[eduVPN-deploy] Fixed IP - ccd

François Kooman fkooman at tuxed.net
Fri Jul 29 13:24:46 CEST 2022 

Hi Frank,

Alright! I was currently thinking of going the way of running a shell 
script in which you can of course just run curl with the required 
parameters, but HTTP request could also work!

We then would have to come up with some kind of 'standard' for how to 
perform these requests. Probably should be enforced to be HTTPS, we have 
to agree on the names of the POST parameters etc.

I can just make something up and you can adapt to that. Ideally as far 
as configuration goes, it would be nice if we only have to configure the 
URL, and perhaps 'Basic' or 'Bearer' auth to authenticate to the HTTP 
endpoint and not all the parameters :)

Have a nice holiday!

Regards,
François

On 29.07.22 13:05, Frank Weis wrote:
> Hi François,
> 
> it doesn't make a huge difference for us. ssh seemed attractive at 
> first, as it gives you endless possibilities... However, the more we 
> thought/talked about it, the more we came to the conclusion that an 
> *http request with POST* seems the way to go.
> 
>   * easier to set up. No need to worry about path, apache's rights etc.
>   * we won't have to install anything else on the eduVPN appliance. It's
>     all in the config.
>   * we won't have to maintain a script on several eduVPN appliances,
>     should we ever need several.
>   * even if it were a script, we'd probably want the 'call to the
>     internal server that does the magic' happen over http(s) because it
>     doesn't require opening other, potentially dangerous ports.
>   * it probably looks 'cleaner' from the eduVPN developers perspective. 
> 
> Thanks again! I will be offline until August 9th, so I won't report 
> before, but I'm excited ;-)
> 
> 
> Frank
> 
> On 29.07.22 12:04, François Kooman wrote:
>>
>> ⓘ This message was sent from external user !
>> Please do not click links or open attachments unless you recognise the 
>> source of this email and know the content is safe.
>>
>> ________________________________
>>
>> Hi Frank,
>>
>> Perhaps I can just add the code to a release right away, as
>> "experimental" for example and we can iterate on that as required.
>>
>> I finished implementing the connect/disconnect hook and it works now for
>> both OpenVPN and WireGuard and merged in the v3 branch ready for the
>> next 3.x release.
>>
>> Would it be better to launch a shell script with some environment
>> variable set so you can write your own script, or call a HTTP endpoint
>> with some POST parameters? I'm not really sure what would be better and
>> easier to support going forward.
>>
>> Regards,
>> François
>>
>> On 29.07.22 08:23, Frank Weis wrote:
>>> Hi,
>>>
>>> I have it running on debian11, so I'd have to install a new VM. What
>>> distro would you suggest? I have no preference, as I don't have any
>>> experience with any of the 3.
>>>
>>> Thanks
>>>
>>> On 28.07.22 17:42, François Kooman wrote:
>>>>
>>>> ⓘ This message was sent from external user !
>>>> Please do not click links or open attachments unless you recognise the
>>>> source of this email and know the content is safe.
>>>>
>>>> ________________________________
>>>>
>>>> On 28.07.22 14:09, Frank Weis wrote:
>>>>> Let me know when/how we can test this.
>>>>
>>>> Let me iterate on the design a bit more, had some ideas on how to also
>>>> make this work for OpenVPN, and also for portal configuration downloads
>>>> (if those are enabled).
>>>>
>>>> Which OS did you deploy on? The development packages are only available
>>>> for Fedora and EL (Rocky Linux 9, AlmaLinux 9).
>>>>
>>>> Regards,
>>>> François
>>>>
>>> -- 
>>>
>>> *Frank Weis*
>>> Conseiller informaticien
>>>
>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>>> Centre de gestion informatique de l’éducation
>>>
>>> eduPôle - Walferdange
>>> Route de Diekirch, L-7220 Walferdange
>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>>
>>> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970
>>> .Fax : (+352) 247-85174
>>> E-mail : Frank.Weis at cgie.lu
>>> www.cgie.lu <http://www.cgie.lu/>
>>> www.men.lu <http://www.men.lu/>
>>> www.gouvernement.lu <http://www.gouvernement.lu>
>>>
>>> Ce message et toutes pièces jointes sont établis à l'intention exclusive
>>> de ses destinataires. Ils peuvent contenir des informations
>>> confidentielles. Si vous recevez ce message par erreur, merci de le
>>> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
>>> de ce message non conforme à sa destination, toute diffusion ou toute
>>> publication, totale ou partielle, est interdite, sauf autorisation
>>> expresse. Ce message a fait l'objet d'un traitement anti-virus.
>>>
>>> Le contenu de ce message et des pièces jointes ne pourrait engager la
>>> responsabilité du ministère que s'il a été émis par une personne dûment
>>> habilitée agissant dans le strict cadre des fonctions auxquelles elle
>>> est employée et à des fins non étrangères à ses attributions.
>>>
>>
> -- 
> 
> *Frank Weis*
> Conseiller informaticien
> 
> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
> Centre de gestion informatique de l’éducation
> 
> eduPôle - Walferdange
> Route de Diekirch, L-7220 Walferdange
> _Adresse postale_ : B.P. 98, L-7201 Bereldange
> 
> Tél. Helpdesk: (+352) 247-85999 . Tél. Secrétariat: (+352) 247-85970 
> .Fax : (+352) 247-85174
> E-mail : Frank.Weis at cgie.lu
> www.cgie.lu <http://www.cgie.lu/>
> www.men.lu <http://www.men.lu/>
> www.gouvernement.lu <http://www.gouvernement.lu>
> 
> Ce message et toutes pièces jointes sont établis à l'intention exclusive 
> de ses destinataires. Ils peuvent contenir des informations 
> confidentielles. Si vous recevez ce message par erreur, merci de le 
> détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation 
> de ce message non conforme à sa destination, toute diffusion ou toute 
> publication, totale ou partielle, est interdite, sauf autorisation 
> expresse. Ce message a fait l'objet d'un traitement anti-virus.
> 
> Le contenu de ce message et des pièces jointes ne pourrait engager la 
> responsabilité du ministère que s'il a été émis par une personne dûment 
> habilitée agissant dans le strict cadre des fonctions auxquelles elle 
> est employée et à des fins non étrangères à ses attributions.
>

More information about the eduVPN-deploy mailing list