afonso/core-extra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

initial import (Boeing r1752, NRL r878)

Browse source
This commit is contained in:
ahrenholz 2013-08-29 14:21:13 +00:00
commit f8f46d28be
394 changed files with 99738 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
gui/configs/sample1-bg.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 312 KiB

510
gui/configs/sample1.imn Normal file
View file

@ -0,0 +1,510 @@
node n1 {
type router
model router
network-config {
hostname n1
!
interface eth1
ip address 10.0.5.1/24
ipv6 address a:5::1/64
!
interface eth0
ip address 10.0.3.2/24
ipv6 address a:3::2/64
!
}
canvas c1
iconcoords {384.0 456.0}
labelcoords {384.0 484.0}
interface-peer {eth0 n2}
interface-peer {eth1 n15}
}
node n2 {
type router
model router
network-config {
hostname n2
!
interface eth2
ip address 10.0.4.1/24
ipv6 address a:4::1/64
!
interface eth1
ip address 10.0.3.1/24
ipv6 address a:3::1/64
!
interface eth0
ip address 10.0.2.2/24
ipv6 address a:2::2/64
!
}
canvas c1
iconcoords {264.0 432.0}
labelcoords {264.0 460.0}
interface-peer {eth0 n3}
interface-peer {eth1 n1}
interface-peer {eth2 n15}
}
node n3 {
type router
model router
network-config {
hostname n3
!
interface eth1
ip address 10.0.2.1/24
ipv6 address a:2::1/64
!
interface eth0
ip address 10.0.1.1/24
ipv6 address a:1::1/64
!
}
canvas c1
iconcoords {120.0 360.0}
labelcoords {120.0 388.0}
interface-peer {eth0 n4}
interface-peer {eth1 n2}
}
node n4 {
type lanswitch
network-config {
hostname n4
!
}
canvas c1
iconcoords {192.0 252.0}
labelcoords {192.0 280.0}
interface-peer {e0 n3}
interface-peer {e1 n11}
interface-peer {e2 n12}
interface-peer {e3 n13}
interface-peer {e4 n14}
}
node n5 {
type router
model mdr
network-config {
hostname n5
!
interface eth0
ipv6 address a:0::3/128
ip address 10.0.0.5/32
!
interface eth1
ip address 10.0.6.2/24
ipv6 address a:6::2/64
!
}
canvas c1
iconcoords {540.0 348.0}
labelcoords {540.0 376.0}
interface-peer {eth0 n10}
interface-peer {eth1 n15}
services {zebra OSPFv2 OSPFv3MDR vtysh IPForward}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
files=('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh', )
}
}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth0
ip address 10.0.0.5/32
ipv6 address a::3/128
ipv6 ospf6 instance-id 65
ipv6 ospf6 hello-interval 2
ipv6 ospf6 dead-interval 6
ipv6 ospf6 retransmit-interval 5
ipv6 ospf6 network manet-designated-router
ipv6 ospf6 diffhellos
ipv6 ospf6 adjacencyconnectivity uniconnected
ipv6 ospf6 lsafullness mincostlsa
!
interface eth1
ip address 10.0.6.2/24
!ip ospf hello-interval 2
!ip ospf dead-interval 6
!ip ospf retransmit-interval 5
!ip ospf network point-to-point
ipv6 address a:6::2/64
!
router ospf
router-id 10.0.0.5
network 10.0.0.5/32 area 0
network 10.0.6.0/24 area 0
redistribute connected metric-type 1
redistribute ospf6 metric-type 1
!
router ospf6
router-id 10.0.0.5
interface eth0 area 0.0.0.0
redistribute connected
redistribute ospf
!
}
}
}
node n6 {
type router
model mdr
network-config {
hostname n6
!
interface eth0
ip address 10.0.0.6/32
ipv6 address a:0::6/128
!
}
canvas c1
iconcoords {780.0 228.0}
labelcoords {780.0 252.0}
interface-peer {eth0 n10}
}
node n7 {
type router
model mdr
network-config {
hostname n7
!
interface eth0
ip address 10.0.0.7/32
ipv6 address a:0::7/128
!
}
canvas c1
iconcoords {816.0 348.0}
labelcoords {816.0 372.0}
interface-peer {eth0 n10}
}
node n8 {
type router
model mdr
network-config {
hostname n8
!
interface eth0
ip address 10.0.0.8/32
ipv6 address a:0::8/128
!
}
canvas c1
iconcoords {672.0 420.0}
labelcoords {672.0 444.0}
interface-peer {eth0 n10}
}
node n9 {
type router
model mdr
network-config {
hostname n9
!
interface eth0
ip address 10.0.0.9/32
ipv6 address a:0::9/128
!
}
canvas c1
iconcoords {672.0 96.0}
labelcoords {672.0 120.0}
interface-peer {eth0 n10}
}
node n10 {
type wlan
network-config {
hostname wlan10
!
interface wireless
ip address 10.0.0.0/32
ipv6 address a:0::0/128
!
mobmodel
coreapi
basic_range
ns2script
!
}
canvas c1
iconcoords {852.0 564.0}
labelcoords {852.0 596.0}
interface-peer {e0 n8}
interface-peer {e1 n7}
interface-peer {e2 n5}
interface-peer {e3 n6}
interface-peer {e4 n9}
custom-config {
custom-config-id basic_range
custom-command {3 3 9 9 9}
config {
range=240
bandwidth=54000000
jitter=0
delay=50000
error=0
}
}
custom-config {
custom-config-id ns2script
custom-command {10 3 11 10 10}
config {
file=sample1.scen
refresh_ms=50
loop=1
autostart=5
map=
}
}
}
node n11 {
type router
model PC
network-config {
hostname n11
!
interface eth0
ip address 10.0.1.20/24
ipv6 address a:1::20/64
!
}
canvas c1
iconcoords {192.0 156.0}
labelcoords {192.0 188.0}
interface-peer {eth0 n4}
}
node n12 {
type router
model PC
network-config {
hostname n12
!
interface eth0
ip address 10.0.1.21/24
ipv6 address a:1::21/64
!
}
canvas c1
iconcoords {264.0 156.0}
labelcoords {264.0 188.0}
interface-peer {eth0 n4}
}
node n13 {
type router
model PC
network-config {
hostname n13
!
interface eth0
ip address 10.0.1.22/24
ipv6 address a:1::22/64
!
}
canvas c1
iconcoords {336.0 156.0}
labelcoords {336.0 188.0}
interface-peer {eth0 n4}
}
node n14 {
type router
model host
network-config {
hostname n14
!
interface eth0
ip address 10.0.1.10/24
ipv6 address a:1::10/64
!
}
canvas c1
iconcoords {348.0 228.0}
labelcoords {348.0 260.0}
interface-peer {eth0 n4}
}
node n15 {
type router
model router
network-config {
hostname n15
!
interface eth2
ip address 10.0.6.1/24
ipv6 address a:6::1/64
!
interface eth1
ip address 10.0.5.2/24
ipv6 address a:5::2/64
!
interface eth0
ip address 10.0.4.2/24
ipv6 address a:4::2/64
!
}
canvas c1
iconcoords {384.0 312.0}
labelcoords {384.0 340.0}
interface-peer {eth0 n2}
interface-peer {eth1 n1}
interface-peer {eth2 n5}
}
link l1 {
nodes {n10 n8}
bandwidth 11000000
delay 25000
}
link l0 {
nodes {n10 n7}
bandwidth 11000000
delay 25000
}
link l2 {
nodes {n10 n5}
bandwidth 11000000
delay 25000
}
link l3 {
nodes {n10 n6}
bandwidth 11000000
delay 25000
}
link l4 {
nodes {n10 n9}
bandwidth 11000000
delay 25000
}
link l5 {
nodes {n3 n4}
bandwidth 100000000
}
link l6 {
delay 25000
nodes {n3 n2}
bandwidth 100000000
}
link l7 {
nodes {n2 n1}
bandwidth 100000000
}
link l8 {
delay 50000
nodes {n2 n15}
bandwidth 100000000
}
link l9 {
nodes {n1 n15}
bandwidth 100000000
}
link l10 {
nodes {n15 n5}
bandwidth 100000000
}
link l11 {
nodes {n4 n11}
bandwidth 100000000
}
link l12 {
nodes {n4 n12}
bandwidth 100000000
}
link l13 {
nodes {n4 n13}
bandwidth 100000000
}
link l14 {
nodes {n4 n14}
bandwidth 100000000
}
annotation a0 {
iconcoords {612.0 492.0}
type text
label {wireless network}
labelcolor black
fontfamily {Arial}
fontsize {12}
effects {bold}
canvas c1
}
annotation a1 {
iconcoords {142.0 112.0 393.0 291.0}
type rectangle
label {}
labelcolor black
fontfamily {Arial}
fontsize {12}
color #ebebde
width 1
border #ffffff
rad 25
canvas c1
}
annotation a2 {
iconcoords {492.0 384.0}
type text
label {gateway}
labelcolor black
fontfamily {Arial}
fontsize {12}
effects {bold}
canvas c1
}
canvas c1 {
name {Canvas1}
wallpaper-style {upperleft}
wallpaper {sample1-bg.gif}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses no
node_labels yes
link_labels yes
ipsec_configs yes
exec_errors no
show_api no
background_images no
annotations yes
grid no
traffic_start 0
}
option session {
}

28
gui/configs/sample1.scen Normal file
View file

@ -0,0 +1,28 @@
#
# nodes: 4, max time: 27.000000, max x: 600.00, max y: 600.00
# nominal range: 300.00 link bw: 54000000.00
# pause: 30.00, min speed 1.50 max speed: 4.50
$node_(6) set X_ 780.0
$node_(6) set Y_ 228.0
$node_(6) set Z_ 0.00
$node_(7) set X_ 816.0
$node_(7) set Y_ 348.0
$node_(7) set Z_ 0.00
$node_(8) set X_ 672.0
$node_(8) set Y_ 420.0
$node_(8) set Z_ 0.00
$node_(9) set X_ 672.0
$node_(9) set Y_ 96.0
$node_(9) set Z_ 0.00
$ns_ at 1.00 "$node_(6) setdest 500.0 178.0 25.0"
$ns_ at 2.00 "$node_(7) setdest 400.0 288.0 15.0"
$ns_ at 1.00 "$node_(8) setdest 590.0 520.0 17.0"
$ns_ at 3.00 "$node_(9) setdest 720.0 300.0 20.0"
$ns_ at 8.00 "$node_(7) setdest 600.0 350.0 10.0"
$ns_ at 9.00 "$node_(8) setdest 730.0 300.0 15.0"
$ns_ at 10.00 "$node_(6) setdest 600.0 108.0 10.0"
$ns_ at 16.00 "$node_(9) setdest 672.0 96.0 20.0"
$ns_ at 17.00 "$node_(7) setdest 816.0 348.0 20.0"
$ns_ at 18.00 "$node_(6) setdest 780.0 228.0 25.0"
$ns_ at 22.00 "$node_(8) setdest 672.0 420.0 20.0"

848
gui/configs/sample10-kitchen-sink.imn Normal file
View file

@ -0,0 +1,848 @@
comments {
Kitchen Sink
============
Contains every type of node available in CORE, except for the Xen and physical (prouter)
machine types, and nodes distributed on other emulation servers.
To get the RJ45 node to work, a test0 interface should first be created like this:
sudo ip link add name test0 type veth peer name test0.1
wlan15 uses the basic range model, while wlan24 uses EMANE 802.11
gateway nodes n11 and n20 are customized to redistribute routing between OSPFv2 and
OSPFv3 MDR (the MANET networks)
}
node n1 {
type router
model router
network-config {
hostname n1
!
interface eth2
ip address 10.0.11.2/24
ipv6 address 2001:11::2/64
!
interface eth1
ip address 10.0.3.1/24
ipv6 address 2001:3::1/64
!
interface eth0
ip address 10.0.2.1/24
ipv6 address 2001:2::1/64
!
}
canvas c1
iconcoords {288.0 264.0}
labelcoords {288.0 292.0}
interface-peer {eth0 n3}
interface-peer {eth1 n2}
interface-peer {eth2 n20}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
}
node n2 {
type router
model router
network-config {
hostname n2
!
interface eth2
ip address 10.0.5.2/24
ipv6 address 2001:5::2/64
!
interface eth1
ip address 10.0.3.2/24
ipv6 address 2001:3::2/64
!
interface eth0
ip address 10.0.0.1/24
ipv6 address 2001:0::1/64
!
}
canvas c1
iconcoords {576.0 264.0}
labelcoords {576.0 292.0}
interface-peer {eth0 n5}
interface-peer {eth1 n1}
interface-peer {eth2 n19}
}
node n3 {
type router
model router
network-config {
hostname n3
!
interface eth3
ip address 10.0.9.1/24
ipv6 address 2001:9::1/64
!
interface eth2
ip address 10.0.4.1/24
ipv6 address 2001:4::1/64
!
interface eth1
ip address 10.0.2.2/24
ipv6 address 2001:2::2/64
!
interface eth0
ip address 10.0.1.1/24
ipv6 address 2001:1::1/64
!
}
canvas c1
iconcoords {288.0 408.0}
labelcoords {288.0 436.0}
interface-peer {eth0 n4}
interface-peer {eth1 n1}
interface-peer {eth2 n19}
interface-peer {eth3 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
}
node n4 {
type hub
network-config {
hostname n4
!
}
canvas c1
iconcoords {216.0 528.0}
labelcoords {216.0 552.0}
interface-peer {e0 n3}
interface-peer {e1 n16}
interface-peer {e2 n17}
interface-peer {e3 n18}
}
node n5 {
type lanswitch
network-config {
hostname n5
!
}
canvas c1
iconcoords {672.0 264.0}
labelcoords {672.0 288.0}
interface-peer {e0 n2}
interface-peer {e1 n6}
interface-peer {e2 n7}
interface-peer {e3 n8}
interface-peer {e4 n25}
}
node n6 {
type router
model host
network-config {
hostname n6
!
interface eth0
ip address 10.0.0.10/24
ipv6 address 2001:0::10/64
!
}
canvas c1
iconcoords {792.0 216.0}
labelcoords {792.0 248.0}
interface-peer {eth0 n5}
}
node n7 {
type router
model host
network-config {
hostname n7
!
interface eth0
ip address 10.0.0.11/24
ipv6 address 2001:0::11/64
!
}
canvas c1
iconcoords {792.0 288.0}
labelcoords {792.0 320.0}
interface-peer {eth0 n5}
}
node n8 {
type router
model host
network-config {
hostname n8
!
interface eth0
ip address 10.0.0.12/24
ipv6 address 2001:0::12/64
!
}
canvas c1
iconcoords {792.0 360.0}
labelcoords {792.0 392.0}
interface-peer {eth0 n5}
}
node n9 {
type rj45
network-config {
hostname test0
!
}
canvas c1
iconcoords {576.0 528.0}
labelcoords {576.0 556.0}
interface-peer {0 n19}
}
node n10 {
type tunnel
network-config {
hostname 10.250.0.91
!
interface e0
ip address 10.250.0.91/24
!
tunnel-type
UDP
!
tunnel-tap
off
!
tunnel-key
1
!
}
canvas c1
iconcoords {672.0 504.0}
labelcoords {672.0 536.0}
interface-peer {e0 n19}
}
node n11 {
type router
model mdr
network-config {
hostname n11
!
interface eth1
ip address 10.0.9.2/24
ipv6 address 2001:9::2/64
!
interface eth0
ip address 10.0.8.1/32
ipv6 address 2001:8::1/128
!
}
canvas c1
iconcoords {288.0 624.0}
labelcoords {288.0 656.0}
interface-peer {eth0 n15}
interface-peer {eth1 n3}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
files=('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh', '/usr/local/etc/quagga/vtysh.conf', )
}
}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth0
ip address 10.0.8.1/32
ipv6 address 2001:8::1/128
ipv6 ospf6 instance-id 65
ipv6 ospf6 hello-interval 2
ipv6 ospf6 dead-interval 6
ipv6 ospf6 retransmit-interval 5
ipv6 ospf6 network manet-designated-router
ipv6 ospf6 diffhellos
ipv6 ospf6 adjacencyconnectivity uniconnected
ipv6 ospf6 lsafullness mincostlsa
!
interface eth1
ip address 10.0.9.2/24
ipv6 address 2001:9::2/64
!
router ospf
router-id 10.0.8.1
network 10.0.8.1/32 area 0
network 10.0.9.0/24 area 0
redistribute connected metric-type 1
redistribute ospf6 metric-type 1
!
router ospf6
router-id 10.0.8.1
interface eth0 area 0.0.0.0
redistribute connected
redistribute ospf
!
}
}
services {zebra OSPFv2 OSPFv3MDR vtysh IPForward}
}
node n12 {
type router
model mdr
network-config {
hostname n12
!
interface eth0
ip address 10.0.8.2/32
ipv6 address 2001:8::2/128
!
}
canvas c1
iconcoords {504.0 792.0}
labelcoords {504.0 824.0}
interface-peer {eth0 n15}
}
node n13 {
type router
model mdr
network-config {
hostname n13
!
interface eth0
ip address 10.0.8.3/32
ipv6 address 2001:8::3/128
!
}
canvas c1
iconcoords {552.0 672.0}
labelcoords {552.0 704.0}
interface-peer {eth0 n15}
}
node n14 {
type router
model mdr
network-config {
hostname n14
!
interface eth0
ip address 10.0.8.4/32
ipv6 address 2001:8::4/128
!
}
canvas c1
iconcoords {720.0 792.0}
labelcoords {720.0 824.0}
interface-peer {eth0 n15}
}
node n15 {
type wlan
network-config {
hostname wlan15
!
interface wireless
ip address 10.0.8.0/32
ipv6 address 2001:8::0/128
!
mobmodel
coreapi
basic_range
!
}
custom-config {
custom-config-id basic_range
custom-command {3 3 9 9 9}
config {
range=275
bandwidth=54000000
jitter=0
delay=20000
error=0
}
}
canvas c1
iconcoords {120.0 768.0}
labelcoords {120.0 800.0}
interface-peer {e0 n11}
interface-peer {e1 n12}
interface-peer {e2 n13}
interface-peer {e3 n14}
}
node n16 {
type router
model PC
network-config {
hostname n16
!
interface eth0
ip address 10.0.1.20/24
ipv6 address 2001:1::20/64
!
}
canvas c1
iconcoords {96.0 456.0}
labelcoords {96.0 488.0}
interface-peer {eth0 n4}
}
node n17 {
type router
model PC
network-config {
hostname n17
!
interface eth0
ip address 10.0.1.21/24
ipv6 address 2001:1::21/64
!
}
canvas c1
iconcoords {96.0 600.0}
labelcoords {96.0 632.0}
interface-peer {eth0 n4}
}
node n18 {
type router
model PC
network-config {
hostname n18
!
interface eth0
ip address 10.0.1.22/24
ipv6 address 2001:1::22/64
!
}
canvas c1
iconcoords {96.0 528.0}
labelcoords {96.0 560.0}
interface-peer {eth0 n4}
}
node n19 {
type router
model router
network-config {
hostname n19
!
interface eth3
ip address 10.0.7.1/24
ipv6 address 2001:7::1/64
!
interface eth2
ip address 10.0.6.1/24
ipv6 address 2001:6::1/64
!
interface eth1
ip address 10.0.5.1/24
ipv6 address 2001:5::1/64
!
interface eth0
ip address 10.0.4.2/24
ipv6 address 2001:4::2/64
!
}
canvas c1
iconcoords {576.0 408.0}
labelcoords {576.0 436.0}
interface-peer {eth0 n3}
interface-peer {eth1 n2}
interface-peer {eth2 n9}
interface-peer {eth3 n10}
}
node n20 {
type router
model mdr
network-config {
hostname n20
!
interface eth1
ip address 10.0.11.1/24
ipv6 address 2001:11::1/64
!
interface eth0
ip address 10.0.10.1/32
ipv6 address 2001:10::1/128
!
}
canvas c1
iconcoords {288.0 168.0}
labelcoords {288.0 200.0}
interface-peer {eth0 n24}
interface-peer {eth1 n1}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
files=('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh', '/usr/local/etc/quagga/vtysh.conf', )
}
}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth0
ip address 10.0.10.1/32
ipv6 address 2001:10::1/128
ipv6 ospf6 instance-id 65
ipv6 ospf6 hello-interval 2
ipv6 ospf6 dead-interval 6
ipv6 ospf6 retransmit-interval 5
ipv6 ospf6 network manet-designated-router
ipv6 ospf6 diffhellos
ipv6 ospf6 adjacencyconnectivity uniconnected
ipv6 ospf6 lsafullness mincostlsa
!
interface eth1
ip address 10.0.11.1/24
ipv6 address 2001:11::1/64
!
router ospf
router-id 10.0.10.1
network 10.0.10.1/32 area 0
network 10.0.11.0/24 area 0
redistribute connected metric-type 1
redistribute ospf6 metric-type 1
!
router ospf6
router-id 10.0.10.1
interface eth0 area 0.0.0.0
redistribute connected
redistribute ospf
!
}
}
services {zebra OSPFv2 OSPFv3MDR vtysh IPForward}
}
node n21 {
type router
model mdr
network-config {
hostname n21
!
interface eth0
ip address 10.0.10.2/32
ipv6 address 2001:10::2/128
!
}
canvas c1
iconcoords {240.0 48.0}
labelcoords {240.0 80.0}
interface-peer {eth0 n24}
}
node n22 {
type router
model mdr
network-config {
hostname n22
!
interface eth0
ip address 10.0.10.3/32
ipv6 address 2001:10::3/128
!
}
canvas c1
iconcoords {504.0 48.0}
labelcoords {504.0 80.0}
interface-peer {eth0 n24}
}
node n23 {
type router
model mdr
network-config {
hostname n23
!
interface eth0
ip address 10.0.10.4/32
ipv6 address 2001:10::4/128
!
}
canvas c1
iconcoords {144.0 168.0}
labelcoords {144.0 200.0}
interface-peer {eth0 n24}
}
node n24 {
type wlan
network-config {
hostname wlan24
!
interface wireless
ip address 10.0.10.0/32
ipv6 address 2001:10::0/128
!
mobmodel
coreapi
emane_ieee80211abg
!
}
custom-config {
custom-config-id basic_range
custom-command {3 3 9 9 9}
config {
range=275
bandwidth=54000000
jitter=0
delay=20000
error=0
}
}
canvas c1
iconcoords {48.0 72.0}
labelcoords {48.0 104.0}
interface-peer {e0 n20}
interface-peer {e1 n21}
interface-peer {e2 n22}
interface-peer {e3 n23}
}
node n25 {
type lanswitch
network-config {
hostname n25
!
}
canvas c1
iconcoords {624.0 192.0}
labelcoords {624.0 216.0}
interface-peer {e0 n5}
interface-peer {e1 n26}
}
node n26 {
type router
model PC
network-config {
hostname n26
!
interface eth0
ip address 10.0.0.20/24
ipv6 address 2001:0::20/64
!
}
canvas c1
iconcoords {720.0 144.0}
labelcoords {720.0 176.0}
interface-peer {eth0 n25}
}
link l1 {
nodes {n2 n5}
bandwidth 0
}
link l2 {
delay 8000
nodes {n3 n4}
bandwidth 1024000
}
link l3 {
nodes {n1 n3}
bandwidth 0
}
link l4 {
nodes {n1 n2}
bandwidth 0
}
link l5 {
nodes {n5 n6}
bandwidth 0
}
link l6 {
nodes {n5 n7}
bandwidth 0
}
link l7 {
nodes {n5 n8}
bandwidth 0
}
link l8 {
nodes {n3 n19}
bandwidth 0
}
link l9 {
nodes {n19 n2}
bandwidth 0
}
link l10 {
nodes {n4 n16}
bandwidth 0
}
link l11 {
nodes {n4 n17}
bandwidth 0
}
link l12 {
nodes {n4 n18}
bandwidth 0
}
link l13 {
nodes {n19 n9}
}
link l14 {
nodes {n19 n10}
}
link l15 {
nodes {n15 n11}
}
link l16 {
nodes {n15 n12}
}
link l17 {
nodes {n15 n13}
}
link l18 {
nodes {n15 n14}
}
link l19 {
nodes {n3 n11}
bandwidth 0
}
link l20 {
nodes {n24 n20}
}
link l21 {
nodes {n24 n21}
}
link l22 {
nodes {n24 n22}
}
link l23 {
nodes {n24 n23}
}
link l24 {
nodes {n20 n1}
bandwidth 0
}
link l25 {
delay 5000
nodes {n25 n5}
bandwidth 0
}
link l26 {
nodes {n25 n26}
bandwidth 0
}
annotation a1 {
iconcoords {45.0 431.0 220.0 642.0}
type rectangle
label {}
labelcolor black
fontfamily {Arial}
fontsize {12}
color #e6f4f4
width 0
border black
rad 0
canvas c1
}
annotation a2 {
iconcoords {642 189 821 404}
type rectangle
label {}
labelcolor black
fontfamily {Arial}
fontsize {12}
color #e6f4f4
width 0
border black
rad 0
canvas c1
}
annotation a3 {
iconcoords {200 218 655 463}
type rectangle
label {}
labelcolor black
fontfamily {Arial}
fontsize {12}
color #f4f1f0
width 0
border black
rad 0
canvas c1
}
annotation a4 {
iconcoords {600.0 48.0}
type text
label {Kitchen Sink Scenario}
labelcolor black
fontfamily {FreeSans}
fontsize {16}
effects {bold}
canvas c1
}
annotation a5 {
iconcoords {648.0 72.0}
type text
label {see scenario comments}
labelcolor black
fontfamily {FreeSans}
fontsize {12}
canvas c1
}
canvas c1 {
name {Canvas1}
refpt {0 0 47.5791667 -122.132322 150}
scale {150.0}
size {1000 1000}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
ipsec_configs yes
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
traffic_start 0
}
option session {
enablesdt=1
}

248
gui/configs/sample2-ssh.imn Normal file
View file

@ -0,0 +1,248 @@
node n8 {
type router
model router
network-config {
hostname n8
!
interface eth3
ip address 10.0.6.2/24
ipv6 address a:6::2/64
!
interface eth2
ip address 10.0.3.1/24
ipv6 address a:3::1/64
!
interface eth1
ip address 10.0.1.1/24
ipv6 address a:1::1/64
!
interface eth0
ip address 10.0.0.1/24
ipv6 address a:0::1/64
!
}
canvas c1
iconcoords {264.0 168.0}
labelcoords {264.0 196.0}
interface-peer {eth0 n1}
interface-peer {eth1 n4}
interface-peer {eth2 n7}
interface-peer {eth3 n6}
}
node n1 {
type router
model router
network-config {
hostname n1
!
interface eth3
ip address 10.0.5.1/24
ipv6 address a:5::1/64
!
interface eth2
ip address 10.0.4.2/24
ipv6 address a:4::2/64
!
interface eth1
ip address 10.0.2.1/24
ipv6 address a:2::1/64
!
interface eth0
ip address 10.0.0.2/24
ipv6 address a:0::2/64
!
}
canvas c1
iconcoords {528.0 312.0}
labelcoords {528.0 340.0}
interface-peer {eth0 n8}
interface-peer {eth1 n5}
interface-peer {eth2 n7}
interface-peer {eth3 n6}
}
node n2 {
type router
model host
cpu {{min 0} {max 100} {weight 1}}
network-config {
hostname sshserver
!
interface eth0
ip address 10.0.2.10/24
ipv6 address a:2::10/64
!
}
canvas c1
iconcoords {732.0 84.0}
labelcoords {671.0 95.0}
interface-peer {eth0 n5}
}
node n3 {
type router
model PC
cpu {{min 0} {max 100} {weight 1}}
network-config {
hostname sshclient
!
interface eth0
ip address 10.0.1.20/24
ipv6 address a:1::20/64
!
}
canvas c1
iconcoords {72.0 252.0}
labelcoords {86.0 295.0}
interface-peer {eth0 n4}
}
node n4 {
type lanswitch
network-config {
hostname n4
!
}
canvas c1
iconcoords {120.0 120.0}
labelcoords {120.0 148.0}
interface-peer {e0 n3}
interface-peer {e1 n8}
}
node n5 {
type lanswitch
network-config {
hostname n5
!
}
canvas c1
iconcoords {708.0 204.0}
labelcoords {708.0 232.0}
interface-peer {e0 n1}
interface-peer {e1 n2}
}
node n6 {
type router
model router
network-config {
hostname n6
!
interface eth1
ip address 10.0.6.1/24
ipv6 address a:6::1/64
!
interface eth0
ip address 10.0.5.2/24
ipv6 address a:5::2/64
!
}
canvas c1
iconcoords {480.0 132.0}
labelcoords {480.0 160.0}
interface-peer {eth0 n1}
interface-peer {eth1 n8}
}
node n7 {
type router
model router
network-config {
hostname n7
!
interface eth1
ip address 10.0.4.1/24
ipv6 address a:4::1/64
!
interface eth0
ip address 10.0.3.2/24
ipv6 address a:3::2/64
!
}
canvas c1
iconcoords {312.0 348.0}
labelcoords {312.0 376.0}
interface-peer {eth0 n8}
interface-peer {eth1 n1}
}
link l0 {
nodes {n8 n1}
bandwidth 0
}
link l1 {
nodes {n4 n3}
bandwidth 0
}
link l2 {
nodes {n4 n8}
bandwidth 0
}
link l3 {
nodes {n1 n5}
bandwidth 0
}
link l4 {
nodes {n5 n2}
bandwidth 0
}
link l5 {
nodes {n8 n7}
bandwidth 0
}
link l6 {
nodes {n7 n1}
bandwidth 0
}
link l7 {
nodes {n1 n6}
bandwidth 0
}
link l8 {
nodes {n6 n8}
bandwidth 0
}
annotation a0 {
iconcoords {202 75 612 405}
type rectangle
label {provider network}
labelcolor black
fontfamily {Arial}
fontsize 10
color #f8f8d6
width 0
border black
rad 25
canvas c1
}
canvas c1 {
name {Canvas1}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
ipsec_configs yes
remote_exec no
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
}

