luscis / openlan Goto Github PK
View Code? Open in Web Editor NEWCloudify VPN Written in Golang, Simple deployment via Compose or Kubernetes
Home Page: http://vpn.luscis.cn
License: GNU General Public License v3.0
Cloudify VPN Written in Golang, Simple deployment via Compose or Kubernetes
Home Page: http://vpn.luscis.cn
License: GNU General Public License v3.0
无法查询到vpn 用户拨入历史
Add a route to network:
openlan route add --network example --prefix 192.168.11.0/24 --nexthop 192.168.1.10
Remove a route from network:
openlan route rm --network example --prefix 192.168.11.0/24 --nexthop 192.168.1.10
Display all routes:
openlan route list --network example
restapi 没有添加,删除相关接入控制接口
Jan 15 03:00:55 ops-testus switch.sh[1716]: 2024-01-15T03:00:55Z INFO|183.14.132.108:58752|Access.handleLogin: success
Jan 15 03:00:55 ops-testus switch.sh[1716]: 2024-01-15T03:00:55Z INFO|183.14.132.108:58752|Access.onAuth
Jan 15 03:00:55 ops-testus switch.sh[1716]: 2024-01-15T03:00:55Z ERROR|ops-testus|Switch.NewTap: bridge default notFound
Jan 15 03:00:56 ops-testus switch.sh[1716]: 2024-01-15T03:00:56Z INFO|183.14.132.108:58752|Request.onIpAddr: {"name":"","ifAddr":"192.168.200.2","ipStart":"","ipEnd":"","netmask":>
Jan 15 03:00:56 ops-testus switch.sh[1716]: 2024-01-15T03:00:56Z ERROR|183.14.132.108:58752|Request.onIpAddr: invalid network default.
{
"name": "private",
"bridge": {
"name": "br-em2",
"address": "192.168.1.88/24"
},
"subnet": {
"end": "192.168.1.150",
"netmask": "255.255.255.0",
"start": "192.168.1.100"
},
"openvpn": {
"listen": "0.0.0.0:1188",
"subnet": "172.32.88.0/24"
},
"links": [
{
"connection": "xxxxx",
"password": "xxxxx",
"username": "access1@private",
"crypt": {
"algo": "aes-128",
"secret": "xxxxx"
}
}
]
}
$ ip r
192.168.1.0/24 dev bi-k3iu61j9 proto kernel scope link src 192.168.1.88
192.168.1.0/24 dev br-me2 proto kernel scope link src 192.168.1.88
No local restapi added
switch_1 | panic: runtime error: invalid memory address or nil pointer dereference
switch_1 | [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xa451e6]
switch_1 | goroutine 305 [running]:
switch_1 | github.com/luscis/openlan/pkg/database.(*OvSDB).WhereList(0x0, 0xb0c140, 0xc000200198, 0xadd420, 0xc000200120, 0x2, 0x2)
switch_1 | /root/daniel/openlan/pkg/database/client.go:60 +0x26
switch_1 | github.com/luscis/openlan/pkg/switch.GetRoutes(0xc000200120, 0xc0002e7498, 0x6, 0x8, 0xc000770638)
switch_1 | /root/daniel/openlan/pkg/switch/confd.go:107 +0x198
switch_1 | github.com/luscis/openlan/pkg/switch.(*MemberLink).Add(0xc000677c88, 0xc0001bd570)
switch_1 | /root/daniel/openlan/pkg/switch/confd.go:318 +0x439
switch_1 | github.com/luscis/openlan/pkg/switch.(*ConfD).AddLink(0xc000240040, 0xc0001bd570)
switch_1 | /root/daniel/openlan/pkg/switch/confd.go:135 +0x1fa
switch_1 | github.com/luscis/openlan/pkg/switch.(*ConfD).Add(0xc000240040, 0xc09a1f, 0xc, 0xb38d80, 0xc0001bd570)
switch_1 | /root/daniel/openlan/pkg/switch/confd.go:57 +0x5cd
switch_1 | github.com/ovn-org/libovsdb/cache.(*EventHandlerFuncs).OnAdd(0xc0002000d8, 0xc09a1f, 0xc, 0xb38d80, 0xc0001bd570)
switch_1 | /root/daniel/openlan/vendor/github.com/ovn-org/libovsdb/cache/cache.go:434 +0x62
switch_1 | github.com/ovn-org/libovsdb/cache.(*eventProcessor).Run(0xc000a019b0, 0xc0000ba120)
switch_1 | /root/daniel/openlan/vendor/github.com/ovn-org/libovsdb/cache/cache.go:844 +0x215
switch_1 | github.com/ovn-org/libovsdb/cache.(*TableCache).Run.func1(0xc000443410, 0xc0002f0480, 0xc0000ba120)
switch_1 | /root/daniel/openlan/vendor/github.com/ovn-org/libovsdb/cache/cache.go:734 +0x65
switch_1 | created by github.com/ovn-org/libovsdb/cache.(*TableCache).Run
switch_1 | /root/daniel/openlan/vendor/github.com/ovn-org/libovsdb/cache/cache.go:732 +0x85
switch_1 | + /usr/bin/env find /var/openlan/point -type f -delete
switch_1 | + /usr/bin/env find /var/openlan/openvpn -name '*.status' -delete
switch_1 | + '[' '!' -e /etc/openlan/switch/switch.json ']'
switch_1 | + '[' '!' -e /etc/openlan/switch/network/example.json ']'
switch_1 | + exec /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20
ovs-vswitchd_1 | 2023-04-05T01:08:08Z|00004|bfd(monitor34)|INFO|vx-10064086: BFD state change: up->down "Control Detection Time Expired"->"Control Detection Time Expired".
