initial config changes for config services for openvpn
This commit is contained in:
		
							parent
							
								
									3b0a8ebc37
								
							
						
					
					
						commit
						461a27989c
					
				
					 3 changed files with 66 additions and 13 deletions
				
			
		|  | @ -1,6 +1,10 @@ | |||
| from typing import Any, Dict | ||||
| 
 | ||||
| import netaddr | ||||
| 
 | ||||
| from core.config import Configuration | ||||
| from core.configservice.base import ConfigService, ConfigServiceMode | ||||
| from core.emulator.enumerations import ConfigDataTypes | ||||
| 
 | ||||
| GROUP_NAME = "Security" | ||||
| 
 | ||||
|  | @ -16,11 +20,30 @@ class VpnClient(ConfigService): | |||
|     validate = ["pidof openvpn"] | ||||
|     shutdown = ["killall openvpn"] | ||||
|     validation_mode = ConfigServiceMode.BLOCKING | ||||
|     default_configs = [] | ||||
|     default_configs = [ | ||||
|         Configuration( | ||||
|             _id="keydir", | ||||
|             _type=ConfigDataTypes.STRING, | ||||
|             label="Key Dir", | ||||
|             default="/etc/core/keys", | ||||
|         ), | ||||
|         Configuration( | ||||
|             _id="keyname", | ||||
|             _type=ConfigDataTypes.STRING, | ||||
|             label="Key Name", | ||||
|             default="client1", | ||||
|         ), | ||||
|         Configuration( | ||||
|             _id="server", | ||||
|             _type=ConfigDataTypes.STRING, | ||||
|             label="Server", | ||||
|             default="10.0.2.10", | ||||
|         ), | ||||
|     ] | ||||
|     modes = {} | ||||
| 
 | ||||
| 
 | ||||
| class VPNServer(ConfigService): | ||||
| class VpnServer(ConfigService): | ||||
|     name = "VPNServer" | ||||
|     group = GROUP_NAME | ||||
|     directories = [] | ||||
|  | @ -31,9 +54,39 @@ class VPNServer(ConfigService): | |||
|     validate = ["pidof openvpn"] | ||||
|     shutdown = ["killall openvpn"] | ||||
|     validation_mode = ConfigServiceMode.BLOCKING | ||||
|     default_configs = [] | ||||
|     default_configs = [ | ||||
|         Configuration( | ||||
|             _id="keydir", | ||||
|             _type=ConfigDataTypes.STRING, | ||||
|             label="Key Dir", | ||||
|             default="/etc/core/keys", | ||||
|         ), | ||||
|         Configuration( | ||||
|             _id="keyname", | ||||
|             _type=ConfigDataTypes.STRING, | ||||
|             label="Key Name", | ||||
|             default="server", | ||||
|         ), | ||||
|         Configuration( | ||||
|             _id="subnet", | ||||
|             _type=ConfigDataTypes.STRING, | ||||
|             label="Subnet", | ||||
|             default="10.0.200.0", | ||||
|         ), | ||||
|     ] | ||||
|     modes = {} | ||||
| 
 | ||||
|     def data(self) -> Dict[str, Any]: | ||||
|         address = None | ||||
|         for ifc in self.node.netifs(): | ||||
|             if getattr(ifc, "control", False): | ||||
|                 continue | ||||
|             for x in ifc.addrlist: | ||||
|                 addr = x.split("/")[0] | ||||
|                 if netaddr.valid_ipv4(addr): | ||||
|                     address = addr | ||||
|         return dict(address=address) | ||||
| 
 | ||||
| 
 | ||||
| class IPsec(ConfigService): | ||||
|     name = "IPsec" | ||||
|  |  | |||
|  | @ -4,16 +4,16 @@ | |||
| # OpenVPN software and a virtual TUN/TAP device. | ||||
| 
 | ||||
| # directory containing the certificate and key described below | ||||
| keydir=/etc/core/keys | ||||
| keydir=${config["keydir"]} | ||||
| 
 | ||||
| # the name used for a "$keyname.crt" certificate and "$keyname.key" private key. | ||||
| keyname=client1 | ||||
| keyname=${config["keyname"]} | ||||
| 
 | ||||
| # the public IP address of the VPN server this client should connect with | ||||
| vpnserver="10.0.2.10" | ||||
| vpnserver=${config["server"]} | ||||
| 
 | ||||
| # optional next hop for adding a static route to reach the VPN server | ||||
| nexthop="10.0.1.1" | ||||
| #nexthop="10.0.1.1" | ||||
| 
 | ||||
| # --------- END CUSTOMIZATION -------- | ||||
| 
 | ||||
|  |  | |||
|  | @ -7,29 +7,29 @@ | |||
| 
 | ||||
| # directory containing the certificate and key described below, in addition to | ||||
| # a CA certificate and DH key | ||||
| keydir=/etc/core/keys | ||||
| keydir=${config["keydir"]} | ||||
| 
 | ||||
| # the name used for a "$keyname.crt" certificate and "$keyname.key" private key. | ||||
| keyname=server2 | ||||
| keyname=${config["keyname"]} | ||||
| 
 | ||||
| # the VPN subnet address from which the client VPN IP (for the TUN/TAP) | ||||
| # will be allocated | ||||
| vpnsubnet=10.0.200.0 | ||||
| vpnsubnet=${config["subnet"]} | ||||
| 
 | ||||
| # public IP address of this vpn server (same as VPNClient vpnserver= setting) | ||||
| vpnserver=10.0.2.10 | ||||
| vpnserver=${address} | ||||
| 
 | ||||
| # optional list of private subnets reachable behind this VPN server | ||||
| # each subnet and next hop is separated by a space | ||||
| # "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..." | ||||
| privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1" | ||||
| #privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1" | ||||
| 
 | ||||
| # optional list of VPN clients, for statically assigning IP addresses to | ||||
| # clients; also, an optional client subnet can be specified for adding static | ||||
| # routes via the client | ||||
| # Note: VPN addresses x.x.x.0-3 are reserved | ||||
| # "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..." | ||||
| vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,," | ||||
| #vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,," | ||||
| 
 | ||||
| # NOTE: you may need to enable the StaticRoutes service on nodes within the | ||||
| # private subnet, in order to have routes back to the client. | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue