waverleylabs / sdpcontroller Goto Github PK
View Code? Open in Web Editor NEWControl Module for Software Defined Perimeter (SDP)
License: GNU General Public License v3.0
sdpcontroller's People
Stargazers
Watchers
Forkers
wisemanlim adhongade engalex williampadillap falways yourheroonly chenergy1991 maerhahah vicerascal greg-hydrogen yangboyd cyberdog478 claudemonet polymath-is snow842 aifrruis shmueluri ckhordiasma shaharariel malstor connlan mingcat-23 txyafx mooosu xwqiu j4ckzh0u franklinharry cyqds xiaoruiguo webvul abuziyaadawajeeh howard-hu andyasne campeeerrr mh567 at130722 takahiro-ono jackypeng66 qubcia meteoricfarm tangxiucai2 cyberprober sd-sseos james2060 wudi202 pingidm hzdwang juscelior qianglchina ninichibi shovradas guliang123 asagarika22 jun428 logossami imzhulei apoirrier gholdzhang chaoweimtsdpcontroller's Issues
how to populate the relevant tables in Mysql
I follow the step, but I stuck in step eight,I don’t know how to populate the relevant tables, do you have any script or something to finish the configuration? I mean the value in the tables.
Issue with genCredentials.js and db access
I'm setting this up in a lab, and I've run into an issue at step 12 in the readme. When executing genCredentials.js, it errors out with the following, implying that there is a credential error with the user "sdp_controller@localhost". As you can see, I am not prompted for an ID or PW. I've attempted to read the js file but am unable to see what password the script may be trying to use to access the sdp database. Can you provide any insight into the credentials in the script so I can match them in the database? Thank you.
user@SDPGW1:/SDPcontroller$ node ./genCredentials.js 101
Preparing to generate credentials for SDP ID 101
Error connecting to database: Error: ER_ACCESS_DENIED_ERROR: Access denied for user 'sdp_controller'@'localhost' (using password: YES)
user@SDPGW1:/SDPcontroller$
Unable to start sdpController
cc@cc-virtua l-machine :~/SDPcontrollerS node .1 sdpcontroller .js
tls common. js:135
c.context.setCert(cert);
Error : error : 0909006C : PEM routines: get name: no start line
at object. createSecureContext (_ tls_ common. js:135:17 )
at new Server (_ tls_ wrap. js:873:27)
at object.createServer (_ tls_ wrap.js:919:10)
at startServer ( /home /cc /SDPcontroller /sdpController .js:195:22)
at startDbPool ( /home /cc/SDPcontroller /sdpController .jS:164:5)
at checkDbPassword ( /home/cc /SDPcontroller / sdpController . js:115:9)
at startController ( /home/cc/SDPcontroller /sdpController.js:83:9)
at credentialMaker . init ( /home/cc /SDPcontroller / sdpCr edentialMaker . js:38:5)at object . <anonymous> ( /home /cc /SDPcontroller /sdpController . js:79:19)
at Module._ compile ( internal/modules/cjs/loader . js:778:30)
Regarding sdpid of controller and clients
Hi,
I have installed this SDPcontroller in my machine, I see that while creating certificates it is asking for sdpid for both controller & client. I was able to connect to first client.
To connect to a second client I only generated client certificates with different sdpid and pasted in the client machine but I'm not able to connect to controller from second client. I'm getting an error as SSL handshake failed.
Is there any solution for this?Thank you.
[Question] Configuration for Client and Gateway Server (Client Not Gain Access)
Question
I have two questions about key and certification.
Regarding key:
I am aware there are two configuration files for client and server (ref: installation manual):
for client "SAMPLE_sdp_ctrl_client.conf" and ".fwknoprc"
for server "gate_sdp_ctrl_client.conf" and "fwknopd.conf"
What should I put in
SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "SAMPLE_sdp_ctrl_client.conf" (client side)
SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "gate_sdp_ctrl_client.conf" (gateway server side)
I generated "client.key", "clinet.crt", "client.csr" and "server.key", "server.crt", "server.csr" by node ./genCredentials.js <SDPID>. Should I use information from these?
or data from "ca.crt" and "ca.key"? (in this case client and server will have the same value)
Regarding certification (and also key):
What should I put
KEY_FILE and CERT_FILE in "gate_sdp_ctrl.conf" (gateway server side)
example in the file indicated "client.key". Should be "server.key", right?:
(ref 1 and 2)
Situation
Client couldn't gain access to a protected service. Here is current status:
isi@isi-radio:~$ fwknop -n service_gate
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
(sdp_com.c:423) Setting CA cert for peer cert verification.