ovs-vswitchd_1 | Forwarding: true
ovs-vswitchd_1 | Detect Multiplier: 3```
Now, using AES to encrypt control and ethernet frame is not good, with a shared key. we need to support SSL for control message, and ethernet frame as before.
Add a vlxan type output:
openlan output add --network example --remote 1.1.1.2 --segment 100 --protocol vxlan
Add a gre type output:
openlan output add --network example --remote 1.1.1.2 --segment 100 --protocol gre
Add a vxlan type output:
openlan output add --network example --remote enp2s3 --segment 23
Remove a vxlan type output:
openlan output rm --network example --device vxn100
Display all outputs
openlan output list --network example
Add a openlan type output:
openlan output add --network example --protocol tcp --connection 1.1.1.1 --secret aes-128:key --auth user:password
conn %default
keyingtries=%forever
auto=route
ike=aes_gcm256-sha2_256
esp=aes_gcm256
ikev2=insist
conn tunx-in-1
type=transport
left=%defaultroute
right=45.89.233.156
authby=secret
leftprotoport=udp/8472
rightprotoport=udp
conn tunx-out-1
type=transport
left=%defaultroute
right=45.89.233.156
authby=secret
leftprotoport=udp
rightprotoport=udp/8472
root@daniel-book:~# iptables -t nat -S XTT_pos-example
-N XTT_pos-example
-A XTT_pos-example -d 169.254.222.0/24 -m set --match-set xtt_example_r src -m comment --comment "To VPN" -j MASQUERADE
-A XTT_pos-example -s 172.66.99.0/24 -m set --match-set xtt_example_r dst -m comment --comment "To Masq" -j MASQUERADE
-A XTT_pos-example -s 169.254.222.0/24 -m mark --mark 0xa -m set --match-set xtt_example_v dst -m comment --comment "From VPN" -j MASQUERADE
root@daniel-book:~#
root@daniel-book:~# iptables -S -t raw -L XTT_pre-example
-A XTT_pre-example -i tun1025 -j MARK --set-xmark 0xa/0xffffffff
-A XTT_pre-example -i br-example -j MARK --set-xmark 0xa/0xffffffff
-A XTT_pre-example -i b1 -j MARK --set-xmark 0xa/0xffffffff
-A XTT_pre-example -i tun1025 -j CT --zone mark
-A XTT_pre-example -i br-example -j CT --zone mark
-A XTT_pre-example -i b1 -j CT --zone mark
root@daniel-book:~#
root@daniel-book:~# iptables -t raw -S XTT_out-example
-N XTT_out-example
-A XTT_out-example -o b1 -j MARK --set-xmark 0xa/0xffffffff
-A XTT_out-example -o b1 -j CT --zone mark
root@daniel-book:~#
root@daniel-book:~# conntrack -L | grep icmp
conntrack v1.4.5 (conntrack-tools): 31 flow entries have been shown.
icmp 1 18 src=172.66.99.10 dst=172.66.99.20 type=8 code=0 id=55967 src=172.66.99.20 dst=172.66.99.10 type=0 code=0 id=20752 mark=0 zone=10 use=1
icmp 1 18 src=169.254.222.6 dst=172.66.99.20 type=8 code=0 id=55967 src=172.66.99.20 dst=172.66.99.10 type=0 code=0 id=55967 mark=0 zone=10 use=1
root@daniel-book:~#
我连上vpn后,还需要手动执行ip r add,
不能自动管理路由吗?
restapi 没有添加,删除链路相关接口
2024-04-09T01:42:58Z WARN|[email protected]|Qos.Del In Rule: iptables failed: iptables --wait -t mangle -D Qos_easystack.cn-in -s 100.68.0.6 -m comment --comment Qos Jump -j Qos_easystack.cn-in-lo5buk7: iptables: No chain/target/match by that name.