754
gui/configs/sample3-bgp.imn Normal file
View file

@ -0,0 +1,754 @@
node n1 {
type router
model router
network-config {
hostname router1
!
interface eth2
ip address 10.0.8.2/24
!
interface eth1
ip address 10.0.6.1/24
!
interface eth0
ip address 10.0.5.2/24
!
}
iconcoords {168.0 264.0}
labelcoords {168.0 288.0}
interface-peer {eth0 n16}
interface-peer {eth1 n2}
interface-peer {eth2 n3}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth2
ip address 10.0.8.2/24
!
interface eth1
ip address 10.0.6.1/24
!
interface eth0
ip address 10.0.5.2/24
!
router bgp 105
bgp router-id 10.0.8.2
redistribute connected
neighbor 10.0.6.2 remote-as 105
neighbor 10.0.6.2 next-hop-self
neighbor 10.0.5.1 remote-as 105
neighbor 10.0.5.1 next-hop-self
neighbor 10.0.8.1 remote-as 2901
neighbor 10.0.8.1 next-hop-self
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n2 {
type router
model router
network-config {
hostname router2
!
interface eth2
ip address 10.0.9.1/24
!
interface eth1
ip address 10.0.7.1/24
!
interface eth0
ip address 10.0.6.2/24
!
}
iconcoords {312.0 168.0}
labelcoords {312.0 192.0}
interface-peer {eth0 n1}
interface-peer {eth1 n16}
interface-peer {eth2 n6}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth2
ip address 10.0.9.1/24
!
interface eth1
ip address 10.0.7.1/24
!
interface eth0
ip address 10.0.6.2/24
!
router bgp 105
bgp router-id 10.0.8.2
redistribute connected
neighbor 10.0.7.2 remote-as 105
neighbor 10.0.7.2 next-hop-self
neighbor 10.0.6.1 remote-as 105
neighbor 10.0.6.1 next-hop-self
neighbor 10.0.9.2 remote-as 2902
neighbor 10.0.9.2 next-hop-self
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n3 {
type router
model router
network-config {
hostname router3
!
interface eth1
ip address 10.0.8.1/24
!
interface eth0
ip address 10.0.2.1/24
!
}
iconcoords {96.0 408.0}
labelcoords {96.0 432.0}
interface-peer {eth0 n4}
interface-peer {eth1 n1}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth1
ip address 10.0.8.1/24
!
interface eth0
ip address 10.0.2.1/24
!
router bgp 2901
bgp router-id 10.0.2.1
redistribute connected
neighbor 10.0.2.2 remote-as 2901
neighbor 10.0.2.2 next-hop-self
neighbor 10.0.8.2 remote-as 105
neighbor 10.0.8.2 next-hop-self
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n4 {
type router
model router
network-config {
hostname router4
!
interface eth0
ip address 10.0.2.2/24
!
interface eth1
ip address 10.0.10.1/24
!
interface eth2
ip address 10.0.0.1/24
!
}
iconcoords {240.0 432.0}
labelcoords {240.0 456.0}
interface-peer {eth2 n9}
interface-peer {eth0 n3}
interface-peer {eth1 n7}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth0
ip address 10.0.2.2/24
!
interface eth1
ip address 10.0.10.1/24
!
interface eth2
ip address 10.0.0.1/24
!
router bgp 2901
bgp router-id 10.0.10.1
redistribute connected
neighbor 10.0.2.1 remote-as 2901
neighbor 10.0.2.1 next-hop-self
neighbor 10.0.10.2 remote-as 2902
neighbor 10.0.10.2 next-hop-self
network 10.0.0.0 mask 255.255.255.0
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n5 {
type router
model router
network-config {
hostname router5
!
interface eth1
ip address 10.0.4.1/24
!
interface eth0
ip address 10.0.3.2/24
!
interface eth2
ip address 10.0.1.1/24
!
}
iconcoords {528.0 336.0}
labelcoords {528.0 360.0}
interface-peer {eth2 n8}
interface-peer {eth0 n7}
interface-peer {eth1 n6}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth1
ip address 10.0.4.1/24
!
interface eth0
ip address 10.0.3.2/24
!
interface eth2
ip address 10.0.1.1/24
!
router bgp 2902
bgp router-id 10.0.4.1
redistribute connected
neighbor 10.0.4.2 remote-as 2902
neighbor 10.0.4.2 next-hop-self
neighbor 10.0.3.1 remote-as 2902
neighbor 10.0.3.1 next-hop-self
network 10.0.1.0 mask 255.255.255.0
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n6 {
type router
model router
network-config {
hostname router6
!
interface eth1
ip address 10.0.9.2/24
!
interface eth0
ip address 10.0.4.2/24
!
router bgp 2902
bgp router-id 10.0.9.2
redistribute connected
neighbor 10.0.4.1 remote-as 2902
neighbor 10.0.4.1 next-hop-self
neighbor 10.0.9.1 remote-as 105
neighbor 10.0.9.1 next-hop-self
!
}
iconcoords {624.0 240.0}
labelcoords {624.0 264.0}
interface-peer {eth0 n5}
interface-peer {eth1 n2}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth1
ip address 10.0.9.2/24
!
interface eth0
ip address 10.0.4.2/24
!
router bgp 2902
bgp router-id 10.0.9.2
redistribute connected
neighbor 10.0.4.1 remote-as 2902
neighbor 10.0.4.1 next-hop-self
neighbor 10.0.9.1 remote-as 105
neighbor 10.0.9.1 next-hop-self
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n7 {
type router
model router
network-config {
hostname router7
!
interface eth1
ip address 10.0.10.2/24
!
interface eth0
ip address 10.0.3.1/24
!
}
iconcoords {528.0 456.0}
labelcoords {528.0 480.0}
interface-peer {eth0 n5}
interface-peer {eth1 n4}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth1
ip address 10.0.10.2/24
!
interface eth0
ip address 10.0.3.1/24
!
router bgp 2902
bgp router-id 10.0.3.1
redistribute connected
neighbor 10.0.3.2 remote-as 2902
neighbor 10.0.3.2 next-hop-self
neighbor 10.0.10.1 remote-as 2901
neighbor 10.0.10.1 next-hop-self
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
node n8 {
type lanswitch
network-config {
hostname lanswitch8
!
}
iconcoords {672.0 432.0}
labelcoords {672.0 456.0}
interface-peer {e0 n5}
interface-peer {e1 n10}
interface-peer {e2 n11}
canvas c1
}
node n9 {
type hub
network-config {
hostname hub9
!
}
iconcoords {120.0 504.0}
labelcoords {120.0 528.0}
interface-peer {e0 n4}
interface-peer {e1 n15}
interface-peer {e2 n14}
interface-peer {e3 n13}
interface-peer {e4 n12}
canvas c1
}
node n10 {
type router
model host
network-config {
hostname host10
!
interface eth0
ip address 10.0.1.10/24
!
}
iconcoords {576.0 552.0}
labelcoords {576.0 584.0}
interface-peer {eth0 n8}
canvas c1
}
node n11 {
type router
model host
network-config {
hostname host11
!
interface eth0
ip address 10.0.1.11/24
!
}
iconcoords {696.0 552.0}
labelcoords {696.0 584.0}
interface-peer {eth0 n8}
canvas c1
}
node n12 {
type router
model PC
network-config {
hostname pc12
!
interface eth0
ip address 10.0.0.23/24
!
}
iconcoords {288.0 576.0}
labelcoords {288.0 608.0}
interface-peer {eth0 n9}
canvas c1
}
node n13 {
type router
model PC
network-config {
hostname pc13
!
interface eth0
ip address 10.0.0.22/24
!
}
iconcoords {216.0 600.0}
labelcoords {216.0 632.0}
interface-peer {eth0 n9}
canvas c1
}
node n14 {
type router
model PC
network-config {
hostname pc14
!
interface eth0
ip address 10.0.0.21/24
!
}
iconcoords {120.0 624.0}
labelcoords {120.0 656.0}
interface-peer {eth0 n9}
canvas c1
}
node n15 {
type router
model PC
network-config {
hostname pc15
!
interface eth0
ip address 10.0.0.20/24
!
}
iconcoords {24.0 576.0}
labelcoords {24.0 608.0}
interface-peer {eth0 n9}
canvas c1
}
node n16 {
type router
model router
network-config {
hostname router0
!
interface eth0
ip address 10.0.5.1/24
!
interface eth1
ip address 10.0.7.2/24
!
}
iconcoords {120.0 120.0}
labelcoords {120.0 144.0}
interface-peer {eth0 n1}
interface-peer {eth1 n2}
canvas c1
services {zebra BGP vtysh IPForward}
custom-config {
custom-config-id service:zebra:/usr/local/etc/quagga/Quagga.conf
custom-command /usr/local/etc/quagga/Quagga.conf
config {
interface eth0
ip address 10.0.5.1/24
!
interface eth1
ip address 10.0.7.2/24
!
router bgp 105
bgp router-id 10.0.5.1
redistribute connected
neighbor 10.0.7.1 remote-as 105
neighbor 10.0.7.1 next-hop-self
neighbor 10.0.5.2 remote-as 105
neighbor 10.0.5.2 next-hop-self
!
}
}
custom-config {
custom-config-id service:zebra
custom-command zebra
config {
('/usr/local/etc/quagga', '/var/run/quagga')
('/usr/local/etc/quagga/Quagga.conf', 'quaggaboot.sh')
35
('sh quaggaboot.sh zebra',)
('killall zebra',)
}
}
}
link l0 {
nodes {n9 n4}
bandwidth 100000000
}
link l1 {
nodes {n8 n5}
bandwidth 100000000
}
link l2 {
nodes {n15 n9}
bandwidth 100000000
}
link l3 {
nodes {n14 n9}
bandwidth 100000000
}
link l4 {
nodes {n13 n9}
bandwidth 100000000
}
link l5 {
nodes {n12 n9}
bandwidth 100000000
}
link l6 {
nodes {n10 n8}
bandwidth 100000000
}
link l7 {
nodes {n11 n8}
bandwidth 100000000
}
link l8 {
nodes {n3 n4}
bandwidth 2048000
delay 2500
}
link l9 {
nodes {n7 n5}
bandwidth 2048000
delay 2500
}
link l10 {
nodes {n5 n6}
bandwidth 2048000
delay 2500
}
link l11 {
nodes {n16 n1}
bandwidth 2048000
delay 2500
}
link l12 {
nodes {n1 n2}
bandwidth 2048000
delay 2500
}
link l13 {
nodes {n2 n16}
bandwidth 2048000
delay 2500
}
link l14 {
nodes {n3 n1}
bandwidth 10000000
delay 650000
}
link l15 {
nodes {n2 n6}
bandwidth 10000000
delay 650000
}
link l16 {
nodes {n4 n7}
bandwidth 5000000
delay 7500
}
annotation a0 {
iconcoords { 70 55 345 330 }
type oval
label {AS 105}
labelcolor #CFCFAC
fontfamily {Arial}
fontsize {12}
color #FFFFCC
width 0
border black
canvas c1
}
annotation a1 {
iconcoords { 470 170 740 630 }
type oval
label {AS 2902}
labelcolor #C0C0CF
fontfamily {Arial}
fontsize {12}
color #F0F0FF
width 0
border black
canvas c1
}
annotation a2 {
iconcoords { 0 355 320 660 }
type oval
label {AS 2901}
labelcolor #C0C0CF
fontfamily {Arial}
fontsize {12}
color #F0F0FF
width 0
border black
canvas c1
}
annotation a10 {
type text
canvas c1
iconcoords { 450 55 }
color #FFCCCC
fontsize {20}
label {Sample Topology 1}
}
canvas c1 {
name {Canvas1}
size {900 706.0}
}
option global {
interface_names yes
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
ipsec_configs yes
remote_exec no
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
}

BIN
gui/configs/sample4-bg.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 196 KiB

537
gui/configs/sample4-nrlsmf.imn Normal file
View file

@ -0,0 +1,537 @@
comments {
Joe Macker NRL
Last updated: Sept 2010
Nov 2010 Jeff Ahrenholz - updated for new services model and renamed
(was 2groups_10nodes_smf.imn)
This scenario is a simple SMF example for testing multicast within CORE.
There are several dependencies for these scenarios to work;
nrlsmf must be installed and the binary must be within the path when executing.
This should also be built along with protolib from the NRL pf.itd.nrl.navy.mil
repository or from nightly snapshots by using the Makefile.core build file.
This avoids some of the potential problems that arise with protolib call and
proper netns support in various kernel releases. For now the Makefile.core
approach patches around the problem.
This scenario will launch 10 quagga manet-ospf and smf classical flooding
router nodes. A mobility pattern can be used to cause periodic fragmentation
and coalescing among 5 groups that move together as a somewhat randomized
cluster.
Within netns and core the following must be used as nrlsmf params. hash mode
and instance ids.
This script uses nodenames as instance ids and MD5 as the hash mode.
Distributed optimized relay selection is not provided in this example but works
in nrlsmf with both quagga manetospf-mdr and with nrlolsr or newer nhdp code
being developed. Relays can also be manually configured if that is of some use
in a scneario. Classical flodding still provides duplication detection in this
mode but of course has additional overhead.
-----
Traffic testing etc. You can try sending your own multicast apps or use a
testtool.
mgen is recommended as a test tool, but ping -t 5 224.225.226.227 type testing
can also be used.
an example mgen script to source multicast from a terminal window is as follows:
mgen event "on 1 udp dst 224.225.226.227/5000 periodic [1 500]"
this sends 500 bytes packets every second. See mgen users guide for the myriad
of choices/options.
on a receive node terminal the follow can work.
mgen event "join 224.225.226.227" event "listen udp 5000" output <file>
without output it will stream to stdout.
}
node n1 {
type router
model mdr
network-config {
hostname n1
!
interface eth0
ip address 10.0.0.1/32
ipv6 address a:0::1/128
!
}
iconcoords {186.2364578872143 137.89039496012572}
labelcoords {186.2364578872143 161.89039496012572}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_green.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n2 {
type router
model mdr
network-config {
hostname n2
!
interface eth0
ip address 10.0.0.2/32
ipv6 address a:0::2/128
!
}
iconcoords {49.97421009111123 297.31725181124926}
labelcoords {49.97421009111123 321.31725181124926}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_green.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n3 {
type router
model mdr
network-config {
hostname n3
!
interface eth0
ip address 10.0.0.3/32
ipv6 address a:0::3/128
!
}
iconcoords {176.46110847174833 328.14864514530865}
labelcoords {176.46110847174833 352.14864514530865}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_green.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n4 {
type router
model mdr
network-config {
hostname n4
!
interface eth0
ip address 10.0.0.4/32
ipv6 address a:0::4/128
!
}
iconcoords {145.04062040794378 195.27962082775758}
labelcoords {145.04062040794378 219.27962082775758}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_green.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n5 {
type router
model mdr
network-config {
hostname n5
!
interface eth0
ip address 10.0.0.5/32
ipv6 address a:0::5/128
!
}
iconcoords {137.9101266949479 257.51849231830334}
labelcoords {137.9101266949479 281.51849231830334}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_green.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n6 {
type router
model mdr
network-config {
hostname n6
!
interface eth0
ip address 10.0.0.6/32
ipv6 address a:0::6/128
!
}
iconcoords {119.15850324229558 93.2505296351548}
labelcoords {119.15850324229558 117.2505296351548}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n7 {
type router
model mdr
network-config {
hostname n7
!
interface eth0
ip address 10.0.0.7/32
ipv6 address a:0::7/128
!
}
iconcoords {79.1102256826161 50.123535235375556}
labelcoords {79.1102256826161 74.12353523537556}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n8 {
type router
model mdr
network-config {
hostname n8
!
interface eth0
ip address 10.0.0.8/32
ipv6 address a:0::8/128
!
}
iconcoords {159.90259315202974 8.220638318379141}
labelcoords {159.90259315202974 32.220638318379144}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n9 {
type router
model mdr
network-config {
hostname n9
!
interface eth0
ip address 10.0.0.9/32
ipv6 address a:0::9/128
!
}
iconcoords {150.43010603614704 165.70781621981482}
labelcoords {150.43010603614704 189.70781621981482}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n10 {
type router
model mdr
network-config {
hostname n10
!
interface eth0
ip address 10.0.0.10/32
ipv6 address a:0::10/128
!
}
iconcoords {64.19289632467826 42.49909518554088}
labelcoords {64.19289632467826 66.49909518554088}
canvas c1
interface-peer {eth0 n11}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
services {zebra OSPFv3MDR vtysh SMF IPForward UserDefined}
custom-config {
custom-config-id service:UserDefined:custom-post-config-commands.sh
custom-command custom-post-config-commands.sh
config {
route add default dev eth0
route add -net 224.0.0.0 netmask 224.0.0.0 dev eth0
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('custom-post-config-commands.sh', )
startidx=35
cmdup=('sh custom-post-config-commands.sh', )
}
}
}
node n11 {
type wlan
network-config {
hostname wlan11
!
interface wireless
ip address 10.0.0.0/32
ipv6 address a:0::0/128
!
scriptfile
sample4.scen
!
mobmodel
coreapi
basic_range
!
}
iconcoords {0 0}
labelcoords {0 0}
canvas c1
interface-peer {e0 n1}
interface-peer {e1 n2}
interface-peer {e2 n3}
interface-peer {e3 n4}
interface-peer {e4 n5}
interface-peer {e5 n6}
interface-peer {e6 n7}
interface-peer {e7 n8}
interface-peer {e8 n9}
interface-peer {e9 n10}
custom-config {
custom-config-id basic_range
custom-command {3 3 9 9 9}
config {
range=200
bandwidth=54000000
jitter=0
delay=50000
error=0
}
}
}
link l1 {
nodes {n11 n1}
bandwidth 54000000
delay 50000
}
link l2 {
nodes {n11 n2}
bandwidth 54000000
delay 50000
}
link l3 {
nodes {n11 n3}
bandwidth 54000000
delay 50000
}
link l4 {
nodes {n11 n4}
bandwidth 54000000
delay 50000
}
link l5 {
nodes {n11 n5}
bandwidth 54000000
delay 50000
}
link l6 {
nodes {n11 n6}
bandwidth 54000000
delay 50000
}
link l7 {
nodes {n11 n7}
bandwidth 54000000
delay 50000
}
link l8 {
nodes {n11 n8}
bandwidth 54000000
delay 50000
}
link l9 {
nodes {n11 n9}
bandwidth 54000000
delay 50000
}
link l10 {
nodes {n11 n10}
bandwidth 54000000
delay 50000
}
canvas c1 {
name {Canvas1}
wallpaper-style {upperleft}
wallpaper {sample4-bg.jpg}
size {1000 750}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
show_api no
background_images no
annotations yes
grid no
traffic_start 0
}
option session {
}

