Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/citc/CITC-IPv6-Tunnel-Broker

TSP tunnel broker/server implementation
https://github.com/citc/CITC-IPv6-Tunnel-Broker

Last synced: 5 days ago
JSON representation

TSP tunnel broker/server implementation

Host: GitHub
URL: https://github.com/citc/CITC-IPv6-Tunnel-Broker
Owner: citc
License: gpl-2.0
Created: 2012-04-18T08:30:28.000Z (over 12 years ago)
Default Branch: master
Last Pushed: 2012-04-28T21:41:57.000Z (over 12 years ago)
Last Synced: 2024-08-02T12:46:37.018Z (3 months ago)
Language: Python
Homepage: http://ipv6.sa/tunnelbroker
Size: 279 KB
Stars: 18
Watchers: 4
Forks: 7
Open Issues: 1
Metadata Files:
- Readme: README
- Changelog: CHANGES
- License: LICENSE

Awesome Lists containing this project

awesome-starred - citc/CITC-IPv6-Tunnel-Broker - TSP tunnel broker/server implementation (others)

README

Purpose

This open source software is developed by CITC to promote IPv6 deployments
in Saudi Arabia by offering free national IPv6 connectivity to Internet users.
Please visit http://www.ipv6.sa/tunnelbroker for more details.

Overview

This is IPv6 tunneling server software, built to TSP RFC specification
(RFC5572). It contains two parts: python-egg for TSP, and kernel module
'utun'. The python part handles virtual interface (utun) creation and
deletion, authenticates users, IP address delegation and such.
The kernel module 'utun' handles packet encapsulation/decapsulation in
kernel space.

In addition to the basic functionality, there is web-based barebones
management software module for resetting user passwords and deleting
or creating users.

CITC TSP Tunnel broker

CITC TSP tunnel broker (ddtb) is a tunnel broker that listens for TSP packets
on port 3653 and negotiates set-up for various kinds of tunnels. Currently
only v6udpv4 tunnels are supported. The tunnels are implemented by a virtual
device 'utun'. You need to compile and install the kernel module for ddtb to work.

ddtb also requires xtables-addons to work around Linux conntrack preventing
content-dependent routing of UDP packets. ddtb uses RAWDNAT and RAWSNAT
targets on raw and rawpost tables before conntrack gets to short-circuit
the routing. If your distro supports these targets out of the box, good;
otherwise install xtabes-addons package or see file INSTALL.

The python tunnel-broker uses storm ORM.

inet.ipv4.conf.all.accept_local sysctl is required, otherwise Linux will not
route incoming packets (even from virtual interfaces) that have any 'local'
address as source address.

Dependencies in short:
- python >=2.6, distutils configured (see file INSTALL)
- kernel with accept_local sysctl (>=2.6.32, at least)
- python-storm
- MySQL
- xtables-addons w/RAWSNAT/RAWDNAT
- netdev_tx_t defined in netdevice.h (since 2.6.34)

utun kernel module

utun is simple kernel module for encapsulating/decapsulating IPv6 packets
over UDP/IPv4 transport. The tunnel broker python module controls creation
and deletion of interfaces of type utun. There is no packet handling in user
space.

Compatibility

Tested on Ubuntu 10.10 (custom kernel) and 11.04.

Kernel module does not compile on RHEL5-series. You would need custom kernel,
and possibly other things (xtables-addons) as well. ddtb is NOT tested on
RHEL5/Centos5 series and may not work even with custom kernel.

On RH6-series, you need kernel with accept_local enabled. In other words,
as of April 2012, you need to build custom kernel, because kernel
2.6.32-220.7.1.el6.x86_64 does not have accept_local (RH5 has it backported
to 2.6.18-series). I have opened an RFE for getting accept_local into RH6.

xt_RAWNAT is needed, but there is not xtables-addons for RHEL6/Centos6.
xtables-addons-1.37 works. See file INSTALL for instructions.

Distribution contains directory 'utun-rpm' for building RPM or SRPM. Build
process has been tested to work on Centos 6.0 and RHEL6.1. Please see separate
README file in directory 'utun-rpm' for details.

DKMS approach is tested to work on Ubuntu 10.10 with custom (vanilla) kernel
that satisfies the requirements (at least 2.6.35-rc3, 2.6.37, 2.6.38 and
some other were tested) and Ubuntu 11.04 with default distro kernel(s).

Requirement for 'accept_local'-enabled kernel applies.
Commit 8ec1e0ebe26087bfc5c0394ada5feb5758014fc8 adds this functionality in
2.6.32-git4, so it should be present in >= 2.6.32 stable vanilla kernels.

CITC IPv6 Tunnel Broker team, [email protected]
2012 Copyright Communications and Information Technology Commission. http://www.citc.gov.sa