Package org.platformlayer.ops.vpn

Source Code of org.platformlayer.ops.vpn.IpsecInstall

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package org.platformlayer.ops.vpn;

import java.io.File;

import javax.inject.Inject;

import org.platformlayer.core.model.ItemBase;
import org.platformlayer.ops.Handler;
import org.platformlayer.ops.OpsContext;
import org.platformlayer.ops.OpsException;
import org.platformlayer.ops.filesystem.SimpleFile;
import org.platformlayer.ops.firewall.FirewallRecord.Direction;
import org.platformlayer.ops.firewall.Protocol;
import org.platformlayer.ops.firewall.Transport;
import org.platformlayer.ops.firewall.scripts.IptablesFilterEntry;
import org.platformlayer.ops.firewall.scripts.IptablesFilterPolicy;
import org.platformlayer.ops.machines.PlatformLayerHelpers;
import org.platformlayer.ops.packages.PackageDependency;
import org.platformlayer.ops.service.ManagedService;
import org.platformlayer.ops.tree.OpsTreeBase;

public class IpsecInstall extends OpsTreeBase {

  @Handler
  public void handler() {
  }

  @Inject
  PlatformLayerHelpers platformLayerClient;

  @Override
  protected void addChildren() throws OpsException {
    addChild(PackageDependency.build("racoon"));

    addChild(SimpleFile.build(getClass(), new File("/etc/racoon/racoon.conf")));
    // addChild(SimpleFile.build(getClass(), new File("/etc/racoon/psk.txt")));
    addChild(SimpleFile.build(getClass(), new File("/etc/ipsec-tools.conf")));

    addChild(IpsecBootstrap.class);

    ItemBase model = OpsContext.get().getInstance(ItemBase.class);
    String uuid = platformLayerClient.getOrCreateUuid(model).toString();

    // TODO: Rationalize between our complicated version that can open cloud ports, and this streamlined version
    for (Transport transport : Transport.all()) {
      {
        IptablesFilterEntry allowIKE = addChild(IptablesFilterEntry.class);
        allowIKE.port = 500;
        allowIKE.protocol = Protocol.Udp;
        allowIKE.ruleKey = transport.getKey() + "-ike-" + uuid;
        allowIKE.transport = transport;
      }

      {// TODO: Do we want to open NAT-T (4500?)
        IptablesFilterEntry allowEsp = addChild(IptablesFilterEntry.class);
        allowEsp.protocol = Protocol.Esp;
        allowEsp.ruleKey = transport.getKey() + "-esp-" + uuid;
        allowEsp.transport = transport;
      }

      // AH iptables allow doesn't seem to work
      // AllowProtocol allowAh = addChild(AllowProtocol.class);
      // allowAh.protocol = Protocol.Ah;
      // allowAh.uuid = "ah-" + uuid;

      {
        IptablesFilterPolicy allowPolicy = addChild(IptablesFilterPolicy.class);
        allowPolicy.direction = Direction.In;
        allowPolicy.policy = "ipsec";
        allowPolicy.ruleKey = transport.getKey() + "-ipsec-" + uuid;
        allowPolicy.transport = transport;
      }

    }
    addChild(ManagedService.build("racoon"));
  }
}
TOP

Related Classes of org.platformlayer.ops.vpn.IpsecInstall

  • org.platformlayer.core.model.ItemBase
  • org.platformlayer.ops.firewall.scripts.IptablesFilterEntry
  • org.platformlayer.ops.firewall.scripts.IptablesFilterPolicy
  • java.io.File
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.