コード例 #1
0
    def generate_client_conf(self, user):
        from pritunl.server.utils import get_by_id

        client_conf = ''

        if user.link_server_id:
            link_usr_svr = get_by_id(user.link_server_id,
                                     fields=('_id', 'network',
                                             'local_networks'))

            client_conf += 'iroute %s %s\n' % utils.parse_network(
                link_usr_svr.network)
            for local_network in link_usr_svr.local_networks:
                client_conf += 'iroute %s %s\n' % utils.parse_network(
                    local_network)
        else:
            if self.server.mode == ALL_TRAFFIC:
                client_conf += 'push "redirect-gateway"\n'

            for dns_server in self.server.dns_servers:
                client_conf += 'push "dhcp-option DNS %s"\n' % dns_server
            if self.server.search_domain:
                client_conf += 'push "dhcp-option DOMAIN %s"\n' % (
                    self.server.search_domain)

            for link_svr in self.server.iter_links(fields=('_id', 'network',
                                                           'local_networks')):
                client_conf += 'push "route %s %s"\n' % utils.parse_network(
                    link_svr.network)
                for local_network in link_svr.local_networks:
                    client_conf += 'push "route %s %s"\n' % (
                        utils.parse_network(local_network))

        return client_conf
コード例 #2
0
ファイル: instance_com.py プロジェクト: explody/pritunl
    def generate_client_conf(self, user):
        from pritunl.server.utils import get_by_id

        client_conf = ''

        if user.link_server_id:
            link_usr_svr = get_by_id(user.link_server_id,
                fields=('_id', 'network', 'local_networks'))

            client_conf += 'iroute %s %s\n' % utils.parse_network(
                link_usr_svr.network)
            for local_network in link_usr_svr.local_networks:
                client_conf += 'iroute %s %s\n' % utils.parse_network(
                    local_network)
        else:
            if self.server.mode == ALL_TRAFFIC:
                client_conf += 'push "redirect-gateway"\n'

            for dns_server in self.server.dns_servers:
                client_conf += 'push "dhcp-option DNS %s"\n' % dns_server
            if self.server.search_domain:
                client_conf += 'push "dhcp-option DOMAIN %s"\n' % (
                    self.server.search_domain)

            for link_svr in self.server.iter_links(fields=(
                    '_id', 'network', 'local_networks')):
                client_conf += 'push "route %s %s"\n' % utils.parse_network(
                    link_svr.network)
                for local_network in link_svr.local_networks:
                    client_conf += 'push "route %s %s"\n' % (
                        utils.parse_network(local_network))

        return client_conf
コード例 #3
0
ファイル: clients.py プロジェクト: fabioz23/pritunl
    def generate_client_conf(self, user):
        from pritunl.server.utils import get_by_id

        client_conf = ''

        if user.link_server_id:
            link_usr_svr = get_by_id(user.link_server_id,
                                     fields=('_id', 'network', 'network_start',
                                             'network_end', 'local_networks'))

            client_conf += 'iroute %s %s\n' % utils.parse_network(
                link_usr_svr.network)
            for local_network in link_usr_svr.local_networks:
                client_conf += 'iroute %s %s\n' % utils.parse_network(
                    local_network)
        else:
            if self.server.mode == ALL_TRAFFIC:
                client_conf += 'push "redirect-gateway def1"\n'
                if self.server.ipv6:
                    client_conf += 'push "redirect-gateway-ipv6 def1"\n'
                    client_conf += 'push "route-ipv6 2000::/3"\n'

            for dns_server in self.server.dns_servers:
                client_conf += 'push "dhcp-option DNS %s"\n' % dns_server
            if self.server.search_domain:
                client_conf += 'push "dhcp-option DOMAIN %s"\n' % (
                    self.server.search_domain)

            client_conf += 'push "ip-win32 dynamic 0 3600"\n'

            for network_link in user.get_network_links():
                if ':' in network_link:
                    client_conf += 'iroute-ipv6 %s\n' % network_link
                else:
                    client_conf += 'iroute %s %s\n' % utils.parse_network(
                        network_link)

            for network_link in self.server.network_links:
                if ':' in network_link:
                    client_conf += 'push "route-ipv6 %s"\n' % network_link
                else:
                    client_conf += 'push "route %s %s"\n' % (
                        utils.parse_network(network_link))

            for link_svr in self.server.iter_links(fields=('_id', 'network',
                                                           'local_networks',
                                                           'network_start',
                                                           'network_end')):
                client_conf += 'push "route %s %s"\n' % utils.parse_network(
                    link_svr.network)

                for local_network in link_svr.local_networks:
                    if ':' in local_network:
                        client_conf += 'push "route-ipv6 %s"\n' % local_network
                    else:
                        client_conf += 'push "route %s %s"\n' % (
                            utils.parse_network(local_network))

        return client_conf
コード例 #4
0
ファイル: clients.py プロジェクト: fabioz23/pritunl
    def generate_client_conf(self, user):
        from pritunl.server.utils import get_by_id

        client_conf = ''

        if user.link_server_id:
            link_usr_svr = get_by_id(user.link_server_id,
                fields=('_id', 'network', 'network_start',
                'network_end', 'local_networks'))

            client_conf += 'iroute %s %s\n' % utils.parse_network(
                link_usr_svr.network)
            for local_network in link_usr_svr.local_networks:
                client_conf += 'iroute %s %s\n' % utils.parse_network(
                    local_network)
        else:
            if self.server.mode == ALL_TRAFFIC:
                client_conf += 'push "redirect-gateway def1"\n'
                if self.server.ipv6:
                    client_conf += 'push "redirect-gateway-ipv6 def1"\n'
                    client_conf += 'push "route-ipv6 2000::/3"\n'

            for dns_server in self.server.dns_servers:
                client_conf += 'push "dhcp-option DNS %s"\n' % dns_server
            if self.server.search_domain:
                client_conf += 'push "dhcp-option DOMAIN %s"\n' % (
                    self.server.search_domain)

            client_conf += 'push "ip-win32 dynamic 0 3600"\n'

            for network_link in user.get_network_links():
                if ':' in network_link:
                    client_conf += 'iroute-ipv6 %s\n' % network_link
                else:
                    client_conf += 'iroute %s %s\n' % utils.parse_network(
                        network_link)

            for network_link in self.server.network_links:
                if ':' in network_link:
                    client_conf += 'push "route-ipv6 %s"\n' % network_link
                else:
                    client_conf += 'push "route %s %s"\n' % (
                        utils.parse_network(network_link))

            for link_svr in self.server.iter_links(fields=(
                    '_id', 'network', 'local_networks', 'network_start',
                    'network_end')):
                client_conf += 'push "route %s %s"\n' % utils.parse_network(
                    link_svr.network)

                for local_network in link_svr.local_networks:
                    if ':' in local_network:
                        client_conf += 'push "route-ipv6 %s"\n' % local_network
                    else:
                        client_conf += 'push "route %s %s"\n' % (
                            utils.parse_network(local_network))

        return client_conf
コード例 #5
0
ファイル: instance.py プロジェクト: 1990754123/pritunl
    def _run_thread(self, send_events):
        from pritunl.server.utils import get_by_id

        logger.debug('Starting ovpn process', 'server',
            server_id=self.server.id,
        )

        self.resources_acquire()
        try:
            cursor_id = self.get_cursor_id()

            os.makedirs(self._temp_path)
            self.generate_ovpn_conf()

            self.enable_ip_forwarding()
            self.set_iptables_rules()

            self.process = self.openvpn_start()
            if not self.process:
                return

            self.start_threads(cursor_id)

            self.instance_com = ServerInstanceCom(self.server, self)
            self.instance_com.start()

            self.publish('started')

            if send_events:
                event.Event(type=SERVERS_UPDATED)
                event.Event(type=SERVER_HOSTS_UPDATED,
                    resource_id=self.server.id)
                for org_id in self.server.organizations:
                    event.Event(type=USERS_UPDATED, resource_id=org_id)

            for link_doc in self.server.links:
                if self.server.id > link_doc['server_id']:
                    instance_link = ServerInstanceLink(
                        server=self.server,
                        linked_server=get_by_id(link_doc['server_id']),
                    )
                    self.server_links.append(instance_link)
                    instance_link.start()

            self.openvpn_watch()

            self.interrupt = True
            self.clear_iptables_rules()
            self.resources_release()

            if not self.clean_exit:
                event.Event(type=SERVERS_UPDATED)
                self.server.send_link_events()
                logger.LogEntry(message='Server stopped unexpectedly "%s".' % (
                    self.server.name))
        except:
            self.interrupt = True
            if self.resource_lock:
                self.clear_iptables_rules()
            self.resources_release()

            logger.exception('Server error occurred while running', 'server',
                server_id=self.server.id,
            )
        finally:
            self.stop_threads()
            self.collection.update({
                '_id': self.server.id,
                'instances.instance_id': self.id,
            }, {
                '$pull': {
                    'instances': {
                        'instance_id': self.id,
                    },
                },
                '$inc': {
                    'instances_count': -1,
                },
            })
            utils.rmtree(self._temp_path)
コード例 #6
0
    def _run_thread(self, send_events):
        from pritunl.server.utils import get_by_id

        logger.debug(
            'Starting ovpn process',
            'server',
            server_id=self.server.id,
        )

        self.resources_acquire()
        try:
            cursor_id = self.get_cursor_id()

            os.makedirs(self._temp_path)
            self.generate_ovpn_conf()

            self.enable_ip_forwarding()
            self.set_iptables_rules()

            self.process = self.openvpn_start()
            if not self.process:
                return

            self.start_threads(cursor_id)

            self.instance_com = ServerInstanceCom(self.server, self)
            self.instance_com.start()

            self.publish('started')

            if send_events:
                event.Event(type=SERVERS_UPDATED)
                event.Event(type=SERVER_HOSTS_UPDATED,
                            resource_id=self.server.id)
                for org_id in self.server.organizations:
                    event.Event(type=USERS_UPDATED, resource_id=org_id)

            for link_doc in self.server.links:
                if self.server.id > link_doc['server_id']:
                    instance_link = ServerInstanceLink(
                        server=self.server,
                        linked_server=get_by_id(link_doc['server_id']),
                    )
                    self.server_links.append(instance_link)
                    instance_link.start()

            self.openvpn_watch()

            self.interrupt = True
            self.clear_iptables_rules()
            self.resources_release()

            if not self.clean_exit:
                event.Event(type=SERVERS_UPDATED)
                self.server.send_link_events()
                logger.LogEntry(message='Server stopped unexpectedly "%s".' %
                                (self.server.name))
        except:
            self.interrupt = True
            if self.resource_lock:
                self.clear_iptables_rules()
            self.resources_release()

            logger.exception(
                'Server error occurred while running',
                'server',
                server_id=self.server.id,
            )
        finally:
            self.stop_threads()
            self.collection.update(
                {
                    '_id': self.server.id,
                    'instances.instance_id': self.id,
                }, {
                    '$pull': {
                        'instances': {
                            'instance_id': self.id,
                        },
                    },
                    '$inc': {
                        'instances_count': -1,
                    },
                })
            utils.rmtree(self._temp_path)
コード例 #7
0
ファイル: instance.py プロジェクト: az0ne/pritunl
    def _run_thread(self, send_events):
        from pritunl.server.utils import get_by_id

        logger.info(
            'Starting vpn server',
            'server',
            server_id=self.server.id,
            instance_id=self.id,
            network=self.server.network,
            network6=self.server.network6,
            host_address=settings.local.host.local_addr,
            host_address6=settings.local.host.local_addr6,
            host_networks=settings.local.host.local_networks,
            cur_timestamp=utils.now(),
        )

        self.resources_acquire()
        try:
            cursor_id = self.get_cursor_id()

            os.makedirs(self._temp_path)

            self.enable_ip_forwarding()
            self.bridge_start()

            if self.server.replicating and self.server.vxlan:
                try:
                    self.vxlan = vxlan.get_vxlan(self.server.id)
                    self.vxlan.start()
                except:
                    logger.exception(
                        'Failed to setup server vxlan',
                        'vxlan',
                        server_id=self.server.id,
                        instance_id=self.id,
                    )

            self.generate_ovpn_conf()

            self.generate_iptables_rules()
            self.iptables.upsert_rules()

            self.init_route_advertisements()

            self.process = self.openvpn_start()
            self.start_threads(cursor_id)

            self.instance_com = ServerInstanceCom(self.server, self)
            self.instance_com.start()

            self.publish('started')

            if send_events:
                event.Event(type=SERVERS_UPDATED)
                event.Event(type=SERVER_HOSTS_UPDATED,
                            resource_id=self.server.id)
                for org_id in self.server.organizations:
                    event.Event(type=USERS_UPDATED, resource_id=org_id)

            for link_doc in self.server.links:
                if self.server.id > link_doc['server_id']:
                    instance_link = ServerInstanceLink(
                        server=self.server,
                        linked_server=get_by_id(link_doc['server_id']),
                    )
                    self.server_links.append(instance_link)
                    instance_link.start()

            plugins.caller(
                'server_start',
                host_id=settings.local.host_id,
                host_name=settings.local.host.name,
                server_id=self.server.id,
                server_name=self.server.name,
                port=self.server.port,
                protocol=self.server.protocol,
                ipv6=self.server.ipv6,
                ipv6_firewall=self.server.ipv6_firewall,
                network=self.server.network,
                network6=self.server.network6,
                network_mode=self.server.network_mode,
                network_start=self.server.network_start,
                network_stop=self.server.network_end,
                restrict_routes=self.server.restrict_routes,
                bind_address=self.server.bind_address,
                onc_hostname=self.server.onc_hostname,
                dh_param_bits=self.server.dh_param_bits,
                multi_device=self.server.multi_device,
                dns_servers=self.server.dns_servers,
                search_domain=self.server.search_domain,
                otp_auth=self.server.otp_auth,
                cipher=self.server.cipher,
                hash=self.server.hash,
                inter_client=self.server.inter_client,
                ping_interval=self.server.ping_interval,
                ping_timeout=self.server.ping_timeout,
                link_ping_interval=self.server.link_ping_interval,
                link_ping_timeout=self.server.link_ping_timeout,
                allowed_devices=self.server.allowed_devices,
                max_clients=self.server.max_clients,
                replica_count=self.server.replica_count,
                dns_mapping=self.server.dns_mapping,
                debug=self.server.debug,
                interface=self.interface,
                bridge_interface=self.bridge_interface,
                vxlan=self.vxlan,
            )
            try:
                self.openvpn_watch()
            finally:
                plugins.caller(
                    'server_stop',
                    host_id=settings.local.host_id,
                    host_name=settings.local.host.name,
                    server_id=self.server.id,
                    server_name=self.server.name,
                    port=self.server.port,
                    protocol=self.server.protocol,
                    ipv6=self.server.ipv6,
                    ipv6_firewall=self.server.ipv6_firewall,
                    network=self.server.network,
                    network6=self.server.network6,
                    network_mode=self.server.network_mode,
                    network_start=self.server.network_start,
                    network_stop=self.server.network_end,
                    restrict_routes=self.server.restrict_routes,
                    bind_address=self.server.bind_address,
                    onc_hostname=self.server.onc_hostname,
                    dh_param_bits=self.server.dh_param_bits,
                    multi_device=self.server.multi_device,
                    dns_servers=self.server.dns_servers,
                    search_domain=self.server.search_domain,
                    otp_auth=self.server.otp_auth,
                    cipher=self.server.cipher,
                    hash=self.server.hash,
                    inter_client=self.server.inter_client,
                    ping_interval=self.server.ping_interval,
                    ping_timeout=self.server.ping_timeout,
                    link_ping_interval=self.server.link_ping_interval,
                    link_ping_timeout=self.server.link_ping_timeout,
                    allowed_devices=self.server.allowed_devices,
                    max_clients=self.server.max_clients,
                    replica_count=self.server.replica_count,
                    dns_mapping=self.server.dns_mapping,
                    debug=self.server.debug,
                    interface=self.interface,
                    bridge_interface=self.bridge_interface,
                    vxlan=self.vxlan,
                )