2791
gui/configs/sample4.scen Normal file
View file

File diff suppressed because it is too large Load diff

131
gui/configs/sample5-mgen.imn Normal file
View file

@ -0,0 +1,131 @@
node n1 {
type router
model router
network-config {
hostname n1
!
interface eth0
ip address 10.0.0.2/24
ipv6 address a:0::2/64
!
router ospf
router-id 10.0.0.2
network 10.0.0.0/24 area 0
!
router ospf6
router-id 10.0.0.2
interface eth0 area 0.0.0.0
!
}
canvas c1
iconcoords {312.0 120.0}
labelcoords {312.0 148.0}
interface-peer {eth0 n2}
custom-config {
custom-config-id service:UserDefined:mgen.sh
custom-command mgen.sh
config {
#!/bin/sh
SCRIPTDIR=$SESSION_DIR
LOGDIR=/var/log
if [ `uname` = "Linux" ]; then
cd $SCRIPTDIR
else
cd /tmp/e0_`hostname`
fi
(
cat << 'EOF'
# mgen receiver script
15.0 LISTEN UDP 5001
EOF
) > recv.mgn
mgen input recv.mgn output $LOGDIR/mgen.log > /dev/null 2> /dev/null < /dev/null &
}
}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('mgen.sh', )
startidx=35
cmdup=('sh mgen.sh', )
}
}
services {zebra OSPFv2 OSPFv3 vtysh IPForward UserDefined}
}
node n2 {
type router
model router
network-config {
hostname n2
!
interface eth0
ip address 10.0.0.1/24
ipv6 address a:0::1/64
!
}
canvas c1
iconcoords {72.0 48.0}
labelcoords {72.0 76.0}
interface-peer {eth0 n1}
custom-config {
custom-config-id service:UserDefined
custom-command UserDefined
config {
files=('mgen.sh', )
startidx=35
cmdup=('sh mgen.sh', )
}
}
custom-config {
custom-config-id service:UserDefined:mgen.sh
custom-command mgen.sh
config {
#!/bin/sh
HN=`hostname`
SCRIPTDIR=$SESSION_DIR
LOGDIR=/var/log
if [ `uname` = "FreeBSD" ]; then
SCRIPTDIR=/tmp/e0_$HN
LOGDIR=$SCRIPTDIR
fi
cd $SCRIPTDIR
(
cat << 'EOF'
# mgen sender script: send UDP traffic to UDP port 5001 after 15 seconds
15.0 ON 1 UDP SRC 5000 DST 10.0.0.2/5001 PERIODIC [1 4096]
EOF
) > send_$HN.mgn
mgen input send_$HN.mgn output $LOGDIR/mgen_$HN.log > /dev/null 2> /dev/null < /dev/null &
}
}
services {zebra OSPFv2 OSPFv3 vtysh IPForward UserDefined}
}
link l1 {
nodes {n2 n1}
bandwidth 0
}
canvas c1 {
name {Canvas1}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
show_api no
background_images no
annotations yes
grid yes
traffic_start 0
}
option session {
}

271
gui/configs/sample6-emane-rfpipe.imn Normal file
View file

@ -0,0 +1,271 @@
node n1 {
type router
model mdr
network-config {
hostname n1
!
interface eth0
ip address 10.0.0.1/32
ipv6 address a:0::1/128
!
}
iconcoords {263.148836492 76.94184084899999}
labelcoords {263.148836492 100.94184084899999}
canvas c1
interface-peer {eth0 n11}
}
node n2 {
type router
model mdr
network-config {
hostname n2
!
interface eth0
ip address 10.0.0.2/32
ipv6 address a:0::2/128
!
}
iconcoords {184.35166313500002 532.524009667}
labelcoords {184.35166313500002 556.524009667}
canvas c1
interface-peer {eth0 n11}
}
node n3 {
type router
model mdr
network-config {
hostname n3
!
interface eth0
ip address 10.0.0.3/32
ipv6 address a:0::3/128
!
}
iconcoords {121.17243156500001 313.104176223}
labelcoords {121.17243156500001 337.104176223}
canvas c1
interface-peer {eth0 n11}
}
node n4 {
type router
model mdr
network-config {
hostname n4
!
interface eth0
ip address 10.0.0.4/32
ipv6 address a:0::4/128
!
}
iconcoords {443.031505695 586.805480735}
labelcoords {443.031505695 610.805480735}
canvas c1
interface-peer {eth0 n11}
}
node n5 {
type router
model mdr
network-config {
hostname n5
!
interface eth0
ip address 10.0.0.5/32
ipv6 address a:0::5/128
!
}
iconcoords {548.817758443 209.207353139}
labelcoords {548.817758443 233.207353139}
canvas c1
interface-peer {eth0 n11}
}
node n6 {
type router
model mdr
network-config {
hostname n6
!
interface eth0
ip address 10.0.0.6/32
ipv6 address a:0::6/128
!
}
iconcoords {757.062318769 61.533941783}
labelcoords {757.062318769 85.533941783}
canvas c1
interface-peer {eth0 n11}
}
node n7 {
type router
model mdr
network-config {
hostname n7
!
interface eth0
ip address 10.0.0.7/32
ipv6 address a:0::7/128
!
}
iconcoords {778.142667152 489.227596061}
labelcoords {778.142667152 513.227596061}
canvas c1
interface-peer {eth0 n11}
}
node n8 {
type router
model mdr
network-config {
hostname n8
!
interface eth0
ip address 10.0.0.8/32
ipv6 address a:0::8/128
!
}
iconcoords {93.895107521 135.228007484}
labelcoords {93.895107521 159.228007484}
canvas c1
interface-peer {eth0 n11}
}
node n9 {
type router
model mdr
network-config {
hostname n9
!
interface eth0
ip address 10.0.0.9/32
ipv6 address a:0::9/128
!
}
iconcoords {528.693178831 84.9814304098}
labelcoords {528.693178831 108.9814304098}
canvas c1
interface-peer {eth0 n11}
}
node n10 {
type router
model mdr
network-config {
hostname n10
!
interface eth0
ip address 10.0.0.10/32
ipv6 address a:0::10/128
!
}
iconcoords {569.534639911 475.46828902}
labelcoords {569.534639911 499.46828902}
canvas c1
interface-peer {eth0 n11}
}
node n11 {
bandwidth 54000000
type wlan
range 275
network-config {
hostname wlan11
!
interface wireless
ip address 10.0.0.0/32
ipv6 address a:0::0/128
!
mobmodel
coreapi
emane_rfpipe
!
}
canvas c1
iconcoords {65.0 558.0}
labelcoords {65.0 582.0}
interface-peer {e0 n1}
interface-peer {e1 n2}
interface-peer {e2 n3}
interface-peer {e3 n4}
interface-peer {e4 n5}
interface-peer {e5 n6}
interface-peer {e6 n7}
interface-peer {e7 n8}
interface-peer {e8 n9}
interface-peer {e9 n10}
}
link l1 {
nodes {n11 n1}
bandwidth 54000000
}
link l2 {
nodes {n11 n2}
bandwidth 54000000
}
link l3 {
nodes {n11 n3}
bandwidth 54000000
}
link l4 {
nodes {n11 n4}
bandwidth 54000000
}
link l5 {
nodes {n11 n5}
bandwidth 54000000
}
link l6 {
nodes {n11 n6}
bandwidth 54000000
}
link l7 {
nodes {n11 n7}
bandwidth 54000000
}
link l8 {
nodes {n11 n8}
bandwidth 54000000
}
link l9 {
nodes {n11 n9}
bandwidth 54000000
}
link l10 {
nodes {n11 n10}
bandwidth 54000000
}
canvas c1 {
name {Canvas1}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
ipsec_configs yes
remote_exec no
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
traffic_start 0
}

274
gui/configs/sample7-emane-ieee80211abg.imn Normal file
View file

@ -0,0 +1,274 @@
node n1 {
type router
model mdr
network-config {
hostname n1
!
interface eth0
ip address 10.0.0.1/32
ipv6 address a:0::1/128
!
}
iconcoords {115.14883649199999 139.941840849}
labelcoords {115.14883649199999 167.941840849}
canvas c1
interface-peer {eth0 n11}
}
node n2 {
type router
model mdr
network-config {
hostname n2
!
interface eth0
ip address 10.0.0.2/32
ipv6 address a:0::2/128
!
}
iconcoords {190.35166313500002 519.524009667}
labelcoords {190.35166313500002 547.524009667}
canvas c1
interface-peer {eth0 n11}
}
node n3 {
type router
model mdr
network-config {
hostname n3
!
interface eth0
ip address 10.0.0.3/32
ipv6 address a:0::3/128
!
}
iconcoords {142.172431565 307.104176223}
labelcoords {142.172431565 335.104176223}
canvas c1
interface-peer {eth0 n11}
}
node n4 {
type router
model mdr
network-config {
hostname n4
!
interface eth0
ip address 10.0.0.4/32
ipv6 address a:0::4/128
!
}
iconcoords {395.031505695 589.805480735}
labelcoords {395.031505695 617.805480735}
canvas c1
interface-peer {eth0 n11}
}
node n5 {
type router
model mdr
network-config {
hostname n5
!
interface eth0
ip address 10.0.0.5/32
ipv6 address a:0::5/128
!
}
iconcoords {250.817758443 27.20735313899999}
labelcoords {250.817758443 55.20735313899999}
canvas c1
interface-peer {eth0 n11}
}
node n6 {
type router
model mdr
network-config {
hostname n6
!
interface eth0
ip address 10.0.0.6/32
ipv6 address a:0::6/128
!
}
iconcoords {757.062318769 61.533941783}
labelcoords {757.062318769 89.533941783}
canvas c1
interface-peer {eth0 n11}
}
node n7 {
type router
model mdr
network-config {
hostname n7
!
interface eth0
ip address 10.0.0.7/32
ipv6 address a:0::7/128
!
}
iconcoords {909.142667152 593.227596061}
labelcoords {909.142667152 621.227596061}
canvas c1
interface-peer {eth0 n11}
}
node n8 {
type router
model mdr
network-config {
hostname n8
!
interface eth0
ip address 10.0.0.8/32
ipv6 address a:0::8/128
!
}
iconcoords {351.895107521 337.228007484}
labelcoords {351.895107521 365.228007484}
canvas c1
interface-peer {eth0 n11}
}
node n9 {
type router
model mdr
network-config {
hostname n9
!
interface eth0
ip address 10.0.0.9/32
ipv6 address a:0::9/128
!
}
iconcoords {528.693178831 84.9814304098}
labelcoords {528.693178831 112.98143041}
canvas c1
interface-peer {eth0 n11}
}
node n10 {
type router
model mdr
network-config {
hostname n10
!
interface eth0
ip address 10.0.0.10/32
ipv6 address a:0::10/128
!
}
iconcoords {568.534639911 526.4682890199999}
labelcoords {568.534639911 554.4682890199999}
canvas c1
interface-peer {eth0 n11}
}
node n11 {
bandwidth 54000000
type wlan
range 275
network-config {
hostname wlan11
!
interface wireless
ip address 10.0.0.0/32
ipv6 address a:0::0/128
!
mobmodel
coreapi
emane_ieee80211abg
!
}
canvas c1
iconcoords {65.0 558.0}
labelcoords {65.0 590.0}
interface-peer {e0 n1}
interface-peer {e1 n2}
interface-peer {e2 n3}
interface-peer {e3 n4}
interface-peer {e4 n5}
interface-peer {e5 n6}
interface-peer {e6 n7}
interface-peer {e7 n8}
interface-peer {e8 n9}
interface-peer {e9 n10}
}
link l1 {
nodes {n11 n1}
bandwidth 54000000
}
link l2 {
nodes {n11 n2}
bandwidth 54000000
}
link l3 {
nodes {n11 n3}
bandwidth 54000000
}
link l4 {
nodes {n11 n4}
bandwidth 54000000
}
link l5 {
nodes {n11 n5}
bandwidth 54000000
}
link l6 {
nodes {n11 n6}
bandwidth 54000000
}
link l7 {
nodes {n11 n7}
bandwidth 54000000
}
link l8 {
nodes {n11 n8}
bandwidth 54000000
}
link l9 {
nodes {n11 n9}
bandwidth 54000000
}
link l10 {
nodes {n11 n10}
bandwidth 54000000
}
canvas c1 {
name {Canvas1}
refpt {0 0 47.5791667 -122.132322 2.0}
scale 350.0
size {1000 750}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses yes
node_labels yes
link_labels yes
ipsec_configs yes
remote_exec no
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
traffic_start 0
}

