[zorp-hu] 3.9 ssl keybridge nem indul
Kosa Attila
zsiga at kosaek.hu
2011. Ápr. 13., Sze, 11:41:52 CEST
Hello!
A konfigot a zorp-gateway-v3.3FR1-tutorial-ssl-en.pdf nevu
- altalatok javasolt - dokumentaciobol vettem:
from Zorp.Core import *
from Zorp.Pssl import *
from Zorp.Http import *
InetZone("intranet", "192.168.2.0/24",
inbound_services=[],
outbound_services=["intra_Keybridge_HTTPS_inter"])
InetZone("internet", "0.0.0.0/0",
inbound_services=["intra_Keybridge_HTTPS_inter"],
outbound_services=[])
class StrongHttpsProxy(HttpProxy):
def config(self):
HttpProxy.config(self)
self.ssl.client_keypair_files=("/etc/ssl/certs/fw.akarmi.hu.crt", "/etc/ssl/private/fw.akarmi.hu.key")
self.ssl.client_verify_type=SSL_VERIFY_NONE
self.ssl.client_connection_security = SSL_FORCE_SSL
self.ssl.server_connection_security = SSL_FORCE_SSL
self.ssl.server_cagroup_directories=("/etc/zorp/ca.crt", "/etc/zorp/crls/")
self.ssl.server_ssl_method=SSL_METHOD_ALL
self.ssl.server_disable_proto_sslv2=TRUE
self.ssl.server_ssl_cipher=SSL_CIPHERS_HIGH
self.ssl.server_verify_type=SSL_VERIFY_REQUIRED_UNTRUSTED
class KeybrideStrongHttpsProxy(StrongHttpsProxy):
def config(self):
StrongPsslProxy.config(self)
self.handshake_seq=PSSL_HSO_SERVER_CLIENT
self.client_keypair_generate=TRUE
self.ssl.key_generator=X509KeyBridge(key_file="/etc/zorp/keybridging_cert/fwca.key", key_passphrase="jelszo", cache_directory="/var/lib/zorp/ssl-bridge", trusted_ca_files=("/etc/zorp/certs/trust.crt", "/etc/zorp/certs/trust.key.nopass"), untrusted_ca_files=("/etc/zorp/certs/untrust.crt", "/etc/zorp/certs/untrust.key.nopass"))
def ssl_keybridge() :
Service(name="intra_Keybridge_HTTPS_inter", proxy_class=KeybrideStrongHttpsProxy, router=TransparentRouter(overrideable=FALSE, forge_addr=TRUE))
Dispatcher(bindto=SockAddrInet('192.168.2.254', 50443), service="intra_Keybridge_HTTPS_inter", transparent=TRUE, threaded=FALSE, backlog=255)
A /etc/zorp/instances.conf fajl tartalma:
ssl_keybridge --verbose=5 --threads=100 --policy /etc/zorp/policy.py --autobind-ip 192.168.200.254
# zorpctl start
Starting Zorp Firewall Suite: /usr/share/zorp/pylib/Zorp/Pssl.py:525: DeprecationWarning: the sets module is deprecated
from sets import ImmutableSet
Traceback (most recent call last):
File "/usr/share/zorp/pylib/Zorp/Zorp.py", line 485, in init
func()
File "/etc/zorp/policy.py", line 38, in ssl_keybridge
Dispatcher(bindto=SockAddrInet('192.168.2.254', 50443), service="intra_Keybridge_HTTPS_inter", transparent=TRUE, threaded=FALSE, backlog=255)
File "/usr/share/zorp/pylib/Zorp/Dispatch.py", line 388, in __init__
AbstractDispatch.__init__(self, Zorp.firewall_name, bindto, **kw)
File "/usr/share/zorp/pylib/Zorp/Dispatch.py", line 224, in __init__
if bindto.protocol == ZD_PROTO_AUTO:
AttributeError: No such attribute
ssl_keybridge!
The following errors occurred so far:
Zorp instance startup failed, instance='ssl_keybridge', rc='512'
# zorpctl version
Zorp 3.9.0
Revision: ssh+git://coroner@git.balabit//var/scm/git/zorp/zorp-core--mainline--4.0#master#fcb59dd06e0805ce995b8d94cc8c12096e385365
Compile-Date: Apr 13 2011 09:11:19
Config-Date: 2011/04/13
Trace: off
Debug: off
IPOptions: off
IPFilter-Tproxy: off
Netfilter-Tproxy: on
Linux22-Tproxy: off
libzorpll 3.9.0.1
Revision:
Compile-Date: Apr 12 2011 14:36:53
Trace: off
MemTrace: off
Caps: on
Debug: off
StackDump: off
--
Udvozlettel
Zsiga
További információk a(z) zorp-hu levelezőlistáról