            self.interrupt = True
            self.bridge_stop()
            self.iptables.clear_rules()

            if not self.clean_exit:
                event.Event(type=SERVERS_UPDATED)
                self.server.send_link_events()
                logger.LogEntry(message='Server stopped unexpectedly "%s".' %
                                (self.server.name))
        except:
            try:
                self.interrupt = True
                self.stop_process()
            except:
                logger.exception(
                    'Server stop error',
                    'server',
                    server_id=self.server.id,
                    instance_id=self.id,
                )

            logger.exception(
                'Server error occurred while running',
                'server',
                server_id=self.server.id,
                instance_id=self.id,
            )
        finally:
            try:
                if self.resource_lock:
                    self.bridge_stop()
                    self.iptables.clear_rules()
            except:
                logger.exception(
                    'Server resource error',
                    'server',
                    server_id=self.server.id,
                    instance_id=self.id,
                )

            try:
                self.stop_threads()
                self.collection.update(
                    {
                        '_id': self.server.id,
                        'instances.instance_id': self.id,
                    }, {
                        '$pull': {
                            'instances': {
                                'instance_id': self.id,
                            },
                        },
                        '$inc': {
                            'instances_count': -1,
                        },
                    })
                utils.rmtree(self._temp_path)
            except:
                logger.exception(
                    'Server clean up error',
                    'server',
                    server_id=self.server.id,
                    instance_id=self.id,
                )

            try:
                self.resources_release()
            except:
                logger.exception(
                    'Failed to release resources',
                    'server',
                    server_id=self.server.id,
                    instance_id=self.id,
                )
コード例 #8
0
ファイル: instance.py プロジェクト: goryszewskig/pritunl
    def generate_ovpn_conf(self):
        from pritunl.server.utils import get_by_id

        logger.debug('Generating server ovpn conf. %r' % {
            'server_id': self.server.id,
        })

        if not self.server.primary_organization or \
                not self.server.primary_user:
            self.server.create_primary_user()

        primary_org = organization.get_by_id(self.server.primary_organization)
        if not primary_org:
            self.server.create_primary_user()
            primary_org = organization.get_by_id(
                id=self.server.primary_organization)

        self.primary_user = primary_org.get_user(self.server.primary_user)
        if not self.primary_user:
            self.server.create_primary_user()
            primary_org = organization.get_by_id(
                id=self.server.primary_organization)
            self.primary_user = primary_org.get_user(self.server.primary_user)

        with open(self.auth_log_path, 'w') as auth_log:
            os.chmod(self.auth_log_path, 0600)

        auth_host = settings.conf.bind_addr
        if auth_host == '0.0.0.0':
            auth_host = 'localhost'
        for script, script_path in (
                    (TLS_VERIFY_SCRIPT, self.tls_verify_path),
                    (USER_PASS_VERIFY_SCRIPT, self.user_pass_verify_path),
                    (CLIENT_CONNECT_SCRIPT, self.client_connect_path),
                    (CLIENT_DISCONNECT_SCRIPT, self.client_disconnect_path),
                ):
            with open(script_path, 'w') as script_file:
                os.chmod(script_path, 0755) # TODO
                script_file.write(script % (
                    settings.app.server_api_key,
                    self.auth_log_path,
                    'https' if settings.conf.ssl else 'http',
                    auth_host,
                    settings.conf.port,
                    self.server.id,
                ))

        push = ''
        if self.server.mode == LOCAL_TRAFFIC:
            for network in self.server.local_networks:
                push += 'push "route %s %s"\n' % utils.parse_network(network)
        elif self.server.mode == VPN_TRAFFIC:
            pass
        else:
            push += 'push "redirect-gateway"\n'
        for dns_server in self.server.dns_servers:
            push += 'push "dhcp-option DNS %s"\n' % dns_server
        if self.server.search_domain:
            push += 'push "dhcp-option DOMAIN %s"\n' % (
                self.server.search_domain)

        for link_doc in self.server.links:
            link_svr = get_by_id(link_doc['server_id'])

            push += 'push "route %s %s"\n' % utils.parse_network(
                link_svr.network)
            for local_network in link_svr.local_networks:
                push += 'push "route %s %s"\n' % utils.parse_network(
                    local_network)

        server_conf = OVPN_INLINE_SERVER_CONF % (
            self.server.port,
            self.server.protocol,
            self.interface,
            self.tls_verify_path,
            self.client_connect_path,
            self.client_disconnect_path,
            '%s %s' % utils.parse_network(self.server.network),
            CIPHERS[self.server.cipher],
            self.ovpn_status_path,
            4 if self.server.debug else 1,
            8 if self.server.debug else 3,
        )

        if self.server.bind_address:
            server_conf += 'local %s\n' % self.server.bind_address

        if self.server.otp_auth:
            server_conf += 'auth-user-pass-verify %s via-file\n' % (
                self.user_pass_verify_path)

