Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

softether: add vpnserver.settings option #72296

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

softether: add vpnserver.settings option #72296

wants to merge 1 commit into from

Conversation

mjsir911
Copy link
Contributor

@mjsir911 mjsir911 commented Oct 30, 2019
edited

Motivation for this change

Currently softether needs to be configured through the cli vpncmd, which is both confusing and not reproducible easily. The configuration file is mostly compatible with nixos objects/hashmaps/dicts, with the exception that the configuration file includes types, and differentiates between string and byte.

Semantics for softether.settings worked off of NixOS/rfcs#42

Looking for advice on how to approach typed options, a lot of the time defaults are good enough, but something I've run into is that the hashed password must be a byte type.

What i'm doing right now is using an object: {type="byte"; value="whatever==="}

Example nixos configuration:

services.softether = { 
	enable = true; 
	vpnserver = { 
		enable = true; 
		settings.root = { 
			LocalBridgeList.LocalBridge0 = { 
				DeviceName = "soft"; 
				HubName = "DEFAULT"; 
				TapMode = true; 
			}; 
			ListenerList.Listener0 = { 
				Enabled = true; 
				Port = 5555; 
			}; 
			VirtualHUB.DEFAULT = { 
				Online = true; 
				SecurityAccountDatabase.UserList.Ridl3y = { 
					AuthNtLmSecureHash = {type="byte"; value="aaaaaaaaaaaaaaaaaaaaaa==";}; 
					AuthPassword = {type="byte"; value="aaaaaaaaaaaaaaaaaaaaaaaaaaa=";}; 
					AuthType = 1; 
				}; 
			}; 
		}; 
	}; 
}

Turns into:

declare root
{
        declare ListenerList
        {
                declare Listener0
                {
                        bool Enabled true
                        uint Port 5555
                }
        }
        declare LocalBridgeList
        {
                declare LocalBridge0
                {
                        string DeviceName soft
                        string HubName DEFAULT
                        bool TapMode true
                }
        }
        declare ServerConfiguration
        {
        }
        declare VirtualHUB
        {
                declare DEFAULT
                {
                        bool Online true
                        declare SecurityAccountDatabase
                        {
                                declare UserList
                                {
                                        declare Ridl3y
                                        {
                                                byte AuthNtLmSecureHash aaaaaaaaaaaaaaaaaaaaaa==
                                                byte AuthPassword aaaaaaaaaaaaaaaaaaaaaaaaaaa=
                                                uint AuthType 1
                                        }
                                }
                        }
                }
        }
}
TODO:
  • maybe better type specification
  • figure out how to specify default values, and which values should be default, and which values are autofilled on app startup
  • mutable vs immutable configs (see znc/default.nix)
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

@mjsir911 mjsir911 force-pushed the softether-settings branch 2 times, most recently from 6def969 to 929445b Compare February 8, 2020 20:43
@mjsir911 mjsir911 changed the title [WIP] services.softether.vpnserver.settings services.softether.vpnserver.settings Feb 8, 2020
@mjsir911 mjsir911 changed the title services.softether.vpnserver.settings softether: add vpnserver.settings option Feb 8, 2020
@mjsir911 mjsir911 requested a review from a user February 23, 2020 16:34
@ghost ghost requested review from rick68 and removed request for a user May 25, 2020 06:27
@ghost
Copy link

ghost commented May 25, 2020

Unfortunately I don't use SoftEther since 2018.
Added SoftEther maintainer for review

@stale
Copy link

stale bot commented Nov 21, 2020

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Nov 21, 2020
@fricklerhandwerk
Copy link
Contributor

@mjsir911 are you still interested in this PR?

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 14, 2021
@mjsir911
Copy link
Contributor Author

I am @fricklerhandwerk, as long as it can get the attention needed to merge

@fricklerhandwerk
Copy link
Contributor

fricklerhandwerk commented Mar 15, 2021 via email

@fricklerhandwerk
Copy link
Contributor

Well, "these days" didn't happen, I just can't find enough time. But it's on my list, I won't forget, and I want to use it, so I'll be back with test and review.

