/*
GoVPN -- simple secure free software virtual private network daemon
-Copyright (C) 2014-2015 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2014-2016 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
package main
import (
- "encoding/hex"
- "encoding/json"
+ "errors"
"io/ioutil"
"log"
"time"
- "github.com/agl/ed25519"
+ "github.com/go-yaml/yaml"
"govpn"
)
var (
confs map[govpn.PeerId]*govpn.PeerConf
- idsCache govpn.CipherCache
+ idsCache *govpn.CipherCache
)
-func confRead() map[govpn.PeerId]*govpn.PeerConf {
+func confRead() (*map[govpn.PeerId]*govpn.PeerConf, error) {
data, err := ioutil.ReadFile(*confPath)
if err != nil {
- log.Fatalln("Unable to read configuration:", err)
+ return nil, err
}
confsRaw := new(map[string]govpn.PeerConf)
- err = json.Unmarshal(data, confsRaw)
+ err = yaml.Unmarshal(data, confsRaw)
if err != nil {
- log.Fatalln("Unable to parse configuration:", err)
+ return nil, err
}
confs := make(map[govpn.PeerId]*govpn.PeerConf, len(*confsRaw))
- for peerIdRaw, pc := range *confsRaw {
- peerId, err := govpn.IDDecode(peerIdRaw)
+ for name, pc := range *confsRaw {
+ verifier, err := govpn.VerifierFromString(pc.VerifierRaw)
if err != nil {
- log.Fatalln("Invalid peer ID:", peerIdRaw, err)
+ return nil, errors.New("Unable to decode verifier: " + err.Error())
+ }
+ if pc.Encless {
+ pc.Noise = true
+ }
+ if pc.MTU == 0 {
+ pc.MTU = govpn.MTUDefault
+ }
+ if pc.MTU > govpn.MTUMax {
+ log.Println("MTU value", pc.MTU, "is too high, overriding to", govpn.MTUMax)
+ pc.MTU = govpn.MTUMax
}
conf := govpn.PeerConf{
- Id: peerId,
- Name: pc.Name,
- Up: pc.Up,
- Down: pc.Down,
- Noise: pc.Noise,
- CPR: pc.CPR,
+ Verifier: verifier,
+ Id: verifier.Id,
+ Name: name,
+ Iface: pc.Iface,
+ MTU: pc.MTU,
+ Up: pc.Up,
+ Down: pc.Down,
+ Noise: pc.Noise,
+ CPR: pc.CPR,
+ Encless: pc.Encless,
}
if pc.TimeoutInt <= 0 {
pc.TimeoutInt = govpn.TimeoutDefault
}
conf.Timeout = time.Second * time.Duration(pc.TimeoutInt)
-
- if len(pc.Verifier) != ed25519.PublicKeySize*2 {
- log.Fatalln("Verifier must be 64 hex characters long")
- }
- keyDecoded, err := hex.DecodeString(string(pc.Verifier))
- if err != nil {
- log.Fatalln("Unable to decode the key:", err.Error(), pc.Verifier)
- }
- conf.DSAPub = new([ed25519.PublicKeySize]byte)
- copy(conf.DSAPub[:], keyDecoded)
-
- confs[*peerId] = &conf
+ confs[*verifier.Id] = &conf
}
- return confs
+ return &confs, nil
}
-func confRefresh() {
- confs = confRead()
+func confRefresh() error {
+ newConfs, err := confRead()
+ if err != nil {
+ log.Println("Unable to parse peers configuration:", err)
+ return err
+ }
+ confs = *newConfs
ids := make([]govpn.PeerId, 0, len(confs))
for peerId, _ := range confs {
ids = append(ids, peerId)
}
idsCache.Update(ids)
+ return nil
}
func confInit() {
idsCache = govpn.NewCipherCache(nil)
- confRefresh()
+ if err := confRefresh(); err != nil {
+ log.Fatalln(err)
+ }
go func() {
for {
time.Sleep(RefreshRate)