1. 22 Mar, 2021 1 commit
    • Joanne Hugé's avatar
      Fix two issues related to handleHello · bbde1c0d
      Joanne Hugé authored
      In some circumstances, the hello_protocol attribute could get modified
      on the wrong peer, which would raise an AttributeError.
      On reception of seqno 1 from a peer with protocol < 7, protocol could be
      equal to zero which would cause handleHello to not return True, causing
      the handshake to fail.
      bbde1c0d
  2. 11 Feb, 2021 3 commits
    • Joanne Hugé's avatar
      New --country option; add country in addresses · 85d77bd8
      Joanne Hugé authored
      This commit concerns networks that use the --same-country option.
      We recently discovered that the IP geolocation database contains
      incorrect entries. To work around this, the protocol needs to be
      changed by adding the country as 4th field in addresses (the first 3
      are: ip, port, protocol) and the new --country option allows a node
      to announce a country that differs from the one the GeoIP DB.
      
      Thanks to the previous commits it's possible to implement backward
      compatibility, by not sending the 4th field (country) to nodes that
      can't parse it. Of course, these old nodes would continue to not
      create appropriate tunnels and after a while, the administrator of
      the network may decide to increase registry's --min-protocol (7).
      
      In a network with only nodes that implement this last version of the
      protocol, the nodes may only use the GeoIP DB to resolve their own IPs.
      
      See merge request nexedi/re6stnet!27
      85d77bd8
    • Joanne Hugé's avatar
      Add protocol to handshake with registry · bb7e6376
      Joanne Hugé authored
      bb7e6376
    • Julien Muchembled's avatar
      Add protocol to handshake between nodes · 4f327e1b
      Julien Muchembled authored
      There is a need to be able to extend the protocol without breaking
      compatibility with old nodes. This is done by sending version.protocol
      during inter-node handshake, in seqno 1 and seqno 2, so that a node
      knows what version the peers speak and use appropriate format.
      
      This is implemented with partial backward compatibility: handshake with
      an old node succeeds when the new node does not have to send seqno 1.
      4f327e1b
  3. 22 Dec, 2020 1 commit
  4. 03 Dec, 2020 1 commit
  5. 13 Jan, 2020 1 commit
  6. 10 Jan, 2020 2 commits
  7. 02 Jan, 2020 1 commit
  8. 27 Dec, 2019 6 commits
  9. 11 Dec, 2019 2 commits
  10. 08 Nov, 2019 1 commit
    • Julien Muchembled's avatar
      Fix file descriptor leaks · 9fab68ee
      Julien Muchembled authored
      This should fix strange bugs after running the demo for a long time,
      with certificate renewal happening every few minutes.
      9fab68ee
  11. 07 Nov, 2019 1 commit
    • Julien Muchembled's avatar
      Remove --ipv6, reuse --ip instead · 343e910a
      Julien Muchembled authored
      The previous commit, which adds --ipv6, has the issue
      that it does not check whether given IPs are valid.
      Since IPv4 & IPv6 use completely different address
      representation, --ip can be used for both.
      343e910a
  12. 06 Nov, 2019 1 commit
    • Julien Muchembled's avatar
      New --ipv6 option and fix learning of external IPv6 from other peers · 0106e2f9
      Julien Muchembled authored
      When re6st attempts to use UPnP and IPv6 is enabled at the same time,
      the external IPv4 was published for IPv6 protocols.
      For example, machine6 in the demo had:
        10.0.1.3,1194,tcp;10.0.1.3,1194,udp;10.0.1.3,1195,udp6
      
      This caused re6stnet to crash (socket.gaierror) if GEOIP2_MMDB is set.
      
      With this commit, IPv4 & IPv6 are now processed independently.
      0106e2f9
  13. 31 Oct, 2019 2 commits
  14. 22 Oct, 2019 1 commit
  15. 04 Jul, 2019 1 commit
  16. 03 Jul, 2019 1 commit
    • Killian Lufau's avatar
      Fix handling of private methods · d0233199
      Killian Lufau authored
      The detection of the attribute `_private` was performed on a string
      object representing the name of the method instead of the method itself,
      leading to the registry allowing anyone to call private methods.
      d0233199
  17. 27 Jun, 2019 1 commit
    • Killian Lufau's avatar
      demo: add another re6st network · d868f09a
      Killian Lufau authored
      The purpose is to check that HMAC prevents routes from being exchanged
      between the 2 networks. This happened when 2 nodes of 2 different re6st
      networks are in the same LAN, and it caused many issues.
      
      /reviewed-on nexedi/re6stnet!15
      d868f09a
  18. 26 Jun, 2019 1 commit
  19. 19 Jun, 2019 1 commit
    • Killian Lufau's avatar
      Implement HMAC for babel · 12ba2ee4
      Killian Lufau authored
      HMAC is added in babel call to prevent babel communication between nodes of different re6st networks. 
      This solves the problem of machines in different re6st networks but on the same LAN that exchange routes through babel. 
      The key used to authenticate packets is randomly created on 16 bytes by the registry and sent to nodes when they fetch network parameters. 
      This uses the WIP hmac branch of jech/babeld with Nexedi patches and the added possibility to not check HMAC in incoming packets for better HMAC integration on a HMAC-less network.
      
      /reviewed-on nexedi/re6stnet!18
      12ba2ee4
  20. 18 Jun, 2019 1 commit
  21. 12 Jun, 2019 1 commit
  22. 04 Jun, 2019 1 commit
  23. 15 May, 2019 2 commits
  24. 09 May, 2019 1 commit
    • Killian Lufau's avatar
      OpenVPN 2.4.7 workaround to revert to previous MTU settings · d398aa93
      Killian Lufau authored
      In commit 06974788,
      we increased the --link-mtu value as a temporary way to compensate the
      unexplained behaviour change of recent OpenVPN.
      
      This was partly due to encryption, which was enabled despite
      `--cipher none`. And it happens that the behaviour of --link-mtu only
      changed for the server, with a mysterious difference of 93 bytes.
      
      Hence the workaround to get identical tunnel MTU on both sides.
      
      /reviewed-on nexedi/re6stnet!13
      d398aa93
  25. 06 May, 2019 1 commit
    • Killian Lufau's avatar
      Remove old fix in ovpn-client · 24fea8cd
      Killian Lufau authored
      The fix to mark an interface as "up" and indicate its MTU was
      useful for machines with a single client, because OpenVPN would fail
      to configure them this way in OpenVPN 2.3. It has been fixed in 2.4
      so the fix has been removed.
      
      /reviewed-on nexedi/re6stnet!14
      24fea8cd
  26. 03 May, 2019 1 commit
  27. 29 Apr, 2019 1 commit
    • Killian Lufau's avatar
      Switch to OpenVPN 2.4 · 06974788
      Killian Lufau authored
      The behaviour of --link-mtu has changed and we increase the values to
      at least have interface MTU greater than IPv6 minimum.
      We'll see later to have even greater values in ovpn_link_mtu_dict
      (so that the resulting MTU is closer to what we had with 2.3)
      or review the whole MTU part completely.
      06974788
  28. 10 Apr, 2019 1 commit
  29. 12 Mar, 2019 1 commit