        # Pritunl v0.10.x did not include comp-lzo in client conf
        # if lzo_compression is adaptive dont include comp-lzo in server conf
        if self.server.lzo_compression == ADAPTIVE:
            pass
        elif self.server.lzo_compression:
            server_conf += 'comp-lzo yes\npush "comp-lzo yes"\n'
        else:
            server_conf += 'comp-lzo no\npush "comp-lzo no"\n'

        if self.server.mode in (LOCAL_TRAFFIC, VPN_TRAFFIC):
            server_conf += 'client-to-client\n'

        server_conf += JUMBO_FRAMES[self.server.jumbo_frames]

        if push:
            server_conf += push

        server_conf += '<ca>\n%s\n</ca>\n' % utils.get_cert_block(
            self.server.ca_certificate)
        server_conf += '<cert>\n%s\n</cert>\n' % utils.get_cert_block(
            self.primary_user.certificate)
        server_conf += '<key>\n%s\n</key>\n' % self.primary_user.private_key
        server_conf += '<dh>\n%s\n</dh>\n' % self.server.dh_params

        with open(self.ovpn_conf_path, 'w') as ovpn_conf:
            os.chmod(self.ovpn_conf_path, 0600)
            ovpn_conf.write(server_conf)
コード例 #9
0
ファイル: instance.py プロジェクト: ijat/pritunl
    def _run_thread(self, send_events):
        from pritunl.server.utils import get_by_id

        logger.info('Starting vpn server', 'server',
            server_id=self.server.id,
            instance_id=self.id,
            network=self.server.network,
            network6=self.server.network6,
            host_address=settings.local.host.local_addr,
            host_address6=settings.local.host.local_addr6,
            host_networks=settings.local.host.local_networks,
            cur_timestamp=utils.now(),
        )

        self.resources_acquire()
        try:
            cursor_id = self.get_cursor_id()

            os.makedirs(self._temp_path)

            self.enable_ip_forwarding()
            self.bridge_start()

            if self.server.replicating and self.server.vxlan:
                try:
                    self.vxlan = vxlan.get_vxlan(self.server.id)
                    self.vxlan.start()
                except:
                    logger.exception('Failed to setup server vxlan', 'vxlan',
                        server_id=self.server.id,
                        instance_id=self.id,
                    )

            self.generate_ovpn_conf()

            self.generate_iptables_rules()
            self.iptables.upsert_rules()

            self.init_route_advertisements()

            self.process = self.openvpn_start()
            self.start_threads(cursor_id)

            self.instance_com = ServerInstanceCom(self.server, self)
            self.instance_com.start()

            self.publish('started')

            if send_events:
                event.Event(type=SERVERS_UPDATED)
                event.Event(type=SERVER_HOSTS_UPDATED,
                    resource_id=self.server.id)
                for org_id in self.server.organizations:
                    event.Event(type=USERS_UPDATED, resource_id=org_id)

            for link_doc in self.server.links:
                if self.server.id > link_doc['server_id']:
                    instance_link = ServerInstanceLink(
                        server=self.server,
                        linked_server=get_by_id(link_doc['server_id']),
                    )
                    self.server_links.append(instance_link)
                    instance_link.start()

            plugins.caller(
                'server_start',
                host_id=settings.local.host_id,
                host_name=settings.local.host.name,
                server_id=self.server.id,
                server_name=self.server.name,
                port=self.server.port,
                protocol=self.server.protocol,
                ipv6=self.server.ipv6,
                ipv6_firewall=self.server.ipv6_firewall,
                network=self.server.network,
                network6=self.server.network6,
                network_mode=self.server.network_mode,
                network_start=self.server.network_start,
                network_stop=self.server.network_end,
                restrict_routes=self.server.restrict_routes,
                bind_address=self.server.bind_address,
                onc_hostname=self.server.onc_hostname,
                dh_param_bits=self.server.dh_param_bits,
                multi_device=self.server.multi_device,
                dns_servers=self.server.dns_servers,
                search_domain=self.server.search_domain,
                otp_auth=self.server.otp_auth,
                cipher=self.server.cipher,
                hash=self.server.hash,
                inter_client=self.server.inter_client,
                ping_interval=self.server.ping_interval,
                ping_timeout=self.server.ping_timeout,
                link_ping_interval=self.server.link_ping_interval,
                link_ping_timeout=self.server.link_ping_timeout,
                allowed_devices=self.server.allowed_devices,
                max_clients=self.server.max_clients,
                replica_count=self.server.replica_count,
                dns_mapping=self.server.dns_mapping,
                debug=self.server.debug,
                interface=self.interface,
                bridge_interface=self.bridge_interface,
                vxlan=self.vxlan,
            )
            try:
                self.openvpn_watch()
            finally:
                plugins.caller(
                    'server_stop',
                    host_id=settings.local.host_id,
                    host_name=settings.local.host.name,
                    server_id=self.server.id,
                    server_name=self.server.name,
                    port=self.server.port,
                    protocol=self.server.protocol,
                    ipv6=self.server.ipv6,
                    ipv6_firewall=self.server.ipv6_firewall,
                    network=self.server.network,
                    network6=self.server.network6,
                    network_mode=self.server.network_mode,
                    network_start=self.server.network_start,
                    network_stop=self.server.network_end,
                    restrict_routes=self.server.restrict_routes,
                    bind_address=self.server.bind_address,
                    onc_hostname=self.server.onc_hostname,
                    dh_param_bits=self.server.dh_param_bits,
                    multi_device=self.server.multi_device,
                    dns_servers=self.server.dns_servers,
                    search_domain=self.server.search_domain,
                    otp_auth=self.server.otp_auth,
                    cipher=self.server.cipher,
                    hash=self.server.hash,
                    inter_client=self.server.inter_client,
                    ping_interval=self.server.ping_interval,
                    ping_timeout=self.server.ping_timeout,
                    link_ping_interval=self.server.link_ping_interval,
                    link_ping_timeout=self.server.link_ping_timeout,
                    allowed_devices=self.server.allowed_devices,
                    max_clients=self.server.max_clients,
                    replica_count=self.server.replica_count,
                    dns_mapping=self.server.dns_mapping,
                    debug=self.server.debug,
                    interface=self.interface,
                    bridge_interface=self.bridge_interface,
                    vxlan=self.vxlan,
                )

