print (" NOTE: For this demo to succeed the following files must exist on the '%s'\n" " (empty files can be created for the sake of the demo):\n" " %s\n" " %s\n" " %s\n" " %s" % (nodeName, ca_cert_file, srv_crt_file, crl_file, srv_key_file)) time.sleep(rundelay) #------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object #------------------------------------------------------------------------- vpn = Vpn() # This VPN configuration description vpn.set_l2tp_remote_access_description(description) # Enable NAT traversal (this is mandatory) vpn.set_nat_traversal(nat_traversal) # Set the allowed subnets vpn.set_nat_allow_network(nat_allow_network) # Bind the L2TP server to the external IP address vpn.set_l2tp_remote_access_outside_address(external_ipaddr) # Set the next hop IP address for reaching the VPN clients vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
srv_key_file = '/config/auth/r1.key' print (" NOTE: For this demo to succeed the following files must exist on the '%s'\n" " (empty files can be created for the sake of the demo):\n" " %s\n" " %s\n" " %s" % (nodeName, ca_cert_file, srv_cert_file, srv_key_file)) time.sleep(rundelay) #------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object #------------------------------------------------------------------------- vpn = Vpn() #------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group #------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = 'aes256' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorith = 'sha1'
def vr_demo_12(): f = "cfg4.yml" d = {} if (load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print("Failed to get Controller device attributes") exit(0) print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print("<<< Demo Start") print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if (status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print("<<< '%s' is configured on the Controller" % nodeName) elif (status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print("\n") print "Failed to get configuration status for the '%s'" % nodeName print("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if (status.eq(STATUS.OK)): print("<<< '%s' added to the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if (status.eq(STATUS.NODE_CONNECTED)): print("<<< '%s' is connected to the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print("No VPN configuration found") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print(">>> Create new VPN configuration on the '%s'" % (nodeName)) ca_cert_file = '/config/auth/ca.crt' srv_cert_file = '/config/auth/r1.crt' srv_key_file = '/config/auth/r1.key' crl_file = '/config/auth/r1.crl' print( " NOTE: For this demo to succeed the following files " "must exist on the '%s'\n" " (empty files can be created for the sake of the demo):\n" " %s\n" " %s\n" " %s\n" " %s" % (nodeName, ca_cert_file, srv_cert_file, crl_file, srv_key_file)) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # ------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group # ------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = 'aes256' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = 'aes128' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole IKE group lifetime = 3600 vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime) # ------------------------------------------------------------------------- # Create and configure Encapsulating Security Payload (ESP) group # ------------------------------------------------------------------------- esp_grp_name = "ESP-1W" # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 1 encryption_cipher = 'aes256' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = '3des' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'md5' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole ESP group lifetime = 1800 vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime) # ------------------------------------------------------------------------- # Configure connection to a remote peer # ------------------------------------------------------------------------- peer_node = "192.0.2.33" description = ("Site-to-Site VPN Configuration Example - " "X.509 Certificate Authentication") vpn.set_ipsec_site_to_site_peer_description(peer_node, description) # Set authentication mode to 'x509' auth_mode = 'x509' vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode) # Specify the 'distinguished name' of the certificate for the peer remote_id = "C=US, ST=CA, O=ABC Company, CN=east, [email protected]" vpn.set_ipsec_site_to_site_peer_auth_remote_id(peer_node, remote_id) # Specify the location of the CA certificate on the vRouter vpn.set_ipsec_site_to_site_peer_auth_ca_cert_file(peer_node, ca_cert_file) # Specify the location of the server certificate on the vRouter vpn.set_ipsec_site_to_site_peer_auth_srv_cert_file(peer_node, srv_cert_file) # Specify the location of the server key file on the vRouter vpn.set_ipsec_site_to_site_peer_auth_srv_key_file(peer_node, srv_key_file) # Specify the password for the server key file srv_key_pswd = 'testpassword' vpn.set_ipsec_site_to_site_peer_auth_srv_key_pswd(peer_node, srv_key_pswd) # Specify the default ESP group for all tunnels esp_group_name = 'ESP-1W' vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node, esp_group_name) # Specify the IKE group ike_group_name = 'IKE-1W' vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name) # Identify the IP address on the vRouter to be used for this connection local_address = '192.0.2.1' vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address) # Create a tunnel configuration and provide local and remote subnets # for this tunnel tunnel = 1 local_prefix = '192.168.40.0/24' remote_prefix = '192.168.60.0/24' vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix( peer_node, tunnel, local_prefix) vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix( peer_node, tunnel, remote_prefix) print "\n" print(">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if (status.eq(STATUS.OK)): print("<<< VPN configuration was successfully created") else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print("<<< VPN configuration was successfully read") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) time.sleep(rundelay) print "\n" print("<<< Delete VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("VPN configuration successfully removed from '%s'" % (nodeName)) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print("No VPN configuration found") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print(">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if (status.eq(STATUS.OK)): print( "'%s' NETCONF node was successfully removed " "from the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print("\n") print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print(">>> Demo End") print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
def vr_demo_12(): f = "cfg4.yml" d = {} if(load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print ("Failed to get Controller device attributes") exit(0) print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print ("<<< Demo Start") print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print ("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print ("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print ("<<< '%s' is configured on the Controller" % nodeName) elif(status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print ("\n") print "Failed to get configuration status for the '%s'" % nodeName print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< '%s' added to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print ("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONNECTED)): print ("<<< '%s' is connected to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print ("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Create new VPN configuration on the '%s'" % (nodeName)) ca_cert_file = '/config/auth/ca.crt' srv_cert_file = '/config/auth/r1.crt' srv_key_file = '/config/auth/r1.key' crl_file = '/config/auth/r1.crl' print (" NOTE: For this demo to succeed the following files " "must exist on the '%s'\n" " (empty files can be created for the sake of the demo):\n" " %s\n" " %s\n" " %s\n" " %s" % (nodeName, ca_cert_file, srv_cert_file, crl_file, srv_key_file)) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # ------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group # ------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = 'aes256' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = 'aes128' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole IKE group lifetime = 3600 vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime) # ------------------------------------------------------------------------- # Create and configure Encapsulating Security Payload (ESP) group # ------------------------------------------------------------------------- esp_grp_name = "ESP-1W" # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 1 encryption_cipher = 'aes256' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = '3des' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'md5' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole ESP group lifetime = 1800 vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime) # ------------------------------------------------------------------------- # Configure connection to a remote peer # ------------------------------------------------------------------------- peer_node = "192.0.2.33" description = ("Site-to-Site VPN Configuration Example - " "X.509 Certificate Authentication") vpn.set_ipsec_site_to_site_peer_description(peer_node, description) # Set authentication mode to 'x509' auth_mode = 'x509' vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode) # Specify the 'distinguished name' of the certificate for the peer remote_id = "C=US, ST=CA, O=ABC Company, CN=east, [email protected]" vpn.set_ipsec_site_to_site_peer_auth_remote_id(peer_node, remote_id) # Specify the location of the CA certificate on the vRouter vpn.set_ipsec_site_to_site_peer_auth_ca_cert_file(peer_node, ca_cert_file) # Specify the location of the server certificate on the vRouter vpn.set_ipsec_site_to_site_peer_auth_srv_cert_file(peer_node, srv_cert_file) # Specify the location of the server key file on the vRouter vpn.set_ipsec_site_to_site_peer_auth_srv_key_file(peer_node, srv_key_file) # Specify the password for the server key file srv_key_pswd = 'testpassword' vpn.set_ipsec_site_to_site_peer_auth_srv_key_pswd(peer_node, srv_key_pswd) # Specify the default ESP group for all tunnels esp_group_name = 'ESP-1W' vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node, esp_group_name) # Specify the IKE group ike_group_name = 'IKE-1W' vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name) # Identify the IP address on the vRouter to be used for this connection local_address = '192.0.2.1' vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address) # Create a tunnel configuration and provide local and remote subnets # for this tunnel tunnel = 1 local_prefix = '192.168.40.0/24' remote_prefix = '192.168.60.0/24' vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(peer_node, tunnel, local_prefix) vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(peer_node, tunnel, remote_prefix) print "\n" print (">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< VPN configuration was successfully created") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print ("<<< VPN configuration was successfully read") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) time.sleep(rundelay) print "\n" print ("<<< Delete VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if(status.eq(STATUS.OK)): print ("VPN configuration successfully removed from '%s'" % (nodeName)) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("'%s' NETCONF node was successfully removed " "from the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print ("\n") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print (">>> Demo End") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