967
gui/configs/sample8-ipsec-service.imn Normal file
View file

@ -0,0 +1,967 @@
comments {
Sample scenario showing IPsec service configuration.
There are three red routers having the IPsec service enabled. The IPsec service
must be customized with the tunnel hosts (peers) and their keys, and the subnet
addresses that should be tunneled.
For simplicity, the same keys and certificates are used in each of the three
IPsec gateways. These are written to node n1's configuration directory. Keys
can be generated using the openssl utility.
Note that this scenario may require at patched kernel in order to work; see the
kernels subdirectory of the CORE source for kernel patches.
The racoon keying daemon and setkey from the ipsec-tools package should also be
installed.
}
node n1 {
type router
model router
network-config {
hostname n1
!
interface eth3
ip address 192.168.6.1/24
ipv6 address 2001:6::1/64
!
interface eth2
ip address 192.168.5.1/24
ipv6 address 2001:5::1/64
!
interface eth1
ip address 192.168.1.1/24
ipv6 address 2001:1::1/64
!
interface eth0
ip address 192.168.0.1/24
ipv6 address 2001:0::1/64
!
}
canvas c1
iconcoords {210.0 172.0}
labelcoords {210.0 200.0}
interface-peer {eth0 n2}
interface-peer {eth1 n3}
interface-peer {eth2 n7}
interface-peer {eth3 n8}
custom-config {
custom-config-id service:IPsec:copycerts.sh
custom-command copycerts.sh
config {
#!/bin/sh
FILES="test1.pem test1.key ca-cert.pem"
mkdir -p /tmp/certs
for f in $FILES; do
cp $f /tmp/certs
done
}
}
custom-config {
custom-config-id service:IPsec:ca-cert.pem
custom-command ca-cert.pem
config {
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
df:69:1f:ef:e5:af:bf:0f
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Validity
Not Before: Mar 20 16:16:08 2012 GMT
Not After : Mar 20 16:16:08 2015 GMT
Subject: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c4:d7:fc:c3:bc:a0:ee:76:7b:58:5c:96:6d:1f:
74:26:c2:93:c1:a4:94:95:13:5e:4f:8b:3f:00:27:
e5:1b:b1:3b:70:3e:72:71:4d:c9:67:54:33:29:49:
1e:de:a6:91:d9:00:ec:84:b8:64:f8:06:51:82:f4:
84:9b:a2:fe:16:34:5c:e1:2f:3d:ad:34:b9:8e:ad:
8e:ea:8a:e9:40:56:5b:f5:09:2c:bf:a0:08:db:81:
7f:fb:d8:b9:6c:a6:be:4c:1f:b1:4e:b3:b0:8d:8d:
e4:04:8e:f8:8e:e9:c7:aa:e7:4a:b4:87:89:a7:25:
72:38:74:bb:e5:b6:7f:86:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
X509v3 Authority Key Identifier:
keyid:98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
39:7e:99:fd:40:44:0a:20:4c:3c:9a:bf:01:aa:94:c8:76:bb:
80:53:4f:cd:28:2f:5b:7f:0b:52:09:14:cb:ac:ee:74:7f:17:
4b:79:21:db:e1:a3:9b:e5:b1:72:83:f7:88:02:20:d6:23:33:
e4:ff:50:58:c6:88:e0:22:d7:2b:96:b3:dd:31:1a:80:52:0d:
61:4f:47:72:63:39:1e:7f:a1:ad:f0:2b:82:53:05:ca:3d:0a:
8f:3c:72:58:74:57:ae:8b:66:16:d9:a4:50:99:bc:d3:a7:c5:
54:63:f0:87:cd:06:1a:d4:61:ed:d3:b8:33:5d:5a:d6:a4:f0:
a4:96
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgIJAN9pH+/lr78PMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJXQTERMA8GA1UECgwIY29yZS1kZXYxEDAOBgNVBAMM
B0NPUkUgQ0ExHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4XDTEyMDMy
MDE2MTYwOFoXDTE1MDMyMDE2MTYwOFowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
AldBMREwDwYDVQQKDAhjb3JlLWRldjEQMA4GA1UEAwwHQ09SRSBDQTEdMBsGCSqG
SIb3DQEJARYOcm9vdEBsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMTX/MO8oO52e1hclm0fdCbCk8GklJUTXk+LPwAn5RuxO3A+cnFNyWdUMylJ
Ht6mkdkA7IS4ZPgGUYL0hJui/hY0XOEvPa00uY6tjuqK6UBWW/UJLL+gCNuBf/vY
uWymvkwfsU6zsI2N5ASO+I7px6rnSrSHiaclcjh0u+W2f4Z7AgMBAAGjUDBOMB0G
A1UdDgQWBBSYDscKdF37Vlu3kYAqOtSJrWy5UTAfBgNVHSMEGDAWgBSYDscKdF37
Vlu3kYAqOtSJrWy5UTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADl+
mf1ARAogTDyavwGqlMh2u4BTT80oL1t/C1IJFMus7nR/F0t5Idvho5vlsXKD94gC
INYjM+T/UFjGiOAi1yuWs90xGoBSDWFPR3JjOR5/oa3wK4JTBco9Co88clh0V66L
ZhbZpFCZvNOnxVRj8IfNBhrUYe3TuDNdWtak8KSW
-----END CERTIFICATE-----
}
}
custom-config {
custom-config-id service:IPsec:test1.pem
custom-command test1.pem
config {
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
df:69:1f:ef:e5:af:bf:10
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Validity
Not Before: Mar 20 16:18:45 2012 GMT
Not After : Mar 20 16:18:45 2013 GMT
Subject: C=US, ST=WA, L=Bellevue, O=core-dev, CN=test1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ab:08:f3:3e:47:ce:95:9f:a2:ec:75:14:6e:7d:
bc:33:a5:4c:60:f0:bb:1f:a1:17:17:70:84:43:3c:
43:f7:37:9e:b1:ed:ff:0f:e3:70:e6:22:21:18:ec:
9c:af:30:a8:cb:70:83:e7:7e:f5:85:77:15:69:2a:
db:d1:13:e9:8b:fb:5e:85:a8:a3:fa:95:f2:37:c8:
91:5a:e5:c9:a8:56:a6:56:6a:14:34:ce:61:ad:90:
63:d7:45:e2:4a:b8:7a:2c:38:17:ad:bd:6d:1d:80:
16:4b:2f:2d:25:6a:2c:c9:d6:d4:7a:66:6f:57:c8:
07:fd:7d:ac:41:f0:11:05:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
71:90:B8:F7:1C:CA:93:7A:F4:11:E5:70:E2:F5:A0:2C:A6:71:E8:36
X509v3 Authority Key Identifier:
keyid:98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
Signature Algorithm: sha1WithRSAEncryption
06:67:4a:ed:5a:e9:a6:c7:16:32:3d:e8:2a:22:fb:06:4b:c9:
a3:8b:c5:2d:13:4d:d7:80:d3:df:3f:27:5b:cc:93:43:96:48:
2a:64:19:7b:ce:c4:ec:f1:88:ee:47:3c:9e:85:40:2f:5a:19:
ea:e6:75:cc:8d:0b:70:41:5e:e8:76:98:49:27:fe:19:21:f1:
64:70:f6:b0:26:91:94:fe:dc:2c:56:86:8a:ac:d0:52:d5:1e:
30:42:68:aa:43:37:17:3b:a0:97:e4:7d:68:05:09:b2:fd:b3:
2c:a0:f1:6f:07:0b:e2:5f:e8:a1:a3:39:6b:ba:83:ca:fa:ca:
30:1e
-----BEGIN CERTIFICATE-----
MIICpzCCAhCgAwIBAgIJAN9pH+/lr78QMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJXQTERMA8GA1UECgwIY29yZS1kZXYxEDAOBgNVBAMM
B0NPUkUgQ0ExHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4XDTEyMDMy
MDE2MTg0NVoXDTEzMDMyMDE2MTg0NVowUDELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
AldBMREwDwYDVQQHDAhCZWxsZXZ1ZTERMA8GA1UECgwIY29yZS1kZXYxDjAMBgNV
BAMMBXRlc3QxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrCPM+R86Vn6Ls
dRRufbwzpUxg8LsfoRcXcIRDPEP3N56x7f8P43DmIiEY7JyvMKjLcIPnfvWFdxVp
KtvRE+mL+16FqKP6lfI3yJFa5cmoVqZWahQ0zmGtkGPXReJKuHosOBetvW0dgBZL
Ly0laizJ1tR6Zm9XyAf9faxB8BEFMwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG
SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUcZC49xzKk3r0EeVw4vWgLKZx6DYwHwYDVR0jBBgwFoAUmA7HCnRd+1Zbt5GA
KjrUia1suVEwDQYJKoZIhvcNAQEFBQADgYEABmdK7VrppscWMj3oKiL7BkvJo4vF
LRNN14DT3z8nW8yTQ5ZIKmQZe87E7PGI7kc8noVAL1oZ6uZ1zI0LcEFe6HaYSSf+
GSHxZHD2sCaRlP7cLFaGiqzQUtUeMEJoqkM3Fzugl+R9aAUJsv2zLKDxbwcL4l/o
oaM5a7qDyvrKMB4=
-----END CERTIFICATE-----
}
}
custom-config {
custom-config-id service:IPsec:test1.key
custom-command test1.key
config {
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKsI8z5HzpWfoux1
FG59vDOlTGDwux+hFxdwhEM8Q/c3nrHt/w/jcOYiIRjsnK8wqMtwg+d+9YV3FWkq
29ET6Yv7XoWoo/qV8jfIkVrlyahWplZqFDTOYa2QY9dF4kq4eiw4F629bR2AFksv
LSVqLMnW1Hpmb1fIB/19rEHwEQUzAgMBAAECgYEAnGREt5BFcD9WZMzx7859BuSB
IKs/D77nNIGoDyrOIwHy1FQBRG/+ThCrHvVMmEzwK4Yotsc6jd3D8DRGZ7nDdMMJ
bvDiyOsyFhnNYnpGQbMJnVuFiYCqyp97lkKkhKw8ZoU2o2ATss1MBPuKXfDk0qH5
TFHopVOJRtSl23EAHUECQQDdnVkhckDK+OwBKwLGKwuMpwKknHVJviQbtgGnrqdB
7lOwZMdq7G0c8rVM9xh8zAcOOauLC7ZVPSpH2HGF+ArxAkEAxZKM1U/gvpS2R1rg
jbIXtEXy/XXhlOez9dpZXz0VGhR1hn07rlg/QxzyGXnFfI+6gn53faIW8WSNp6m6
BG1qYwJATuCYPr1JrnSWm3vRivL7M16mJCzD2jFg7LQFNseFJIRNKTVVfQsVcv43
5WL1RkXgJQIFuoG6rfANQnEZRtOYIQJACPQdQcV+7+QZZp5tsr4xaNAKtQXUlUTy
2N9uUWyZOjdXJCMkwz/ojggPyKvGEWEKGMPWcnEYDRR7fu+oKG809QJAA8QbP3Vl
crpixSGR5nkRlOcM84igHasqOYIKz4V8m/HCaHTMcpfdBjEHk4v9grSoTESw7xZW
JIssE0c6pf/S6A==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE REQUEST-----
MIIBjzCB+QIBADBQMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExETAPBgNVBAcM
CEJlbGxldnVlMREwDwYDVQQKDAhjb3JlLWRldjEOMAwGA1UEAwwFdGVzdDEwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKsI8z5HzpWfoux1FG59vDOlTGDwux+h
FxdwhEM8Q/c3nrHt/w/jcOYiIRjsnK8wqMtwg+d+9YV3FWkq29ET6Yv7XoWoo/qV
8jfIkVrlyahWplZqFDTOYa2QY9dF4kq4eiw4F629bR2AFksvLSVqLMnW1Hpmb1fI
B/19rEHwEQUzAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQAkIofXRWqtHX7XAa6E
6p7X67MRC+Qg0ZX5orITdHhSNNIKgg8BEBxpEiUKIwDrexXp/zOccdbTkbYCKeNm
s8mpVRuHfKsp1Q6+6sKtcfEHWJSalckvPQO96SPhVD03b+jg1rW3ecwxXFKuM9nC
z5NxVmroFYDvhaRsaToLfEkXPw==
-----END CERTIFICATE REQUEST-----
}
}
custom-config {
custom-config-id service:IPsec:ipsec.sh
custom-command ipsec.sh
config {
#!/bin/sh
# set up static tunnel mode security assocation for service (security.py)
# -------- CUSTOMIZATION REQUIRED --------
#
# The IPsec service builds ESP tunnels between the specified peers using the
# racoon IKEv2 keying daemon. You need to provide keys and the addresses of
# peers, along with subnets to tunnel.
# directory containing the certificate and key described below
keydir=/tmp/certs
# the name used for the "$certname.pem" x509 certificate and
# "$certname.key" RSA private key, which can be generated using openssl
certname=test1
# list the public-facing IP addresses, starting with the localhost and followed
# by each tunnel peer, separated with a single space
tunnelhosts="192.168.0.1AND192.168.0.2 192.168.1.1AND192.168.1.2"
# Define T<i> where i is the index for each tunnel peer host from
# the tunnel_hosts list above (0 is localhost).
# T<i> is a list of IPsec tunnels with peer i, with a local subnet address
# followed by the remote subnet address:
# T<i>="<local>AND<remote> <local>AND<remote>"
# For example, 192.168.0.0/24 is a local network (behind this node) to be
# tunneled and 192.168.2.0/24 is a remote network (behind peer 1)
T1="192.168.5.0/24AND192.168.8.0/24"
T2="192.168.5.0/24AND192.168.4.0/24 192.168.6.0/24AND192.168.4.0/24"
# -------- END CUSTOMIZATION --------
echo "building config $PWD/ipsec.conf..."
echo "building config $PWD/ipsec.conf..." > $PWD/ipsec.log
checkip=0
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
echo "WARNING: ip validation disabled because package sipcalc not installed
" >> $PWD/ipsec.log
checkip=1
fi
echo "#!/usr/sbin/setkey -f
# Flush the SAD and SPD
flush;
spdflush;
# Security policies \
" > $PWD/ipsec.conf
i=0
for hostpair in $tunnelhosts; do
i=`expr $i + 1`
# parse tunnel host IP
thishost=${hostpair%%AND*}
peerhost=${hostpair##*AND}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$thishost" "$peerhost" | grep ERR)" != "" ]; then
echo "ERROR: invalid host address $thishost or $peerhost \
" >> $PWD/ipsec.log
fi
# parse each tunnel addresses
tunnel_list_var_name=T$i
eval tunnels="$"$tunnel_list_var_name""
for ttunnel in $tunnels; do
lclnet=${ttunnel%%AND*}
rmtnet=${ttunnel##*AND}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$lclnet" "$rmtnet"| grep ERR)" != "" ]; then
echo "ERROR: invalid tunnel address $lclnet and $rmtnet \
" >> $PWD/ipsec.log
fi
# add tunnel policies
echo "
spdadd $lclnet $rmtnet any -P out ipsec
esp/tunnel/$thishost-$peerhost/require;
spdadd $rmtnet $lclnet any -P in ipsec
esp/tunnel/$peerhost-$thishost/require; \
" >> $PWD/ipsec.conf
done
done
echo "building config $PWD/racoon.conf..."
if [ ! -e $keydir\/$certname.key ] || [ ! -e $keydir\/$certname.pem ]; then
echo "ERROR: missing certification files under $keydir \
$certname.key or $certname.pem " >> $PWD/ipsec.log
fi
echo "
path certificate \"$keydir\";
listen {
adminsock disabled;
}
remote anonymous
{
exchange_mode main;
certificate_type x509 \"$certname.pem\" \"$certname.key\";
ca_type x509 \"ca-cert.pem\";
my_identifier asn1dn;
peers_identifier asn1dn;
proposal {
encryption_algorithm 3des ;
hash_algorithm sha1;
authentication_method rsasig ;
dh_group modp768;
}
}
sainfo anonymous
{
pfs_group modp768;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
" > $PWD/racoon.conf
# the setkey program is required from the ipsec-tools package
echo "running setkey -f $PWD/ipsec.conf..."
setkey -f $PWD/ipsec.conf
echo "running racoon -d -f $PWD/racoon.conf..."
racoon -d -f $PWD/racoon.conf -l racoon.log
}
}
custom-config {
custom-config-id service:IPsec
custom-command IPsec
config {
('ipsec.sh', 'test1.key', 'test1.pem', 'ca-cert.pem', 'copycerts.sh', )
