Provisioning arrangements for secnet - consultation

Ian Jackson ijackson at
Wed Aug 24 14:55:46 BST 2016

Ian Jackson writes ("Provisioning arrangements for secnet - consultation"):
> I am starting by collecting requirements `user stories' [1].  I will
> reply to this message with a couple of my own.  Please do likewise,
> posting to sgo-software-discuss.

User story: New site

 Jennifer has a home network.  Jennifer is using a randomly-generated
 IPv4 /24 registered in the CAM-GRIN.  The main router on her network,
 called `router', is running a Debian derivative.

 Jennifer wants her network to join the SGO VPN.

 Jennifer finds the SGO VPN documentation on how to do this, which is
 short and easy to follow.

 Following the instructions, Jennifer installs the secnet package on
 her router.  She types something like this, from her own account:

 secnet-join-vpn asks Jennifer some basic questions, automatically
 guessing good default answers.

 It presents Jennifer with the policy document provided by the SGO VPN
 administrator and asks for her agreement, providing a text editor for
 her to type any comments, questions or clarifications.

 One of the questions asks for Jennifer's permission to route any or
 all of 172.16/12 and 192.168/16, apart from her own network, to the

 secnet-join-vpn configures everything on her router.  It communicates
 with the provisioning service on chiark, providing all the details
 necessary.  It sets up secnet right away, expecting that things will
 start working when the other end is done.  (It is idempotent.)

 If authentication to chiark is done with ssh, secnet-join-vpn uses
 Jennifer's own chiark account and sets up the group on chiark, ssh
 keys with restricted commands, and so on.  When secnet-join-vpn needs
 root, it uses sudo (or it can be run as root).

 The provisioning service on chiark sees that this is a new request,
 stores it, and emails vpn-coordinator@ details of the request
 (including any comments provided by Jennifer).

 vpn-coordinator reviews the request and checks the CAM-GRIN.
 vpn-coordinator approves the request by running a simple command line
 rune on chiark.  This sends a confirmation email to Jennifer.

 The details of Jennifer's network are incorporated into chiark's
 secnet configuration and chiark's secnet is made to use them.
 Communication between chiark's secnet and Jennifer's house starts

 When the link comes up, the provisioning system emails Jennifer and
 vpn-coordinator to let them know that the provisioning was
 successful.  (vpn-coordinator does not have to email Jennifer.)

 Also, the information about Jennifer's house is automatically
 distributed to all the other nodes on the VPN.  Those other nodes
 which are running secnet automatically pick up this information.
 Jennifer's house has connectivity to other SGO VPN sites within a
 matter of minutes.

 Other nodes which are running things other than secnet are provided
 with an API they can use to discover that Jennifer's house is now
 part of the VPN and to add her address range to the ranges that ought
 to be routed via chiark.


Ian Jackson <ijackson at>   These opinions are my own.

If I emailed you from an address or, that is
a private address which bypasses my fierce spamfilter.

More information about the sgo-software-discuss mailing list