tinynetwork · slankdev · Sep 12, 2020 · Sep 12, 2020 · Sep 12, 2020 · Sep 12, 2020
@@ -0,0 +1,10 @@
+FROM centos:centos7
+
+RUN yum -y install git autoconf automake libtool make \
+  readline-devel texinfo net-snmp-devel groff pkgconfig \
+  json-c-devel pam-devel bison flex pytest c-ares-devel \
+  python-devel systemd-devel python-sphinx libcap-devel \
+	sudo iproute traceroute iputils bash-completion tcpdump \
+	wireshark gdb wget vim libunwind libunwind-devel \
+	iptables-services
+RUN yum -y install libreswan
@@ -0,0 +1,3 @@
+#!/bin/sh -xe
+IMG=tinet/centos:centos7
+docker build -t $IMG .
@@ -0,0 +1,4 @@
+FROM tinet/centos:centos7
+
+RUN yum -y install https://rpm.frrouting.org/repo/frr-stable-repo-1-0.el7.noarch.rpm \
+ && yum -y install frr-7.3.1-01.el7.x86_64 frr-pythontools
@@ -0,0 +1,3 @@
+#!/bin/sh -xe
+IMG=tinet/cloudvpn
+docker build -t $IMG .
@@ -0,0 +1,46 @@
+---
+nodes:
+- name: R1
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R2#net0 }
+  - { name: net1, type: direct, args: C1#net0 }
+- name: R2
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R1#net0 }
+  - { name: net1, type: direct, args: C2#net0 }
+- name: C1
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R1#net1 }
+- name: C2
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R2#net1 }
+
+node_configs:
+- name: R1
+  cmds:
+  - cmd: ip addr add 10.0.0.1/24 dev net0
+  - cmd: ip link add name geneve0 type geneve id 10 remote 10.0.0.2
+  - cmd: ip link set geneve0 up
+  - cmd: ip link add br0 type bridge
+  - cmd: ip link set br0 up
+  - cmd: ip link set geneve0 master br0
+  - cmd: ip link set net1 master br0
+- name: R2
+  cmds:
+  - cmd: ip addr add 10.0.0.2/24 dev net0
+  - cmd: ip link add name geneve0 type geneve id 10 remote 10.0.0.1
+  - cmd: ip link set geneve0 up
+  - cmd: ip link add br0 type bridge
+  - cmd: ip link set br0 up
+  - cmd: ip link set geneve0 master br0
+  - cmd: ip link set net1 master br0
+- name: C1
+  cmds:
+  - cmd: ip addr add 10.99.0.1/24 dev net0
+- name: C2
+  cmds:
+  - cmd: ip addr add 10.99.0.2/24 dev net0
@@ -1,39 +1,35 @@
-
-meta:
-  namespace: ns_
-
+---
 nodes:
-  - name: R1
-    image: slankdev/frr:centos-7-stable-7.0
-    interfaces:
-      - { name: net0, type: direct, args: R2#net0 }
-  - name: R2
-    image: slankdev/frr:centos-7-stable-7.0
-    interfaces:
-      - { name: net0, type: direct, args: R1#net0 }
-      - { name: net1, type: direct, args: R3#net0 }
-  - name: R3
-    image: slankdev/frr:centos-7-stable-7.0
-    interfaces:
-      - { name: net0, type: direct, args: R2#net1 }
+- name: R1
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R2#net0 }
+- name: R2
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R1#net0 }
+  - { name: net1, type: direct, args: R3#net0 }
+- name: R3
+  image: slankdev/ubuntu:18.04
+  interfaces:
+  - { name: net0, type: direct, args: R2#net1 }
 
 node_configs:
-  - name: R1
-    cmds:
-      - cmd: ip addr add 10.0.0.1/24 dev net0
-      - cmd: ip route add default via 10.0.0.2
-      - cmd: ip tunnel add tun0 mode ipip remote 10.1.0.2 local 10.0.0.1 dev net0
-      - cmd: ip addr add 1.1.1.1 peer 1.1.1.2 dev tun0
-      - cmd: ip link set tun0 up
-  - name: R2
-    cmds:
-      - cmd: ip addr add 10.0.0.2/24 dev net0
-      - cmd: ip addr add 10.1.0.1/24 dev net1
-  - name: R3
-    cmds:
-      - cmd: ip addr add 10.1.0.2/24 dev net0
-      - cmd: ip route add default via 10.1.0.1
-      - cmd: ip tunnel add tun0 mode ipip remote 10.0.0.1 local 10.1.0.2 dev net0
-      - cmd: ip addr add 1.1.1.2 peer 1.1.1.1 dev tun0
-      - cmd: ip link set tun0 up
-
+- name: R1
+  cmds:
+  - cmd: ip addr add 10.0.0.1/24 dev net0
+  - cmd: ip route add default via 10.0.0.2
+  - cmd: ip tunnel add tun0 mode ipip remote 10.1.0.2 local 10.0.0.1 dev net0
+  - cmd: ip addr add 1.1.1.1 peer 1.1.1.2 dev tun0
+  - cmd: ip link set tun0 up
+- name: R2
+  cmds:
+  - cmd: ip addr add 10.0.0.2/24 dev net0
+  - cmd: ip addr add 10.1.0.1/24 dev net1
+- name: R3
+  cmds:
+  - cmd: ip addr add 10.1.0.2/24 dev net0
+  - cmd: ip route add default via 10.1.0.1
+  - cmd: ip tunnel add tun0 mode ipip remote 10.0.0.1 local 10.1.0.2 dev net0
+  - cmd: ip addr add 1.1.1.2 peer 1.1.1.1 dev tun0
+  - cmd: ip link set tun0 up
@@ -0,0 +1,3 @@
+## References
+
+https://gist.github.com/Manouchehri/de3adfb02c5b55f3edc2da9e8ee59fae
@@ -0,0 +1,151 @@
+---
+postinit:
+  cmds:
+  - cmd: |
+      cat <<EOF >/tmp/vpn1.r1.secrets
+      : PSK "sekainoichihara"
+      EOF
+  - cmd: |
+      cat <<EOF >/tmp/vpn1.r2.secrets
+      : PSK "sekainoichihara"
+      EOF
+  - cmd: |
+      cat <<EOF >/tmp/vpn1.r1.conf
+      conn vpn1
+        authby=secret
+        left=10.91.0.2
+        right=10.92.0.2
+        leftsubnet=0.0.0.0/0
+        rightsubnet=0.0.0.0/0
+        auto=start
+        mark=100/0xffffffff
+        vti-interface=vti0
+        vti-routing=no
+        dpddelay=10
+        dpdtimeout=5
+        dpdaction=restart
+      EOF
+  - cmd: |
+      cat <<EOF >/tmp/vpn1.r2.conf
+      conn vpn1
+        authby=secret
+        left=10.92.0.2
+        right=10.91.0.2
+        leftsubnet=0.0.0.0/0
+        rightsubnet=0.0.0.0/0
+        auto=start
+        mark=100/0xffffffff
+        vti-interface=vti0
+        vti-routing=no
+        dpddelay=10
+        dpdtimeout=5
+        dpdaction=restart
+      EOF
+  - cmd: docker cp /tmp/vpn1.r1.secrets R1:/etc/ipsec.d/vpn1.secrets
+  - cmd: docker cp /tmp/vpn1.r2.secrets R2:/etc/ipsec.d/vpn1.secrets
+  - cmd: docker cp /tmp/vpn1.r1.conf R1:/etc/ipsec.d/vpn1.conf
+  - cmd: docker cp /tmp/vpn1.r2.conf R2:/etc/ipsec.d/vpn1.conf
+  - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.conf
+  - cmd: docker exec R1 chmod 600 /etc/ipsec.d/vpn1.secrets
+  - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.conf
+  - cmd: docker exec R2 chmod 600 /etc/ipsec.d/vpn1.secrets
+
+nodes:
+- name: R0
+  image: tinet/cloudvpn
+  interfaces:
+  - { name: net0, type: direct, args: R1#net0 }
