diff --git a/NFs/native/NAT/nativeNat.tar.gz b/NFs/native/NAT/nativeNat.tar.gz deleted file mode 100644 index 28753893..00000000 Binary files a/NFs/native/NAT/nativeNat.tar.gz and /dev/null differ diff --git a/NFs/native/NAT/start b/NFs/native/NAT/start new file mode 100755 index 00000000..926d92c5 --- /dev/null +++ b/NFs/native/NAT/start @@ -0,0 +1,35 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + +#enable ipv4 forwarding +sysctl -w net.ipv4.ip_forward=1 + +#debug +#set -x + +br_name=$1_$2_br +namespace_name=$1_$2_ns + +ifconfig $4 192.168.1.1 netmask 255.255.255.0 +ifconfig $5 192.168.2.1 netmask 255.255.255.0 +iptables -A FORWARD -i $4 -j ACCEPT +iptables -t nat -A POSTROUTING -o $5 -j MASQUERADE +exit 1 diff --git a/NFs/native/NAT/stop b/NFs/native/NAT/stop new file mode 100755 index 00000000..ae84eba3 --- /dev/null +++ b/NFs/native/NAT/stop @@ -0,0 +1,27 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + + + +namespace_name=$1_$2_ns + + +exit 1 diff --git a/NFs/native/VPNStrongswan/configure.sh b/NFs/native/VPNStrongswan/configure.sh new file mode 100755 index 00000000..b4adc144 --- /dev/null +++ b/NFs/native/VPNStrongswan/configure.sh @@ -0,0 +1,24 @@ +#! /bin/bash + +# $port1 $port2 $namespace $path + + + +SCRIPTPATH=$4 + +mkdir -p /etc/netns/$3/ipsec.d/run +mkdir -p /etc/netns/$3/strongswan +mkdir -p /etc/netns/$3/iproute2 + +cp -r $SCRIPTPATH/rt_tables /etc/netns/$3/iproute2 + +ip netns exec $3 ifconfig $1 192.168.1.1 netmask 255.255.255.0 +#ip netns exec $3 route add default gw 130.192.225.254 +ip netns exec $3 ifconfig $2 1.1.1.1 netmask 255.255.255.0 +#ip netns exec $3 ip route add 10.2.0.0/16 dev $2 scope link table tapIPSEC +#ip netns exec $3 ip route add default via 10.2.2.252 dev $2 table tapIPSEC +#ip netns exec $3 ip rule add from 10.2.1.0/24 table tapIPSEC pref 2 +#ip netns exec $3 ip rule add to 10.2.1.0/24 table tapIPSEC pref 2 + +cp -r /etc/strongswan* /etc/netns/$3/ +cp -r $SCRIPTPATH/strongswan/ipsec.* /etc/netns/$3/ diff --git a/NFs/native/VPNStrongswan/nativeIPSEC.tar.gz b/NFs/native/VPNStrongswan/nativeIPSEC.tar.gz deleted file mode 100644 index ac269d45..00000000 Binary files a/NFs/native/VPNStrongswan/nativeIPSEC.tar.gz and /dev/null differ diff --git a/NFs/native/VPNStrongswan/rt_tables b/NFs/native/VPNStrongswan/rt_tables new file mode 100644 index 00000000..2ca8bf2f --- /dev/null +++ b/NFs/native/VPNStrongswan/rt_tables @@ -0,0 +1,12 @@ +# +# reserved values +# +255 local +254 main +253 default +0 unspec +# +# local +# +#1 inr.ruhep +250 tapIPSEC diff --git a/NFs/native/VPNStrongswan/start b/NFs/native/VPNStrongswan/start new file mode 100755 index 00000000..23a4247e --- /dev/null +++ b/NFs/native/VPNStrongswan/start @@ -0,0 +1,38 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + +#enable ipv4 forwarding +sysctl -w net.ipv4.ip_forward=1 + +#debug +#set -x + +br_name=$1_$2_br +namespace_name=$1_$2_ns + +SCRIPTPATH="$1_$1_$2_tmp_$2" + +bash $SCRIPTPATH/configure.sh $4 $5 $namespace_name $SCRIPTPATH + +ip netns exec $namespace_name ipsec start +echo "[nativeNF_strongswan_start] script executed" + +exit 1 diff --git a/NFs/native/VPNStrongswan/stop b/NFs/native/VPNStrongswan/stop new file mode 100755 index 00000000..369f886f --- /dev/null +++ b/NFs/native/VPNStrongswan/stop @@ -0,0 +1,31 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + + + +namespace_name=$1_$2_ns + +ip netns exec $namespace_name ipsec stop +rm -rf /etc/netns/$namespace_name + +echo "[nativeNF_strongswan_start] script executed" + +exit 1 diff --git a/NFs/native/VPNStrongswan/strongswan/ipsec.conf