@mjsir911
Copy link
Contributor Author

Well, "these days" didn't happen, I just can't find enough time. But it's on my list, I won't forget, and I want to use it, so I'll be back with test and review.

thank you for the updated @fricklerhandwerk! Glad to hear its still on your radar, I'll await review patiently :)

@mjsir911
Copy link
Contributor Author

mjsir911 commented Jun 4, 2021
edited

A solution around the custom data type {type="byte"; value="aaaaaaaaaaaaaaaaaaaaaa==";} fields is to just explicitly specify the root.VirtualHUB.*.SecurityAccountDatabase.UserList.*.{AuthNtLmSecureHash,AuthPassword} types and coerce them that way. Not sure if this works, if the type information specified in options can be translated to the data translation to config file.

src/Cedar/Client.c:		CfgAddByte(f, "HashedPassword", a->HashedPassword, SHA1_SIZE);
src/Cedar/Client.c:		CfgAddByte(f, "EncryptedPassword", b->Buf, b->Size);
src/Cedar/Client.c:			CfgAddByte(f, "ClientCert", b->Buf, b->Size);
src/Cedar/Client.c:			CfgAddByte(f, "ClientKey", b->Buf, b->Size);
src/Cedar/Client.c:			CfgAddByte(f, "ClientCert", b->Buf, b->Size);
src/Cedar/Client.c:	CfgAddByte(f, "ProxyPassword", b->Buf, b->Size);
src/Cedar/Client.c:	CfgAddByte(root, "EncryptedPassword", c->EncryptedPassword, SHA1_SIZE);
src/Cedar/Client.c:			CfgAddByte(cmsetting, "HashedPassword", s->HashedPassword, sizeof(s->HashedPassword));
src/Cedar/EtherLog.c:	CfgAddByte(root, "AdminPassword", e->HashedPassword, sizeof(e->HashedPassword));
src/Cedar/Nat.c:		CfgAddByte(root, "HashedPassword", n->HashedPassword, sizeof(n->HashedPassword));
src/Cedar/Server.c:			CfgAddByte(ddns_folder, "Key", s->DDnsClient->Key, SHA1_SIZE);
src/Cedar/Server.c:				CfgAddByte(f, "AuthPassword", password->HashedKey, sizeof(password->HashedKey));
src/Cedar/Server.c:					CfgAddByte(f, "AuthNtLmSecureHash", password->NtLmSecureHash, sizeof(password->NtLmSecureHash));
src/Cedar/Server.c:					CfgAddByte(f, "AuthSerial", rootcert->Serial->data, rootcert->Serial->size);
src/Cedar/Server.c:	CfgAddByte(f, "HashedPassword", h->HashedPassword, sizeof(h->HashedPassword));
src/Cedar/Server.c:	CfgAddByte(f, "SecurePassword", h->SecurePassword, sizeof(h->SecurePassword));
src/Cedar/Server.c:		CfgAddByte(f, "HashedPassword", s->HashedPassword, sizeof(s->HashedPassword));
src/Cedar/Server.c:			CfgAddByte(f, "MemberPassword", s->MemberPassword, SHA1_SIZE);
src/Mayaqua/Cfg.h:ITEM *CfgAddByte(FOLDER *f, char *name, void *buf, UINT size);
src/Mayaqua/Cfg.c:				CfgAddByte(current, name, tmp, size);
src/Mayaqua/Cfg.c:			CfgAddByte(f, name, buf, size);
src/Mayaqua/Cfg.c:	return CfgAddByte(f, name, b->Buf, b->Size);
src/Mayaqua/Cfg.c:ITEM *CfgAddByte(FOLDER *f, char *name, void *buf, UINT size)