+  - { name: net1, type: direct, args: R2#net0 }
+- name: R1
+  image: tinet/cloudvpn
+  interfaces:
+  - { name: net0, type: direct, args: R0#net0 }
+  - { name: net1, type: direct, args: C1#net0 }
+- name: R2
+  image: tinet/cloudvpn
+  interfaces:
+  - { name: net0, type: direct, args: R0#net1 }
+  - { name: net1, type: direct, args: C2#net0 }
+- name: C1
+  image: tinet/centos:centos7
+  interfaces:
+  - { name: net0, type: direct, args: R1#net1 }
+- name: C2
+  image: tinet/centos:centos7
+  interfaces:
+  - { name: net0, type: direct, args: R2#net1 }
+
+node_configs:
+- name: R0
+  cmds:
+  - cmd: ip addr add 10.91.0.1/24 dev net0
+  - cmd: ip addr add 10.92.0.1/24 dev net1
+
+- name: R1
+  cmds:
+  - cmd: ip addr add 10.91.0.2/24 dev net0
+  - cmd: ip addr add 10.1.0.1/24 dev net1
+  - cmd: ip route add 10.92.0.0/24 via 10.91.0.1
+
+  - cmd: ip link add vti0 type vti key 100 remote 10.92.0.2 local 10.91.0.2
+  - cmd: ip link set vti0 up
+  - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1
+  - cmd: ip addr add 169.254.0.1/30 remote 169.254.0.2/30 dev vti0
+
+  - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig
+  - cmd: /usr/libexec/ipsec/_stackmanager start
+  - cmd: /usr/sbin/ipsec --checknss
+  - cmd: /usr/sbin/ipsec --checknflog
+  - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf
+
+  - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons
+  - cmd: /usr/lib/frr/frrinit.sh start
+  - cmd: >-
+      vtysh -c 'conf t'
+      -c 'router bgp 65001'
+      -c ' bgp router-id 169.254.0.1'
+      -c ' neighbor 169.254.0.2 remote-as 65002'
+      -c ' !'
+      -c ' address-family ipv4 unicast'
+      -c '  network 10.1.0.0/24'
+      -c ' exit-address-family'
+      -c '!'
+
+- name: R2
+  cmds:
+  - cmd: ip addr add 10.92.0.2/24 dev net0
+  - cmd: ip addr add 10.2.0.1/24 dev net1
+  - cmd: ip route add 10.91.0.0/24 via 10.92.0.1
+
+  - cmd: ip link add vti0 type vti key 100 remote 10.91.0.2 local 10.92.0.2
+  - cmd: ip link set vti0 up
+  - cmd: sysctl -w net.ipv4.conf.vti0.disable_policy=1
+  - cmd: ip addr add 169.254.0.2/30 remote 169.254.0.1/30 dev vti0
+
+  - cmd: /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig
+  - cmd: /usr/libexec/ipsec/_stackmanager start
+  - cmd: /usr/sbin/ipsec --checknss
+  - cmd: /usr/sbin/ipsec --checknflog
+  - cmd: /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf
+
+  - cmd: sed -i -e "s/bgpd=no/bgpd=yes/g" /etc/frr/daemons
+  - cmd: /usr/lib/frr/frrinit.sh start
+  - cmd: >-
+      vtysh -c 'conf t'
+      -c 'router bgp 65002'
+      -c ' bgp router-id 169.254.0.2'
+      -c ' neighbor 169.254.0.1 remote-as 65001'
+      -c ' !'
+      -c ' address-family ipv4 unicast'
+      -c '  network 10.2.0.0/24'
+      -c ' exit-address-family'
+      -c '!'
+
+- name: C1
+  cmds:
+  - cmd: ip addr add 10.1.0.2/24 dev net0
+  - cmd: ip route add default via 10.1.0.1
+- name: C2
+  cmds:
+  - cmd: ip addr add 10.2.0.2/24 dev net0
+  - cmd: ip route add default via 10.2.0.1