Rename TUN device to scionlab-vpn and make border router depending on it

netsec-ethz · Nov 14, 2019 · 17ef749 · 17ef749
1 parent 5471ae8
commit 17ef749
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 21 deletions.
diff --git a/scionlab/config_tar.py b/scionlab/config_tar.py
@@ -113,6 +113,7 @@ def _add_vpn_config(host, archive):
  client_config = generate_vpn_client_config(vpn_client)
  archive.write_text("client.conf", client_config)
  archive.write_text("override_openvpn_client.conf", '[Install]\nWantedBy=scionlab.target\n')
+ archive.write_text("override_border_router.conf", '[Unit]\nAfter=sys-devices-virtual-net-scionlab\\x2dvpn.device\nBindsTo=sys-devices-virtual-net-scionlab\\x2dvpn.device\n')
 
  vpn_servers = list(host.vpn_servers.all())
  for vpn_server in vpn_servers:

diff --git a/scionlab/hostfiles/client.conf.tmpl b/scionlab/hostfiles/client.conf.tmpl
@@ -2,7 +2,8 @@
 client
 
 # We use a TUN device, a virtual point-to-point IP link
-dev tun
+dev-type tun
+dev scionlab-vpn
 
 # Connecting to a UDP server
 proto udp

diff --git a/scionlab/hostfiles/scionlab-config b/scionlab/hostfiles/scionlab-config
@@ -321,7 +321,10 @@ def restart_scion():
 
 def install_vpn_client_config(tmpdir):
  exists, changed = _install_file(tmpdir, 'client.conf', '/etc/openvpn/', 'client.conf')
- _, _ = _install_file(tmpdir, 'override_openvpn_client.conf', '/etc/systemd/system/[email protected]/', 'override.conf')
+ _, _ = _install_file(tmpdir, 'override_openvpn_client.conf',
+ '/etc/systemd/system/[email protected]/', 'override.conf')
+ _, _ = _install_file(tmpdir, 'override_border_router.conf',
+ '/etc/systemd/system/[email protected]/', 'override.conf')
 
  if exists:
  scionlab_services = os.path.join(tmpdir, 'scionlab-services.txt')
@@ -331,24 +334,6 @@ def install_vpn_client_config(tmpdir):
  with open(scionlab_services, 'a') as f:
  f.write('\n[email protected]')
 
- # (TODO) We do not start OpenVPN client here, thus this logic has to be moved somewhere else
-
- # if changed:
- # # ensure the interface is up; give up after 5 tries
- # vpn_ready = False
- # for i in range(5):
- # logging.debug('Waiting for VPN ...')
- # time.sleep(1)
- # st = subprocess.run(['ip', 'address', 'show', 'dev', 'tun0'],
- # stdout=subprocess.DEVNULL,
- # stderr=subprocess.DEVNULL)
- # if st.returncode == 0:
- # vpn_ready = True
- # break
- # if vpn_ready:
- # logging.debug("Got VPN")
- # else:
- # logging.warn('WARNING!: VPN could be unready. SCION may fail to start.')
  else:
  subprocess.run(['systemctl', 'stop', 'openvpn@client'], check=False)
 

diff --git a/scionlab/tests/data/test_config_tar/user_as_18.yml b/scionlab/tests/data/test_config_tar/user_as_18.yml
@@ -3,12 +3,17 @@ README.md: |-
 override_openvpn_client.conf: |
  [Install]
  WantedBy=scionlab.target
+override_border_router.conf: |
+ [Unit]
+ After=sys-devices-virtual-net-scionlab\x2dvpn.device
+ BindsTo=sys-devices-virtual-net-scionlab\x2dvpn.device
 client.conf: |
  # Specify that we are a client
  client
 
  # We use a TUN device, a virtual point-to-point IP link
- dev tun
+ dev-type tun
+ dev scionlab-vpn
 
  # Connecting to a UDP server
  proto udp