Following up, this won't work perfectly. There are only a few places uses byte type, but there are quite a bit more places using uint64, which is impossible to differentiate from uint automatically. It doesn't look like uint64 is used in many places that would want to be autoconfigured, though:

src/Cedar/Client.c:	a->CreateDateTime = CfgGetInt64(f, "CreateDateTime");
src/Cedar/Client.c:	a->UpdateDateTime = CfgGetInt64(f, "UpdateDateTime");
src/Cedar/Client.c:	a->LastConnectDateTime = CfgGetInt64(f, "LastConnectDateTime");
src/Cedar/Client.c:	c->Eraser = NewEraser(c->Logger, CfgGetInt64(config, "AutoDeleteCheckDiskFreeSpaceMin"));
src/Cedar/EtherLog.c:	e->AutoDeleteCheckDiskFreeSpaceMin = CfgGetInt64(root, "AutoDeleteCheckDiskFreeSpaceMin");
src/Cedar/Server.c:	created_time = CfgGetInt64(f, "CreatedTime");
src/Cedar/Server.c:	updated_time = CfgGetInt64(f, "UpdatedTime");
src/Cedar/Server.c:	expire_time = CfgGetInt64(f, "ExpireTime");
src/Cedar/Server.c:	last_login_time = CfgGetInt64(f, "LastLoginTime");
src/Cedar/Server.c:		h->LastCommTime = CfgGetInt64(f, "LastCommTime");
src/Cedar/Server.c:		h->LastLoginTime = CfgGetInt64(f, "LastLoginTime");
src/Cedar/Server.c:		h->CreatedTime = CfgGetInt64(f, "CreatedTime");
src/Cedar/Server.c:	SetMaxLogSize(CfgGetInt64(f, "LoggerMaxLogSize"));
src/Cedar/Server.c:		s->Eraser = NewEraser(s->Logger, CfgGetInt64(f, "AutoDeleteCheckDiskFreeSpaceMin"));
src/Cedar/Server.c:	e->BroadcastCount = CfgGetInt64(f, "BroadcastCount");
src/Cedar/Server.c:	e->BroadcastBytes = CfgGetInt64(f, "BroadcastBytes");
src/Cedar/Server.c:	e->UnicastCount = CfgGetInt64(f, "UnicastCount");
src/Cedar/Server.c:	e->UnicastBytes = CfgGetInt64(f, "UnicastBytes");
src/Mayaqua/Cfg.h:UINT64 CfgGetInt64(FOLDER *f, char *name);
src/Mayaqua/Cfg.c:UINT64 CfgGetInt64(FOLDER *f, char *name)

@mjsir911 mjsir911 force-pushed the softether-settings branch 3 times, most recently from 32640cb to 0df2631 Compare June 4, 2021 19:52
@mjsir911

This comment has been minimized.

Sign in to view
@ajs124 ajs124 removed their request for review June 6, 2021 16:21
@stale
Copy link

stale bot commented Jan 9, 2022

I marked this as stale due to inactivity. → More info

@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jan 9, 2022
@fricklerhandwerk
Copy link
Contributor

Still relevant, I haven't forgotten.

@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jan 9, 2022
@raboof raboof removed their request for review January 10, 2022 08:58
@stale stale bot added the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jul 10, 2022
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Jun 12, 2023
@Janik-Haag
Copy link
Member

@fricklerhandwerk @mjsir911 what has to happen to unstale this/to get this merged?

@fricklerhandwerk
Copy link
Contributor

I still have it on my list, but free time to hack on stuff is not a thing any more. Sorry for the infinite delay.

From a quick glance:

  • Rebase
  • Use markdown for all docs
  • Fix typos

I won't be able to test it any time soon, but the code change is small enough and if anyone but the author will vouch for it to work for them, I can merge it (after nitpicking the docs, as I expect to use them myself at a far-away point in the future).

@benley benley removed their request for review June 19, 2023 17:18
@wegank wegank added 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md 2.status: merge conflict labels Mar 19, 2024
@stale stale bot removed the 2.status: stale https://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md label Mar 20, 2024
@wegank wegank marked this pull request as draft March 20, 2024 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
2.status: merge conflict 6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10 12. first-time contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mjsir911 @fricklerhandwerk @roberth @Janik-Haag @wegank