def vr_demo_8(): f = "cfg4.yml" d = {} if (load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print("Failed to get Controller device attributes") exit(0) print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print("<<< Demo Start") print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if (status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print("<<< '%s' is configured on the Controller" % nodeName) elif (status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print("\n") print "Failed to get configuration status for the '%s'" % nodeName print("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if (status.eq(STATUS.OK)): print("<<< '%s' added to the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if (status.eq(STATUS.NODE_CONNECTED)): print("<<< '%s' is connected to the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print("No VPN configuration found") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print(">>> Create new VPN configuration on the '%s'" % (nodeName)) description = ("Remote Access VPN Configuration Example - " "L2TP/IPsec with Pre-Shared Key") external_ipaddr = "12.34.56.78" nexthop_ipaddr = "12.34.56.254" nat_traversal = True nat_allow_network = "192.168.100.0/24" client_ip_pool_start = "192.168.100.11" client_ip_pool_end = "192.168.100.210" ipsec_auth_mode = "pre-shared-secret" ipsec_auth_secret = "!secrettext!" l2tp_auth_mode = "local" uname1 = "user1" upswd1 = "user1_password" uname2 = "user2" upswd2 = "user2_password" uname3 = "user3" upswd3 = "user3_password" dns_srv1 = "192.168.100.1" dns_srv2 = "192.168.100.2" wins_srv1 = "192.168.100.3" wins_srv2 = "192.168.100.4" mtu = "16384" print( " VPN options to be set:\n" " - Configuration description : '%s'\n" " - Server external address : '%s'\n" " - Next hop router address : '%s'\n" " - NAT_traversal : '%s'\n" " - NAT allowed networks : '%s'\n" " - Client addresses pool (start/end) : '%s'/'%s'\n" " - IPsec authentication (mode/secret) : '%s'/'%s'\n" " - L2TP authentication mode : '%s'\n" " - Allowed users (name/password) : '%s'/'%s'\n" " '%s'/'%s'\n" " '%s'/'%s'\n" " - DNS servers (primary/secondary) : '%s'/'%s'\n" " - WINS servers (primary/secondary) : '%s'/'%s'\n" " - Maximum Transmission Unit : '%s'\n" % (description, external_ipaddr, nexthop_ipaddr, "enabled" if nat_traversal else "disabled", nat_allow_network, client_ip_pool_start, client_ip_pool_end, ipsec_auth_mode, ipsec_auth_secret, l2tp_auth_mode, uname1, upswd1, uname2, upswd2, uname3, upswd3, dns_srv1, dns_srv2, wins_srv1, wins_srv2, mtu)) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # This VPN configuration description vpn.set_l2tp_remote_access_description(description) # Enable NAT traversal vpn.set_nat_traversal(nat_traversal) # Set the allowed subnets vpn.set_nat_allow_network(nat_allow_network) # Bind the L2TP server to the external IP address vpn.set_l2tp_remote_access_outside_address(external_ipaddr) # Set the next hop IP address for reaching the VPN clients vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr) # Set up the pool of IP addresses that remote VPN connections will assume. # In this example we make 100 addresses available (from .11 to .210) on # subnet 192.168.100.0/24 vpn.set_l2tp_remote_access_client_ip_pool(start=client_ip_pool_start, end=client_ip_pool_end) # Set the IPsec authentication mode to 'pre-shared-secret' vpn.set_l2tp_remote_access_ipsec_auth_mode(mode=ipsec_auth_mode) # Set the 'pre-shared-secret' value func = vpn.set_l2tp_remote_access_ipsec_auth_pre_shared_secret func(secret=ipsec_auth_secret) # Set the L2TP remote access user authentication mode to 'local' vpn.set_l2tp_remote_access_user_auth_mode(l2tp_auth_mode) # Set the L2TP remote access user credentials ('username'/'password') vpn.set_l2tp_remote_access_user(name=uname1, pswd=upswd1) vpn.set_l2tp_remote_access_user(name=uname2, pswd=upswd2) vpn.set_l2tp_remote_access_user(name=uname3, pswd=upswd3) # Set 'primary' and 'secondary' DNS servers vpn.set_l2tp_remote_access_primary_dns_server(dns_srv1) vpn.set_l2tp_remote_access_secondary_dns_server(dns_srv2) # Set 'primary' and 'secondary' WINS servers vpn.set_l2tp_remote_access_primary_wins_server(wins_srv1) vpn.set_l2tp_remote_access_secondary_wins_server(wins_srv2) # Set Maximum Transmission Unit (MTU <128..16384>) vpn.set_l2tp_remote_access_mtu(mtu) print "\n" print(">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if (status.eq(STATUS.OK)): print("<<< VPN configuration was successfully created") else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print("<<< VPN configuration was successfully read") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Delete VPN configuration from the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("VPN configuration successfully removed from '%s'" % (nodeName)) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print("No VPN configuration found") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print(">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if (status.eq(STATUS.OK)): print( "'%s' NETCONF node was successfully removed " "from the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print("\n") print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print(">>> Demo End")
