[eduVPN-deploy] Fixed IP - ccd
François Kooman
fkooman at tuxed.net
Fri Jul 29 13:24:46 CEST 2022
Hi Frank,
Alright! I was currently thinking of going the way of running a shell
script in which you can of course just run curl with the required
parameters, but HTTP request could also work!
We then would have to come up with some kind of 'standard' for how to
perform these requests. Probably should be enforced to be HTTPS, we have
to agree on the names of the POST parameters etc.
I can just make something up and you can adapt to that. Ideally as far
as configuration goes, it would be nice if we only have to configure the
URL, and perhaps 'Basic' or 'Bearer' auth to authenticate to the HTTP
endpoint and not all the parameters :)
Have a nice holiday!
Regards,
François
On 29.07.22 13:05, Frank Weis wrote:
> Hi François,
>
> it doesn't make a huge difference for us. ssh seemed attractive at
> first, as it gives you endless possibilities... However, the more we
> thought/talked about it, the more we came to the conclusion that an
> *http request with POST* seems the way to go.
>
> * easier to set up. No need to worry about path, apache's rights etc.
> * we won't have to install anything else on the eduVPN appliance. It's
> all in the config.
> * we won't have to maintain a script on several eduVPN appliances,
> should we ever need several.
> * even if it were a script, we'd probably want the 'call to the
> internal server that does the magic' happen over http(s) because it
> doesn't require opening other, potentially dangerous ports.
> * it probably looks 'cleaner' from the eduVPN developers perspective.
>
> Thanks again! I will be offline until August 9th, so I won't report
> before, but I'm excited ;-)
>
>
> Frank
>
> On 29.07.22 12:04, François Kooman wrote:
>>
>> ⓘ This message was sent from external user !
>> Please do not click links or open attachments unless you recognise the
>> source of this email and know the content is safe.
>>
>> ________________________________
>>
>> Hi Frank,
>>
>> Perhaps I can just add the code to a release right away, as
>> "experimental" for example and we can iterate on that as required.
>>
>> I finished implementing the connect/disconnect hook and it works now for
>> both OpenVPN and WireGuard and merged in the v3 branch ready for the
>> next 3.x release.
>>
>> Would it be better to launch a shell script with some environment
>> variable set so you can write your own script, or call a HTTP endpoint
>> with some POST parameters? I'm not really sure what would be better and
>> easier to support going forward.
>>
>> Regards,
>> François
>>
>> On 29.07.22 08:23, Frank Weis wrote:
>>> Hi,
>>>
>>> I have it running on debian11, so I'd have to install a new VM. What
>>> distro would you suggest? I have no preference, as I don't have any
>>> experience with any of the 3.
>>>
>>> Thanks
>>>
>>> On 28.07.22 17:42, François Kooman wrote:
>>>>
>>>> ⓘ This message was sent from external user !
>>>> Please do not click links or open attachments unless you recognise the
>>>> source of this email and know the content is safe.
>>>>
>>>> ________________________________
>>>>
>>>> On 28.07.22 14:09, Frank Weis wrote:
>>>>> Let me know when/how we can test this.
>>>>
>>>> Let me iterate on the design a bit more, had some ideas on how to also
>>>> make this work for OpenVPN, and also for portal configuration downloads
>>>> (if those are enabled).
>>>>
>>>> Which OS did you deploy on? The development packages are only available
>>>> for Fedora and EL (Rocky Linux 9, AlmaLinux 9).
>>>>
>>>> Regards,
>>>> François
>>>>
>>> --
>>>
>>> *Frank Weis*
>>> Conseiller informaticien
>>>
>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>>> Centre de gestion informatique de l’éducation
>>>
>>> eduPôle - Walferdange
>>> Route de Diekirch, L-7220 Walferdange
>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>>
>>> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970
>>> .Fax : (+352) 247-85174
>>> E-mail : Frank.Weis at cgie.lu
>>> www.cgie.lu <http://www.cgie.lu/>
>>> www.men.lu <http://www.men.lu/>
>>> www.gouvernement.lu <http://www.gouvernement.lu>
>>>
>>> Ce message et toutes pièces jointes sont établis à l'intention exclusive
>>> de ses destinataires. Ils peuvent contenir des informations
>>> confidentielles. Si vous recevez ce message par erreur, merci de le
>>> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
>>> de ce message non conforme à sa destination, toute diffusion ou toute
>>> publication, totale ou partielle, est interdite, sauf autorisation
>>> expresse. Ce message a fait l'objet d'un traitement anti-virus.
>>>
>>> Le contenu de ce message et des pièces jointes ne pourrait engager la
>>> responsabilité du ministère que s'il a été émis par une personne dûment
>>> habilitée agissant dans le strict cadre des fonctions auxquelles elle
>>> est employée et à des fins non étrangères à ses attributions.
>>>
>>
> --
>
> *Frank Weis*
> Conseiller informaticien
>
> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
> Centre de gestion informatique de l’éducation
>
> eduPôle - Walferdange
> Route de Diekirch, L-7220 Walferdange
> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>
> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970
> .Fax : (+352) 247-85174
> E-mail : Frank.Weis at cgie.lu
> www.cgie.lu <http://www.cgie.lu/>
> www.men.lu <http://www.men.lu/>
> www.gouvernement.lu <http://www.gouvernement.lu>
>
> Ce message et toutes pièces jointes sont établis à l'intention exclusive
> de ses destinataires. Ils peuvent contenir des informations
> confidentielles. Si vous recevez ce message par erreur, merci de le
> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
> de ce message non conforme à sa destination, toute diffusion ou toute
> publication, totale ou partielle, est interdite, sauf autorisation
> expresse. Ce message a fait l'objet d'un traitement anti-virus.
>
> Le contenu de ce message et des pièces jointes ne pourrait engager la
> responsabilité du ministère que s'il a été émis par une personne dûment
> habilitée agissant dans le strict cadre des fonctions auxquelles elle
> est employée et à des fins non étrangères à ses attributions.
>
More information about the eduVPN-deploy
mailing list