60
('sh copycerts.sh', 'sh ipsec.sh', )
('killall racoon', )
}
}
services {zebra OSPFv2 OSPFv3 vtysh IPForward IPsec}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
}
node n2 {
type router
model router
network-config {
hostname n2
!
interface eth3
ip address 192.168.8.1/24
ipv6 address 2001:8::1/64
!
interface eth2
ip address 192.168.7.1/24
ipv6 address 2001:7::1/64
!
interface eth1
ip address 192.168.2.1/24
ipv6 address 2001:2::1/64
!
interface eth0
ip address 192.168.0.2/24
ipv6 address 2001:0::2/64
!
}
canvas c1
iconcoords {455.0 173.0}
labelcoords {455.0 201.0}
interface-peer {eth0 n1}
interface-peer {eth1 n4}
interface-peer {eth2 n9}
interface-peer {eth3 n10}
custom-config {
custom-config-id service:IPsec:ipsec.sh
custom-command ipsec.sh
config {
#!/bin/sh
# set up static tunnel mode security assocation for service (security.py)
# -------- CUSTOMIZATION REQUIRED --------
#
# The IPsec service builds ESP tunnels between the specified peers using the
# racoon IKEv2 keying daemon. You need to provide keys and the addresses of
# peers, along with subnets to tunnel.
# directory containing the certificate and key described below
keydir=/tmp/certs
# the name used for the "$certname.pem" x509 certificate and
# "$certname.key" RSA private key, which can be generated using openssl
certname=test1
# list the public-facing IP addresses, starting with the localhost and followed
# by each tunnel peer, separated with a single space
tunnelhosts="192.168.0.2AND192.168.0.1"
# Define T<i> where i is the index for each tunnel peer host from
# the tunnel_hosts list above (0 is localhost).
# T<i> is a list of IPsec tunnels with peer i, with a local subnet address
# followed by the remote subnet address:
# T<i>="<local>AND<remote> <local>AND<remote>"
# For example, 192.168.0.0/24 is a local network (behind this node) to be
# tunneled and 192.168.2.0/24 is a remote network (behind peer 1)
T1="192.168.8.0/24AND192.168.5.0/24"
# -------- END CUSTOMIZATION --------
echo "building config $PWD/ipsec.conf..."
echo "building config $PWD/ipsec.conf..." > $PWD/ipsec.log
checkip=0
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
echo "WARNING: ip validation disabled because package sipcalc not installed
" >> $PWD/ipsec.log
checkip=1
fi
echo "#!/usr/sbin/setkey -f
# Flush the SAD and SPD
flush;
spdflush;
# Security policies \
" > $PWD/ipsec.conf
i=0
for hostpair in $tunnelhosts; do
i=`expr $i + 1`
# parse tunnel host IP
thishost=${hostpair%%AND*}
peerhost=${hostpair##*AND}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$thishost" "$peerhost" | grep ERR)" != "" ]; then
echo "ERROR: invalid host address $thishost or $peerhost \
" >> $PWD/ipsec.log
fi
# parse each tunnel addresses
tunnel_list_var_name=T$i
eval tunnels="$"$tunnel_list_var_name""
for ttunnel in $tunnels; do
lclnet=${ttunnel%%AND*}
rmtnet=${ttunnel##*AND}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$lclnet" "$rmtnet"| grep ERR)" != "" ]; then
echo "ERROR: invalid tunnel address $lclnet and $rmtnet \
" >> $PWD/ipsec.log
fi
# add tunnel policies
echo "
spdadd $lclnet $rmtnet any -P out ipsec
esp/tunnel/$thishost-$peerhost/require;
spdadd $rmtnet $lclnet any -P in ipsec
esp/tunnel/$peerhost-$thishost/require; \
" >> $PWD/ipsec.conf
done
done
echo "building config $PWD/racoon.conf..."
if [ ! -e $keydir\/$certname.key ] || [ ! -e $keydir\/$certname.pem ]; then
echo "ERROR: missing certification files under $keydir \
$certname.key or $certname.pem " >> $PWD/ipsec.log
fi
echo "
path certificate \"$keydir\";
listen {
adminsock disabled;
}
remote anonymous
{
exchange_mode main;
certificate_type x509 \"$certname.pem\" \"$certname.key\";
ca_type x509 \"ca-cert.pem\";
my_identifier asn1dn;
peers_identifier asn1dn;
proposal {
encryption_algorithm 3des ;
hash_algorithm sha1;
authentication_method rsasig ;
dh_group modp768;
}
}
sainfo anonymous
{
pfs_group modp768;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
" > $PWD/racoon.conf
# the setkey program is required from the ipsec-tools package
echo "running setkey -f $PWD/ipsec.conf..."
setkey -f $PWD/ipsec.conf
echo "running racoon -d -f $PWD/racoon.conf..."
racoon -d -f $PWD/racoon.conf -l racoon.log
}
}
custom-config {
custom-config-id service:IPsec
custom-command IPsec
config {
('ipsec.sh', )
60
('sh ipsec.sh', )
('killall racoon', )
}
}
services {zebra OSPFv2 OSPFv3 vtysh IPForward IPsec}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
}
node n3 {
type router
model router
network-config {
hostname n3
!
interface eth2
ip address 192.168.4.1/24
ipv6 address 2001:4::1/64
!
interface eth1
ip address 192.168.3.1/24
ipv6 address 2001:3::1/64
!
interface eth0
ip address 192.168.1.2/24
ipv6 address 2001:1::2/64
!
}
canvas c1
iconcoords {211.0 375.0}
labelcoords {211.0 403.0}
interface-peer {eth0 n1}
interface-peer {eth1 n5}
interface-peer {eth2 n6}
custom-config {
custom-config-id service:IPsec:ipsec.sh
custom-command ipsec.sh
config {
#!/bin/sh
# set up static tunnel mode security assocation for service (security.py)
# -------- CUSTOMIZATION REQUIRED --------
#
# The IPsec service builds ESP tunnels between the specified peers using the
# racoon IKEv2 keying daemon. You need to provide keys and the addresses of
# peers, along with subnets to tunnel.
# directory containing the certificate and key described below
keydir=/tmp/certs
# the name used for the "$certname.pem" x509 certificate and
# "$certname.key" RSA private key, which can be generated using openssl
certname=test1
# list the public-facing IP addresses, starting with the localhost and followed
# by each tunnel peer, separated with a single space
tunnelhosts="192.168.1.2AND192.168.1.1"
# Define T<i> where i is the index for each tunnel peer host from
# the tunnel_hosts list above (0 is localhost).
# T<i> is a list of IPsec tunnels with peer i, with a local subnet address
# followed by the remote subnet address:
# T<i>="<local>AND<remote> <local>AND<remote>"
# For example, 192.168.0.0/24 is a local network (behind this node) to be
# tunneled and 192.168.2.0/24 is a remote network (behind peer 1)
T1="192.168.4.0/24AND192.168.5.0/24 192.168.4.0/24AND192.168.6.0/24"
# -------- END CUSTOMIZATION --------
echo "building config $PWD/ipsec.conf..."
echo "building config $PWD/ipsec.conf..." > $PWD/ipsec.log
checkip=0
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
echo "WARNING: ip validation disabled because package sipcalc not installed
" >> $PWD/ipsec.log
checkip=1
fi
echo "#!/usr/sbin/setkey -f
# Flush the SAD and SPD
flush;
spdflush;
# Security policies \
" > $PWD/ipsec.conf
i=0
for hostpair in $tunnelhosts; do
i=`expr $i + 1`
# parse tunnel host IP
thishost=${hostpair%%AND*}
peerhost=${hostpair##*AND}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$thishost" "$peerhost" | grep ERR)" != "" ]; then
echo "ERROR: invalid host address $thishost or $peerhost \
" >> $PWD/ipsec.log
fi
# parse each tunnel addresses
tunnel_list_var_name=T$i
eval tunnels="$"$tunnel_list_var_name""
for ttunnel in $tunnels; do
lclnet=${ttunnel%%AND*}
rmtnet=${ttunnel##*AND}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$lclnet" "$rmtnet"| grep ERR)" != "" ]; then
echo "ERROR: invalid tunnel address $lclnet and $rmtnet \
" >> $PWD/ipsec.log
fi
# add tunnel policies
echo "
spdadd $lclnet $rmtnet any -P out ipsec
esp/tunnel/$thishost-$peerhost/require;
spdadd $rmtnet $lclnet any -P in ipsec
esp/tunnel/$peerhost-$thishost/require; \
" >> $PWD/ipsec.conf
done
done
echo "building config $PWD/racoon.conf..."
if [ ! -e $keydir\/$certname.key ] || [ ! -e $keydir\/$certname.pem ]; then
echo "ERROR: missing certification files under $keydir \
$certname.key or $certname.pem " >> $PWD/ipsec.log
fi
echo "
path certificate \"$keydir\";
listen {
adminsock disabled;
}
remote anonymous
{
exchange_mode main;
certificate_type x509 \"$certname.pem\" \"$certname.key\";
ca_type x509 \"ca-cert.pem\";
my_identifier asn1dn;
peers_identifier asn1dn;
proposal {
encryption_algorithm 3des ;
hash_algorithm sha1;
authentication_method rsasig ;
dh_group modp768;
}
}
sainfo anonymous
{
pfs_group modp768;
lifetime time 1 hour ;
encryption_algorithm 3des, blowfish 448, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
" > $PWD/racoon.conf
# the setkey program is required from the ipsec-tools package
echo "running setkey -f $PWD/ipsec.conf..."
setkey -f $PWD/ipsec.conf
echo "running racoon -d -f $PWD/racoon.conf..."
racoon -d -f $PWD/racoon.conf -l racoon.log
}
}
custom-config {
custom-config-id service:IPsec
custom-command IPsec
config {
('ipsec.sh', )
60
('sh ipsec.sh', )
('killall racoon', )
}
}
services {zebra OSPFv2 OSPFv3 vtysh IPForward IPsec}
custom-image $CORE_DATA_DIR/icons/normal/router_red.gif
}
node n4 {
type router
model router
network-config {
hostname n4
!
interface eth1
ip address 192.168.9.1/24
ipv6 address 2001:9::1/64
!
interface eth0
ip address 192.168.2.2/24
ipv6 address 2001:2::2/64
!
}
canvas c1
iconcoords {456.0 376.0}
labelcoords {456.0 404.0}
interface-peer {eth0 n2}
interface-peer {eth1 n11}
}
node n5 {
type router
model host
network-config {
hostname n5
!
interface eth0
ip address 192.168.3.10/24
ipv6 address 2001:3::10/64
!
}
canvas c1
iconcoords {50.0 472.0}
labelcoords {50.0 504.0}
interface-peer {eth0 n3}
}
node n6 {
type router
model host
network-config {
hostname n6
!
interface eth0
ip address 192.168.4.10/24
ipv6 address 2001:4::10/64
!
}
canvas c1
iconcoords {44.0 292.0}
labelcoords {44.0 324.0}
interface-peer {eth0 n3}
}
node n7 {
type router
model host
network-config {
hostname n7
!
interface eth0
ip address 192.168.5.10/24
ipv6 address 2001:5::10/64
!
}
canvas c1
iconcoords {41.0 62.0}
labelcoords {41.0 94.0}
interface-peer {eth0 n1}
}
node n8 {
type router
model host
network-config {
hostname n8
!
interface eth0
ip address 192.168.6.10/24
ipv6 address 2001:6::10/64
!
}
canvas c1
iconcoords {39.0 121.0}
labelcoords {39.0 153.0}
interface-peer {eth0 n1}
}
node n9 {
type router
model host
network-config {
hostname n9
!
interface eth0
ip address 192.168.7.10/24
ipv6 address 2001:7::10/64
!
}
canvas c1
iconcoords {653.0 69.0}
labelcoords {653.0 101.0}
interface-peer {eth0 n2}
}
node n10 {
type router
model host
network-config {
hostname n10
!
interface eth0
ip address 192.168.8.10/24
ipv6 address 2001:8::10/64
!
}
canvas c1
iconcoords {454.0 48.0}
labelcoords {484.0 59.0}
interface-peer {eth0 n2}
}
node n11 {
type router
model host
network-config {
hostname n11
!
interface eth0
ip address 192.168.9.10/24
ipv6 address 2001:9::10/64
!
}
canvas c1
iconcoords {654.0 460.0}
labelcoords {654.0 492.0}
interface-peer {eth0 n4}
}
link l1 {
nodes {n1 n2}
bandwidth 0
}
link l2 {
nodes {n1 n3}
bandwidth 0
}
link l3 {
nodes {n2 n4}
bandwidth 0
}
link l4 {
nodes {n3 n5}
bandwidth 0
}
link l5 {
nodes {n3 n6}
bandwidth 0
}
link l6 {
nodes {n1 n7}
bandwidth 0
}
link l7 {
nodes {n1 n8}
bandwidth 0
}
link l8 {
nodes {n2 n9}
bandwidth 0
}
link l9 {
nodes {n2 n10}
bandwidth 0
}
link l10 {
nodes {n4 n11}
bandwidth 0
}
annotation a1 {
iconcoords {8.0 6.0 514.0 99.0}
type rectangle
label {Tunnel 1}
labelcolor black
fontfamily {Arial}
fontsize {12}
color #ffd0d0
width 0
border #00ff00
rad 22
canvas c1
}
annotation a2 {
iconcoords {8.0 6.0 137.0 334.0}
type rectangle
label {Tunnel 2}
labelcolor black
fontfamily {Arial}
fontsize {12}
color #ffe1e1
width 0
border black
rad 23
canvas c1
}
annotation a5 {
iconcoords {263.0 127.0}
type text
label {}
labelcolor black
fontfamily {Arial}
fontsize {12}
effects {underline}
canvas c1
}
canvas c1 {
name {Canvas1}
}
option global {
interface_names yes
ip_addresses yes
ipv6_addresses no
node_labels yes
link_labels yes
ipsec_configs yes
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
traffic_start 0
}

850
gui/configs/sample9-vpn.imn Normal file
View file

@ -0,0 +1,850 @@
comments {
Sample scenario showing VPNClient and VPNServer service configuration.
This topology features an OpenVPN client and server for virtual private
networking. The client can access the private 10.0.6.0/24 network via the VPN
server. First wait until routing converges in the center routers (try using the
Adjacency Widget and wait for blue lines, meaning full adjacencies), then open
a shell on the vpnclient and try pinging the private address of the vpnserver:
vpnclient> ping 10.0.6.1
You can also access the other 10.0.6.* hosts behind the server. Try running
tcpudmp on one of the center routers, e.g. the n2 eth1/10.0.5.2 interface, and
you'll see UDP packets with TLS encrypted data instead of ICMP packets.
Keys are included as extra files in the VPNClient and VPNServer service
configuration.
}
node n1 {
type router
model router
network-config {
hostname n1
!
interface eth2
ip address 10.0.4.2/24
ipv6 address 2001:4::2/64
!
interface eth1
ip address 10.0.2.1/24
ipv6 address 2001:2::1/64
!
interface eth0
ip address 10.0.0.1/24
ipv6 address 2001:0::1/64
!
}
canvas c1
iconcoords {297.0 236.0}
labelcoords {297.0 264.0}
interface-peer {eth0 n6}
interface-peer {eth1 n2}
interface-peer {eth2 n3}
}
node n2 {
type router
model router
network-config {
hostname n2
!
interface eth1
ip address 10.0.5.2/24
ipv6 address 2001:5::2/64
!
interface eth0
ip address 10.0.2.2/24
ipv6 address 2001:2::2/64
!
}
canvas c1
iconcoords {298.0 432.0}
labelcoords {298.0 460.0}
interface-peer {eth0 n1}
interface-peer {eth1 n4}
}
node n3 {
type router
model router
network-config {
hostname n3
!
interface eth1
ip address 10.0.4.1/24
ipv6 address 2001:4::1/64
!
interface eth0
ip address 10.0.3.1/24
ipv6 address 2001:3::1/64
!
}
canvas c1
iconcoords {573.0 233.0}
labelcoords {573.0 261.0}
interface-peer {eth0 n4}
interface-peer {eth1 n1}
}
node n4 {
type router
model router
network-config {
hostname n4
!
interface eth2
ip address 10.0.5.1/24
ipv6 address 2001:5::1/64
!
interface eth1
ip address 10.0.3.2/24
ipv6 address 2001:3::2/64
!
interface eth0
ip address 10.0.1.1/24
ipv6 address 2001:1::1/64
!
}
canvas c1
iconcoords {574.0 429.0}
labelcoords {574.0 457.0}
interface-peer {eth0 n5}
interface-peer {eth1 n3}
interface-peer {eth2 n2}
}
node n5 {
type router
model host
network-config {
hostname vpnserver
!
interface eth1
ipv6 address 2001:6::10/64
ip address 10.0.6.1/24
!
interface eth0
ip address 10.0.1.10/24
ipv6 address 2001:1::10/64
!
}
canvas c1
iconcoords {726.0 511.0}
labelcoords {726.0 543.0}
interface-peer {eth0 n4}
interface-peer {eth1 n7}
custom-config {
custom-config-id service:VPNServer:copycerts.sh
custom-command copycerts.sh
config {
#!/bin/sh
FILES="vpnserver.pem vpnserver.key ca-cert.pem dh1024.pem"
mkdir -p /tmp/certs
for f in $FILES; do
cp $f /tmp/certs
done
}
}
custom-config {
custom-config-id service:VPNServer:dh1024.pem
custom-command dh1024.pem
config {
-----BEGIN DH PARAMETERS-----
MIGHAoGBAIYQUzZ+2aYWFfdRWRL/Tc8bFqK8ve/0ihW1BPhe0z3b5D5+2/r9HAsG
u7oMkyM2oWp5N1DlzKgTizCRPRno5vgTz01kw4h6Y9ux496+huOHJGZXiCZlkZvM
daP8CC8z1naCC9MZLImQTkb1d1sH9BDRZAyfQYiXVYrHdqtNtqQjAgEC
-----END DH PARAMETERS-----
}
}
custom-config {
custom-config-id service:VPNServer:ca-cert.pem
custom-command ca-cert.pem
config {
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
df:69:1f:ef:e5:af:bf:0f
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Validity
Not Before: Mar 20 16:16:08 2012 GMT
Not After : Mar 20 16:16:08 2015 GMT
Subject: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c4:d7:fc:c3:bc:a0:ee:76:7b:58:5c:96:6d:1f:
74:26:c2:93:c1:a4:94:95:13:5e:4f:8b:3f:00:27:
e5:1b:b1:3b:70:3e:72:71:4d:c9:67:54:33:29:49:
1e:de:a6:91:d9:00:ec:84:b8:64:f8:06:51:82:f4:
84:9b:a2:fe:16:34:5c:e1:2f:3d:ad:34:b9:8e:ad:
8e:ea:8a:e9:40:56:5b:f5:09:2c:bf:a0:08:db:81:
7f:fb:d8:b9:6c:a6:be:4c:1f:b1:4e:b3:b0:8d:8d:
e4:04:8e:f8:8e:e9:c7:aa:e7:4a:b4:87:89:a7:25:
72:38:74:bb:e5:b6:7f:86:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
X509v3 Authority Key Identifier:
keyid:98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
39:7e:99:fd:40:44:0a:20:4c:3c:9a:bf:01:aa:94:c8:76:bb:
80:53:4f:cd:28:2f:5b:7f:0b:52:09:14:cb:ac:ee:74:7f:17:
4b:79:21:db:e1:a3:9b:e5:b1:72:83:f7:88:02:20:d6:23:33:
e4:ff:50:58:c6:88:e0:22:d7:2b:96:b3:dd:31:1a:80:52:0d:
61:4f:47:72:63:39:1e:7f:a1:ad:f0:2b:82:53:05:ca:3d:0a:
8f:3c:72:58:74:57:ae:8b:66:16:d9:a4:50:99:bc:d3:a7:c5:
54:63:f0:87:cd:06:1a:d4:61:ed:d3:b8:33:5d:5a:d6:a4:f0:
a4:96
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgIJAN9pH+/lr78PMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJXQTERMA8GA1UECgwIY29yZS1kZXYxEDAOBgNVBAMM
B0NPUkUgQ0ExHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4XDTEyMDMy
MDE2MTYwOFoXDTE1MDMyMDE2MTYwOFowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
AldBMREwDwYDVQQKDAhjb3JlLWRldjEQMA4GA1UEAwwHQ09SRSBDQTEdMBsGCSqG
SIb3DQEJARYOcm9vdEBsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMTX/MO8oO52e1hclm0fdCbCk8GklJUTXk+LPwAn5RuxO3A+cnFNyWdUMylJ
Ht6mkdkA7IS4ZPgGUYL0hJui/hY0XOEvPa00uY6tjuqK6UBWW/UJLL+gCNuBf/vY
uWymvkwfsU6zsI2N5ASO+I7px6rnSrSHiaclcjh0u+W2f4Z7AgMBAAGjUDBOMB0G
A1UdDgQWBBSYDscKdF37Vlu3kYAqOtSJrWy5UTAfBgNVHSMEGDAWgBSYDscKdF37
Vlu3kYAqOtSJrWy5UTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADl+
mf1ARAogTDyavwGqlMh2u4BTT80oL1t/C1IJFMus7nR/F0t5Idvho5vlsXKD94gC
INYjM+T/UFjGiOAi1yuWs90xGoBSDWFPR3JjOR5/oa3wK4JTBco9Co88clh0V66L
ZhbZpFCZvNOnxVRj8IfNBhrUYe3TuDNdWtak8KSW
-----END CERTIFICATE-----
}
}
custom-config {
custom-config-id service:VPNServer:vpnserver.pem
custom-command vpnserver.pem
config {
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
df:69:1f:ef:e5:af:bf:14
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Validity
Not Before: Apr 12 15:09:45 2012 GMT
Not After : Apr 10 15:09:45 2022 GMT
Subject: C=US, ST=WA, O=core-dev, CN=vpnserver
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:af:da:e2:fb:f7:e1:ca:97:bb:94:1b:8f:f7:70:
2f:c5:dc:71:22:b6:d2:f3:8b:fc:3a:d1:ef:65:60:
21:0f:e5:49:ed:71:45:1c:e9:f7:b9:f7:00:74:05:
a3:ab:63:05:5c:be:23:fd:18:c6:b7:17:52:21:3a:
86:5f:68:07:a6:1b:2f:fc:df:ce:ac:45:55:cd:2a:
d4:8a:66:d1:46:99:e4:b2:57:49:53:df:d0:c0:1e:
0f:84:6f:52:8d:2c:6e:4b:cb:f7:7e:c4:27:51:72:
cd:db:68:54:fd:4d:c4:42:1a:27:be:9f:03:03:d8:
ff:11:58:46:2f:58:13:2c:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
56:F2:E8:73:73:76:FD:14:13:1C:1A:AB:F2:8F:30:D4:91:7D:83:62
X509v3 Authority Key Identifier:
keyid:98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
Signature Algorithm: sha1WithRSAEncryption
29:62:f5:4a:40:ce:65:e0:73:ff:d1:80:ca:89:a3:29:4e:d8:
63:52:f0:76:21:b7:83:49:a4:fa:54:f7:0d:58:eb:af:fb:59:
61:63:02:57:de:4d:c1:8d:f1:de:d6:00:40:53:12:25:3c:9b:
48:9a:a7:3b:95:5d:67:83:11:b2:b2:ef:c2:71:95:23:e5:42:
88:09:ac:95:c9:cf:e8:5c:d8:14:9e:d8:4f:6f:af:10:4f:f5:
19:a2:71:f3:96:5f:1b:19:53:e9:16:4d:4e:be:e5:8a:83:57:
0a:93:7a:a4:53:05:1a:64:bf:25:69:fc:3c:3b:9b:aa:43:f4:
1d:fc
-----BEGIN CERTIFICATE-----
MIICmDCCAgGgAwIBAgIJAN9pH+/lr78UMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJXQTERMA8GA1UECgwIY29yZS1kZXYxEDAOBgNVBAMM
B0NPUkUgQ0ExHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4XDTEyMDQx
MjE1MDk0NVoXDTIyMDQxMDE1MDk0NVowQTELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
AldBMREwDwYDVQQKDAhjb3JlLWRldjESMBAGA1UEAwwJdnBuc2VydmVyMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCv2uL79+HKl7uUG4/3cC/F3HEittLzi/w6
0e9lYCEP5UntcUUc6fe59wB0BaOrYwVcviP9GMa3F1IhOoZfaAemGy/8386sRVXN
KtSKZtFGmeSyV0lT39DAHg+Eb1KNLG5Ly/d+xCdRcs3baFT9TcRCGie+nwMD2P8R
WEYvWBMsNwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUVvLoc3N2/RQTHBqr
8o8w1JF9g2IwHwYDVR0jBBgwFoAUmA7HCnRd+1Zbt5GAKjrUia1suVEwDQYJKoZI
hvcNAQEFBQADgYEAKWL1SkDOZeBz/9GAyomjKU7YY1LwdiG3g0mk+lT3DVjrr/tZ
YWMCV95NwY3x3tYAQFMSJTybSJqnO5VdZ4MRsrLvwnGVI+VCiAmslcnP6FzYFJ7Y
T2+vEE/1GaJx85ZfGxlT6RZNTr7lioNXCpN6pFMFGmS/JWn8PDubqkP0Hfw=
-----END CERTIFICATE-----
}
}
custom-config {
custom-config-id service:VPNServer:vpnserver.key
custom-command vpnserver.key
config {
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAK/a4vv34cqXu5Qb
j/dwL8XccSK20vOL/DrR72VgIQ/lSe1xRRzp97n3AHQFo6tjBVy+I/0YxrcXUiE6
hl9oB6YbL/zfzqxFVc0q1Ipm0UaZ5LJXSVPf0MAeD4RvUo0sbkvL937EJ1Fyzdto
VP1NxEIaJ76fAwPY/xFYRi9YEyw3AgMBAAECgYBcUveOP5KsUULqvBm2V5DNOTGw
fvl7Ycf3fZZIy9IvzTolzazyRCeJ25LCVt+ZsC/1g+HTE/nnz/ePeHFpj21LuVWJ
uWsV9qmdO0K5WxfXM4M08df+EVRrOh4rmgnHZp7jBW6srwGSSJxsvRAe0cRlZcCW
JsgJcyLJfZk0ypsSgQJBAOTtkUfJvqdU0CslBSmDY6skxjneS6kLQGvrELHRTZgd
K31E5WDYJgkpVGhWur19kUYIj7Fs3/Z1Q0KC0bRWokECQQDEpp52u4ilaP9nJsMm
5l/JVEO5gIzbqStVTmU64wLgx3mapL6P8Sa1gbJMlc5NMyayjRP0PoN0cvz+V9t4
3cB3AkEAxhLHINXtn9pCQxJE5SZJlkq7OFaeICUcGEPKrg/qkzKp7jkuPhzGzCZ2
YdCowkti5rWBnoIVRakwCNwnlWFgAQJAEhyWc7EKANIO091KFAcbw1szcZ5ZWtHV
3+F8iVPnK/SzSn7p3jADtKvhVBRoD8wqQD+mGtS3Hr6IdpR47kTeOQJBAJhd4vi6
LxbQZlS009DamuSrqgwsmTcfylu58bhFN4YkWCw8CPk3iKJXH6beomDvYEIQl8C5
jWe+PqSX6XcwnTk=
-----END PRIVATE KEY-----
}
}
custom-config {
custom-config-id service:VPNServer:vpnserver.sh
custom-command vpnserver.sh
config {
#!/bin/sh
# custom VPN Server Configuration for service (security.py)
# -------- CUSTOMIZATION REQUIRED --------
#
# The VPNServer service sets up the OpenVPN server for building VPN tunnels
# that allow access via TUN/TAP device to private networks.
#
# note that the IPForward and DefaultRoute services should be enabled
# directory containing the certificate and key described below, in addition to
# a CA certificate and DH key
keydir=/tmp/certs
# the name used for a "$keyname.pem" certificate and "$keyname.key" private key.
keyname=vpnserver
# the VPN subnet address from which the client VPN IP (for the TUN/TAP)
# will be allocated
vpnsubnet=10.0.200.0
# public IP address of this vpn server (same as VPNClient vpnserver= setting)
vpnserver=10.0.1.10
# optional list of private subnets reachable behind this VPN server
# each subnet and next hop is separated by a space
# "<subnet1>,<nexthop1> <subnet2>,<nexthop2> ..."
privatenets="10.0.6.0,10.0.1.10"
# optional list of VPN clients, for statically assigning IP addresses to
# clients; also, an optional client subnet can be specified for adding static
# routes via the client
# Note: VPN addresses x.x.x.0-3 are reserved
# "<keyname>,<vpnIP>,<subnetIP> <keyname>,<vpnIP>,<subnetIP> ..."
#vpnclients="client1KeyFilename,10.0.200.5,10.0.0.0 client2KeyFilename,,"
vpnclients=""
# NOTE: you may need to enable the StaticRoutes service on nodes within the
# private subnet, in order to have routes back to the client.
# /sbin/ip ro add <vpnsubnet>/24 via <vpnServerRemoteInterface>
# /sbin/ip ro add <vpnClientSubnet>/24 via <vpnServerRemoteInterface>
# -------- END CUSTOMIZATION --------
echo > $PWD/vpnserver.log
rm -f -r $PWD/ccd