def vr_demo_10(): f = "cfg4.yml" d = {} if load_dict_from_file(f, d) is False: print ("Config file '%s' read error: " % f) exit(0) try: ctrlIpAddr = d["ctrlIpAddr"] ctrlPortNum = d["ctrlPortNum"] ctrlUname = d["ctrlUname"] ctrlPswd = d["ctrlPswd"] nodeName = d["nodeName"] nodeIpAddr = d["nodeIpAddr"] nodePortNum = d["nodePortNum"] nodeUname = d["nodeUname"] nodePswd = d["nodePswd"] rundelay = d["rundelay"] except: print ("Failed to get Controller device attributes") exit(0) print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print ("<<< Demo Start") print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print ("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print ("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if status.eq(STATUS.NODE_CONFIGURED): node_configured = True print ("<<< '%s' is configured on the Controller" % nodeName) elif status.eq(STATUS.DATA_NOT_FOUND): node_configured = False else: print ("\n") print "Failed to get configuration status for the '%s'" % nodeName print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if status.eq(STATUS.OK): print ("<<< '%s' added to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print ("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if status.eq(STATUS.NODE_CONNECTED): print ("<<< '%s' is connected to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print ("\n") print ("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if status.eq(STATUS.OK): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif status.eq(STATUS.DATA_NOT_FOUND): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Create new VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # ------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group # ------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = "aes256" vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = "sha1" vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = "aes128" vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = "sha1" vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole IKE group lifetime = 3600 vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime) # ------------------------------------------------------------------------- # Create and configure Encapsulating Security Payload (ESP) group # ------------------------------------------------------------------------- esp_grp_name = "ESP-1W" # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 1 encryption_cipher = "aes256" vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = "sha1" vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = "3des" vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = "md5" vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole ESP group lifetime = 1800 vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime) # ------------------------------------------------------------------------- # Configure connection to a remote peer # ------------------------------------------------------------------------- peer_node = "192.0.2.33" description = "Site-to-Site VPN Configuration Example - " "Pre-Shared Key (PSK) Authentication" vpn.set_ipsec_site_to_site_peer_description(peer_node, description) # Set authentication mode to 'pre-shared-secret' auth_mode = "pre-shared-secret" vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode) # Provide the 'secret' that will be used to generate encryption keys secret = "test_key_1" vpn.set_ipsec_site_to_site_peer_auth_preshared_secret(peer_node, secret) # Specify the default ESP group for all tunnels esp_group_name = "ESP-1W" vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node, esp_group_name) # Specify the IKE group ike_group_name = "IKE-1W" vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name) # Identify the IP address on the vRouter to be used for this connection local_address = "192.0.2.1" vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address) # Create a tunnel configuration and provide local and remote subnets # for this tunnel tunnel = 1 local_prefix = "192.168.40.0/24" remote_prefix = "192.168.60.0/24" vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(peer_node, tunnel, local_prefix) vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(peer_node, tunnel, remote_prefix) print "\n" print (">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if status.eq(STATUS.OK): print ("<<< VPN configuration was successfully created") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if status.eq(STATUS.OK): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print ("<<< VPN configuration was successfully read") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) time.sleep(rundelay) print "\n" print ("<<< Delete VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if status.eq(STATUS.OK): print ("VPN configuration successfully removed from '%s'" % (nodeName)) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if status.eq(STATUS.OK): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif status.eq(STATUS.DATA_NOT_FOUND): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if status.eq(STATUS.OK): print ("'%s' NETCONF node was successfully removed " "from the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print ("\n") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print (">>> Demo End") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
l2tp_auth_mode, uname1, upswd1, uname2, upswd2, uname3, upswd3, dns_srv1, dns_srv2, wins_srv1, wins_srv2, mtu ) ) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # This VPN configuration description vpn.set_l2tp_remote_access_description(description) # Enable NAT traversal vpn.set_nat_traversal(nat_traversal) # Set the allowed subnets vpn.set_nat_allow_network(nat_allow_network) # Bind the L2TP server to the external IP address vpn.set_l2tp_remote_access_outside_address(external_ipaddr) # Set the next hop IP address for reaching the VPN clients vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
def vr_demo_11(): f = "cfg4.yml" d = {} if (load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print("Failed to get Controller device attributes") exit(0) print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print("<<< Demo Start") print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if (status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print("<<< '%s' is configured on the Controller" % nodeName) elif (status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print("\n") print "Failed to get configuration status for the '%s'" % nodeName print("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if (status.eq(STATUS.OK)): print("<<< '%s' added to the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if (status.eq(STATUS.NODE_CONNECTED)): print("<<< '%s' is connected to the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4) elif (status.eq(STATUS.DATA_NOT_FOUND)): print("No VPN configuration found") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print(">>> Create new VPN configuration on the '%s'" % (nodeName)) print( " NOTE: For this demo to succeed the local RSA key " "must exist on the '%s'\n" " (use the 'generate vpn rsa-key' command to create it)" % nodeName) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # ------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group # ------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = 'aes256' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = 'aes128' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole IKE group lifetime = 3600 vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime) # ------------------------------------------------------------------------- # Create and configure Encapsulating Security Payload (ESP) group # ------------------------------------------------------------------------- esp_grp_name = "ESP-1W" # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 1 encryption_cipher = 'aes256' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = '3des' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'md5' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole ESP group lifetime = 1800 vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime) # ------------------------------------------------------------------------- # Configure connection to a remote peer # ------------------------------------------------------------------------- peer_node = "192.0.2.33" description = ("Site-to-Site VPN Configuration Example - " "RSA Digital Signature Authentication") vpn.set_ipsec_site_to_site_peer_description(peer_node, description) # Set authentication mode to 'rsa' auth_mode = 'rsa' vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode) # Set the peer's RSA public key and specify that this key should be used # as the identifier for the peer's digital signature rsa_key_name = "EAST-PEER-key" rsa_key_value = "0sAQOVBIJL+rIkpTuwh8FPeceAF0bhgLr++" + \ "W51bOAIjFbRDbR8gX3Vlz6wiUbMgGwQxWlY" + \ "QiqsCeacicsfZx/amlEn9PkSE4e7tqK/JQo" + \ "40L5C7gcNM24mup1d+0WmN3zLb9Qhmq5q3p" + \ "NJxEwnVbPPQeIdZMJxnb1+lA8DPC3SIxJM/" + \ "3at1/KrwqCAhX3QNFY/zNmOtFogELCeyl4+" + \ "d54wQljA+3dwFAQ4bboJ7YIDs+rqORxWd3l" + \ "3I7IajT/pLrwr5eZ8OA9NtAedbMiCwxyuyU" + \ "bznxXZ8Z/MAi3xjL1pjYyWjNNiOij82QJfM" + \ "OrjoXVCfcPn96ZN+Jqk+KknoVeNDwzpoahF" + \ "OseJREeXzkw3/lkMN9N1" vpn.set_rsa_key(rsa_key_name, rsa_key_value) vpn.set_ipsec_site_to_site_peer_auth_rsa_key_name(peer_node, rsa_key_name) # Specify the default ESP group for all tunnels esp_group_name = 'ESP-1W' vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node, esp_group_name) # Specify the IKE group ike_group_name = 'IKE-1W' vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name) # Identify the IP address on the vRouter to be used for this connection local_address = '192.0.2.1' vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address) # Create a tunnel configuration and provide local and remote subnets # for this tunnel tunnel = 1 local_prefix = '192.168.40.0/24' remote_prefix = '192.168.60.0/24' vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix( peer_node, tunnel, local_prefix) vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix( peer_node, tunnel, remote_prefix) print "\n" print(">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if (status.eq(STATUS.OK)): print("<<< VPN configuration was successfully created") else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print("<<< VPN configuration was successfully read") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) time.sleep(rundelay) print "\n" print("<<< Delete VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("VPN configuration successfully removed from '%s'" % (nodeName)) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print("No VPN configuration found") else: print("\n") print("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print(">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if (status.eq(STATUS.OK)): print( "'%s' NETCONF node was successfully removed from the Controller" % nodeName) else: print("\n") print("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print("\n") print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print(">>> Demo End") print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
