Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Kirill Smelkov
re6stnet
Commits
c86a9ae4
Commit
c86a9ae4
authored
Jul 24, 2012
by
Guillaume Bury
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
README and TODO update
parent
81f49fab
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
36 additions
and
28 deletions
+36
-28
README
README
+21
-13
TODO
TODO
+10
-14
db.py
db.py
+4
-0
vifibnet.py
vifibnet.py
+1
-1
No files found.
README
View file @
c86a9ae4
Note (for U): logs haven't changed. I just added some logs messages to notify
when a task has been finished
Vifibnet is a daemon setting up a resilient virtual private network over the
Vifibnet is a daemon setting up a resilient virtual private network over the
internet
internet
HOW TO:
HOW TO:
Vifibnet ( sic ) has three separate components : a setup (setup.py), a
Vifibnet ( sic ) has three separate components : a setup (setup.py), a
server (registry.py) and a client (vifibnet.py.
server (registry.py) and a client (vifibnet.py.
Lambda users only have to launch the setup and then their client.
Lambda users only have to launch the setup and then their client.
The server is meant to be started once on a node which also will be running
The server is meant to be started once on a node which also will be running
...
@@ -31,7 +35,7 @@ OPTIONS : REGISTRY.PY
...
@@ -31,7 +35,7 @@ OPTIONS : REGISTRY.PY
MUST contain the VPN network prefix in its serial number. To
MUST contain the VPN network prefix in its serial number. To
generate correct ca and key files for the 2001:db8:42:: prefix,
generate correct ca and key files for the 2001:db8:42:: prefix,
the following command can be used :
the following command can be used :
openssl req -nodes -new -x509 -key ca.key -set_serial
openssl req -nodes -new -x509 -key ca.key -set_serial
\
0x120010db80042 -days 365 -out ca.crt
0x120010db80042 -days 365 -out ca.crt
--key path
--key path
...
@@ -87,12 +91,11 @@ OPTIONS : VIFIBNET.PY
...
@@ -87,12 +91,11 @@ OPTIONS : VIFIBNET.PY
Specify connection information to be advertised to other nodes.
Specify connection information to be advertised to other nodes.
address MUST be a ipv4 address since as of now openvpn does not
address MUST be a ipv4 address since as of now openvpn does not
support ipv6 addresses.
support ipv6 addresses.
p
roto should be either udp or tcp-client
P
roto should be either udp or tcp-client
--internal-port port
-i, --interface interface
Specify the port on which will be launched the openvpn server(s)
Give one interface name for each use of the argument. The interface
Can differ from port given in the --ip option.
will be used to detect other nodes on the local network.
Default : 1194
--peers-db-refresh duration
--peers-db-refresh duration
Duration in seconds of the peers DB refresh interval.
Duration in seconds of the peers DB refresh interval.
...
@@ -138,17 +141,20 @@ OPTIONS : VIFIBNET.PY
...
@@ -138,17 +141,20 @@ OPTIONS : VIFIBNET.PY
It takes between 3 times and 4 times the hello interval for babel
It takes between 3 times and 4 times the hello interval for babel
to re-establish connection with a node for which the direct
to re-establish connection with a node for which the direct
connection has been cut
connection has been cut
Default :
30
Default :
15
-w, --wireless
-w, --wireless
Consider all interfaces as being wireless interfaces. Argument
Consider all interfaces as being wireless interfaces. Argument
directly passed down to the babeld daemon
directly passed down to the babeld daemon
--proto p [p']
--pp port proto
Protocol used by the openvpn server(s). Start one openvpn server
Port and protocol used by the openvpn server(s). Start one openvpn
for each protocl specified.
server for each couple port/protocol specified.
p (and p') should be either udp or tcp-server
Additionally, if no external configuration is given in the command
Default : udp
line, vifibnet will attempt to forward a port with upnp for each
couple port/proto given.
Protocols should be either udp or tcp-server.
Default : (1194, udp)
--tunnel-refresh duration
--tunnel-refresh duration
Interval in seconds between two tunnel refresh. Refreshing tunnels
Interval in seconds between two tunnel refresh. Refreshing tunnels
...
@@ -203,3 +209,5 @@ OPTIONS : VIFIBNET.PY
...