(exit status 1)
add a ipv6 vxlan tunnel:
[root@node-236 ~]# ip link add v6-100 type vxlan id 100 remote 2001:1::ff
[root@node-236 ~]# ip -d link show v6-100
1473: v6-100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 66:0c:1c:fe:c6:c4 brd ff:ff:ff:ff:ff:ff promiscuity 0
vxlan id 100 remote 2001:1::ff srcport 0 0 dstport 8472 ageing 300 noudpcsum noudp6zerocsumtx noudp6zerocsumrx addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
[root@node-236 ~]#
Firstly, define a nexthop group via:
"nextgroup": {
"ng1": {
"check": "ping",
"ping": {
"count": 5,
"loss": 2
},
"mode": "load-balance", ## "active-backup"
"nexthop": [
"192.168.33.11",
"192.168.33.10"
],
}
}
And using this group: ng1 for a route nexthop:
{
"routes": [
{
"prefix": "0.0.0.0/0",
"nextgroup": "ng1"
}
]
}
proxy_1 | 2023/04/11 06:13:59 INFO|0.0.0.0:11083|HttpProxy.start https://0.0.0.0:11083
proxy_1 | 2023/04/11 06:13:59 INFO|192.168.10.10:11082|HttpProxy.start http://192.168.10.10:11082
proxy_1 | 2023/04/11 06:13:59 WARN|192.168.10.10:11082|HttpProxy.start listen tcp 192.168.10.10:11082: bind: cannot assign requested address
proxy_1 | 2023/04/11 06:13:59 INFO|root|Wait: ...
proxy_1 | 2023/04/11 06:14:01 WARN|192.168.10.10:11082|HttpProxy.start http: Server closed
proxy_1 | 2023/04/11 06:14:13 WARN|192.168.10.10:11082|HttpProxy.start http: Server closed
proxy_1 | 2023/04/11 06:14:35 WARN|192.168.10.10:11082|HttpProxy.start http: Server closed
proxy_1 | 2023/04/11 06:15:07 WARN|192.168.10.10:11082|HttpProxy.start http: Server closed
switch_1 | INFO|218.94.118.90:51872|Access.onAuth: on >>> vir1 <<<
使用安装教程无法在rocky linux 8.9上安装
2024-01-16T13:56:09Z INFO|jphc.luscis.cn|Switch.ReadTap: vir2
2024-01-16T13:56:09Z INFO|218.94.118.90:39058|Request.onIpAddr: {"name":"hongkong","ifAddr":"","ipStart":"","ipEnd":"","netmask":"255.255.255.255","routes":null}
2024-01-16T13:56:09Z FATAL|root|Go.func|PANIC >>> runtime error: invalid memory address or nil pointer dereference <<<
2024-01-16T13:56:09Z FATAL|root|Go.func|STACK >>> goroutine 281 [running]:
runtime/debug.Stack(0x127dee0, 0x63, 0xc00046c690)
/usr/local/go/src/runtime/debug/stack.go:24 +0x9f
github.com/luscis/openlan/pkg/libol.Catch(0xc11152, 0x7)
/root/daniel/openlan/pkg/libol/logger.go:148 +0x18a
panic(0xb3d300, 0x127a090)
/usr/local/go/src/runtime/panic.go:965 +0x1b9
github.com/luscis/openlan/pkg/app.findLease(0x0, 0x0, 0xc00024c900, 0xc00024c900)
/root/daniel/openlan/pkg/app/request.go:77 +0xd1
github.com/luscis/openlan/pkg/app.(*Request).onIpAddr(0xc0002e0c70, 0xd03ad8, 0xc0002e0010, 0xc000210010, 0x61, 0x31ff0)
/root/daniel/openlan/pkg/app/request.go:126 +0x42d
github.com/luscis/openlan/pkg/app.(*Request).OnFrame(0xc0002e0c70, 0xd03ad8, 0xc0002e0010, 0xc000371580, 0x0, 0x0)
/root/daniel/openlan/pkg/app/request.go:38 +0x216
github.com/luscis/openlan/pkg/switch.(*Switch).onFrame(0xc00024c0c0, 0xd03ad8, 0xc0002e0010, 0xc000371580, 0x2, 0xc00041feac)
/root/daniel/openlan/pkg/switch/switch.go:292 +0xab
github.com/luscis/openlan/pkg/switch.(*Switch).ReadClient(0xc00024c0c0, 0xd03ad8, 0xc0002e0010, 0xc000371580, 0x0, 0x0)
/root/daniel/openlan/pkg/switch/switch.go:348 +0xc7
github.com/luscis/openlan/pkg/libol.(*SocketServerImpl).Read.func1()
/root/daniel/openlan/pkg/libol/socket.go:537 +0x11d
github.com/luscis/openlan/pkg/libol.Go.func1(0xc0004a0390, 0xd66df0, 0x24)
/root/daniel/openlan/pkg/libol/go.go:36 +0x187
created by github.com/luscis/openlan/pkg/libol.Go
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.