def vr_demo_9(): f = "cfg4.yml" d = {} if(load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print ("Failed to get Controller device attributes") exit(0) print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print ("<<< Demo Start") print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print ("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print ("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print ("<<< '%s' is configured on the Controller" % nodeName) elif(status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print ("\n") print "Failed to get configuration status for the '%s'" % nodeName print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< '%s' added to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print ("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONNECTED)): print ("<<< '%s' is connected to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print ("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Create new VPN configuration on the '%s'" % (nodeName)) description = ("Remote Access VPN Configuration Example - " "L2TP/IPsec with X.509 Certificates") external_ipaddr = "12.34.56.78" nexthop_ipaddr = "12.34.56.254" nat_traversal = True nat_allow_network = "192.168.100.0/24" client_ip_pool_start = "192.168.100.11" client_ip_pool_end = "192.168.100.210" ipsec_auth_mode = "x509" ca_cert_file = '/config/auth/ca.crt' srv_crt_file = '/config/auth/r1.crt' crl_file = '/config/auth/r1.crl' srv_key_file = '/config/auth/r1.key' srv_key_pswd = "testpassword" l2tp_auth_mode = "local" uname1 = "user1" upswd1 = "user1_password" uname2 = "user2" upswd2 = "user2_password" uname3 = "user3" upswd3 = "user3_password" print (" VPN options to be set:\n" " - Configuration description : '%s'\n" " - Server external address : '%s'\n" " - Next hop router address : '%s'\n" " - NAT_traversal : '%s'\n" " - NAT allowed networks : '%s'\n" " - Client addresses pool (start/end) : '%s'/'%s'\n" " - IPsec authentication mode : '%s'\n" " - CA Certificate location : '%s'\n" " - Server Certificate location : '%s'\n" " - Certificate Revocation List location : '%s'\n" " - Server Key file location : '%s'\n" " - Server Key file password : '******'\n" " - L2TP authentication mode : '%s'\n" " - Allowed users (name/password) : '%s'/'%s'\n" " '%s'/'%s'\n" " '%s'/'%s'" % (description, external_ipaddr, nexthop_ipaddr, "enabled" if nat_traversal else "disabled", nat_allow_network, client_ip_pool_start, client_ip_pool_end, ipsec_auth_mode, ca_cert_file, srv_crt_file, crl_file, srv_key_file, srv_key_pswd, l2tp_auth_mode, uname1, upswd1, uname2, upswd2, uname3, upswd3 ) ) print (" NOTE: For this demo to succeed the following files " "must exist on the '%s'\n" " (empty files can be created for the sake of the demo):\n" " %s\n" " %s\n" " %s\n" " %s" % (nodeName, ca_cert_file, srv_crt_file, crl_file, srv_key_file)) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # This VPN configuration description vpn.set_l2tp_remote_access_description(description) # Enable NAT traversal (this is mandatory) vpn.set_nat_traversal(nat_traversal) # Set the allowed subnets vpn.set_nat_allow_network(nat_allow_network) # Bind the L2TP server to the external IP address vpn.set_l2tp_remote_access_outside_address(external_ipaddr) # Set the next hop IP address for reaching the VPN clients vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr) # Set up the pool of IP addresses that remote VPN connections will assume. # In this example we make 100 addresses available (from .11 to .210) on # subnet 192.168.100.0/24 vpn.set_l2tp_remote_access_client_ip_pool(start=client_ip_pool_start, end=client_ip_pool_end) # Set the IPsec authentication mode to 'x509' vpn.set_l2tp_remote_access_ipsec_auth_mode(mode=ipsec_auth_mode) # Specify the location of the CA certificate vpn.set_l2tp_remote_access_ipsec_auth_ca_cert_file(ca_cert_file) # Specify the location of the server certificate vpn.set_l2tp_remote_access_ipsec_auth_srv_cert_file(srv_crt_file) # Specify the location of the certificate revocation list (CRL) file vpn.set_l2tp_remote_access_ipsec_auth_crl_file(path=crl_file) # Specify the location of the server key file vpn.set_l2tp_remote_access_ipsec_auth_srv_key_file(srv_key_file) # Specify the password for the server key file vpn.set_l2tp_remote_access_ipsec_auth_srv_key_pswd(srv_key_pswd) # Set the L2TP remote access user authentication mode to 'local' vpn.set_l2tp_remote_access_user_auth_mode(l2tp_auth_mode) # Set the L2TP remote access user credentials ('username'/'password') vpn.set_l2tp_remote_access_user(name=uname1, pswd=upswd1) vpn.set_l2tp_remote_access_user(name=uname2, pswd=upswd2) vpn.set_l2tp_remote_access_user(name=uname3, pswd=upswd3) print "\n" print (">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< VPN configuration was successfully created") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print ("<<< VPN configuration was successfully read") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Delete VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if(status.eq(STATUS.OK)): print ("VPN configuration successfully removed from '%s'" % (nodeName)) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("'%s' NETCONF node was successfully removed " "from the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print ("\n") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print (">>> Demo End")
print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Create new VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # ------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group # ------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = 'aes256' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1')
def vr_demo_8(): f = "cfg4.yml" d = {} if(load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print ("Failed to get Controller device attributes") exit(0) print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print ("<<< Demo Start") print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print ("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print ("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print ("<<< '%s' is configured on the Controller" % nodeName) elif(status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print ("\n") print "Failed to get configuration status for the '%s'" % nodeName print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< '%s' added to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print ("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONNECTED)): print ("<<< '%s' is connected to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print ("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Create new VPN