# validate key and certification files
if [ ! -e $keydir\/$keyname.key ] || [ ! -e $keydir\/$keyname.pem ] \
|| [ ! -e $keydir\/ca-cert.pem ] || [ ! -e $keydir\/dh1024.pem ]; then
echo "ERROR: missing certification or key files under $keydir \
$keyname.key or $keyname.pem or ca-cert.pem or dh1024.pem" >> $PWD/vpnserver.log
fi
# validate configuration IP addresses
checkip=0
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
echo "WARNING: ip validation disabled because package sipcalc not installed\
" >> $PWD/vpnserver.log
checkip=1
else
if [ "$(sipcalc "$vpnsubnet" "$vpnserver" | grep ERR)" != "" ]; then
echo "ERROR: invalid vpn subnet or server address \
$vpnsubnet or $vpnserver " >> $PWD/vpnserver.log
fi
fi
# create client vpn ip pool file
(
cat << EOF
EOF
)> $PWD/ippool.txt
# create server.conf file
(
cat << EOF
# openvpn server config
local $vpnserver
server $vpnsubnet 255.255.255.0
push redirect-gateway def1
EOF
)> $PWD/server.conf
# add routes to VPN server private subnets, and push these routes to clients
for privatenet in $privatenets; do
if [ $privatenet != "" ]; then
net=${privatenet%%,*}
nexthop=${privatenet##*,}
if [ $checkip = "0" ] &&
[ "$(sipcalc "$net" "$nexthop" | grep ERR)" != "" ]; then
echo "ERROR: invalid vpn server private net address \
$net or $nexthop " >> $PWD/vpnserver.log
fi
echo push route $net 255.255.255.0 >> $PWD/server.conf
/sbin/ip ro add $net/24 via $nexthop
/sbin/ip ro add $vpnsubnet/24 via $nexthop
fi
done
# allow subnet through this VPN, one route for each client subnet
for client in $vpnclients; do
if [ $client != "" ]; then
cSubnetIP=${client##*,}
cVpnIP=${client#*,}
cVpnIP=${cVpnIP%%,*}
cKeyFilename=${client%%,*}
if [ "$cSubnetIP" != "" ]; then
if [ $checkip = "0" ] &&
[ "$(sipcalc "$cSubnetIP" "$cVpnIP" | grep ERR)" != "" ]; then
echo "ERROR: invalid vpn client and subnet address \
$cSubnetIP or $cVpnIP " >> $PWD/vpnserver.log
fi
echo route $cSubnetIP 255.255.255.0 >> $PWD/server.conf
if ! test -d $PWD/ccd; then
mkdir -p $PWD/ccd
echo client-config-dir $PWD/ccd >> $PWD/server.conf
fi
if test -e $PWD/ccd/$cKeyFilename; then
echo iroute $cSubnetIP 255.255.255.0 >> $PWD/ccd/$cKeyFilename
else
echo iroute $cSubnetIP 255.255.255.0 > $PWD/ccd/$cKeyFilename
fi
fi
if [ "$cVpnIP" != "" ]; then
echo $cKeyFilename,$cVpnIP >> $PWD/ippool.txt
fi
fi
done
(
cat << EOF
keepalive 10 120
ca $keydir/ca-cert.pem
cert $keydir/$keyname.pem
key $keydir/$keyname.key
dh $keydir/dh1024.pem
cipher AES-256-CBC
status /var/log/openvpn-status.log
log /var/log/openvpn-server.log
ifconfig-pool-linear
ifconfig-pool-persist $PWD/ippool.txt
port 1194
proto udp
dev tun
verb 4
daemon
EOF
)>> $PWD/server.conf
# start vpn server
openvpn --config server.conf
}
}
custom-config {
custom-config-id service:VPNServer
custom-command VPNServer
config {
('vpnserver.sh', 'vpnserver.key', 'vpnserver.pem', 'ca-cert.pem', 'dh1024.pem', 'copycerts.sh', )
50
('sh copycerts.sh', 'sh vpnserver.sh', )
('killall openvpn', )
('pidof openvpn', )
}
}
services {IPForward DefaultRoute SSH VPNServer}
}
node n6 {
type router
model PC
network-config {
hostname vpnclient
!
interface eth0
ip address 10.0.0.20/24
ipv6 address 2001:0::20/64
!
}
canvas c1
iconcoords {120.0 133.0}
labelcoords {120.0 165.0}
interface-peer {eth0 n1}
custom-config {
custom-config-id service:VPNClient:vpnclient.key
custom-command vpnclient.key
config {
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAM49tCuXw4Wjt8iY
84nU+fdOCw5M9RXXDfwHOxd1ILSP4KDLB7FfqVo9/DZOMlqNHYBeeF0WXLnr+zda
kKQUWpWHJQGQ4qHIJ+xCsBRCVbTPsRngeQMCCQw5ekW7NZKpKj6ANWkIm4dhiuTr
ZshR5Q6idNFG/b/ksNQsARK8vlJlAgMBAAECgYEAoKeKMKcAxJpasGUM2OJRcWaW
0CX8iG3EU/2h90zjFCQ7m6VsMaxN9KDyVa8mJElmoLd2VTT1OFLtlxnyMA423Hro
0tlKGErCH2yWMnrcjO30w7pmWSONn0yU/iAbzYAsmLNwYKCPAX2tJ9FZKsfVhctd
MEDMf/skhYL6CFe4XwECQQD1pV7C9lj0vsno22WoVg8n6/7OZu/ZBtCXoAQKAo14
bUqknK+SDMgqnexDQjarkQFrq4yxrPmp3Mv4a6M9vKglAkEA1u8i+1m4VMAARe9N
3qiFA0hk9v3Nm7f/ZVrkddoZNChV8CQW9y3Caltrlrjj0ugTAaWKdOhOcWeRcDo9
EMrNQQJAbXwpgkf+Wgd3QrwW0TKaSrbauPAUUuzAp/QAGN4OY/CCZmAXuMbNqID+
vvOSHmHg+jZZ3Q81r8njd3OyLGAbqQJAURqn3qT6c7CH6dvlTHHWz2hQAQvAvFPw
IbTspLQJ8q6NzzIvIFK6HBwnOxbFkV5VXbezyW2nvA9SyECRrnZ4gQJAfV2In/xB
qxyrHHInJPtwzsKjfgw9787ulXeDa+gYQrmwfrqYvPo6NtfJ9i2ahl8tr3LIFWIH
NavHWA5NKc4GVw==
-----END PRIVATE KEY-----
}
}
custom-config {
custom-config-id service:VPNClient:vpnclient.pem
custom-command vpnclient.pem
config {
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
df:69:1f:ef:e5:af:bf:13
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=WA, O=core-dev, CN=CORE CA/emailAddress=root@localhost
Validity
Not Before: Apr 12 15:09:01 2012 GMT
Not After : Apr 10 15:09:01 2022 GMT
Subject: C=US, ST=WA, O=core-dev, CN=vpnclient
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:ce:3d:b4:2b:97:c3:85:a3:b7:c8:98:f3:89:d4:
f9:f7:4e:0b:0e:4c:f5:15:d7:0d:fc:07:3b:17:75:
20:b4:8f:e0:a0:cb:07:b1:5f:a9:5a:3d:fc:36:4e:
32:5a:8d:1d:80:5e:78:5d:16:5c:b9:eb:fb:37:5a:
90:a4:14:5a:95:87:25:01:90:e2:a1:c8:27:ec:42:
b0:14:42:55:b4:cf:b1:19:e0:79:03:02:09:0c:39:
7a:45:bb:35:92:a9:2a:3e:80:35:69:08:9b:87:61:
8a:e4:eb:66:c8:51:e5:0e:a2:74:d1:46:fd:bf:e4:
b0:d4:2c:01:12:bc:be:52:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
A0:59:F2:02:46:86:A3:2A:BD:C0:33:DA:31:71:1F:78:88:16:43:CE
X509v3 Authority Key Identifier:
keyid:98:0E:C7:0A:74:5D:FB:56:5B:B7:91:80:2A:3A:D4:89:AD:6C:B9:51
Signature Algorithm: sha1WithRSAEncryption
0a:39:71:f3:9f:50:68:f9:de:3e:47:eb:73:6b:4e:d8:6c:ff:
d5:38:0a:a0:8f:52:8f:cb:7e:6f:95:62:b6:04:2f:1d:3f:42:
32:26:38:c5:89:ea:ef:fc:27:ab:f0:81:39:e2:58:d6:fd:f8:
3e:f8:db:22:ce:39:dd:13:49:6a:7b:eb:90:8a:cc:bc:7d:87:
c5:d4:25:5f:f5:9a:0a:8f:1e:28:86:50:46:e2:fd:4e:ff:5d:
b8:0e:48:2d:bd:0f:38:b4:85:0f:4e:05:c6:60:cf:5a:d9:d0:
5c:32:ed:70:3c:72:28:fd:75:c5:38:d5:52:cb:57:f9:4b:86:
0a:74
-----BEGIN CERTIFICATE-----
MIICmDCCAgGgAwIBAgIJAN9pH+/lr78TMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJXQTERMA8GA1UECgwIY29yZS1kZXYxEDAOBgNVBAMM
B0NPUkUgQ0ExHTAbBgkqhkiG9w0BCQEWDnJvb3RAbG9jYWxob3N0MB4XDTEyMDQx
MjE1MDkwMVoXDTIyMDQxMDE1MDkwMVowQTELMAkGA1UEBhMCVVMxCzAJBgNVBAgM
AldBMREwDwYDVQQKDAhjb3JlLWRldjESMBAGA1UEAwwJdnBuY2xpZW50MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOPbQrl8OFo7fImPOJ1Pn3TgsOTPUV1w38
BzsXdSC0j+CgywexX6laPfw2TjJajR2AXnhdFly56/s3WpCkFFqVhyUBkOKhyCfs
QrAUQlW0z7EZ4HkDAgkMOXpFuzWSqSo+gDVpCJuHYYrk62bIUeUOonTRRv2/5LDU
LAESvL5SZQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUoFnyAkaGoyq9wDPa
MXEfeIgWQ84wHwYDVR0jBBgwFoAUmA7HCnRd+1Zbt5GAKjrUia1suVEwDQYJKoZI
hvcNAQEFBQADgYEACjlx859QaPnePkfrc2tO2Gz/1TgKoI9Sj8t+b5VitgQvHT9C
MiY4xYnq7/wnq/CBOeJY1v34PvjbIs453RNJanvrkIrMvH2HxdQlX/WaCo8eKIZQ
RuL9Tv9duA5ILb0POLSFD04FxmDPWtnQXDLtcDxyKP11xTjVUstX+UuGCnQ=
-----END CERTIFICATE-----
}
}
custom-config {
custom-config-id service:VPNClient:copycerts.sh
custom-command copycerts.sh
config {
#!/bin/sh
FILES="vpnclient.pem vpnclient.key"
mkdir -p /tmp/certs
for f in $FILES; do
cp $f /tmp/certs
done
}
}
custom-config {
custom-config-id service:VPNClient:vpnclient.sh
custom-command vpnclient.sh
config {
#!/bin/sh
# custom VPN Client configuration for service (security.py)
# -------- CUSTOMIZATION REQUIRED --------
#
# The VPNClient service builds a VPN tunnel to the specified VPN server using
# OpenVPN software and a virtual TUN/TAP device.
# directory containing the certificate and key described below
keydir=/tmp/certs
# the name used for a "$keyname.pem" certificate and "$keyname.key" private key.
keyname=vpnclient
# the public IP address of the VPN server this client should connect with
vpnserver="10.0.1.10"
# optional next hop for adding a static route to reach the VPN server
nexthop=""
# --------- END CUSTOMIZATION --------
# validate addresses
if [ "$(dpkg -l | grep " sipcalc ")" = "" ]; then
echo "WARNING: ip validation disabled because package sipcalc not installed
" > $PWD/vpnclient.log
else
if [ "$(sipcalc "$vpnserver" "$nexthop" | grep ERR)" != "" ]; then
echo "ERROR: invalide address $vpnserver or $nexthop \
" > $PWD/vpnclient.log
fi
fi
# validate key and certification files
if [ ! -e $keydir\/$keyname.key ] || [ ! -e $keydir\/$keyname.pem ] \
|| [ ! -e $keydir\/ca-cert.pem ] || [ ! -e $keydir\/dh1024.pem ]; then
echo "ERROR: missing certification or key files under $keydir \
$keyname.key or $keyname.pem or ca-cert.pem or dh1024.pem" >> $PWD/vpnclient.log
fi
# if necessary, add a static route for reaching the VPN server IP via the IF
vpnservernet=${vpnserver%.*}.0/24
if [ "$nexthop" != "" ]; then
/sbin/ip route add $vpnservernet via $nexthop
fi
# create openvpn client.conf
(
cat << EOF
client
dev tun
proto udp
remote $vpnserver 1194
nobind
ca $keydir/ca-cert.pem
cert $keydir/$keyname.pem
key $keydir/$keyname.key
dh $keydir/dh1024.pem
cipher AES-256-CBC
log /var/log/openvpn-client.log
verb 4
daemon
EOF
) > client.conf
openvpn --config client.conf
}
}
custom-config {
custom-config-id service:VPNClient
custom-command VPNClient
config {
('vpnclient.sh', 'copycerts.sh', 'vpnclient.pem', 'vpnclient.key', )
60
('sh copycerts.sh', 'sh vpnclient.sh', )
('killall openvpn', )
('pidof openvpn', )
}
}
services {DefaultRoute VPNClient}
}
node n7 {
type lanswitch
network-config {
hostname n7
!
}
canvas c1
iconcoords {824.0 458.0}
labelcoords {824.0 482.0}
interface-peer {e0 n5}
interface-peer {e1 n8}
interface-peer {e2 n9}
interface-peer {e3 n10}
}
node n8 {
type router
model PC
network-config {
hostname n8
!
interface eth0
ip address 10.0.6.20/24
ipv6 address 2001:6::20/64
!
}
canvas c1
iconcoords {801.0 264.0}
labelcoords {801.0 296.0}
interface-peer {eth0 n7}
}
node n9 {
type router
model PC
network-config {
hostname n9
!
interface eth0
ip address 10.0.6.21/24
ipv6 address 2001:6::21/64
!
}
canvas c1
iconcoords {885.0 305.0}
labelcoords {885.0 337.0}
interface-peer {eth0 n7}
}
node n10 {
type router
model PC
network-config {
hostname n10
!
interface eth0
ip address 10.0.6.22/24
ipv6 address 2001:6::22/64
!
}
canvas c1
iconcoords {954.0 353.0}
labelcoords {954.0 385.0}
interface-peer {eth0 n7}
}
link l1 {
nodes {n6 n1}
bandwidth 0
}
link l2 {
nodes {n4 n5}
bandwidth 0
}
link l3 {
nodes {n1 n2}
bandwidth 0
}
link l4 {
nodes {n3 n4}
bandwidth 0
}
link l5 {
nodes {n3 n1}
bandwidth 0
}
link l6 {
nodes {n4 n2}
bandwidth 0
}
link l7 {
nodes {n5 n7}
bandwidth 0
}
link l8 {
nodes {n8 n7}
bandwidth 0
}
link l9 {
nodes {n9 n7}
bandwidth 0
}
link l10 {
nodes {n10 n7}
bandwidth 0
}
annotation a1 {
iconcoords {661.0 187.0 997.0 579.0}
type rectangle
label {private network}
labelcolor black
fontfamily {Arial}
fontsize 12
color #e9e9fe
width 0
border black
rad 25
effects {bold}
canvas c1
}
canvas c1 {
name {Canvas1}
}
option global {
interface_names no
ip_addresses yes
ipv6_addresses no
node_labels yes
link_labels yes
ipsec_configs yes
exec_errors yes
show_api no
background_images no
annotations yes
grid yes
traffic_start 0
}