[eduVPN-deploy] Fixed IP - ccd

François Kooman fkooman at tuxed.net
Mon Aug 1 14:59:08 CEST 2022 

Hi,

An initial version is available in the development release of the VPN 
server and wrote some documentation on how this would work:

https://github.com/eduvpn/documentation/blob/v3/SCRIPT_CONNECTION_HOOK.md

Regards,
François

On 29.07.22 13:24, François Kooman wrote:
> Hi Frank,
> 
> Alright! I was currently thinking of going the way of running a shell
> script in which you can of course just run curl with the required
> parameters, but HTTP request could also work!
> 
> We then would have to come up with some kind of 'standard' for how to
> perform these requests. Probably should be enforced to be HTTPS, we have
> to agree on the names of the POST parameters etc.
> 
> I can just make something up and you can adapt to that. Ideally as far
> as configuration goes, it would be nice if we only have to configure the
> URL, and perhaps 'Basic' or 'Bearer' auth to authenticate to the HTTP
> endpoint and not all the parameters :)
> 
> Have a nice holiday!
> 
> Regards,
> François
> 
> On 29.07.22 13:05, Frank Weis wrote:
>> Hi François,
>>
>> it doesn't make a huge difference for us. ssh seemed attractive at
>> first, as it gives you endless possibilities... However, the more we
>> thought/talked about it, the more we came to the conclusion that an
>> *http request with POST* seems the way to go.
>>
>>    * easier to set up. No need to worry about path, apache's rights etc.
>>    * we won't have to install anything else on the eduVPN appliance. It's
>>      all in the config.
>>    * we won't have to maintain a script on several eduVPN appliances,
>>      should we ever need several.
>>    * even if it were a script, we'd probably want the 'call to the
>>      internal server that does the magic' happen over http(s) because it
>>      doesn't require opening other, potentially dangerous ports.
>>    * it probably looks 'cleaner' from the eduVPN developers perspective.
>>
>> Thanks again! I will be offline until August 9th, so I won't report
>> before, but I'm excited ;-)
>>
>>
>> Frank
>>
>> On 29.07.22 12:04, François Kooman wrote:
>>>
>>> ⓘ This message was sent from external user !
>>> Please do not click links or open attachments unless you recognise the
>>> source of this email and know the content is safe.
>>>
>>> ________________________________
>>>
>>> Hi Frank,
>>>
>>> Perhaps I can just add the code to a release right away, as
>>> "experimental" for example and we can iterate on that as required.
>>>
>>> I finished implementing the connect/disconnect hook and it works now for
>>> both OpenVPN and WireGuard and merged in the v3 branch ready for the
>>> next 3.x release.
>>>
>>> Would it be better to launch a shell script with some environment
>>> variable set so you can write your own script, or call a HTTP endpoint
>>> with some POST parameters? I'm not really sure what would be better and
>>> easier to support going forward.
>>>
>>> Regards,
>>> François
>>>
>>> On 29.07.22 08:23, Frank Weis wrote:
>>>> Hi,
>>>>
>>>> I have it running on debian11, so I'd have to install a new VM. What
>>>> distro would you suggest? I have no preference, as I don't have any
>>>> experience with any of the 3.
>>>>
>>>> Thanks
>>>>
>>>> On 28.07.22 17:42, François Kooman wrote:
>>>>>
>>>>> ⓘ This message was sent from external user !
>>>>> Please do not click links or open attachments unless you recognise the
>>>>> source of this email and know the content is safe.
>>>>>
>>>>> ________________________________
>>>>>
>>>>> On 28.07.22 14:09, Frank Weis wrote:
>>>>>> Let me know when/how we can test this.
>>>>>
>>>>> Let me iterate on the design a bit more, had some ideas on how to also
>>>>> make this work for OpenVPN, and also for portal configuration downloads
>>>>> (if those are enabled).
>>>>>
>>>>> Which OS did you deploy on? The development packages are only available
>>>>> for Fedora and EL (Rocky Linux 9, AlmaLinux 9).
>>>>>
>>>>> Regards,
>>>>> François
>>>>>
>>>> -- 
>>>>
>>>> *Frank Weis*
>>>> Conseiller informaticien
>>>>
>>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>>>> Centre de gestion informatique de l’éducation
>>>>
>>>> eduPôle - Walferdange
>>>> Route de Diekirch, L-7220 Walferdange
>>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>>>
>>>> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970
>>>> .Fax : (+352) 247-85174
>>>> E-mail : Frank.Weis at cgie.lu
>>>> www.cgie.lu <http://www.cgie.lu/>
>>>> www.men.lu <http://www.men.lu/>
>>>> www.gouvernement.lu <http://www.gouvernement.lu>
>>>>
>>>> Ce message et toutes pièces jointes sont établis à l'intention exclusive
>>>> de ses destinataires. Ils peuvent contenir des informations
>>>> confidentielles. Si vous recevez ce message par erreur, merci de le
>>>> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
>>>> de ce message non conforme à sa destination, toute diffusion ou toute
>>>> publication, totale ou partielle, est interdite, sauf autorisation
>>>> expresse. Ce message a fait l'objet d'un traitement anti-virus.
>>>>
>>>> Le contenu de ce message et des pièces jointes ne pourrait engager la
>>>> responsabilité du ministère que s'il a été émis par une personne dûment
>>>> habilitée agissant dans le strict cadre des fonctions auxquelles elle
>>>> est employée et à des fins non étrangères à ses attributions.
>>>>
>>>
>> -- 
>>
>> *Frank Weis*
>> Conseiller informaticien
>>
>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>> Centre de gestion informatique de l’éducation
>>
>> eduPôle - Walferdange
>> Route de Diekirch, L-7220 Walferdange
>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>
>> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970
>> .Fax : (+352) 247-85174
>> E-mail : Frank.Weis at cgie.lu
>> www.cgie.lu <http://www.cgie.lu/>
>> www.men.lu <http://www.men.lu/>
>> www.gouvernement.lu <http://www.gouvernement.lu>
>>
>> Ce message et toutes pièces jointes sont établis à l'intention exclusive
>> de ses destinataires. Ils peuvent contenir des informations
>> confidentielles. Si vous recevez ce message par erreur, merci de le
>> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
>> de ce message non conforme à sa destination, toute diffusion ou toute
>> publication, totale ou partielle, est interdite, sauf autorisation
>> expresse. Ce message a fait l'objet d'un traitement anti-virus.
>>
>> Le contenu de ce message et des pièces jointes ne pourrait engager la
>> responsabilité du ministère que s'il a été émis par une personne dûment
>> habilitée agissant dans le strict cadre des fonctions auxquelles elle
>> est employée et à des fins non étrangères à ses attributions.
>>
>

More information about the eduVPN-deploy mailing list