From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- provider_base/services/obfsproxy.json | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 provider_base/services/obfsproxy.json (limited to 'provider_base/services/obfsproxy.json') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json new file mode 100644 index 00000000..954ae868 --- /dev/null +++ b/provider_base/services/obfsproxy.json @@ -0,0 +1,10 @@ +{ + "obfsproxy": { + "scramblesuit": { + "password": "= base32_secret :scramblesuit_password", + //"port" : "= rand(11..5555)" + "port" : "= obfs_port :scramblesuit_port, 18000..32000" + }, + "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + } +} -- cgit v1.2.3 From cfcc589c6465dab8a4d3923d6c81623ecfbeb8c1 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 03:57:28 +0300 Subject: Reflect change in leap_cli, use rand_range macro --- provider_base/services/obfsproxy.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'provider_base/services/obfsproxy.json') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index 954ae868..792a4183 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -2,8 +2,7 @@ "obfsproxy": { "scramblesuit": { "password": "= base32_secret :scramblesuit_password", - //"port" : "= rand(11..5555)" - "port" : "= obfs_port :scramblesuit_port, 18000..32000" + "port" : "= rand_range :scramblesuit_port, 18000..32000" }, "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" } -- cgit v1.2.3 From 2f318f0be937f0bace467640f4011ba422a736b7 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 14:34:55 +0300 Subject: Pick gateway address either from self or another openvpn node --- provider_base/services/obfsproxy.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base/services/obfsproxy.json') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index 792a4183..d6771148 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,6 +4,11 @@ "password": "= base32_secret :scramblesuit_password", "port" : "= rand_range :scramblesuit_port, 18000..32000" }, - "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first" + // Later, if we add a SafeNil class that looks and acts like nil + // but will allow you to call methods on it (each returning another SafeNil) + // without throwing an exception, we could do: + // "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : (nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first || nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first)" + // Perhaps we should also create a macro. } } -- cgit v1.2.3 From 86035bf6936812f5b01ac7d5e3b6d026124e156e Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 27 May 2014 20:20:51 +0300 Subject: Use the try method to pick vpn gateway address in obfsproxy.json --- provider_base/services/obfsproxy.json | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'provider_base/services/obfsproxy.json') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index d6771148..b14a0db9 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,11 +4,6 @@ "password": "= base32_secret :scramblesuit_password", "port" : "= rand_range :scramblesuit_port, 18000..32000" }, - "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first" - // Later, if we add a SafeNil class that looks and acts like nil - // but will allow you to call methods on it (each returning another SafeNil) - // without throwing an exception, we could do: - // "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : (nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first || nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first)" - // Perhaps we should also create a macro. + "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } } -- cgit v1.2.3 From 02963cea38c916256a6c9c959c58ed5a222f1767 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 30 May 2014 04:04:24 +0300 Subject: Attach node's name to scramblesuit password and port secrets This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport. --- provider_base/services/obfsproxy.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services/obfsproxy.json') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index b14a0db9..ab92c11f 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -1,8 +1,8 @@ { "obfsproxy": { "scramblesuit": { - "password": "= base32_secret :scramblesuit_password", - "port" : "= rand_range :scramblesuit_port, 18000..32000" + "password": "= base32_secret('scramblesuit_password_'+name)", + "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } -- cgit v1.2.3 From 7e278f92f34e3809d380be724f0c306430791b10 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 1 Jul 2014 01:49:56 +0300 Subject: Use new macro pick_node to pick vpn gateway for obfsproxy.json --- provider_base/services/obfsproxy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/obfsproxy.json') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index ab92c11f..979d0ef9 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,6 +4,6 @@ "password": "= base32_secret('scramblesuit_password_'+name)", "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, - "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" + "gateway_address": "= try{pick_node(:obfs_gateway,nodes_near_me['services' => 'openvpn']).pick_fields('openvpn.gateway_address')} || try{pick_node(:obfs_gateway,nodes_like_me['services' => 'openvpn']).pick_fields('openvpn.gateway_address')}" } } -- cgit v1.2.3