afonso/core-extra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

initial config changes for config services for openvpn

Browse source
This commit is contained in:
Blake Harnden 2020-02-04 17:28:58 -08:00
parent 3b0a8ebc37
commit 461a27989c
3 changed files with 66 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
daemon/core/configservices/sercurityservices/services.py
View file

@ -1,6 +1,10 @@
from typing import Any, Dict from typing import Any, Dict
import netaddr
from core.config import Configuration
from core.configservice.base import ConfigService, ConfigServiceMode from core.configservice.base import ConfigService, ConfigServiceMode
from core.emulator.enumerations import ConfigDataTypes
GROUP_NAME = "Security" GROUP_NAME = "Security"
@ -16,11 +20,30 @@ class VpnClient(ConfigService):
validate = ["pidof openvpn"] validate = ["pidof openvpn"]
shutdown = ["killall openvpn"] shutdown = ["killall openvpn"]
validation_mode = ConfigServiceMode.BLOCKING validation_mode = ConfigServiceMode.BLOCKING
default_configs = [] default_configs = [
Configuration(
_id="keydir",
_type=ConfigDataTypes.STRING,
label="Key Dir",
default="/etc/core/keys",
),
Configuration(
_id="keyname",
_type=ConfigDataTypes.STRING,
label="Key Name",
default="client1",
),
Configuration(
_id="server",
_type=ConfigDataTypes.STRING,
label="Server",
default="10.0.2.10",
),
]
modes = {} modes = {}
class VPNServer(ConfigService): class VpnServer(ConfigService):
name = "VPNServer" name = "VPNServer"
group = GROUP_NAME group = GROUP_NAME
directories = [] directories = []
@ -31,9 +54,39 @@ class VPNServer(ConfigService):
validate = ["pidof openvpn"] validate = ["pidof openvpn"]
shutdown = ["killall openvpn"] shutdown = ["killall openvpn"]
validation_mode = ConfigServiceMode.BLOCKING validation_mode = ConfigServiceMode.BLOCKING
default_configs = [] default_configs = [
Configuration(
_id="keydir",
_type=ConfigDataTypes.STRING,
label="Key Dir",
default="/etc/core/keys",
),
Configuration(
_id="keyname",
_type=ConfigDataTypes.STRING,
label="Key Name",
default="server",
),
Configuration(
_id="subnet",
_type=ConfigDataTypes.STRING,
label="Subnet",
default="10.0.200.0",
),
]
modes = {} modes = {}
def data(self) -> Dict[str, Any]:
address = None
for ifc in self.node.netifs():
if getattr(ifc, "control", False):
continue
for x in ifc.addrlist:
addr = x.split("/")[0]
if netaddr.valid_ipv4(addr):
address = addr
return dict(address=address)
class IPsec(ConfigService): class IPsec(ConfigService):
name = "IPsec" name = "IPsec"

8
daemon/core/configservices/sercurityservices/templates/vpnclient.sh
View file

@ -4,16 +4,16 @@
# OpenVPN software and a virtual TUN/TAP device. # OpenVPN software and a virtual TUN/TAP device.
# directory containing the certificate and key described below # directory containing the certificate and key described below
keydir=/etc/core/keys keydir=${config["keydir"]}
# the name used for a "$keyname.crt" certificate and "$keyname.key" private key. # the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
keyname=client1 keyname=${config["keyname"]}
# the public IP address of the VPN server this client should connect with # the public IP address of the VPN server this client should connect with
vpnserver="10.0.2.10" vpnserver=${config["server"]}
# optional next hop for adding a static route to reach the VPN server # optional next hop for adding a static route to reach the VPN server
nexthop="10.0.1.1" #nexthop="10.0.1.1"
# --------- END CUSTOMIZATION -------- # --------- END CUSTOMIZATION --------

12
daemon/core/configservices/sercurityservices/templates/vpnserver.sh
View file

@ -7,29 +7,29 @@
# directory containing the certificate and key described below, in addition to # directory containing the certificate and key described below, in addition to
# a CA certificate and DH key # a CA certificate and DH key
keydir=/etc/core/keys keydir=${config["keydir"]}
# the name used for a "$keyname.crt" certificate and "$keyname.key" private key. # the name used for a "$keyname.crt" certificate and "$keyname.key" private key.
keyname=server2 keyname=${config["keyname"]}
# the VPN subnet address from which the client VPN IP (for the TUN/TAP) # the VPN subnet address from which the client VPN IP (for the TUN/TAP)
# will be allocated # will be allocated
vpnsubnet=10.0.200.0 vpnsubnet=${config["subnet"]}
# public IP address of this vpn server (same as VPNClient vpnserver= setting) # public IP address of this vpn server (same as VPNClient vpnserver= setting)
vpnserver=10.0.2.10 vpnserver=${address}
# optional list of private subnets reachable behind this VPN server # optional list of private subnets reachable behind this VPN server
# each subnet and next hop is separated by a space # each subnet and next hop is separated by a space
# "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..." # "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..."
privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1" #privatenets="10.0.11.0,10.0.10.1 10.0.12.0,10.0.10.1"
# optional list of VPN clients, for statically assigning IP addresses to # optional list of VPN clients, for statically assigning IP addresses to
# clients; also, an optional client subnet can be specified for adding static # clients; also, an optional client subnet can be specified for adding static
# routes via the client # routes via the client
# Note: VPN addresses x.x.x.0-3 are reserved # Note: VPN addresses x.x.x.0-3 are reserved
# "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..." # "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..."
vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,," #vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,,"
# NOTE: you may need to enable the StaticRoutes service on nodes within the # NOTE: you may need to enable the StaticRoutes service on nodes within the
# private subnet, in order to have routes back to the client. # private subnet, in order to have routes back to the client.