From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- provider_base/services/obfsproxy.json | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 provider_base/services/obfsproxy.json (limited to 'provider_base') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json new file mode 100644 index 00000000..954ae868 --- /dev/null +++ b/provider_base/services/obfsproxy.json @@ -0,0 +1,10 @@ +{ + "obfsproxy": { + "scramblesuit": { + "password": "= base32_secret :scramblesuit_password", + //"port" : "= rand(11..5555)" + "port" : "= obfs_port :scramblesuit_port, 18000..32000" + }, + "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + } +} -- cgit v1.2.3 From cfcc589c6465dab8a4d3923d6c81623ecfbeb8c1 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 03:57:28 +0300 Subject: Reflect change in leap_cli, use rand_range macro --- provider_base/services/obfsproxy.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index 954ae868..792a4183 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -2,8 +2,7 @@ "obfsproxy": { "scramblesuit": { "password": "= base32_secret :scramblesuit_password", - //"port" : "= rand(11..5555)" - "port" : "= obfs_port :scramblesuit_port, 18000..32000" + "port" : "= rand_range :scramblesuit_port, 18000..32000" }, "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" } -- cgit v1.2.3 From 2f318f0be937f0bace467640f4011ba422a736b7 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 14:34:55 +0300 Subject: Pick gateway address either from self or another openvpn node --- provider_base/services/obfsproxy.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index 792a4183..d6771148 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,6 +4,11 @@ "password": "= base32_secret :scramblesuit_password", "port" : "= rand_range :scramblesuit_port, 18000..32000" }, - "gateway_address": "= nodes[:services => 'openvpn'].field('openvpn.gateway_address')[0]" + "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first" + // Later, if we add a SafeNil class that looks and acts like nil + // but will allow you to call methods on it (each returning another SafeNil) + // without throwing an exception, we could do: + // "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : (nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first || nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first)" + // Perhaps we should also create a macro. } } -- cgit v1.2.3 From 86035bf6936812f5b01ac7d5e3b6d026124e156e Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 27 May 2014 20:20:51 +0300 Subject: Use the try method to pick vpn gateway address in obfsproxy.json --- provider_base/services/obfsproxy.json | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index d6771148..b14a0db9 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,11 +4,6 @@ "password": "= base32_secret :scramblesuit_password", "port" : "= rand_range :scramblesuit_port, 18000..32000" }, - "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first" - // Later, if we add a SafeNil class that looks and acts like nil - // but will allow you to call methods on it (each returning another SafeNil) - // without throwing an exception, we could do: - // "gateway_address": "= self['openvpn'] ? openvpn.gateway_address : (nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first || nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first)" - // Perhaps we should also create a macro. + "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } } -- cgit v1.2.3 From 08f4c51cbbf9a4307375278ab42d31aa65d57645 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 28 May 2014 15:25:21 +0300 Subject: Include obfsproxy descriptors in openvpn.json This is needed so as obfsproxy service is automatically deployed along with eip service. --- provider_base/services/openvpn.json | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 090afcd6..1ce397d0 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -26,5 +26,12 @@ "keepalive": "10 30", "tun-ipv6": true } + }, + "obfsproxy": { + "scramblesuit": { + "password": "= base32_secret :scramblesuit_password", + "port" : "= rand_range :scramblesuit_port, 18000..32000" + }, + "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } } -- cgit v1.2.3 From 02963cea38c916256a6c9c959c58ed5a222f1767 Mon Sep 17 00:00:00 2001 From: irregulator Date: Fri, 30 May 2014 04:04:24 +0300 Subject: Attach node's name to scramblesuit password and port secrets This makes every node with obfsproxy service have unique port and password for scramblesuit pluggable transport. --- provider_base/services/obfsproxy.json | 4 ++-- provider_base/services/openvpn.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'provider_base') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index b14a0db9..ab92c11f 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -1,8 +1,8 @@ { "obfsproxy": { "scramblesuit": { - "password": "= base32_secret :scramblesuit_password", - "port" : "= rand_range :scramblesuit_port, 18000..32000" + "password": "= base32_secret('scramblesuit_password_'+name)", + "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index 1ce397d0..c62fa04b 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -29,8 +29,8 @@ }, "obfsproxy": { "scramblesuit": { - "password": "= base32_secret :scramblesuit_password", - "port" : "= rand_range :scramblesuit_port, 18000..32000" + "password": "= base32_secret('scramblesuit_password_'+name)", + "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" } -- cgit v1.2.3 From 87e997658dae6655aa0a3f2da7dc8737ec9041bc Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 3 Jun 2014 21:36:09 +0300 Subject: A vpn node picks its openvpn.gateway as obfsproxy gateway address --- provider_base/services/openvpn.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json index c62fa04b..1906244c 100644 --- a/provider_base/services/openvpn.json +++ b/provider_base/services/openvpn.json @@ -32,6 +32,6 @@ "password": "= base32_secret('scramblesuit_password_'+name)", "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, - "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" + "gateway_address": "= openvpn.gateway_address" } } -- cgit v1.2.3 From 7e278f92f34e3809d380be724f0c306430791b10 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 1 Jul 2014 01:49:56 +0300 Subject: Use new macro pick_node to pick vpn gateway for obfsproxy.json --- provider_base/services/obfsproxy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base') diff --git a/provider_base/services/obfsproxy.json b/provider_base/services/obfsproxy.json index ab92c11f..979d0ef9 100644 --- a/provider_base/services/obfsproxy.json +++ b/provider_base/services/obfsproxy.json @@ -4,6 +4,6 @@ "password": "= base32_secret('scramblesuit_password_'+name)", "port" : "= rand_range('scramblesuit_port_'+name, 18000..32000)" }, - "gateway_address": "= try{openvpn.gateway_address} || try{nodes_like_me[:services => 'openvpn']['location.name' => location.name].field('openvpn.gateway_address').shuffle.first} || try{nodes_like_me[:services => 'openvpn'].field('openvpn.gateway_address').shuffle.first}" + "gateway_address": "= try{pick_node(:obfs_gateway,nodes_near_me['services' => 'openvpn']).pick_fields('openvpn.gateway_address')} || try{pick_node(:obfs_gateway,nodes_like_me['services' => 'openvpn']).pick_fields('openvpn.gateway_address')}" } } -- cgit v1.2.3