@@ -203,3 +209,5 @@ OPTIONS : VIFIBNET.PY
The file should contain one option per line, possibly ommitting
The file should contain one option per line, possibly ommitting
the '--'. Only long option are allowed (i.e "v 3" will not work
the '--'. Only long option are allowed (i.e "v 3" will not work
while "verbose 3" will)
while "verbose 3" will)
You can give a file ( with the @ prefix ) as an argument within a
file
TODO
View file @
c86a9ae4
To be done :
To be done :
The address of the client is declared while it should only be the address
of the server
Upgrade the logging function in order to be able to log message like
"Refreshing peers DB ... done", or add log messages to specify that an
action advertised by a previous log message has been completed
use the server as a bootstrap node -> switch peer discovery to be done
use the server as a bootstrap node -> switch peer discovery to be done
by vifibnet directly ?
by vifibnet directly ?
...
@@ -14,16 +7,18 @@ To be done :
...
@@ -14,16 +7,18 @@ To be done :
|-> number of routes / tunnel
|-> number of routes / tunnel
|-> favorise most used roads ?
|-> favorise most used roads ?
Replace comments at the beginning of functions with docstrings & give all
Write docstrings for all class/methods/functions
fn docstrings
Use a timeout for the server peersDB so we can flag unreachable peers and
To be discussed:
remove the peers whose certificate is no longer valid
G : There is a blacklist system now ( blacklisted prefixes are deleted from
the peers database ). Since all nodes whose packets are routed through
the local network are blacklisted, I think we should reset the blacklist
from time to time....
Handle LAN internally in order not to have catastrophic results ....
U : The address of the client is declared while it should only be the address
( avahi could be used )
of the server
G : ??
To be discussed:
U : Babel seems to be very long to establish the routes : maybe we should
U : Babel seems to be very long to establish the routes : maybe we should
tell him thant we are not on a wired network but on a mobile network ?
tell him thant we are not on a wired network but on a mobile network ?
G : babel establish routes quickly enough i'd say. There are two new
G : babel establish routes quickly enough i'd say. There are two new
...
@@ -51,3 +46,4 @@ To be discussed:
...
@@ -51,3 +46,4 @@ To be discussed:
reestablish connection, if a direct link is cut
reestablish connection, if a direct link is cut
U : So we have to reduce the hello interval. 2min to detect a dead link is
U : So we have to reduce the hello interval. 2min to detect a dead link is
far too much.
far too much.
G : k
db.py
View file @
c86a9ae4
...
@@ -35,8 +35,12 @@ class PeerManager:
...
@@ -35,8 +35,12 @@ class PeerManager:
self
.
next_refresh
=
time
.
time
()
self
.
next_refresh
=
time
.
time
()
def
reset_blacklist
(
self
):
self
.
_blacklist
=
[(
self
.
_prefix
)]
def
blacklist
(
self
,
prefix
):
def
blacklist
(
self
,
prefix
):
utils
.
log
(
'Blacklisting %s'
%
(
prefix
,),
4
)
utils
.
log
(
'Blacklisting %s'
%
(
prefix
,),
4
)
self
.
_db
.
execute
(
"DELETE FROM peers WHERE prefix = ?"
,
(
prefix
,))
self
.
_blacklist
=
list
(
set
(
self
.
_blacklist
+
[(
prefix
,)]))
self
.
_blacklist
=
list
(
set
(
self
.
_blacklist
+
[(
prefix
,)]))
def
refresh
(
self
):
def
refresh
(
self
):
...
...
vifibnet.py
View file @
c86a9ae4
...
@@ -54,7 +54,7 @@ def getConfig():
...
@@ -54,7 +54,7 @@ def getConfig():
help
=
"VPN port of the discovery peer server"
)
help
=
"VPN port of the discovery peer server"
)
# Routing algorithm options
# Routing algorithm options
_
(
'--hello'
,
type
=
int
,
default
=
30
,
_
(
'--hello'
,
type
=
int
,
default
=
15
,
help
=
'Hello interval for babel, in seconds'
)
help
=
'Hello interval for babel, in seconds'
)
_
(
'-w'
,
'--wireless'
,
action
=
'store_true'
,
_
(
'-w'
,
'--wireless'
,
action
=
'store_true'
,
help
=
'''Set all interfaces to be treated as wireless interfaces
help
=
'''Set all interfaces to be treated as wireless interfaces
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment