def __init__(self, config, database): """ Initialize the database """ self.database = database; """ Initialize state machine """ self.sm = state.StateMachine(); """ Initialize IP address pool """ self.ip_pool = pool.IpPool(config["TUN_ADDRESS"], config["TUN_NETMASK"]); """ Server configuration """ self.hostname = config["LISTEN_ADDRESS"]; self.port = config["LISTEN_PORT"]; self.tun_address = config["TUN_ADDRESS"]; self.tun_name = config["TUN_NAME"]; self.tun_netmask = config["TUN_NETMASK"]; self.tun_mtu = config["TUN_MTU"]; self.buffer_size = config["BUFFER_SIZE"]; self.salt = config["SALT"]; """ Create secure socket and bind it to address and port """ self.ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2); self.ctx.load_cert_chain(config["CERTIFICATE_CHAIN"], config["PRIVATE_KEY"]); self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0); self.sock.bind((self.hostname, self.port)); self.sock.listen(5); self.secure_sock = self.ctx.wrap_socket(self.sock, server_side=True); """ Create tun interface """ self.tun = tun.Tun(self.tun_name, self.tun_address, self.tun_netmask, self.tun_mtu); """ Configure NATing """ self.nat_ = nat.NAT(); self.nat_.enable_forwarding(); self.nat_.masquerade_tun_interface(); """ Initialize secure socket buffer """ self.secure_socket_buffer = [];
def loop(self):
while True:
if self.sm.is_unknown():
continue;
elif self.sm.is_connected():
print("Sending authentication data...");
p = packet.AuthenticationPacket();
p.set_username(bytearray(config["USERNAME"], encoding="ASCII"));
p.set_password(bytearray(config["PASSWORD"], encoding="ASCII"));
self.secure_socket.send(p.get_buffer());
self.sm.waiting_for_authentication();
elif self.sm.is_waiting_for_authentication():
buf = bytearray(self.secure_socket.recv(self.buffer_size));
if len(buf) > 0:
p = packet.Packet(buf);
if p.get_type() == packet.PACKET_TYPE_ACK:
print("Authentication succeeded...");
self.sm.authenticated();
elif p.get_type() == packet.PACKET_TYPE_NACK:
print("Authentication failed...");
return;
elif self.sm.is_authenticated():
buf = bytearray(self.secure_socket.recv(self.buffer_size));
if len(buf) > 0:
p = packet.ConfigurationPacket(buf);
if p.get_type() != packet.PACKET_TYPE_CONFIGURATION:
continue;
print("Got configuration packet...")
if (utils.Utils.check_buffer_is_empty(p.get_ipv4_address()) or
utils.Utils.check_buffer_is_empty(p.get_netmask()) or
utils.Utils.check_buffer_is_empty(p.get_mtu())):
print("Invalid configuration");
break;
self.tun = tun.Tun(config["TUN_NAME"],
bytearray(p.get_ipv4_address()).decode(encoding="ASCII"),
bytearray(p.get_netmask()).decode(encoding="ASCII"),
struct.unpack("I", bytearray(p.get_mtu()))[0]);
self.tun_mtu = struct.unpack("I", bytearray(p.get_mtu()))[0];
self.routing_.configure_default_route(bytearray(p.get_ipv4_address()).decode(encoding="ASCII"));
self.routing_.configure_tunnel_route(self.server_ip, self.default_gw);
self.dns_.configure_dns(self.dns_server);
self.sm.configured();
elif self.sm.is_configured():
self.tun_thread = threading.Thread(target = self.tun_loop);
self.tls_thread = threading.Thread(target = self.tls_loop);
self.tun_thread.daemon = True;
self.tls_thread.daemon = True;
self.tun_thread.start();
self.tls_thread.start();
self.sm.running();
elif self.sm.is_running():
sleep(10);