            self.interrupt = True
            self.bridge_stop()
            self.iptables.clear_rules()
            self.resources_release()

            if not self.clean_exit:
                event.Event(type=SERVERS_UPDATED)
                self.server.send_link_events()
                logger.LogEntry(
                    message='Server stopped unexpectedly "%s".' % (
                        self.server.name))
        except:
            logger.exception('Server error occurred while running', 'server',
                server_id=self.server.id,
            )

            try:
                self.interrupt = True
                self.stop_process()
            except:
                logger.exception('Server stop error', 'server',
                    server_id=self.server.id,
                )
        finally:
            try:
                if self.resource_lock:
                    self.bridge_stop()
                    self.iptables.clear_rules()
            except:
                logger.exception('Server resource error', 'server',
                    server_id=self.server.id,
                )

            try:
                self.resources_release()

                self.stop_threads()
                self.collection.update({
                    '_id': self.server.id,
                    'instances.instance_id': self.id,
                }, {
                    '$pull': {
                        'instances': {
                            'instance_id': self.id,
                        },
                    },
                    '$inc': {
                        'instances_count': -1,
                    },
                })
                utils.rmtree(self._temp_path)
            except:
                logger.exception('Server clean up error', 'server',
                    server_id=self.server.id,
                )
コード例 #10
0
ファイル: clients.py プロジェクト: tommytracx/pritunl
    def generate_client_conf(self, platform, client_id, virt_address,
            user, reauth):
        from pritunl.server.utils import get_by_id

        client_conf = ''

        if user.link_server_id:
            link_usr_svr = get_by_id(user.link_server_id,
                fields=('_id', 'network', 'network_start',
                'network_end', 'local_networks'))

            client_conf += 'iroute %s %s\n' % utils.parse_network(
                link_usr_svr.network)
            for local_network in link_usr_svr.local_networks:
                if ':' in local_network:
                    client_conf += 'iroute-ipv6 %s\n' % local_network
                else:
                    client_conf += 'iroute %s %s\n' % utils.parse_network(
                        local_network)
        else:
            if self.server.mode == ALL_TRAFFIC:
                if platform == 'ios':
                    client_conf += 'push "route 0.0.0.0 128.0.0.0"\n'
                    client_conf += 'push "route 128.0.0.0 128.0.0.0"\n'
                else:
                    client_conf += 'push "redirect-gateway def1"\n'

                if self.server.ipv6:
                    if platform != 'ios':
                        client_conf += 'push "redirect-gateway-ipv6 def1"\n'
                    client_conf += 'push "route-ipv6 2000::/3"\n'

            if self.server.dns_mapping:
                client_conf += 'push "dhcp-option DNS %s"\n' % (
                    utils.get_network_gateway(self.server.network))

            for dns_server in self.server.dns_servers:
                client_conf += 'push "dhcp-option DNS %s"\n' % dns_server
            if self.server.search_domain:
                client_conf += 'push "dhcp-option DOMAIN %s"\n' % (
                    self.server.search_domain)

            client_conf += 'push "ip-win32 dynamic 0 3600"\n'

            network_links = user.get_network_links()
            for network_link in network_links:
                if self.reserve_iroute(client_id, network_link, True):
                    if ':' in network_link:
                        client_conf += 'iroute-ipv6 %s\n' % network_link
                    else:
                        client_conf += 'iroute %s %s\n' % \
                            utils.parse_network(network_link)

            if network_links and not reauth:
                thread = threading.Thread(target=self.iroute_ping_thread,
                    args=(client_id, virt_address.split('/')[0]))
                thread.daemon = True
                thread.start()

            for network_link in self.server.network_links:
                if ':' in network_link:
                    client_conf += 'push "route-ipv6 %s"\n' % network_link
                else:
                    client_conf += 'push "route %s %s"\n' % (
                        utils.parse_network(network_link))

            for link_svr in self.server.iter_links(fields=(
                    '_id', 'network', 'local_networks', 'network_start',
                    'network_end')):
                client_conf += 'push "route %s %s"\n' % utils.parse_network(
                    link_svr.network)

                for local_network in link_svr.local_networks:
                    if ':' in local_network:
                        client_conf += 'push "route-ipv6 %s"\n' % (
                            local_network)
                    else:
                        client_conf += 'push "route %s %s"\n' % (
                            utils.parse_network(local_network))

        return client_conf
コード例 #11
0
    def generate_ovpn_conf(self):
        from pritunl.server.utils import get_by_id

        logger.debug(
            'Generating server ovpn conf',
            'server',
            server_id=self.server.id,
        )

        if not self.server.primary_organization or \
                not self.server.primary_user:
            self.server.create_primary_user()

        if self.server.primary_organization not in self.server.organizations:
            self.server.remove_primary_user()
            self.server.create_primary_user()

