self._conf_country)
same_country = self.cache.same_country
if (country != my_country
if my_country in same_country else
country in same_country):
logging.debug("Wrong country in cache, killing tunnel %s", common_name)
self._kill(prefix)
self.cache.removePeer(prefix)
self._address[family] = utils.dump_address(address)
self.cache.my_address = ';'.join(self._address.itervalues())
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7