configuration on the '%s'" % (nodeName)) description = ("Remote Access VPN Configuration Example - " "L2TP/IPsec with Pre-Shared Key") external_ipaddr = "12.34.56.78" nexthop_ipaddr = "12.34.56.254" nat_traversal = True nat_allow_network = "192.168.100.0/24" client_ip_pool_start = "192.168.100.11" client_ip_pool_end = "192.168.100.210" ipsec_auth_mode = "pre-shared-secret" ipsec_auth_secret = "!secrettext!" l2tp_auth_mode = "local" uname1 = "user1" upswd1 = "user1_password" uname2 = "user2" upswd2 = "user2_password" uname3 = "user3" upswd3 = "user3_password" dns_srv1 = "192.168.100.1" dns_srv2 = "192.168.100.2" wins_srv1 = "192.168.100.3" wins_srv2 = "192.168.100.4" mtu = "16384" print (" VPN options to be set:\n" " - Configuration description : '%s'\n" " - Server external address : '%s'\n" " - Next hop router address : '%s'\n" " - NAT_traversal : '%s'\n" " - NAT allowed networks : '%s'\n" " - Client addresses pool (start/end) : '%s'/'%s'\n" " - IPsec authentication (mode/secret) : '%s'/'%s'\n" " - L2TP authentication mode : '%s'\n" " - Allowed users (name/password) : '%s'/'%s'\n" " '%s'/'%s'\n" " '%s'/'%s'\n" " - DNS servers (primary/secondary) : '%s'/'%s'\n" " - WINS servers (primary/secondary) : '%s'/'%s'\n" " - Maximum Transmission Unit : '%s'\n" % (description, external_ipaddr, nexthop_ipaddr, "enabled" if nat_traversal else "disabled", nat_allow_network, client_ip_pool_start, client_ip_pool_end, ipsec_auth_mode, ipsec_auth_secret, l2tp_auth_mode, uname1, upswd1, uname2, upswd2, uname3, upswd3, dns_srv1, dns_srv2, wins_srv1, wins_srv2, mtu ) ) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # This VPN configuration description vpn.set_l2tp_remote_access_description(description) # Enable NAT traversal vpn.set_nat_traversal(nat_traversal) # Set the allowed subnets vpn.set_nat_allow_network(nat_allow_network) # Bind the L2TP server to the external IP address vpn.set_l2tp_remote_access_outside_address(external_ipaddr) # Set the next hop IP address for reaching the VPN clients vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr) # Set up the pool of IP addresses that remote VPN connections will assume. # In this example we make 100 addresses available (from .11 to .210) on # subnet 192.168.100.0/24 vpn.set_l2tp_remote_access_client_ip_pool(start=client_ip_pool_start, end=client_ip_pool_end) # Set the IPsec authentication mode to 'pre-shared-secret' vpn.set_l2tp_remote_access_ipsec_auth_mode(mode=ipsec_auth_mode) # Set the 'pre-shared-secret' value func = vpn.set_l2tp_remote_access_ipsec_auth_pre_shared_secret func(secret=ipsec_auth_secret) # Set the L2TP remote access user authentication mode to 'local' vpn.set_l2tp_remote_access_user_auth_mode(l2tp_auth_mode) # Set the L2TP remote access user credentials ('username'/'password') vpn.set_l2tp_remote_access_user(name=uname1, pswd=upswd1) vpn.set_l2tp_remote_access_user(name=uname2, pswd=upswd2) vpn.set_l2tp_remote_access_user(name=uname3, pswd=upswd3) # Set 'primary' and 'secondary' DNS servers vpn.set_l2tp_remote_access_primary_dns_server(dns_srv1) vpn.set_l2tp_remote_access_secondary_dns_server(dns_srv2) # Set 'primary' and 'secondary' WINS servers vpn.set_l2tp_remote_access_primary_wins_server(wins_srv1) vpn.set_l2tp_remote_access_secondary_wins_server(wins_srv2) # Set Maximum Transmission Unit (MTU <128..16384>) vpn.set_l2tp_remote_access_mtu(mtu) print "\n" print (">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< VPN configuration was successfully created") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print ("<<< VPN configuration was successfully read") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Delete VPN configuration from the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if(status.eq(STATUS.OK)): print ("VPN configuration successfully removed from '%s'" % (nodeName)) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("'%s' NETCONF node was successfully removed " "from the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print ("\n") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print (">>> Demo End")
def vr_demo_11(): f = "cfg4.yml" d = {} if(load_dict_from_file(f, d) is False): print("Config file '%s' read error: " % f) exit() try: ctrlIpAddr = d['ctrlIpAddr'] ctrlPortNum = d['ctrlPortNum'] ctrlUname = d['ctrlUname'] ctrlPswd = d['ctrlPswd'] nodeName = d['nodeName'] nodeIpAddr = d['nodeIpAddr'] nodePortNum = d['nodePortNum'] nodeUname = d['nodeUname'] nodePswd = d['nodePswd'] rundelay = d['rundelay'] except: print ("Failed to get Controller device attributes") exit(0) print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") print ("<<< Demo Start") print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<") ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd) vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd) print ("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr)) print ("\n") time.sleep(rundelay) node_configured = False result = ctrl.check_node_config_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONFIGURED)): node_configured = True print ("<<< '%s' is configured on the Controller" % nodeName) elif(status.eq(STATUS.DATA_NOT_FOUND)): node_configured = False else: print ("\n") print "Failed to get configuration status for the '%s'" % nodeName print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) if node_configured is False: result = ctrl.add_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< '%s' added to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) exit(0) print ("\n") time.sleep(rundelay) result = ctrl.check_node_conn_status(nodeName) status = result.get_status() if(status.eq(STATUS.NODE_CONNECTED)): print ("<<< '%s' is connected to the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) exit(0) print("\n") print ("<<< Show VPN configuration on the '%s'" % nodeName) result = vrouter.get_vpn_cfg() time.sleep(rundelay) status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Create new VPN configuration on the '%s'" % (nodeName)) print (" NOTE: For this demo to succeed the local RSA key " "must exist on the '%s'\n" " (use the 'generate vpn rsa-key' command to create it)" % nodeName) time.sleep(rundelay) # ------------------------------------------------------------------------- # Encode VPN configuration options by using 'Vpn' object # ------------------------------------------------------------------------- vpn = Vpn() # ------------------------------------------------------------------------- # Create and configure Internet Key Exchange (IKE) group # ------------------------------------------------------------------------- ike_grp_name = "IKE-1W" proposal_num = 1 # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') encryption_cipher = 'aes256' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = 'aes128' vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole IKE group lifetime = 3600 vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime) # ------------------------------------------------------------------------- # Create and configure Encapsulating Security Payload (ESP) group # ------------------------------------------------------------------------- esp_grp_name = "ESP-1W" # Set the encryption cipher for proposal 1 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 1 encryption_cipher = 'aes256' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 1 # (enumeration: 'md5', 'sha1') hash_algorithm = 'sha1' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the encryption cipher for proposal 2 # (enumeration: 'aes128', 'aes256', '3des') proposal_num = 2 encryption_cipher = '3des' vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher) # Set the hash algorithm for proposal 2 # (enumeration: 'md5', 'sha1') hash_algorithm = 'md5' vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm) # Set the lifetime for the whole ESP group lifetime = 1800 vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime) # ------------------------------------------------------------------------- # Configure connection to a remote peer # ------------------------------------------------------------------------- peer_node = "192.0.2.33" description = ("Site-to-Site VPN Configuration Example - " "RSA Digital Signature Authentication") vpn.set_ipsec_site_to_site_peer_description(peer_node, description) # Set authentication mode to 'rsa' auth_mode = 'rsa' vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode) # Set the peer's RSA public key and specify that this key should be used # as the identifier for the peer's digital signature rsa_key_name = "EAST-PEER-key" rsa_key_value = "0sAQOVBIJL+rIkpTuwh8FPeceAF0bhgLr++" + \ "W51bOAIjFbRDbR8gX3Vlz6wiUbMgGwQxWlY" + \ "QiqsCeacicsfZx/amlEn9PkSE4e7tqK/JQo" + \ "40L5C7gcNM24mup1d+0WmN3zLb9Qhmq5q3p" + \ "NJxEwnVbPPQeIdZMJxnb1+lA8DPC3SIxJM/" + \ "3at1/KrwqCAhX3QNFY/zNmOtFogELCeyl4+" + \ "d54wQljA+3dwFAQ4bboJ7YIDs+rqORxWd3l" + \ "3I7IajT/pLrwr5eZ8OA9NtAedbMiCwxyuyU" + \ "bznxXZ8Z/MAi3xjL1pjYyWjNNiOij82QJfM" + \ "OrjoXVCfcPn96ZN+Jqk+KknoVeNDwzpoahF" + \ "OseJREeXzkw3/lkMN9N1" vpn.set_rsa_key(rsa_key_name, rsa_key_value) vpn.set_ipsec_site_to_site_peer_auth_rsa_key_name(peer_node, rsa_key_name) # Specify the default ESP group for all tunnels esp_group_name = 'ESP-1W' vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node, esp_group_name) # Specify the IKE group ike_group_name = 'IKE-1W' vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name) # Identify the IP address on the vRouter to be used for this connection local_address = '192.0.2.1' vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address) # Create a tunnel configuration and provide local and remote subnets # for this tunnel tunnel = 1 local_prefix = '192.168.40.0/24' remote_prefix = '192.168.60.0/24' vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(peer_node, tunnel, local_prefix) vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(peer_node, tunnel, remote_prefix) print "\n" print (">>> VPN configuration to be applied to the '%s'" % (nodeName)) print vpn.get_payload() time.sleep(rundelay) result = vrouter.set_vpn_cfg(vpn) status = result.get_status() if(status.eq(STATUS.OK)): print ("<<< VPN configuration was successfully created") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) print ("<<< VPN configuration was successfully read") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) time.sleep(rundelay) print "\n" print ("<<< Delete VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.delete_vpn_cfg() status = result.get_status() if(status.eq(STATUS.OK)): print ("VPN configuration successfully removed from '%s'" % (nodeName)) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief().lower()) print status.detailed() ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print ("<<< Show VPN configuration on the '%s'" % (nodeName)) time.sleep(rundelay) result = vrouter.get_vpn_cfg() status = result.get_status() if (status.eq(STATUS.OK)): print ("'%s' VPN configuration:" % nodeName) cfg = result.get_data() data = json.loads(cfg) print json.dumps(data, indent=4, sort_keys=True) elif (status.eq(STATUS.DATA_NOT_FOUND)): print ("No VPN configuration found") else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.detailed()) ctrl.delete_netconf_node(vrouter) exit(0) print "\n" print (">>> Remove '%s' NETCONF node from the Controller" % nodeName) time.sleep(rundelay) result = ctrl.delete_netconf_node(vrouter) status = result.get_status() if(status.eq(STATUS.OK)): print ("'%s' NETCONF node was successfully removed from the Controller" % nodeName) else: print ("\n") print ("!!!Demo terminated, reason: %s" % status.brief()) exit(0) print ("\n") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") print (">>> Demo End") print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")