Exemple #1
0
 print (" NOTE: For this demo to succeed the following files must exist on the '%s'\n"
        "       (empty files can be created for the sake of the demo):\n"
        "         %s\n"
        "         %s\n"
        "         %s\n"
        "         %s" 
        % (nodeName, ca_cert_file, srv_crt_file, crl_file, srv_key_file))
 
 
 time.sleep(rundelay)
 
 
 #-------------------------------------------------------------------------
 # Encode VPN configuration options by using 'Vpn' object
 #-------------------------------------------------------------------------
 vpn = Vpn()
 
 # This VPN configuration description
 vpn.set_l2tp_remote_access_description(description)
 
 # Enable NAT traversal (this is mandatory)
 vpn.set_nat_traversal(nat_traversal)
 
 # Set the allowed subnets
 vpn.set_nat_allow_network(nat_allow_network)
 
 # Bind the L2TP server to the external IP address
 vpn.set_l2tp_remote_access_outside_address(external_ipaddr)
 
 # Set the next hop IP address for reaching the VPN clients
 vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
Exemple #2
0
 srv_key_file = '/config/auth/r1.key'
 print (" NOTE: For this demo to succeed the following files must exist on the '%s'\n"
        "       (empty files can be created for the sake of the demo):\n"
        "         %s\n"
        "         %s\n"
        "         %s"
        % (nodeName, ca_cert_file, srv_cert_file, srv_key_file))
 
 
 time.sleep(rundelay)
 
 
 #-------------------------------------------------------------------------
 # Encode VPN configuration options by using 'Vpn' object
 #-------------------------------------------------------------------------
 vpn = Vpn()
 
 #-------------------------------------------------------------------------
 # Create and configure Internet Key Exchange (IKE) group
 #-------------------------------------------------------------------------
 ike_grp_name = "IKE-1W"
 proposal_num = 1
 
 # Set the encryption cipher for proposal 1
 # (enumeration: 'aes128', 'aes256', '3des')
 encryption_cipher = 'aes256'
 vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher)
 
 # Set the hash algorithm for proposal 1
 # (enumeration: 'md5', 'sha1')
 hash_algorith = 'sha1'
Exemple #3
0
def vr_demo_12():

    f = "cfg4.yml"
    d = {}
    if (load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print("Failed to get Controller device attributes")
        exit(0)

    print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print("<<< Demo Start")
    print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname,
                          nodePswd)
    print("<<< 'Controller': %s, '%s': %s" %
          (ctrlIpAddr, nodeName, nodeIpAddr))

    print("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if (status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print("<<< '%s' is configured on the Controller" % nodeName)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if (status.eq(STATUS.OK)):
            print("<<< '%s' added to the Controller" % nodeName)
        else:
            print("\n")
            print("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if (status.eq(STATUS.NODE_CONNECTED)):
        print("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print("No VPN configuration found")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print(">>> Create new VPN configuration on the '%s'" % (nodeName))

    ca_cert_file = '/config/auth/ca.crt'
    srv_cert_file = '/config/auth/r1.crt'
    srv_key_file = '/config/auth/r1.key'
    crl_file = '/config/auth/r1.crl'
    print(
        " NOTE: For this demo to succeed the following files "
        "must exist on the '%s'\n"
        "       (empty files can be created for the sake of the demo):\n"
        "         %s\n"
        "         %s\n"
        "         %s\n"
        "         %s" %
        (nodeName, ca_cert_file, srv_cert_file, crl_file, srv_key_file))

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # -------------------------------------------------------------------------
    # Create and configure Internet Key Exchange (IKE) group
    # -------------------------------------------------------------------------
    ike_grp_name = "IKE-1W"
    proposal_num = 1

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    encryption_cipher = 'aes256'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = 'aes128'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole IKE group
    lifetime = 3600
    vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Create and configure Encapsulating Security Payload (ESP) group
    # -------------------------------------------------------------------------
    esp_grp_name = "ESP-1W"

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 1
    encryption_cipher = 'aes256'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = '3des'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'md5'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole ESP group
    lifetime = 1800
    vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Configure connection to a remote peer
    # -------------------------------------------------------------------------
    peer_node = "192.0.2.33"
    description = ("Site-to-Site VPN Configuration Example - "
                   "X.509 Certificate Authentication")
    vpn.set_ipsec_site_to_site_peer_description(peer_node, description)

    # Set authentication mode to 'x509'
    auth_mode = 'x509'
    vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode)

    # Specify the 'distinguished name' of the certificate for the peer
    remote_id = "C=US, ST=CA, O=ABC Company, CN=east, [email protected]"
    vpn.set_ipsec_site_to_site_peer_auth_remote_id(peer_node, remote_id)

    # Specify the location of the CA certificate on the vRouter
    vpn.set_ipsec_site_to_site_peer_auth_ca_cert_file(peer_node, ca_cert_file)

    # Specify the location of the server certificate on the vRouter
    vpn.set_ipsec_site_to_site_peer_auth_srv_cert_file(peer_node,
                                                       srv_cert_file)

    # Specify the location of the server key file on the vRouter
    vpn.set_ipsec_site_to_site_peer_auth_srv_key_file(peer_node, srv_key_file)

    # Specify the password for the server key file
    srv_key_pswd = 'testpassword'
    vpn.set_ipsec_site_to_site_peer_auth_srv_key_pswd(peer_node, srv_key_pswd)

    # Specify the default ESP group for all tunnels
    esp_group_name = 'ESP-1W'
    vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node,
                                                      esp_group_name)

    # Specify the IKE group
    ike_group_name = 'IKE-1W'
    vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name)

    # Identify the IP address on the vRouter to be used for this connection
    local_address = '192.0.2.1'
    vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address)

    # Create a tunnel configuration and provide local and remote subnets
    # for this tunnel
    tunnel = 1
    local_prefix = '192.168.40.0/24'
    remote_prefix = '192.168.60.0/24'
    vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(
        peer_node, tunnel, local_prefix)
    vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(
        peer_node, tunnel, remote_prefix)

    print "\n"
    print(">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)

    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("<<< VPN configuration was successfully created")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print("<<< VPN configuration was successfully read")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    time.sleep(rundelay)

    print "\n"
    print("<<< Delete VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print("No VPN configuration found")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print(">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print(
            "'%s' NETCONF node was successfully removed "
            "from the Controller" % nodeName)
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print("\n")
    print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print(">>> Demo End")
    print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
Exemple #4
0
def vr_demo_12():

    f = "cfg4.yml"
    d = {}
    if(load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print ("Failed to get Controller device attributes")
        exit(0)

    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print ("<<< Demo Start")
    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum,
                          nodeUname, nodePswd)
    print ("<<< 'Controller': %s, '%s': %s"
           % (ctrlIpAddr, nodeName, nodeIpAddr))

    print ("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print ("<<< '%s' is configured on the Controller" % nodeName)
    elif(status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print ("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if(status.eq(STATUS.OK)):
            print ("<<< '%s' added to the Controller" % nodeName)
        else:
            print ("\n")
            print ("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print ("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONNECTED)):
        print ("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print ("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Create new VPN configuration on the '%s'" % (nodeName))

    ca_cert_file = '/config/auth/ca.crt'
    srv_cert_file = '/config/auth/r1.crt'
    srv_key_file = '/config/auth/r1.key'
    crl_file = '/config/auth/r1.crl'
    print (" NOTE: For this demo to succeed the following files "
           "must exist on the '%s'\n"
           "       (empty files can be created for the sake of the demo):\n"
           "         %s\n"
           "         %s\n"
           "         %s\n"
           "         %s"
           % (nodeName, ca_cert_file, srv_cert_file, crl_file, srv_key_file))

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # -------------------------------------------------------------------------
    # Create and configure Internet Key Exchange (IKE) group
    # -------------------------------------------------------------------------
    ike_grp_name = "IKE-1W"
    proposal_num = 1

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    encryption_cipher = 'aes256'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = 'aes128'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole IKE group
    lifetime = 3600
    vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Create and configure Encapsulating Security Payload (ESP) group
    # -------------------------------------------------------------------------
    esp_grp_name = "ESP-1W"

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 1
    encryption_cipher = 'aes256'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = '3des'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'md5'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole ESP group
    lifetime = 1800
    vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Configure connection to a remote peer
    # -------------------------------------------------------------------------
    peer_node = "192.0.2.33"
    description = ("Site-to-Site VPN Configuration Example - "
                   "X.509 Certificate Authentication")
    vpn.set_ipsec_site_to_site_peer_description(peer_node, description)

    # Set authentication mode to 'x509'
    auth_mode = 'x509'
    vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode)

    # Specify the 'distinguished name' of the certificate for the peer
    remote_id = "C=US, ST=CA, O=ABC Company, CN=east, [email protected]"
    vpn.set_ipsec_site_to_site_peer_auth_remote_id(peer_node, remote_id)

    # Specify the location of the CA certificate on the vRouter
    vpn.set_ipsec_site_to_site_peer_auth_ca_cert_file(peer_node, ca_cert_file)

    # Specify the location of the server certificate on the vRouter
    vpn.set_ipsec_site_to_site_peer_auth_srv_cert_file(peer_node,
                                                       srv_cert_file)

    # Specify the location of the server key file on the vRouter
    vpn.set_ipsec_site_to_site_peer_auth_srv_key_file(peer_node, srv_key_file)

    # Specify the password for the server key file
    srv_key_pswd = 'testpassword'
    vpn.set_ipsec_site_to_site_peer_auth_srv_key_pswd(peer_node, srv_key_pswd)

    # Specify the default ESP group for all tunnels
    esp_group_name = 'ESP-1W'
    vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node,
                                                      esp_group_name)

    # Specify the IKE group
    ike_group_name = 'IKE-1W'
    vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name)

    # Identify the IP address on the vRouter to be used for this connection
    local_address = '192.0.2.1'
    vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address)

    # Create a tunnel configuration and provide local and remote subnets
    # for this tunnel
    tunnel = 1
    local_prefix = '192.168.40.0/24'
    remote_prefix = '192.168.60.0/24'
    vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(peer_node, tunnel,
                                                        local_prefix)
    vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(peer_node, tunnel,
                                                         remote_prefix)

    print "\n"
    print (">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)

    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("<<< VPN configuration was successfully created")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print ("<<< VPN configuration was successfully read")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    time.sleep(rundelay)

    print "\n"
    print ("<<< Delete VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("'%s' NETCONF node was successfully removed "
               "from the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print ("\n")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print (">>> Demo End")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
Exemple #5
0
def vr_demo_8():

    f = "cfg4.yml"
    d = {}
    if (load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print("Failed to get Controller device attributes")
        exit(0)

    print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print("<<< Demo Start")
    print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname,
                          nodePswd)
    print("<<< 'Controller': %s, '%s': %s" %
          (ctrlIpAddr, nodeName, nodeIpAddr))

    print("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if (status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print("<<< '%s' is configured on the Controller" % nodeName)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if (status.eq(STATUS.OK)):
            print("<<< '%s' added to the Controller" % nodeName)
        else:
            print("\n")
            print("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if (status.eq(STATUS.NODE_CONNECTED)):
        print("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print("No VPN configuration found")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print(">>> Create new VPN configuration on the '%s'" % (nodeName))
    description = ("Remote Access VPN Configuration Example - "
                   "L2TP/IPsec with Pre-Shared Key")
    external_ipaddr = "12.34.56.78"
    nexthop_ipaddr = "12.34.56.254"
    nat_traversal = True
    nat_allow_network = "192.168.100.0/24"
    client_ip_pool_start = "192.168.100.11"
    client_ip_pool_end = "192.168.100.210"
    ipsec_auth_mode = "pre-shared-secret"
    ipsec_auth_secret = "!secrettext!"
    l2tp_auth_mode = "local"
    uname1 = "user1"
    upswd1 = "user1_password"
    uname2 = "user2"
    upswd2 = "user2_password"
    uname3 = "user3"
    upswd3 = "user3_password"
    dns_srv1 = "192.168.100.1"
    dns_srv2 = "192.168.100.2"
    wins_srv1 = "192.168.100.3"
    wins_srv2 = "192.168.100.4"
    mtu = "16384"
    print(
        " VPN options to be set:\n"
        "   - Configuration description            : '%s'\n"
        "   - Server external address              : '%s'\n"
        "   - Next hop router address              : '%s'\n"
        "   - NAT_traversal                        : '%s'\n"
        "   - NAT allowed networks                 : '%s'\n"
        "   - Client addresses pool (start/end)    : '%s'/'%s'\n"
        "   - IPsec authentication (mode/secret)   : '%s'/'%s'\n"
        "   - L2TP authentication  mode            : '%s'\n"
        "   - Allowed users (name/password)        : '%s'/'%s'\n"
        "                                            '%s'/'%s'\n"
        "                                            '%s'/'%s'\n"
        "   - DNS servers (primary/secondary)      : '%s'/'%s'\n"
        "   - WINS servers (primary/secondary)     : '%s'/'%s'\n"
        "   - Maximum Transmission Unit            : '%s'\n" %
        (description, external_ipaddr, nexthop_ipaddr,
         "enabled" if nat_traversal else "disabled", nat_allow_network,
         client_ip_pool_start, client_ip_pool_end, ipsec_auth_mode,
         ipsec_auth_secret, l2tp_auth_mode, uname1, upswd1, uname2, upswd2,
         uname3, upswd3, dns_srv1, dns_srv2, wins_srv1, wins_srv2, mtu))

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # This VPN configuration description
    vpn.set_l2tp_remote_access_description(description)

    # Enable NAT traversal
    vpn.set_nat_traversal(nat_traversal)

    # Set the allowed subnets
    vpn.set_nat_allow_network(nat_allow_network)

    # Bind the L2TP server to the external IP address
    vpn.set_l2tp_remote_access_outside_address(external_ipaddr)

    # Set the next hop IP address for reaching the VPN clients
    vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)

    # Set up the pool of IP addresses that remote VPN connections will assume.
    # In this example we make 100 addresses available (from .11 to .210) on
    # subnet  192.168.100.0/24
    vpn.set_l2tp_remote_access_client_ip_pool(start=client_ip_pool_start,
                                              end=client_ip_pool_end)

    # Set the IPsec authentication mode to 'pre-shared-secret'
    vpn.set_l2tp_remote_access_ipsec_auth_mode(mode=ipsec_auth_mode)

    # Set the 'pre-shared-secret' value
    func = vpn.set_l2tp_remote_access_ipsec_auth_pre_shared_secret
    func(secret=ipsec_auth_secret)

    # Set the L2TP remote access user authentication mode to 'local'
    vpn.set_l2tp_remote_access_user_auth_mode(l2tp_auth_mode)

    # Set the L2TP remote access user credentials ('username'/'password')
    vpn.set_l2tp_remote_access_user(name=uname1, pswd=upswd1)
    vpn.set_l2tp_remote_access_user(name=uname2, pswd=upswd2)
    vpn.set_l2tp_remote_access_user(name=uname3, pswd=upswd3)

    # Set 'primary' and 'secondary' DNS servers
    vpn.set_l2tp_remote_access_primary_dns_server(dns_srv1)
    vpn.set_l2tp_remote_access_secondary_dns_server(dns_srv2)

    # Set 'primary' and 'secondary' WINS servers
    vpn.set_l2tp_remote_access_primary_wins_server(wins_srv1)
    vpn.set_l2tp_remote_access_secondary_wins_server(wins_srv2)

    # Set Maximum Transmission Unit (MTU <128..16384>)
    vpn.set_l2tp_remote_access_mtu(mtu)

    print "\n"
    print(">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)
    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("<<< VPN configuration was successfully created")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print("<<< VPN configuration was successfully read")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Delete VPN configuration from the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print("No VPN configuration found")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print(">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print(
            "'%s' NETCONF node was successfully removed "
            "from the Controller" % nodeName)
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print("\n")
    print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print(">>> Demo End")
Exemple #6
0
def vr_demo_10():

    f = "cfg4.yml"
    d = {}
    if load_dict_from_file(f, d) is False:
        print ("Config file '%s' read error: " % f)
        exit(0)

    try:
        ctrlIpAddr = d["ctrlIpAddr"]
        ctrlPortNum = d["ctrlPortNum"]
        ctrlUname = d["ctrlUname"]
        ctrlPswd = d["ctrlPswd"]

        nodeName = d["nodeName"]
        nodeIpAddr = d["nodeIpAddr"]
        nodePortNum = d["nodePortNum"]
        nodeUname = d["nodeUname"]
        nodePswd = d["nodePswd"]
        rundelay = d["rundelay"]
    except:
        print ("Failed to get Controller device attributes")
        exit(0)

    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print ("<<< Demo Start")
    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname, nodePswd)
    print ("<<< 'Controller': %s, '%s': %s" % (ctrlIpAddr, nodeName, nodeIpAddr))

    print ("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if status.eq(STATUS.NODE_CONFIGURED):
        node_configured = True
        print ("<<< '%s' is configured on the Controller" % nodeName)
    elif status.eq(STATUS.DATA_NOT_FOUND):
        node_configured = False
    else:
        print ("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if status.eq(STATUS.OK):
            print ("<<< '%s' added to the Controller" % nodeName)
        else:
            print ("\n")
            print ("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print ("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if status.eq(STATUS.NODE_CONNECTED):
        print ("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print ("\n")
    print ("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if status.eq(STATUS.OK):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif status.eq(STATUS.DATA_NOT_FOUND):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Create new VPN configuration on the '%s'" % (nodeName))

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # -------------------------------------------------------------------------
    # Create and configure Internet Key Exchange (IKE) group
    # -------------------------------------------------------------------------
    ike_grp_name = "IKE-1W"
    proposal_num = 1

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    encryption_cipher = "aes256"
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = "sha1"
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = "aes128"
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num, encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = "sha1"
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num, hash_algorithm)

    # Set the lifetime for the whole IKE group
    lifetime = 3600
    vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Create and configure Encapsulating Security Payload (ESP) group
    # -------------------------------------------------------------------------
    esp_grp_name = "ESP-1W"

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 1
    encryption_cipher = "aes256"
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = "sha1"
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = "3des"
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num, encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = "md5"
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num, hash_algorithm)

    # Set the lifetime for the whole ESP group
    lifetime = 1800
    vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Configure connection to a remote peer
    # -------------------------------------------------------------------------
    peer_node = "192.0.2.33"
    description = "Site-to-Site VPN Configuration Example - " "Pre-Shared Key (PSK) Authentication"
    vpn.set_ipsec_site_to_site_peer_description(peer_node, description)

    # Set authentication mode to 'pre-shared-secret'
    auth_mode = "pre-shared-secret"
    vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode)

    # Provide the 'secret' that will be used to generate encryption keys
    secret = "test_key_1"
    vpn.set_ipsec_site_to_site_peer_auth_preshared_secret(peer_node, secret)

    # Specify the default ESP group for all tunnels
    esp_group_name = "ESP-1W"
    vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node, esp_group_name)

    # Specify the IKE group
    ike_group_name = "IKE-1W"
    vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name)

    # Identify the IP address on the vRouter to be used for this connection
    local_address = "192.0.2.1"
    vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address)

    # Create a tunnel configuration and provide local and remote subnets
    # for this tunnel
    tunnel = 1
    local_prefix = "192.168.40.0/24"
    remote_prefix = "192.168.60.0/24"
    vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(peer_node, tunnel, local_prefix)
    vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(peer_node, tunnel, remote_prefix)

    print "\n"
    print (">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)

    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if status.eq(STATUS.OK):
        print ("<<< VPN configuration was successfully created")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if status.eq(STATUS.OK):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print ("<<< VPN configuration was successfully read")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    time.sleep(rundelay)

    print "\n"
    print ("<<< Delete VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if status.eq(STATUS.OK):
        print ("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if status.eq(STATUS.OK):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif status.eq(STATUS.DATA_NOT_FOUND):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if status.eq(STATUS.OK):
        print ("'%s' NETCONF node was successfully removed " "from the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print ("\n")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print (">>> Demo End")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
Exemple #7
0
              l2tp_auth_mode,
              uname1, upswd1,
              uname2, upswd2,
              uname3, upswd3,
              dns_srv1, dns_srv2,
              wins_srv1, wins_srv2,
              mtu
              )
           )

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # This VPN configuration description
    vpn.set_l2tp_remote_access_description(description)

    # Enable NAT traversal
    vpn.set_nat_traversal(nat_traversal)

    # Set the allowed subnets
    vpn.set_nat_allow_network(nat_allow_network)

    # Bind the L2TP server to the external IP address
    vpn.set_l2tp_remote_access_outside_address(external_ipaddr)

    # Set the next hop IP address for reaching the VPN clients
    vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)
Exemple #8
0
def vr_demo_11():

    f = "cfg4.yml"
    d = {}
    if (load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print("Failed to get Controller device attributes")
        exit(0)

    print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print("<<< Demo Start")
    print("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum, nodeUname,
                          nodePswd)
    print("<<< 'Controller': %s, '%s': %s" %
          (ctrlIpAddr, nodeName, nodeIpAddr))

    print("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if (status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print("<<< '%s' is configured on the Controller" % nodeName)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if (status.eq(STATUS.OK)):
            print("<<< '%s' added to the Controller" % nodeName)
        else:
            print("\n")
            print("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if (status.eq(STATUS.NODE_CONNECTED)):
        print("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print("No VPN configuration found")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print(">>> Create new VPN configuration on the '%s'" % (nodeName))
    print(
        " NOTE: For this demo to succeed the local RSA key "
        "must exist on the '%s'\n"
        "       (use the 'generate vpn rsa-key' command to create it)" %
        nodeName)

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # -------------------------------------------------------------------------
    # Create and configure Internet Key Exchange (IKE) group
    # -------------------------------------------------------------------------
    ike_grp_name = "IKE-1W"
    proposal_num = 1

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    encryption_cipher = 'aes256'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = 'aes128'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole IKE group
    lifetime = 3600
    vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Create and configure Encapsulating Security Payload (ESP) group
    # -------------------------------------------------------------------------
    esp_grp_name = "ESP-1W"

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 1
    encryption_cipher = 'aes256'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = '3des'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'md5'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole ESP group
    lifetime = 1800
    vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Configure connection to a remote peer
    # -------------------------------------------------------------------------
    peer_node = "192.0.2.33"
    description = ("Site-to-Site VPN Configuration Example - "
                   "RSA Digital Signature Authentication")
    vpn.set_ipsec_site_to_site_peer_description(peer_node, description)

    # Set authentication mode to 'rsa'
    auth_mode = 'rsa'
    vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode)

    # Set the peer's RSA public key and specify that this key should be used
    # as the identifier for the peer's digital signature
    rsa_key_name = "EAST-PEER-key"
    rsa_key_value = "0sAQOVBIJL+rIkpTuwh8FPeceAF0bhgLr++" + \
                    "W51bOAIjFbRDbR8gX3Vlz6wiUbMgGwQxWlY" + \
                    "QiqsCeacicsfZx/amlEn9PkSE4e7tqK/JQo" + \
                    "40L5C7gcNM24mup1d+0WmN3zLb9Qhmq5q3p" + \
                    "NJxEwnVbPPQeIdZMJxnb1+lA8DPC3SIxJM/" + \
                    "3at1/KrwqCAhX3QNFY/zNmOtFogELCeyl4+" + \
                    "d54wQljA+3dwFAQ4bboJ7YIDs+rqORxWd3l" + \
                    "3I7IajT/pLrwr5eZ8OA9NtAedbMiCwxyuyU" + \
                    "bznxXZ8Z/MAi3xjL1pjYyWjNNiOij82QJfM" + \
                    "OrjoXVCfcPn96ZN+Jqk+KknoVeNDwzpoahF" + \
                    "OseJREeXzkw3/lkMN9N1"
    vpn.set_rsa_key(rsa_key_name, rsa_key_value)
    vpn.set_ipsec_site_to_site_peer_auth_rsa_key_name(peer_node, rsa_key_name)

    # Specify the default ESP group for all tunnels
    esp_group_name = 'ESP-1W'
    vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node,
                                                      esp_group_name)

    # Specify the IKE group
    ike_group_name = 'IKE-1W'
    vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name)

    # Identify the IP address on the vRouter to be used for this connection
    local_address = '192.0.2.1'
    vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address)

    # Create a tunnel configuration and provide local and remote subnets
    # for this tunnel
    tunnel = 1
    local_prefix = '192.168.40.0/24'
    remote_prefix = '192.168.60.0/24'
    vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(
        peer_node, tunnel, local_prefix)
    vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(
        peer_node, tunnel, remote_prefix)

    print "\n"
    print(">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)
    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("<<< VPN configuration was successfully created")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print("<<< VPN configuration was successfully read")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    time.sleep(rundelay)

    print "\n"
    print("<<< Delete VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print("No VPN configuration found")
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print(">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print(
            "'%s' NETCONF node was successfully removed from the Controller" %
            nodeName)
    else:
        print("\n")
        print("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print("\n")
    print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print(">>> Demo End")
    print(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
Exemple #9
0
def vr_demo_9():

    f = "cfg4.yml"
    d = {}
    if(load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print ("Failed to get Controller device attributes")
        exit(0)

    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print ("<<< Demo Start")
    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum,
                          nodeUname, nodePswd)
    print ("<<< 'Controller': %s, '%s': %s"
           % (ctrlIpAddr, nodeName, nodeIpAddr))

    print ("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print ("<<< '%s' is configured on the Controller" % nodeName)
    elif(status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print ("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if(status.eq(STATUS.OK)):
            print ("<<< '%s' added to the Controller" % nodeName)
        else:
            print ("\n")
            print ("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print ("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONNECTED)):
        print ("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print ("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Create new VPN configuration on the '%s'" % (nodeName))
    description = ("Remote Access VPN Configuration Example - "
                   "L2TP/IPsec with X.509 Certificates")
    external_ipaddr = "12.34.56.78"
    nexthop_ipaddr = "12.34.56.254"
    nat_traversal = True
    nat_allow_network = "192.168.100.0/24"
    client_ip_pool_start = "192.168.100.11"
    client_ip_pool_end = "192.168.100.210"
    ipsec_auth_mode = "x509"
    ca_cert_file = '/config/auth/ca.crt'
    srv_crt_file = '/config/auth/r1.crt'
    crl_file = '/config/auth/r1.crl'
    srv_key_file = '/config/auth/r1.key'
    srv_key_pswd = "testpassword"
    l2tp_auth_mode = "local"
    uname1 = "user1"
    upswd1 = "user1_password"
    uname2 = "user2"
    upswd2 = "user2_password"
    uname3 = "user3"
    upswd3 = "user3_password"
    print (" VPN options to be set:\n"
           "   - Configuration description            : '%s'\n"
           "   - Server external address              : '%s'\n"
           "   - Next hop router address              : '%s'\n"
           "   - NAT_traversal                        : '%s'\n"
           "   - NAT allowed networks                 : '%s'\n"
           "   - Client addresses pool (start/end)    : '%s'/'%s'\n"
           "   - IPsec authentication mode            : '%s'\n"
           "   - CA Certificate location              : '%s'\n"
           "   - Server Certificate location          : '%s'\n"
           "   - Certificate Revocation List location : '%s'\n"
           "   - Server Key file location             : '%s'\n"
           "   - Server Key file password             : '******'\n"
           "   - L2TP authentication  mode            : '%s'\n"
           "   - Allowed users (name/password)        : '%s'/'%s'\n"
           "                                            '%s'/'%s'\n"
           "                                            '%s'/'%s'"
           % (description, external_ipaddr, nexthop_ipaddr,
              "enabled" if nat_traversal else "disabled",
              nat_allow_network,
              client_ip_pool_start, client_ip_pool_end,
              ipsec_auth_mode,
              ca_cert_file,
              srv_crt_file,
              crl_file,
              srv_key_file,
              srv_key_pswd,
              l2tp_auth_mode,
              uname1, upswd1,
              uname2, upswd2,
              uname3, upswd3
              )
           )
    print (" NOTE: For this demo to succeed the following files "
           "must exist on the '%s'\n"
           "       (empty files can be created for the sake of the demo):\n"
           "         %s\n"
           "         %s\n"
           "         %s\n"
           "         %s"
           % (nodeName, ca_cert_file, srv_crt_file, crl_file, srv_key_file))

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # This VPN configuration description
    vpn.set_l2tp_remote_access_description(description)

    # Enable NAT traversal (this is mandatory)
    vpn.set_nat_traversal(nat_traversal)

    # Set the allowed subnets
    vpn.set_nat_allow_network(nat_allow_network)

    # Bind the L2TP server to the external IP address
    vpn.set_l2tp_remote_access_outside_address(external_ipaddr)

    # Set the next hop IP address for reaching the VPN clients
    vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)

    # Set up the pool of IP addresses that remote VPN connections will assume.
    # In this example we make 100 addresses available (from .11 to .210) on
    # subnet  192.168.100.0/24
    vpn.set_l2tp_remote_access_client_ip_pool(start=client_ip_pool_start,
                                              end=client_ip_pool_end)

    # Set the IPsec authentication mode to 'x509'
    vpn.set_l2tp_remote_access_ipsec_auth_mode(mode=ipsec_auth_mode)

    # Specify the location of the CA certificate
    vpn.set_l2tp_remote_access_ipsec_auth_ca_cert_file(ca_cert_file)

    # Specify the location of the server certificate
    vpn.set_l2tp_remote_access_ipsec_auth_srv_cert_file(srv_crt_file)

    # Specify the location of the certificate revocation list (CRL) file
    vpn.set_l2tp_remote_access_ipsec_auth_crl_file(path=crl_file)

    # Specify the location of the server key file
    vpn.set_l2tp_remote_access_ipsec_auth_srv_key_file(srv_key_file)

    # Specify the password for the server key file
    vpn.set_l2tp_remote_access_ipsec_auth_srv_key_pswd(srv_key_pswd)

    # Set the L2TP remote access user authentication mode to 'local'
    vpn.set_l2tp_remote_access_user_auth_mode(l2tp_auth_mode)

    # Set the L2TP remote access user credentials ('username'/'password')
    vpn.set_l2tp_remote_access_user(name=uname1, pswd=upswd1)
    vpn.set_l2tp_remote_access_user(name=uname2, pswd=upswd2)
    vpn.set_l2tp_remote_access_user(name=uname3, pswd=upswd3)

    print "\n"
    print (">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)
    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("<<< VPN configuration was successfully created")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print ("<<< VPN configuration was successfully read")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Delete VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("'%s' NETCONF node was successfully removed "
               "from the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print ("\n")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print (">>> Demo End")
Exemple #10
0
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Create new VPN configuration on the '%s'" % (nodeName))

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # -------------------------------------------------------------------------
    # Create and configure Internet Key Exchange (IKE) group
    # -------------------------------------------------------------------------
    ike_grp_name = "IKE-1W"
    proposal_num = 1

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    encryption_cipher = 'aes256'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
Exemple #11
0
def vr_demo_8():

    f = "cfg4.yml"
    d = {}
    if(load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print ("Failed to get Controller device attributes")
        exit(0)

    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print ("<<< Demo Start")
    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum,
                          nodeUname, nodePswd)
    print ("<<< 'Controller': %s, '%s': %s"
           % (ctrlIpAddr, nodeName, nodeIpAddr))

    print ("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print ("<<< '%s' is configured on the Controller" % nodeName)
    elif(status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print ("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if(status.eq(STATUS.OK)):
            print ("<<< '%s' added to the Controller" % nodeName)
        else:
            print ("\n")
            print ("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print ("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONNECTED)):
        print ("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print ("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Create new VPN configuration on the '%s'" % (nodeName))
    description = ("Remote Access VPN Configuration Example - "
                   "L2TP/IPsec with Pre-Shared Key")
    external_ipaddr = "12.34.56.78"
    nexthop_ipaddr = "12.34.56.254"
    nat_traversal = True
    nat_allow_network = "192.168.100.0/24"
    client_ip_pool_start = "192.168.100.11"
    client_ip_pool_end = "192.168.100.210"
    ipsec_auth_mode = "pre-shared-secret"
    ipsec_auth_secret = "!secrettext!"
    l2tp_auth_mode = "local"
    uname1 = "user1"
    upswd1 = "user1_password"
    uname2 = "user2"
    upswd2 = "user2_password"
    uname3 = "user3"
    upswd3 = "user3_password"
    dns_srv1 = "192.168.100.1"
    dns_srv2 = "192.168.100.2"
    wins_srv1 = "192.168.100.3"
    wins_srv2 = "192.168.100.4"
    mtu = "16384"
    print (" VPN options to be set:\n"
           "   - Configuration description            : '%s'\n"
           "   - Server external address              : '%s'\n"
           "   - Next hop router address              : '%s'\n"
           "   - NAT_traversal                        : '%s'\n"
           "   - NAT allowed networks                 : '%s'\n"
           "   - Client addresses pool (start/end)    : '%s'/'%s'\n"
           "   - IPsec authentication (mode/secret)   : '%s'/'%s'\n"
           "   - L2TP authentication  mode            : '%s'\n"
           "   - Allowed users (name/password)        : '%s'/'%s'\n"
           "                                            '%s'/'%s'\n"
           "                                            '%s'/'%s'\n"
           "   - DNS servers (primary/secondary)      : '%s'/'%s'\n"
           "   - WINS servers (primary/secondary)     : '%s'/'%s'\n"
           "   - Maximum Transmission Unit            : '%s'\n"
           % (description, external_ipaddr, nexthop_ipaddr,
              "enabled" if nat_traversal else "disabled",
              nat_allow_network,
              client_ip_pool_start, client_ip_pool_end,
              ipsec_auth_mode, ipsec_auth_secret,
              l2tp_auth_mode,
              uname1, upswd1,
              uname2, upswd2,
              uname3, upswd3,
              dns_srv1, dns_srv2,
              wins_srv1, wins_srv2,
              mtu
              )
           )

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # This VPN configuration description
    vpn.set_l2tp_remote_access_description(description)

    # Enable NAT traversal
    vpn.set_nat_traversal(nat_traversal)

    # Set the allowed subnets
    vpn.set_nat_allow_network(nat_allow_network)

    # Bind the L2TP server to the external IP address
    vpn.set_l2tp_remote_access_outside_address(external_ipaddr)

    # Set the next hop IP address for reaching the VPN clients
    vpn.set_l2tp_remote_access_outside_nexthop(nexthop_ipaddr)

    # Set up the pool of IP addresses that remote VPN connections will assume.
    # In this example we make 100 addresses available (from .11 to .210) on
    # subnet  192.168.100.0/24
    vpn.set_l2tp_remote_access_client_ip_pool(start=client_ip_pool_start,
                                              end=client_ip_pool_end)

    # Set the IPsec authentication mode to 'pre-shared-secret'
    vpn.set_l2tp_remote_access_ipsec_auth_mode(mode=ipsec_auth_mode)

    # Set the 'pre-shared-secret' value
    func = vpn.set_l2tp_remote_access_ipsec_auth_pre_shared_secret
    func(secret=ipsec_auth_secret)

    # Set the L2TP remote access user authentication mode to 'local'
    vpn.set_l2tp_remote_access_user_auth_mode(l2tp_auth_mode)

    # Set the L2TP remote access user credentials ('username'/'password')
    vpn.set_l2tp_remote_access_user(name=uname1, pswd=upswd1)
    vpn.set_l2tp_remote_access_user(name=uname2, pswd=upswd2)
    vpn.set_l2tp_remote_access_user(name=uname3, pswd=upswd3)

    # Set 'primary' and 'secondary' DNS servers
    vpn.set_l2tp_remote_access_primary_dns_server(dns_srv1)
    vpn.set_l2tp_remote_access_secondary_dns_server(dns_srv2)

    # Set 'primary' and 'secondary' WINS servers
    vpn.set_l2tp_remote_access_primary_wins_server(wins_srv1)
    vpn.set_l2tp_remote_access_secondary_wins_server(wins_srv2)

    # Set Maximum Transmission Unit (MTU <128..16384>)
    vpn.set_l2tp_remote_access_mtu(mtu)

    print "\n"
    print (">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)
    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("<<< VPN configuration was successfully created")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print ("<<< VPN configuration was successfully read")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Delete VPN configuration from the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("'%s' NETCONF node was successfully removed "
               "from the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print ("\n")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print (">>> Demo End")
Exemple #12
0
def vr_demo_11():

    f = "cfg4.yml"
    d = {}
    if(load_dict_from_file(f, d) is False):
        print("Config file '%s' read error: " % f)
        exit()

    try:
        ctrlIpAddr = d['ctrlIpAddr']
        ctrlPortNum = d['ctrlPortNum']
        ctrlUname = d['ctrlUname']
        ctrlPswd = d['ctrlPswd']

        nodeName = d['nodeName']
        nodeIpAddr = d['nodeIpAddr']
        nodePortNum = d['nodePortNum']
        nodeUname = d['nodeUname']
        nodePswd = d['nodePswd']
        rundelay = d['rundelay']
    except:
        print ("Failed to get Controller device attributes")
        exit(0)

    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")
    print ("<<< Demo Start")
    print ("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<")

    ctrl = Controller(ctrlIpAddr, ctrlPortNum, ctrlUname, ctrlPswd)
    vrouter = VRouter5600(ctrl, nodeName, nodeIpAddr, nodePortNum,
                          nodeUname, nodePswd)
    print ("<<< 'Controller': %s, '%s': %s"
           % (ctrlIpAddr, nodeName, nodeIpAddr))

    print ("\n")
    time.sleep(rundelay)
    node_configured = False
    result = ctrl.check_node_config_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONFIGURED)):
        node_configured = True
        print ("<<< '%s' is configured on the Controller" % nodeName)
    elif(status.eq(STATUS.DATA_NOT_FOUND)):
        node_configured = False
    else:
        print ("\n")
        print "Failed to get configuration status for the '%s'" % nodeName
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        exit(0)

    if node_configured is False:
        result = ctrl.add_netconf_node(vrouter)
        status = result.get_status()
        if(status.eq(STATUS.OK)):
            print ("<<< '%s' added to the Controller" % nodeName)
        else:
            print ("\n")
            print ("!!!Demo terminated, reason: %s" % status.detailed())
            exit(0)

    print ("\n")
    time.sleep(rundelay)
    result = ctrl.check_node_conn_status(nodeName)
    status = result.get_status()
    if(status.eq(STATUS.NODE_CONNECTED)):
        print ("<<< '%s' is connected to the Controller" % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        exit(0)

    print("\n")
    print ("<<< Show VPN configuration on the '%s'" % nodeName)
    result = vrouter.get_vpn_cfg()
    time.sleep(rundelay)
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Create new VPN configuration on the '%s'" % (nodeName))
    print (" NOTE: For this demo to succeed the local RSA key "
           "must exist on the '%s'\n"
           "       (use the 'generate vpn rsa-key' command to create it)"
           % nodeName)

    time.sleep(rundelay)

    # -------------------------------------------------------------------------
    # Encode VPN configuration options by using 'Vpn' object
    # -------------------------------------------------------------------------
    vpn = Vpn()

    # -------------------------------------------------------------------------
    # Create and configure Internet Key Exchange (IKE) group
    # -------------------------------------------------------------------------
    ike_grp_name = "IKE-1W"
    proposal_num = 1

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    encryption_cipher = 'aes256'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = 'aes128'
    vpn.set_ipsec_ike_group_proposal_encryption(ike_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_ike_group_proposal_hash(ike_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole IKE group
    lifetime = 3600
    vpn.set_ipsec_ike_group_lifetime(ike_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Create and configure Encapsulating Security Payload (ESP) group
    # -------------------------------------------------------------------------
    esp_grp_name = "ESP-1W"

    # Set the encryption cipher for proposal 1
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 1
    encryption_cipher = 'aes256'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 1
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'sha1'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the encryption cipher for proposal 2
    # (enumeration: 'aes128', 'aes256', '3des')
    proposal_num = 2
    encryption_cipher = '3des'
    vpn.set_ipsec_esp_group_proposal_encryption(esp_grp_name, proposal_num,
                                                encryption_cipher)

    # Set the hash algorithm for proposal 2
    # (enumeration: 'md5', 'sha1')
    hash_algorithm = 'md5'
    vpn.set_ipsec_esp_group_proposal_hash(esp_grp_name, proposal_num,
                                          hash_algorithm)

    # Set the lifetime for the whole ESP group
    lifetime = 1800
    vpn.set_ipsec_esp_group_lifetime(esp_grp_name, lifetime)

    # -------------------------------------------------------------------------
    # Configure connection to a remote peer
    # -------------------------------------------------------------------------
    peer_node = "192.0.2.33"
    description = ("Site-to-Site VPN Configuration Example - "
                   "RSA Digital Signature Authentication")
    vpn.set_ipsec_site_to_site_peer_description(peer_node, description)

    # Set authentication mode to 'rsa'
    auth_mode = 'rsa'
    vpn.set_ipsec_site_to_site_peer_auth_mode(peer_node, auth_mode)

    # Set the peer's RSA public key and specify that this key should be used
    # as the identifier for the peer's digital signature
    rsa_key_name = "EAST-PEER-key"
    rsa_key_value = "0sAQOVBIJL+rIkpTuwh8FPeceAF0bhgLr++" + \
                    "W51bOAIjFbRDbR8gX3Vlz6wiUbMgGwQxWlY" + \
                    "QiqsCeacicsfZx/amlEn9PkSE4e7tqK/JQo" + \
                    "40L5C7gcNM24mup1d+0WmN3zLb9Qhmq5q3p" + \
                    "NJxEwnVbPPQeIdZMJxnb1+lA8DPC3SIxJM/" + \
                    "3at1/KrwqCAhX3QNFY/zNmOtFogELCeyl4+" + \
                    "d54wQljA+3dwFAQ4bboJ7YIDs+rqORxWd3l" + \
                    "3I7IajT/pLrwr5eZ8OA9NtAedbMiCwxyuyU" + \
                    "bznxXZ8Z/MAi3xjL1pjYyWjNNiOij82QJfM" + \
                    "OrjoXVCfcPn96ZN+Jqk+KknoVeNDwzpoahF" + \
                    "OseJREeXzkw3/lkMN9N1"
    vpn.set_rsa_key(rsa_key_name, rsa_key_value)
    vpn.set_ipsec_site_to_site_peer_auth_rsa_key_name(peer_node, rsa_key_name)

    # Specify the default ESP group for all tunnels
    esp_group_name = 'ESP-1W'
    vpn.set_ipsec_site_to_site_peer_default_esp_group(peer_node,
                                                      esp_group_name)

    # Specify the IKE group
    ike_group_name = 'IKE-1W'
    vpn.set_ipsec_site_to_site_peer_ike_group(peer_node, ike_group_name)

    # Identify the IP address on the vRouter to be used for this connection
    local_address = '192.0.2.1'
    vpn.set_ipsec_site_to_site_peer_local_address(peer_node, local_address)

    # Create a tunnel configuration and provide local and remote subnets
    # for this tunnel
    tunnel = 1
    local_prefix = '192.168.40.0/24'
    remote_prefix = '192.168.60.0/24'
    vpn.set_ipsec_site_to_site_peer_tunnel_local_prefix(peer_node, tunnel,
                                                        local_prefix)
    vpn.set_ipsec_site_to_site_peer_tunnel_remote_prefix(peer_node, tunnel,
                                                         remote_prefix)

    print "\n"
    print (">>> VPN configuration to be applied to the '%s'" % (nodeName))
    print vpn.get_payload()
    time.sleep(rundelay)
    result = vrouter.set_vpn_cfg(vpn)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("<<< VPN configuration was successfully created")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
        print ("<<< VPN configuration was successfully read")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    time.sleep(rundelay)

    print "\n"
    print ("<<< Delete VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.delete_vpn_cfg()
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("VPN configuration successfully removed from '%s'" % (nodeName))
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief().lower())
        print status.detailed()
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print ("<<< Show VPN configuration on the '%s'" % (nodeName))
    time.sleep(rundelay)
    result = vrouter.get_vpn_cfg()
    status = result.get_status()
    if (status.eq(STATUS.OK)):
        print ("'%s' VPN configuration:" % nodeName)
        cfg = result.get_data()
        data = json.loads(cfg)
        print json.dumps(data, indent=4, sort_keys=True)
    elif (status.eq(STATUS.DATA_NOT_FOUND)):
        print ("No VPN configuration found")
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.detailed())
        ctrl.delete_netconf_node(vrouter)
        exit(0)

    print "\n"
    print (">>> Remove '%s' NETCONF node from the Controller" % nodeName)
    time.sleep(rundelay)
    result = ctrl.delete_netconf_node(vrouter)
    status = result.get_status()
    if(status.eq(STATUS.OK)):
        print ("'%s' NETCONF node was successfully removed from the Controller"
               % nodeName)
    else:
        print ("\n")
        print ("!!!Demo terminated, reason: %s" % status.brief())
        exit(0)

    print ("\n")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")
    print (">>> Demo End")
    print (">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>")