From 54fcafe131c411a49e4277cd0d14c6ea20044203 Mon Sep 17 00:00:00 2001 From: irregulator Date: Tue, 20 May 2014 23:20:58 +0300 Subject: Initial commit for obfsproxy server feature in platform --- puppet/modules/site_obfsproxy/manifests/init.pp | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 puppet/modules/site_obfsproxy/manifests/init.pp (limited to 'puppet/modules/site_obfsproxy/manifests') diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp new file mode 100644 index 00000000..23a8dd30 --- /dev/null +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -0,0 +1,28 @@ +class site_obfsproxy { + tag 'leap_service' + Class['site_config::default'] -> Class['site_obfsproxy'] + + $transport = 'scramblesuit' + + $obfsproxy = hiera('obfsproxy') + $scramblesuit = $obfsproxy['scramblesuit'] + $scram_pass = $scramblesuit['password'] + $scram_port = $scramblesuit['port'] + $dest_ip = $obfsproxy['gateway_address'] + $dest_port = '443' + + include site_apt::preferences::twisted + include site_apt::preferences::obfsproxy + + class { 'obfsproxy': + transport => $transport, + port => $scram_port, + param => $scram_pass, + dest_ip => $dest_ip, + dest_port => $dest_port, + } + +} + + + -- cgit v1.2.3 From 156c2e1194c65d2f7813b946ac8baa90ffdf1f39 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 21 May 2014 20:42:46 +0300 Subject: Make shorewall accept incoming traffic for obfsproxy server --- puppet/modules/site_obfsproxy/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_obfsproxy/manifests') diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 23a8dd30..276b30db 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -22,6 +22,8 @@ class site_obfsproxy { dest_port => $dest_port, } + include site_shorewall::obfsproxy + } -- cgit v1.2.3 From 1a0161da0ff420d26732b492898ebf0074b2292c Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 22 May 2014 20:52:44 +0300 Subject: Line up equal signs, change double to single quotes --- puppet/modules/site_obfsproxy/manifests/init.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_obfsproxy/manifests') diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 276b30db..6509fec8 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -4,12 +4,12 @@ class site_obfsproxy { $transport = 'scramblesuit' - $obfsproxy = hiera('obfsproxy') + $obfsproxy = hiera('obfsproxy') $scramblesuit = $obfsproxy['scramblesuit'] - $scram_pass = $scramblesuit['password'] - $scram_port = $scramblesuit['port'] - $dest_ip = $obfsproxy['gateway_address'] - $dest_port = '443' + $scram_pass = $scramblesuit['password'] + $scram_port = $scramblesuit['port'] + $dest_ip = $obfsproxy['gateway_address'] + $dest_port = '443' include site_apt::preferences::twisted include site_apt::preferences::obfsproxy -- cgit v1.2.3 From 791e22b136910ecfa204eb78be747baed2b02590 Mon Sep 17 00:00:00 2001 From: irregulator Date: Wed, 28 May 2014 17:35:12 +0300 Subject: Make obfsproxy daemon bind to specific address rather than 0.0.0.0 If obfsproxy is spawned alongside eip service, make it listen to the gateway_adress IP. If obfsproxy is running standalone listen to ip_address. --- puppet/modules/site_obfsproxy/manifests/init.pp | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_obfsproxy/manifests') diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 6509fec8..40b7fba8 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -11,15 +11,24 @@ class site_obfsproxy { $dest_ip = $obfsproxy['gateway_address'] $dest_port = '443' + if $::services =~ /\bopenvpn\b/ { + $openvpn = hiera('openvpn') + $bind_address = $openvpn['gateway_address'] + } + elsif $::services =~ /\bobfsproxy\b/ { + $bind_address = hiera('ip_address') + } + include site_apt::preferences::twisted include site_apt::preferences::obfsproxy class { 'obfsproxy': - transport => $transport, - port => $scram_port, - param => $scram_pass, - dest_ip => $dest_ip, - dest_port => $dest_port, + transport => $transport, + bind_address => $bind_address, + port => $scram_port, + param => $scram_pass, + dest_ip => $dest_ip, + dest_port => $dest_port, } include site_shorewall::obfsproxy -- cgit v1.2.3 From 8f8862aab798cbf0b2dbb690a154cd54dd5d6592 Mon Sep 17 00:00:00 2001 From: irregulator Date: Thu, 25 Sep 2014 16:46:57 +0300 Subject: Use member function instead of regexp to check services array --- puppet/modules/site_obfsproxy/manifests/init.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_obfsproxy/manifests') diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 40b7fba8..6275ebee 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -11,13 +11,13 @@ class site_obfsproxy { $dest_ip = $obfsproxy['gateway_address'] $dest_port = '443' - if $::services =~ /\bopenvpn\b/ { - $openvpn = hiera('openvpn') - $bind_address = $openvpn['gateway_address'] - } - elsif $::services =~ /\bobfsproxy\b/ { - $bind_address = hiera('ip_address') - } + if member($::services, 'openvpn') { + $openvpn = hiera('openvpn') + $bind_address = $openvpn['gateway_address'] + } + elsif member($::services, 'obfsproxy') { + $bind_address = hiera('ip_address') + } include site_apt::preferences::twisted include site_apt::preferences::obfsproxy -- cgit v1.2.3