        primary_org = organization.get_by_id(self.server.primary_organization)
        if not primary_org:
            self.server.create_primary_user()
            primary_org = organization.get_by_id(
                id=self.server.primary_organization)

        self.primary_user = primary_org.get_user(self.server.primary_user)
        if not self.primary_user:
            self.server.create_primary_user()
            primary_org = organization.get_by_id(
                id=self.server.primary_organization)
            self.primary_user = primary_org.get_user(self.server.primary_user)

        push = ''
        if self.server.mode == LOCAL_TRAFFIC:
            for network in self.server.local_networks:
                push += 'push "route %s %s"\n' % utils.parse_network(network)
        elif self.server.mode == VPN_TRAFFIC:
            pass
        else:
            push += 'push "redirect-gateway"\n'
        for dns_server in self.server.dns_servers:
            push += 'push "dhcp-option DNS %s"\n' % dns_server
        if self.server.search_domain:
            push += 'push "dhcp-option DOMAIN %s"\n' % (
                self.server.search_domain)

        for link_doc in self.server.links:
            link_svr = get_by_id(link_doc['server_id'])

            push += 'push "route %s %s"\n' % utils.parse_network(
                link_svr.network)
            for local_network in link_svr.local_networks:
                push += 'push "route %s %s"\n' % utils.parse_network(
                    local_network)

        server_conf = OVPN_INLINE_SERVER_CONF % (
            self.server.port,
            self.server.protocol,
            self.interface,
            '%s %s' % utils.parse_network(self.server.network),
            self.management_socket_path,
            CIPHERS[self.server.cipher],
            4 if self.server.debug else 1,
            8 if self.server.debug else 3,
        )

        if self.server.bind_address:
            server_conf += 'local %s\n' % self.server.bind_address

        if self.server.multi_device:
            server_conf += 'duplicate-cn\n'

        if self.server.otp_auth:
            server_conf += 'auth-user-pass-verify %s via-file\n' % (
                self.user_pass_verify_path)

        # Pritunl v0.10.x did not include comp-lzo in client conf
        # if lzo_compression is adaptive dont include comp-lzo in server conf
        if self.server.lzo_compression == ADAPTIVE:
            pass
        elif self.server.lzo_compression:
            server_conf += 'comp-lzo yes\npush "comp-lzo yes"\n'
        else:
            server_conf += 'comp-lzo no\npush "comp-lzo no"\n'

        server_conf += JUMBO_FRAMES[self.server.jumbo_frames]

        if push:
            server_conf += push

        server_conf += '<ca>\n%s\n</ca>\n' % self.server.ca_certificate

        if self.server.tls_auth:
            server_conf += '<tls-auth>\n%s\n</tls-auth>\n' % (
                self.server.tls_auth_key)

        server_conf += '<cert>\n%s\n</cert>\n' % utils.get_cert_block(
            self.primary_user.certificate)
        server_conf += '<key>\n%s\n</key>\n' % self.primary_user.private_key
        server_conf += '<dh>\n%s\n</dh>\n' % self.server.dh_params

        with open(self.ovpn_conf_path, 'w') as ovpn_conf:
            os.chmod(self.ovpn_conf_path, 0600)
            ovpn_conf.write(server_conf)
コード例 #12
0
ファイル: instance_com.py プロジェクト: pritunl-test/pritunl
    def client_connect(self, client):
        from pritunl.server.utils import get_by_id

        try:
            client_id = client['client_id']
            org_id = bson.ObjectId(client['org_id'])
            user_id = bson.ObjectId(client['user_id'])
            device_id = client.get('device_id')
            device_name = client.get('device_name')
            platform = client.get('platform')
            mac_addr = client.get('mac_addr')
            otp_code = client.get('otp_code')
            remote_ip = client.get('remote_ip')
            devices = self.client_devices[user_id]

            if not _limiter.validate(remote_ip):
                self.send_client_deny(client, 'Too many connect requests')
                return

            org = self.server.get_org(org_id, fields=['_id'])
            if not org:
                self.send_client_deny(client, 'Organization is not valid')
                return

            user = org.get_user(user_id, fields=[
                '_id', 'name', 'type', 'disabled', 'otp_secret'])
            if not user:
                self.send_client_deny(client, 'User is not valid')
                return

            if self.server.otp_auth and  user.type == CERT_CLIENT and \
                    not user.verify_otp_code(otp_code, remote_ip):
                logger.LogEntry(message='User failed two-step ' +
                    'authentication "%s".' % user.name)
                self.send_client_deny(client, 'Invalid OTP code')
                return

            client_conf = ''

            link_svr_id = None
            for link_doc in self.server.links:
                if link_doc['user_id'] == user.id:
                    link_svr_id = link_doc['server_id']
                    break

            if link_svr_id:
                link_svr = get_by_id(link_svr_id,
                    fields=['_id', 'network', 'local_networks'])
                client_conf += 'iroute %s %s\n' % utils.parse_network(
                    link_svr.network)
                for local_network in link_svr.local_networks:
                    client_conf += 'iroute %s %s\n' % utils.parse_network(
                        local_network)

            if not self.server.multi_device:
                virt_address = self.server.get_ip_addr(org.id, user_id)

                if virt_address and virt_address in self.client_ips:
                    for i, device in enumerate(devices):
                        if device['virt_address'] == virt_address:
                            self.client_kill(device)
                            if virt_address in self.client_ips:
                                self.client_ips.remove(virt_address)

