From 0b7969573d3beab24d9e76ab681db2ff5ba69f48 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Sun, 27 Nov 2016 16:03:24 +0100 Subject: [PATCH 1/3] [mod] make log more obvious --- .../java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java b/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java index ab55d23..37d6fc8 100644 --- a/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java +++ b/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java @@ -143,7 +143,7 @@ public class DefaultServiceListener implements ServiceListener { }); } else { - log.info(String.format("Refused %s (%s,%s)", client.username, client.id, client.kid)); + log.info(String.format("Refused %s (%s,%s), invalid user/password combination", client.username, client.id, client.kid)); vpn.denyClient(client.id, client.kid, "Invalid user/password combination"); } } catch (Exception ex) { -- GitLab From c0b849e08b591677c6575b6d5dc49ad51d577955 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Sun, 27 Nov 2016 16:57:28 +0100 Subject: [PATCH 2/3] [mod] log ALL THE THINGS --- .../ispng/openvpn/DefaultServiceListener.java | 49 +++++++++++++++++-- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java b/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java index 37d6fc8..50b659b 100644 --- a/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java +++ b/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java @@ -53,11 +53,16 @@ public class DefaultServiceListener implements ServiceListener { User user = Users.authenticate(client.username, client.password); if (user != null) { TransactionManager.callInTransaction(VPN.cs, () -> { + log.info(String.format("[%s] starting authentication", client.username)); Optional ipv4; - if (userClient.leases == null) + if (userClient.leases == null) { ipv4 = Optional.empty(); - else + log.info(String.format("[%s] no ipv4", client.username)); + } + else { ipv4 = userClient.leases.stream().filter(addr -> addr.ipVersion == 4).findFirst(); + log.info(String.format("[%s] ipv4: %s", client.username, ipv4.get().address)); + } /*if (!ipv4.isPresent() && userClient.subnetLeases.isEmpty()) { vpn.denyClient(client.id, client.kid, "No IP address or subnet leases assigned"); @@ -70,6 +75,7 @@ public class DefaultServiceListener implements ServiceListener { if (ipv4.isPresent()) { c.addresses.add(ipv4.get()); + log.info(String.format("[%s] adding ipv4 to client", client.username)); } pendingConnections.put(client.id, c); @@ -81,27 +87,46 @@ public class DefaultServiceListener implements ServiceListener { if (ipv4.isPresent()) { options.put("ifconfig-push", ipv4.get().address + " " + VPN.cfg.getProperty("openvpn.netmask.4")); + + log.info(String.format("[%s] pushing 'ifconfig-push' to the client: %s", client.username, ipv4.get().address + " " + + VPN.cfg.getProperty("openvpn.netmask.4"))); + options.put("push route", VPN.cfg.getProperty("openvpn.network.4") + " " + VPN.cfg.getProperty("openvpn.netmask.4") + " " + VPN.cfg.getProperty("openvpn.localip.4")); + + log.info(String.format("[%s] push route: %s", client.username, + VPN.cfg.getProperty("openvpn.network.4") + " " + VPN.cfg.getProperty("openvpn.netmask.4") + + " " + VPN.cfg.getProperty("openvpn.localip.4"))); + // route the OpenVPN server over the default gateway, not over the VPN itself InetAddress[] addr = InetAddress.getAllByName(VPN.cfg.getProperty("openvpn.publicaddress")); for (InetAddress address : addr) { if (address.getAddress().length == 4) { options.put("push route", address.getHostAddress() + " 255.255.255.255 net_gateway"); + + log.info(String.format("[%s] push route: %s", client.username, + address.getHostAddress() + " 255.255.255.255 net_gateway")); + } } if (user.settings().get("routeIPv4TrafficOverVPN", true).equals(true)) { options.put("push redirect-gateway", "def1"); + log.info(String.format("[%s] push redirect-gateway: def1", client.username)); + options.put("push route-gateway", VPN.cfg.getProperty("openvpn.localip.4")); + log.info(String.format("[%s] push route-gateway: %s", client.username, + VPN.cfg.getProperty("openvpn.localip.4"))); } } options.put("push tun-ipv6", ""); + log.info(String.format("[%s] push tun-ipv6: ", client.username)); IPAddress interconnect = userClient.getOrCreateInterconnectIP(6); // Why /64? See https://community.openvpn.net/openvpn/ticket/264 options.put("ifconfig-ipv6-push", interconnect.address + "/64" + " " + VPN.cfg.getProperty("vpn.ipv6.interconnect")); + log.info(String.format("[%s] push ifconfig-ipv6-push: %s", client.username, interconnect.address + "/64" + " " + VPN.cfg.getProperty("vpn.ipv6.interconnect"))); if (!ipv4.isPresent()) { /* because OpenVPN does not acknowledge that IPv6-only connectivity is a thing now, we need @@ -113,25 +138,43 @@ public class DefaultServiceListener implements ServiceListener { if (user.settings().get("ip.route.ipv6.defaultRoute", true).equals(true)) { //options.put("push redirect-gateway-ipv6", "def1"); options.put("push route-ipv6", "2000::/3"); + + log.info(String.format("[%s] push route-ipv6: 2000::/3", client.username)); + } else { + log.info(String.format("[%s] DON'T push route-ipv6: 2000::/3", client.username)); } if (!userClient.subnetLeases.isEmpty()) { for (SubnetLease lease : userClient.subnetLeases) { options.put("push route-ipv6", VPN.cfg.getProperty("vpn.ipv6.network") + "/" + VPN.cfg.getProperty("vpn.ipv6.prefix") + " " + VPN.cfg.getProperty("vpn.ipv6.localip")); + + log.info(String.format("[%s] push route-ipv6: %s", client.username, + VPN.cfg.getProperty("vpn.ipv6.network") + "/" + VPN.cfg.getProperty("vpn.ipv6.prefix") + + " " + VPN.cfg.getProperty("vpn.ipv6.localip"))); + // route assigned IPv6 subnet through client options.put("iroute-ipv6", lease.subnet.subnet); + log.info(String.format("[%s] push route-ipv6: %s", client.username, lease.subnet.subnet)); + options.put("setenv-safe DELEGATED_IPv6_PREFIX", lease.subnet.subnet); + log.info(String.format("[%s] setenv-safe DELEGATED_IPv6_PREFIX: %s", client.username, lease.subnet.subnet)); } + } else { + log.info(String.format("[%s] no SubnetLease, don't push ipv6 route, iroute and DELEGATED_IPv6_PREFIX", + client.username)); } if (VPN.cfg.containsKey("openvpn.ping")) { options.put("push ping", VPN.cfg.get("openvpn.ping").toString()); + log.info(String.format("[%s] push ping: %s", client.username, VPN.cfg.get("openvpn.ping").toString())); + if (VPN.cfg.containsKey("openvpn.pingRestart")) { options.put("push ping-restart", VPN.cfg.get("openvpn.pingRestart").toString()); + log.info(String.format("[%s] push ping-restart: %s", client.username, VPN.cfg.get("openvpn.pingRestart").toString())); } } else { - log.warn("No ping and set, will cause spurious connection resets"); + log.warn(String.format("[%s] No ping and set, will cause spurious connection resets", client.username)); } vpn.authorizeClient(client.id, client.kid, options); -- GitLab From d7937d613f5be4dc4520bc67b427e5af5e5b37fd Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Sun, 27 Nov 2016 17:06:20 +0100 Subject: [PATCH 3/3] [mod] log.info -> log.debug --- .../ispng/openvpn/DefaultServiceListener.java | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java b/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java index 50b659b..0ab4ae6 100644 --- a/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java +++ b/src/main/java/be/neutrinet/ispng/openvpn/DefaultServiceListener.java @@ -53,15 +53,15 @@ public class DefaultServiceListener implements ServiceListener { User user = Users.authenticate(client.username, client.password); if (user != null) { TransactionManager.callInTransaction(VPN.cs, () -> { - log.info(String.format("[%s] starting authentication", client.username)); + log.debug(String.format("[%s] starting authentication", client.username)); Optional ipv4; if (userClient.leases == null) { ipv4 = Optional.empty(); - log.info(String.format("[%s] no ipv4", client.username)); + log.debug(String.format("[%s] no ipv4", client.username)); } else { ipv4 = userClient.leases.stream().filter(addr -> addr.ipVersion == 4).findFirst(); - log.info(String.format("[%s] ipv4: %s", client.username, ipv4.get().address)); + log.debug(String.format("[%s] ipv4: %s", client.username, ipv4.get().address)); } /*if (!ipv4.isPresent() && userClient.subnetLeases.isEmpty()) { @@ -75,7 +75,7 @@ public class DefaultServiceListener implements ServiceListener { if (ipv4.isPresent()) { c.addresses.add(ipv4.get()); - log.info(String.format("[%s] adding ipv4 to client", client.username)); + log.debug(String.format("[%s] adding ipv4 to client", client.username)); } pendingConnections.put(client.id, c); @@ -88,13 +88,13 @@ public class DefaultServiceListener implements ServiceListener { if (ipv4.isPresent()) { options.put("ifconfig-push", ipv4.get().address + " " + VPN.cfg.getProperty("openvpn.netmask.4")); - log.info(String.format("[%s] pushing 'ifconfig-push' to the client: %s", client.username, ipv4.get().address + " " + + log.debug(String.format("[%s] pushing 'ifconfig-push' to the client: %s", client.username, ipv4.get().address + " " + VPN.cfg.getProperty("openvpn.netmask.4"))); options.put("push route", VPN.cfg.getProperty("openvpn.network.4") + " " + VPN.cfg.getProperty("openvpn.netmask.4") + " " + VPN.cfg.getProperty("openvpn.localip.4")); - log.info(String.format("[%s] push route: %s", client.username, + log.debug(String.format("[%s] push route: %s", client.username, VPN.cfg.getProperty("openvpn.network.4") + " " + VPN.cfg.getProperty("openvpn.netmask.4") + " " + VPN.cfg.getProperty("openvpn.localip.4"))); @@ -104,7 +104,7 @@ public class DefaultServiceListener implements ServiceListener { if (address.getAddress().length == 4) { options.put("push route", address.getHostAddress() + " 255.255.255.255 net_gateway"); - log.info(String.format("[%s] push route: %s", client.username, + log.debug(String.format("[%s] push route: %s", client.username, address.getHostAddress() + " 255.255.255.255 net_gateway")); } @@ -112,21 +112,21 @@ public class DefaultServiceListener implements ServiceListener { if (user.settings().get("routeIPv4TrafficOverVPN", true).equals(true)) { options.put("push redirect-gateway", "def1"); - log.info(String.format("[%s] push redirect-gateway: def1", client.username)); + log.debug(String.format("[%s] push redirect-gateway: def1", client.username)); options.put("push route-gateway", VPN.cfg.getProperty("openvpn.localip.4")); - log.info(String.format("[%s] push route-gateway: %s", client.username, + log.debug(String.format("[%s] push route-gateway: %s", client.username, VPN.cfg.getProperty("openvpn.localip.4"))); } } options.put("push tun-ipv6", ""); - log.info(String.format("[%s] push tun-ipv6: ", client.username)); + log.debug(String.format("[%s] push tun-ipv6: ", client.username)); IPAddress interconnect = userClient.getOrCreateInterconnectIP(6); // Why /64? See https://community.openvpn.net/openvpn/ticket/264 options.put("ifconfig-ipv6-push", interconnect.address + "/64" + " " + VPN.cfg.getProperty("vpn.ipv6.interconnect")); - log.info(String.format("[%s] push ifconfig-ipv6-push: %s", client.username, interconnect.address + "/64" + " " + VPN.cfg.getProperty("vpn.ipv6.interconnect"))); + log.debug(String.format("[%s] push ifconfig-ipv6-push: %s", client.username, interconnect.address + "/64" + " " + VPN.cfg.getProperty("vpn.ipv6.interconnect"))); if (!ipv4.isPresent()) { /* because OpenVPN does not acknowledge that IPv6-only connectivity is a thing now, we need @@ -139,9 +139,9 @@ public class DefaultServiceListener implements ServiceListener { //options.put("push redirect-gateway-ipv6", "def1"); options.put("push route-ipv6", "2000::/3"); - log.info(String.format("[%s] push route-ipv6: 2000::/3", client.username)); + log.debug(String.format("[%s] push route-ipv6: 2000::/3", client.username)); } else { - log.info(String.format("[%s] DON'T push route-ipv6: 2000::/3", client.username)); + log.debug(String.format("[%s] DON'T push route-ipv6: 2000::/3", client.username)); } if (!userClient.subnetLeases.isEmpty()) { @@ -149,29 +149,29 @@ public class DefaultServiceListener implements ServiceListener { options.put("push route-ipv6", VPN.cfg.getProperty("vpn.ipv6.network") + "/" + VPN.cfg.getProperty("vpn.ipv6.prefix") + " " + VPN.cfg.getProperty("vpn.ipv6.localip")); - log.info(String.format("[%s] push route-ipv6: %s", client.username, + log.debug(String.format("[%s] push route-ipv6: %s", client.username, VPN.cfg.getProperty("vpn.ipv6.network") + "/" + VPN.cfg.getProperty("vpn.ipv6.prefix") + " " + VPN.cfg.getProperty("vpn.ipv6.localip"))); // route assigned IPv6 subnet through client options.put("iroute-ipv6", lease.subnet.subnet); - log.info(String.format("[%s] push route-ipv6: %s", client.username, lease.subnet.subnet)); + log.debug(String.format("[%s] push route-ipv6: %s", client.username, lease.subnet.subnet)); options.put("setenv-safe DELEGATED_IPv6_PREFIX", lease.subnet.subnet); - log.info(String.format("[%s] setenv-safe DELEGATED_IPv6_PREFIX: %s", client.username, lease.subnet.subnet)); + log.debug(String.format("[%s] setenv-safe DELEGATED_IPv6_PREFIX: %s", client.username, lease.subnet.subnet)); } } else { - log.info(String.format("[%s] no SubnetLease, don't push ipv6 route, iroute and DELEGATED_IPv6_PREFIX", + log.debug(String.format("[%s] no SubnetLease, don't push ipv6 route, iroute and DELEGATED_IPv6_PREFIX", client.username)); } if (VPN.cfg.containsKey("openvpn.ping")) { options.put("push ping", VPN.cfg.get("openvpn.ping").toString()); - log.info(String.format("[%s] push ping: %s", client.username, VPN.cfg.get("openvpn.ping").toString())); + log.debug(String.format("[%s] push ping: %s", client.username, VPN.cfg.get("openvpn.ping").toString())); if (VPN.cfg.containsKey("openvpn.pingRestart")) { options.put("push ping-restart", VPN.cfg.get("openvpn.pingRestart").toString()); - log.info(String.format("[%s] push ping-restart: %s", client.username, VPN.cfg.get("openvpn.pingRestart").toString())); + log.debug(String.format("[%s] push ping-restart: %s", client.username, VPN.cfg.get("openvpn.pingRestart").toString())); } } else { log.warn(String.format("[%s] No ping and set, will cause spurious connection resets", client.username)); -- GitLab