- 27 Jun, 2019 1 commit
-
-
Killian Lufau authored
The purpose is to check that HMAC prevents routes from being exchanged between the 2 networks. This happened when 2 nodes of 2 different re6st networks are in the same LAN, and it caused many issues. /reviewed-on nexedi/re6stnet!15
-
- 26 Jun, 2019 1 commit
-
-
Julien Muchembled authored
This reverts commit 24fea8cd. The client up hook is required when IPv4 is not enabled.
-
- 19 Jun, 2019 1 commit
-
-
Killian Lufau authored
HMAC is added in babel call to prevent babel communication between nodes of different re6st networks. This solves the problem of machines in different re6st networks but on the same LAN that exchange routes through babel. The key used to authenticate packets is randomly created on 16 bytes by the registry and sent to nodes when they fetch network parameters. This uses the WIP hmac branch of jech/babeld with Nexedi patches and the added possibility to not check HMAC in incoming packets for better HMAC integration on a HMAC-less network. /reviewed-on nexedi/re6stnet!18
-
- 18 Jun, 2019 1 commit
-
-
Killian Lufau authored
The received network parameter name can have a ':json' suffix that is not present in the class attribute of this parameter. This suffix was not removed and could cause attribute deletion to fail. /reviewed-on nexedi/re6stnet!20
-
- 12 Jun, 2019 1 commit
-
-
Julien Muchembled authored
In commit d7a4d73f, this was done only for the init.d script.
-
- 04 Jun, 2019 1 commit
-
-
Julien Muchembled authored
-
- 15 May, 2019 2 commits
-
-
Killian Lufau authored
/reviewed-on nexedi/re6stnet!11
-
Killian Lufau authored
argparse is error-prone in that `action='append'` starts from (a copy of) the given default when it adds values from command-line, rather than restarting from an empty list. For example, simply passing `--disable-proto udp` resulted in ['udp', 'udp6', 'udp'], which caused 'udp6' to remain disabled. /reviewed-on nexedi/re6stnet!17
-
- 09 May, 2019 1 commit
-
-
Killian Lufau authored
In commit 06974788, we increased the --link-mtu value as a temporary way to compensate the unexplained behaviour change of recent OpenVPN. This was partly due to encryption, which was enabled despite `--cipher none`. And it happens that the behaviour of --link-mtu only changed for the server, with a mysterious difference of 93 bytes. Hence the workaround to get identical tunnel MTU on both sides. /reviewed-on nexedi/re6stnet!13
-
- 06 May, 2019 1 commit
-
-
Killian Lufau authored
The fix to mark an interface as "up" and indicate its MTU was useful for machines with a single client, because OpenVPN would fail to configure them this way in OpenVPN 2.3. It has been fixed in 2.4 so the fix has been removed. /reviewed-on nexedi/re6stnet!14
-
- 03 May, 2019 1 commit
-
-
Killian Lufau authored
Passing `--cipher none` to OpenVPN is not enough anymore because clients and servers can still negotiate the algorithm to use for encryption (by default not empty). We pass the option `--ncp-disable` to disable cipher negotiation. /reviewed-on nexedi/re6stnet!12
-
- 29 Apr, 2019 1 commit
-
-
Killian Lufau authored
The behaviour of --link-mtu has changed and we increase the values to at least have interface MTU greater than IPv6 minimum. We'll see later to have even greater values in ovpn_link_mtu_dict (so that the resulting MTU is closer to what we had with 2.3) or review the whole MTU part completely.
-
- 10 Apr, 2019 1 commit
-
-
Killian Lufau authored
The main goal of this is to check if we should keep supporting older distributions. /reviewed-on nexedi/re6stnet!9
-
- 12 Mar, 2019 1 commit
-
-
Killian Lufau authored
See "./demo --help" for more information. /reviewed-on nexedi/re6stnet!8
-
- 21 Feb, 2019 1 commit
-
-
Killian Lufau authored
/reviewed-on nexedi/re6stnet!7
-
- 05 Feb, 2019 1 commit
-
-
Thomas Gambier authored
-
- 14 Dec, 2018 1 commit
-
-
Jérome Perrin authored
prevent this kind of errors when running openssl fail: ``` 10-12-2018 19:04:02 ERROR AttributeError: 'NoneType' object has no attribute 'splitlines' Traceback (most recent call last): File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/cli/node.py", line 428, in main s(*args) File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/utils.py", line 191, in select R[r]() File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/tunnel.py", line 399, in handlePeerEvent True, crypto.FILETYPE_ASN1) File "/opt/re6st/eggs/re6stnet-0.513-py2.7.egg/re6st/x509.py", line 136, in loadVerify for x in err.splitlines(): ``` /reviewed-on nexedi/re6stnet!6
-
- 17 Oct, 2018 2 commits
-
-
Julien Muchembled authored
-
Julien Muchembled authored
-
- 02 Oct, 2018 1 commit
-
-
Julien Muchembled authored
-
- 25 Sep, 2018 2 commits
-
-
Julien Muchembled authored
-
Julien Muchembled authored
-
- 30 Aug, 2018 3 commits
-
-
Julien Muchembled authored
-
Julien Muchembled authored
Ideally, babeld should not keep running when it can't set such routes. Currently, it only outputs an error message in its log.
-
Julien Muchembled authored
In SQLite, a string that only contains '0' chars evaluates to False.
-
- 09 Aug, 2018 1 commit
-
-
Julien Muchembled authored
-
- 07 Aug, 2018 1 commit
-
-
Julien Muchembled authored
We currently have issues with OpenVPN hook scripts that aren't always killed at exit. Such orphan processes prevent re6st from starting again (EADDRINUSE). We want to know if it's an OpenVPN that does not exit cleanly on TERM, or if it sometimes does not exit at all after 5s (then re6st sends a KILL signal and at that point we should indeed make sure that any subprocess is also KILLed).
-
- 01 Aug, 2018 3 commits
-
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
gaierror: [Errno -2] Name or service not known Traceback (most recent call last): File "re6st/cli/node.py", line 271, in main remote_gateway, config.disable_proto, config.neighbour) File "re6st/tunnel.py", line 663, in __init__ cache, cert, address) File "re6st/tunnel.py", line 236, in __init__ self._updateCountry(address) File "re6st/tunnel.py", line 643, in _updateCountry family, ip = resolve(*address) File "re6st/tunnel.py", line 30, in resolve for x in socket.getaddrinfo(ip, port, family, 0, proto)) where ip is '-a'
-
- 03 Jul, 2018 1 commit
-
-
Julien Muchembled authored
-
- 02 Jul, 2018 3 commits
-
-
Julien Muchembled authored
-
Julien Muchembled authored
-
Julien Muchembled authored
-
- 29 Jun, 2018 1 commit
-
-
Julien Muchembled authored
-
- 26 Jun, 2018 1 commit
-
-
Arnaud Fontaine authored
/reviewed-on nexedi/re6stnet!4
-
- 01 Jun, 2018 1 commit
-
-
Kazuhiko Shiozaki authored
error: [Errno 21] Is a directory: 're6st/cli'
-
- 15 Mar, 2018 1 commit
-
-
Arnaud Fontaine authored
/reviewed-on nexedi/re6stnet!3
-
- 13 Mar, 2018 1 commit
-
-
Julien Muchembled authored
-
- 12 Mar, 2018 1 commit
-
-
Arnaud Fontaine authored
Also, add iptables/ip6tables example configuration.
-