                            del devices[i]
            else:
                virt_address = None
                if devices and device_id:
                    for i, device in enumerate(devices):
                        if device['device_id'] == device_id:
                            virt_address = device['virt_address']

                            self.client_kill(device)
                            if virt_address in self.client_ips:
                                self.client_ips.remove(virt_address)

                            del devices[i]

                if not virt_address:
                    virt_address = self.server.get_ip_addr(org.id, user_id)

                if virt_address and virt_address in self.client_ips:
                    virt_address = None

            if not virt_address:
                while True:
                    try:
                        ip_addr = self.ip_pool.pop()
                    except IndexError:
                        break

                    ip_addr = '%s/%s' % (
                        ip_addr, self.ip_network.prefixlen)

                    if ip_addr not in self.client_ips:
                        virt_address = ip_addr
                        self.client_dyn_ips.add(virt_address)
                        break

            if virt_address:
                self.client_ips.add(virt_address)
                devices.append({
                    'user_id': user_id,
                    'org_id': org_id,
                    'client_id': client_id,
                    'device_id': device_id,
                    'device_name': device_name,
                    'type': user.type,
                    'platform': platform,
                    'mac_addr': mac_addr,
                    'otp_code': otp_code,
                    'virt_address': virt_address,
                    'real_address': remote_ip,
                })
                client_conf += 'ifconfig-push %s %s\n' % utils.parse_network(
                    virt_address)
                self.send_client_auth(client, client_conf)
            else:
                self.send_client_deny(client, 'Unable to assign ip address')
        except:
            logger.exception('Error parsing client connect', 'server',
                server_id=self.server.id,
                instance_id=self.instance.id,
            )
            self.send_client_deny(client, 'Error parsing client connect')
コード例 #13
0
ファイル: instance.py プロジェクト: uguryildiz/pritunl
    def generate_ovpn_conf(self):
        from pritunl.server.utils import get_by_id

        logger.debug('Generating server ovpn conf', 'server',
            server_id=self.server.id,
        )

        if not self.server.primary_organization or \
                not self.server.primary_user:
            self.server.create_primary_user()

        if self.server.primary_organization not in self.server.organizations:
            self.server.remove_primary_user()
            self.server.create_primary_user()

        primary_org = organization.get_by_id(self.server.primary_organization)
        if not primary_org:
            self.server.create_primary_user()
            primary_org = organization.get_by_id(
                id=self.server.primary_organization)

        self.primary_user = primary_org.get_user(self.server.primary_user)
        if not self.primary_user:
            self.server.create_primary_user()
            primary_org = organization.get_by_id(
                id=self.server.primary_organization)
            self.primary_user = primary_org.get_user(self.server.primary_user)

        push = ''
        if self.server.mode == LOCAL_TRAFFIC:
            for network in self.server.local_networks:
                push += 'push "route %s %s"\n' % utils.parse_network(network)
        elif self.server.mode == VPN_TRAFFIC:
            pass
        else:
            push += 'push "redirect-gateway"\n'
        for dns_server in self.server.dns_servers:
            push += 'push "dhcp-option DNS %s"\n' % dns_server
        if self.server.search_domain:
            push += 'push "dhcp-option DOMAIN %s"\n' % (
                self.server.search_domain)

        for link_doc in self.server.links:
            link_svr = get_by_id(link_doc['server_id'])

            push += 'push "route %s %s"\n' % utils.parse_network(
                link_svr.network)
            for local_network in link_svr.local_networks:
                push += 'push "route %s %s"\n' % utils.parse_network(
                    local_network)

        server_conf = OVPN_INLINE_SERVER_CONF % (
            self.server.port,
            self.server.protocol,
            self.interface,
            '%s %s' % utils.parse_network(self.server.network),
            self.management_socket_path,
            CIPHERS[self.server.cipher],
            4 if self.server.debug else 1,
            8 if self.server.debug else 3,
        )

        if self.server.bind_address:
            server_conf += 'local %s\n' % self.server.bind_address

        if self.server.multi_device:
            server_conf += 'duplicate-cn\n'

        if self.server.otp_auth:
            server_conf += 'auth-user-pass-verify %s via-file\n' % (
                self.user_pass_verify_path)

        # Pritunl v0.10.x did not include comp-lzo in client conf
        # if lzo_compression is adaptive dont include comp-lzo in server conf
        if self.server.lzo_compression == ADAPTIVE:
            pass
        elif self.server.lzo_compression:
            server_conf += 'comp-lzo yes\npush "comp-lzo yes"\n'
        else:
            server_conf += 'comp-lzo no\npush "comp-lzo no"\n'

        server_conf += JUMBO_FRAMES[self.server.jumbo_frames]

        if push:
            server_conf += push

        server_conf += '<ca>\n%s\n</ca>\n' % self.server.ca_certificate

        if self.server.tls_auth:
            server_conf += '<tls-auth>\n%s\n</tls-auth>\n' % (
                self.server.tls_auth_key)

        server_conf += '<cert>\n%s\n</cert>\n' % utils.get_cert_block(
            self.primary_user.certificate)
        server_conf += '<key>\n%s\n</key>\n' % self.primary_user.private_key
        server_conf += '<dh>\n%s\n</dh>\n' % self.server.dh_params

        with open(self.ovpn_conf_path, 'w') as ovpn_conf:
            os.chmod(self.ovpn_conf_path, 0600)
            ovpn_conf.write(server_conf)