(sdp_com.c:622) Starting connection attempt 1
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 1 failed, 2 attempts remaining
(sdp_com.c:668) Waiting 5 seconds until retry
(sdp_com.c:622) Starting connection attempt 2
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 2 failed, 1 attempt remaining
(sdp_com.c:668) Waiting 10 seconds until retry
(sdp_com.c:622) Starting connection attempt 3
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 3 failed, 0 attempts remaining
(sdp_com.c:661) Too many failed connection attempts. Exiting now
(sdp_ctrl_client.c:1562) SDP Control Client Exiting
SDP ctrl client returned error code: 32778
isi@isi-radio:~$
To run Software Defined Perimeter software, I followed these steps (ref: installation manual):
(1) Run controller
isi@isi-wave:~/project/SoDeTaNII/SDPcontroller$ node ./sdpController.js
(1) Tool imported
(2) Checked configurations
SDP Controller running at port 5000
No open connections found that need to be removed.
(2) Run gateway server
isi@isi-radio:~$ fwknopd
[-] file: /etc/fwknop/fwknopd.conf permissions should only be user read/write (0600, -rw-------)
[-] file: /etc/fwknop/fwknopd.conf (owner: 0) not owned by current effective user id: 1000
(3) Run client
isi@isi-radio:~$ fwknop -n service_gate...and I have above error.
Please, let me know correct parameter or if I miss anything.
The open_connection and closed_connection database tables are empty
Dear,
I have a problem writing data in the open_connection and closed_connection tables.
At no point do not write me the arguments in the table. SDP Gateway and SDP Client are successfully authenticated and are taking new keys from SDP Controller, only the refresh_trigger table is filled in, but there are no more detailed information except that a change has been made to a table.
These tables are written with data: sdpid, sdpid_service, service, and service_gateway.
I also additionally filled in these tables with reference points: controller, gateway, gateway_controller and user but I have not received any changes and can be written to the open_connection and closed_connection tables.
Best regards,
Goce Joncheski
Unable to start SDPcontroller
Setup:
- CentOS 8, x86_64
Issue
[root@sdp SDPcontroller]# node ./sdpController.js
prompt: Enter certificate authority key password: *****************
prompt: Enter server key password: *****************
prompt: Enter database password: *****************
readline.js:1154
throw err;
^
Error: error:0909006C:PEM routines:get_name:no start line
at Object.createSecureContext (_tls_common.js:129:17)
at Server.setSecureContext (_tls_wrap.js:1323:27)
at new Server (_tls_wrap.js:1181:8)
at Object.createServer (_tls_wrap.js:1224:10)
at startServer (/opt/SDPcontroller/sdpController.js:195:22)
at startDbPool (/opt/SDPcontroller/sdpController.js:164:5)
at /opt/SDPcontroller/sdpController.js:137:17
at /opt/SDPcontroller/node_modules/prompt/lib/prompt.js:358:32
at /opt/SDPcontroller/node_modules/async/lib/async.js:154:25
at assembler (/opt/SDPcontroller/node_modules/prompt/lib/prompt.js:355:9) {
library: 'PEM routines',
function: 'get_name',
reason: 'no start line',
code: 'ERR_OSSL_PEM_NO_START_LINE'
}
Config file
module.exports = {
// print debug statements
'debug': false,
'serverPort': 5000,
'maxConnections': 100,
// milliseconds, 0 indicates no timeout
// this is controller's way of noticing a lost connection
'socketTimeout': 30000,
// false indicates the server should disconnect
// after a successful credential update
'keepClientsConnected': true,
// allow legacy access request type
// Legacy access request means the SPA packet specifies
// the port to open along with detailed NAT instructions
// if applicable. This mode is not secure because the
// client can be NAT'ed to anywhere it requests if NAT
// is enabled.
'allowLegacyAccessRequests': false,
// can create these using ./setup/create-certs.sh
'serverCert': './certs/server.crt',
'serverKey': './certs/server.key',
// to be prompted for a password, set this field
// to a null string using '' (that's 2 single quotes
// with no spaces between)
'serverKeyPassword': '',
'serverKeyPasswordRequired': true,
// can create these using ./setup/create-certs.sh
'caCert': './certs/ca.crt',
'caKey': './certs/ca.key',
// to be prompted for a password, delete this field or
// set it to a null string using '' (that's 2 single
// quotes with no spaces between)
'caKeyPassword': '',
'caKeyPasswordRequired': true,
// how many days new certificates should be good for
'daysToExpiration': 31,
// SPA encryption key length in bytes, range is 64 to 256
'encryptionKeyLen': 256,
// SPA HMAC key length in bytes, range is 4 to 128
'hmacKeyLen': 128,
// database options
'dbHost': 'localhost',
'dbUser': 'root',
'dbPasswordRequired': true,
// to be prompted for a password, delete this field or
// set it to a null string using '' (that's 2 single
// quotes with no spaces between)
'dbPassword': '',
'dbName': 'sdp',
// if any of these are exceeded, the controller
// disconnects from the client
'maxDataTransmitTries': 3,
'maxCredentialMakerTries': 3,
'maxBadMessages': 3,
// retry interval (milliseconds) for database failures
'databaseRetryInterval': 5000,
'databaseMaxRetries': 5,
// interval (milliseconds) to check database for changes
// that require sending updates to gateways
'databaseMonitorInterval': 3000,
};
I'm not sure whether I missed something or not, but I have no idea what's going on here. Some assistance is appreciated in advance.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.