# Contact email address: <devnull@example.com>
key-lifetime 72000000;
- inside {
+ out {
+ outside {
+ name "test-example/out/outside";
+ key rsa-public("65537","129251483458784900555621175262818292872587807329014927540074484804119474262261383244074013537736576331652560727149001626325243856012659665194546933097292703586821422085819615124517093786704646988649444946154384037948502112302285511195679291084694375811092516151263088200304199780052361048758446082354317801941");
+ address "[::1]"; port 16900;
+ link netlink {
+ routes "172.18.232.0/29";
+ ptp-address "172.18.232.1";
+ };
+ };
+ };
+ in {
inside {
- name "test-example/inside/inside";
+ name "test-example/in/inside";
key rsa-public("65537","130064631890186713927887504218626486455931306300999583387009075747001546036643522074275473238061323169592347601185592753550279410171535737146240085267000508853176463710554801101055212967131924064664249613912656320653505750073021702169423354903540699008756137338575553686987244488914481168225136440872431691669");
mobile True;
address "[127.0.0.1]"; port 16910;
};
};
};
- outside {
- outside {
- name "test-example/outside/outside";
- key rsa-public("65537","129251483458784900555621175262818292872587807329014927540074484804119474262261383244074013537736576331652560727149001626325243856012659665194546933097292703586821422085819615124517093786704646988649444946154384037948502112302285511195679291084694375811092516151263088200304199780052361048758446082354317801941");
- address "[::1]"; port 16900;
- link netlink {
- routes "172.18.232.0/29";
- ptp-address "172.18.232.1";
- };
- };
- };
};
};
vpn {
test-example {
- inside vpn-data/test-example/inside/inside;
- outside vpn-data/test-example/outside/outside;
+ out vpn-data/test-example/out/outside;
+ in vpn-data/test-example/in/inside;
- all-sites inside,outside;
+ all-sites out,in;
};
};
all-sites vpn/test-example/all-sites;
}
set extra(outside) {}
-proc mkconf {which} {
+proc mkconf {location site} {
global tmp
global builddir
global netlink
global ports
global extra
global netlinkfh
- set pipefp $tmp/$which.netlink
+ set pipefp $tmp/$site.netlink
foreach tr {t r} {
file delete $pipefp.$tr
exec mkfifo -m600 $pipefp.$tr
- set netlinkfh($which.$tr) [set fh [open $pipefp.$tr r+]]
+ set netlinkfh($site.$tr) [set fh [open $pipefp.$tr r+]]
fconfigure $fh -blocking 0 -buffering none -translation binary
}
- fileevent $netlinkfh($which.r) readable [list netlink-readable $which]
- set fakeuf $tmp/$which.fake-userv
+ fileevent $netlinkfh($site.r) readable \
+ [list netlink-readable $location $site]
+ set fakeuf $tmp/$site.fake-userv
set fakeuh [open $fakeuf w 0755]
puts $fakeuh "#!/bin/sh
set -e
netlink userv-ipif {
name \"netlink\";
userv-path \"$fakeuf\";
- $netlink($which)
+ $netlink($site)
mtu 1400;
buffer sysbuffer(2048);
- interface \"secnet-test-[string range $which 0 0]\";
+ interface \"secnet-test-[string range $site 0 0]\";
};
comm
"
set delim {}
- foreach port $ports($which) {
+ foreach port $ports($site) {
append cfg "$delim
udp {
port $port;
set delim ,
}
append cfg ";
- local-name \"test-example/$which/$which\";
- local-key rsa-private(\"$builddir/test-example/$which.key\");
+ local-name \"test-example/$location/$site\";
+ local-key rsa-private(\"$builddir/test-example/$site.key\");
"
- append cfg $extra($which)
+ append cfg $extra($site)
append cfg {
log logfile {
filename "/dev/tty";
return $cfg
}
-proc spawn-secnet {which} {
+proc spawn-secnet {location site} {
global tmp
global builddir
global netlinkfh
- upvar #0 pids($which) pid
- set cf $tmp/$which.conf
+ upvar #0 pids($site) pid
+ set cf $tmp/$site.conf
set ch [open $cf w]
- puts $ch [mkconf $which]
+ puts $ch [mkconf $location $site]
close $ch
set argl [list $builddir/secnet -dvnc $cf]
set pid [fork]
if {!$pid} {
execl [lindex $argl 0] [lrange $argl 1 end]
}
- puts -nonewline $netlinkfh($which.t) [hbytes h2raw c0]
+ puts -nonewline $netlinkfh($site.t) [hbytes h2raw c0]
}
-proc netlink-readable {which} {
+proc netlink-readable {location site} {
global ok
- upvar #0 netlinkfh($which.r) fh
+ upvar #0 netlinkfh($site.r) fh
read $fh; # empty the buffer
- switch -exact $which {
+ switch -exact $site {
inside {
puts OK
set ok 1; # what a bodge
proc test-kex {} {
udp-proxy
- spawn-secnet inside
- spawn-secnet outside
+ spawn-secnet in inside
+ spawn-secnet out outside
after 500 sendpkt
after 1000 sendpkt