b/NFs/native/VPNStrongswan/strongswan/ipsec.conf new file mode 100644 index 00000000..1b5641bf --- /dev/null +++ b/NFs/native/VPNStrongswan/strongswan/ipsec.conf @@ -0,0 +1,47 @@ +# ipsec.conf - strongSwan IPsec configuration file + +# basic configuration + +config setup + # strictcrlpolicy=yes + uniqueids = never + +# Add connections here. + +# Sample VPN connections + +#conn sample-self-signed +# leftsubnet=10.1.0.0/16 +# leftcert=selfCert.der +# leftsendcert=never +# right=192.168.0.2 +# rightsubnet=10.2.0.0/16 +# rightcert=peerCert.der +# auto=start + +#conn sample-with-ca-cert +# leftsubnet=10.1.0.0/16 +# leftcert=myCert.pem +# right=192.168.0.2 +# rightsubnet=10.2.0.0/16 +# rightid="C=CH, O=Linux strongSwan CN=peer name" +# auto=start + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + authby=secret + keyexchange=ikev2 + mobike=no + +conn net-net + left=1.1.1.1 + leftid=@moon.strongswan.org + leftsubnet=192.168.1.0/24 + leftfirewall=yes + right=1.1.1.2 + rightsubnet=10.0.0.0/24 + rightid=@sun.strongswan.org + auto=start diff --git a/NFs/native/VPNStrongswan/strongswan/ipsec.secrets b/NFs/native/VPNStrongswan/strongswan/ipsec.secrets new file mode 100644 index 00000000..4ee78dc4 --- /dev/null +++ b/NFs/native/VPNStrongswan/strongswan/ipsec.secrets @@ -0,0 +1,3 @@ +# /etc/ipsec.secrets - strongSwan IPsec secrets file + +@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL diff --git a/NFs/native/bridge/nativeBr.tar.gz b/NFs/native/bridge/nativeBr.tar.gz deleted file mode 100644 index 91b436c2..00000000 Binary files a/NFs/native/bridge/nativeBr.tar.gz and /dev/null differ diff --git a/NFs/native/bridge/start b/NFs/native/bridge/start new file mode 100755 index 00000000..a171be2e --- /dev/null +++ b/NFs/native/bridge/start @@ -0,0 +1,37 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + +#debug +#set -x + +br_name=$1_$2_br +namespace_name=$1_$2_ns + +brctl addbr br0 +ifconfig br0 up +ifconfig lo up +current=4 +for (( c=0; c<$3; c++ )) +do + brctl addif br0 ${!current} + current=`expr $current + 1` +done +exit 1 diff --git a/NFs/native/bridge/stop b/NFs/native/bridge/stop new file mode 100755 index 00000000..6a0af795 --- /dev/null +++ b/NFs/native/bridge/stop @@ -0,0 +1,27 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + + + +namespace_name=$1_$2_ns + +brctl delbr br0 +exit 1 diff --git a/NFs/native/dhcp/nativeDHCP.tar.gz b/NFs/native/dhcp/nativeDHCP.tar.gz deleted file mode 100644 index f0efd7a6..00000000 Binary files a/NFs/native/dhcp/nativeDHCP.tar.gz and /dev/null differ diff --git a/NFs/native/dhcp/start b/NFs/native/dhcp/start new file mode 100755 index 00000000..5be4929e --- /dev/null +++ b/NFs/native/dhcp/start @@ -0,0 +1,33 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + +#debug +#set -x + +br_name=$1_$2_br +namespace_name=$1_$2_ns + +ifconfig lo up +ifconfig $4 192.168.1.50 netmask 255.255.255.0 + +dnsmasq --dhcp-range=192.168.1.10,192.168.1.49,72h --interface=$4 --dhcp-option=3,192.168.1.1 + +exit 1 diff --git a/NFs/native/dhcp/stop b/NFs/native/dhcp/stop new file mode 100755 index 00000000..3c200441 --- /dev/null +++ b/NFs/native/dhcp/stop @@ -0,0 +1,26 @@ +#!/bin/bash + +#Author: Roberto Bonafiglia +# + +#command line: +# sudo ./start $1 $2 $3 $4 $5 + +#dependencies: strongswan + +#$1 LSI ID (e.g., 2) +#$2 NF name (e.g., firewall) +#$3 number_of_ports (it is supposed to be 2 for this NF) +#$4 and $5 names of port1 and port2 respectively (e.g., vEth0 vEth1) + +if (( $EUID != 0 )) +then + echo "[nativeNF_example_start] This script must be executed with ROOT privileges" + exit 0 +fi + + + +namespace_name=$1_$2_ns + +exit 1