apps/openlan
1
0
Fork 0
mirror of https://github.com/luscis/openlan.git synced 2025-09-27 04:46:02 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: update names

Browse Source
This commit is contained in:
Daniel Ding
2023-12-30 11:53:10 +08:00
parent 0231e500f0
commit a99687a71f
7 changed files with 119 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.cn.md
View File

@@ -20,9 +20,9 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
## OpenLAN有什么功能 ## OpenLAN有什么功能
* 用户可以使用OpenLAN划分多个网络空间为不同的业务提供逻辑网络隔离 * 用户可以使用OpenLAN划分多个网络空间为不同的业务提供逻辑网络隔离
* 多个OpenLAN Switch之间可以使用OpenLAN协议在层上互联互通,在二层网络上可以添加SNAT路由轻松的访问企业内部网络 * 多个Central Switch之间可以使用OpenLAN协议在链路层上互联互通,在链路网络上可以添加SNAT路由轻松的访问企业内部网络
* 用户可以使用OpenVPN接入OpenLAN网络OpenVPN支持多平台如Android/MacOS/Windows等 * 用户可以使用OpenVPN接入用户网络OpenVPN支持多平台如Android/MacOS/Windows等
* 多个OpenLAN Switch之间也可以使用IPSec隧道网络并且支持在该网络上进一步划分VxLAN/STT的租户网络 * 多个Central Switch之间也可以使用IPSec隧道网络并且支持在该网络上进一步划分VxLAN/STT的租户网络
* 使用简单的用户名密码的作为接入认证方式,并且可以设置预共享密钥对数据报文进行加密; * 使用简单的用户名密码的作为接入认证方式,并且可以设置预共享密钥对数据报文进行加密;
* OpenLAN协议可以工作在TCP/TLS/UDP/KCP/WS/WSS等多种传输协议上TCP具有较高的性能TLS/WSS能够提供更好的加密安全 * OpenLAN协议可以工作在TCP/TLS/UDP/KCP/WS/WSS等多种传输协议上TCP具有较高的性能TLS/WSS能够提供更好的加密安全
* OpenLAN也提供了简单的HTTP/HTTPS/SOCKS5等HTTP的正向代理技术用户可以根据需要灵活配置代理进行网络穿透 * OpenLAN也提供了简单的HTTP/HTTPS/SOCKS5等HTTP的正向代理技术用户可以根据需要灵活配置代理进行网络穿透
@@ -31,7 +31,7 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
## OpenLAN的工作场景 ## OpenLAN的工作场景
### 分支中心接入 ### 分支中心接入
OpenLan Switch(企业中心) - 10.16.1.10/24 Central Switch(企业中心) - 10.16.1.10/24
^ ^
| |
Wifi(DNAT) Wifi(DNAT)
@@ -50,13 +50,13 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
192.168.1.20/24 192.168.1.21/24 192.168.1.20/24 192.168.1.21/24
| | | |
OpenLAN -- 酒店 Wifi --> OpenLAN Switch(南京) <--- 其他 Wifi --- OpenLAN OpenLAN -- 酒店 Wifi --> Central Switch(南京) <--- 其他 Wifi --- OpenLAN
| |
| |
互联网 互联网
| |
| |
OpenLAN Switch(上海) - 192.168.1.10/24 Central Switch(上海) - 192.168.1.10/24
| |
| |
------------------------------------------------------ ------------------------------------------------------

14
README.en.md
View File

@@ -19,17 +19,17 @@ If you have more flexible VPN business needs and need to use VPN to access the e
## What is the function of OpenLAN? ## What is the function of OpenLAN?
* Users can use OpenLAN to divide multiple network spaces to provide logical network isolation for different services; * Users can use OpenLAN to divide multiple network spaces to provide logical network isolation for different services;
* Multiple OpenLAN Switches can use the OpenLAN protocol to communicate on the second layer, and SNAT routes can be added to the second layer network to easily access the internal network of the enterprise; * Multiple Central Switchs can use the OpenLAN protocol to communicate on the ethernet layer, and SNAT routes can be added to the second layer network to easily access the internal network of the enterprise;
* Users can use OpenVPN to access the OpenLAN network, OpenVPN supports multiple platforms such as Android/MacOS/Windows, etc.; * Users can use OpenVPN to access the User Network, OpenVPN supports multiple platforms such as Android/MacOS/Windows, etc;
* IPSec tunnel network can also be used between multiple OpenLAN Switches, and it supports further division of VxLAN/STT tenant networks on this network; * IPSec tunnel network can also be used between multiple Central Switchs, and it supports further division of VxLAN/STT tenant networks on this network;
* Use a simple username and password as the access authentication method, and you can set a pre-shared key to encrypt data packets; * Use a simple username and password as the access authentication method, and you can set a pre-shared key to encrypt data packets;
* The OpenLAN protocol can work on various transmission protocols such as TCP/TLS/UDP/KCP/WS/WSS, TCP has high performance, and TLS/WSS can provide better encryption security; * The OpenLAN protocol can work on various transmission protocols such as TCP/TLS/UDP/KCP/WS/WSS, TCP has high performance, and TLS/WSS can provide better encryption security;
* OpenLAN also provides simple HTTP/HTTPS/SOCKS5 and other HTTP forward proxy technology, users can flexibly configure proxy for network penetration according to needs; * OpenLAN also provides simple HTTP/HTTPS/SOCKS5 and other HTTP forward proxy technology, users can flexibly configure proxy for network penetration according to needs;
## Working scenario of OpenLAN? ## Working scenario of OpenLAN?
### Branch center access ### Branch central access
OpenLan Switch(Center) - 10.16.1.10/24 Central Switch - 10.16.1.10/24
^ ^
| |
Wifi(DNAT) Wifi(DNAT)
@@ -47,13 +47,13 @@ If you have more flexible VPN business needs and need to use VPN to access the e
192.168.1.20/24 192.168.1.21/24 192.168.1.20/24 192.168.1.21/24
| | | |
OpenLAN -- Hotel Wifi --> OpenLAN Switch(NanJing) <--- Other Wifi --- OpenLAN OpenLAN -- Hotel Wifi --> Central Switch(NanJing) <--- Other Wifi --- OpenLAN
| |
| |
Internet Internet
| |
| |
OpenLAN Switch(Shanghai) - 192.168.1.10/24 Central Switch(Shanghai) - 192.168.1.10/24
| |
| |
------------------------------------------------------ ------------------------------------------------------

56
docs/central.md
View File

@@ -3,7 +3,7 @@
## Topology ## Topology
``` ```
OLSW(Central) - 10.16.1.10/24 Switch(Central) - 10.16.1.10/24
^ ^
| |
Wifi(DNAT) Wifi(DNAT)
@@ -14,26 +14,26 @@
| | | | | |
Branch1 Branch2 Branch3 Branch1 Branch2 Branch3
| | | | | |
OLAP1 OLAP2 OLAP3 Access Point Access Point Access Point
10.16.1.11/24 10.16.1.12/24 10.16.1.13/24 10.16.1.11/24 10.16.1.12/24 10.16.1.13/24
``` ```
## Configure OLSW ## Configure Central Switch
生成预共享密钥: Generage a pre-shared key:
``` ```
[root@olsw ~]# uuidgen [root@switch ~]# uuidgen
e108fe36-a2cd-43bc-82e2-f367aa429ed2 e108fe36-a2cd-43bc-82e2-f367aa429ed2
[root@olsw ~]# [root@switch ~]#
``` ```
交换机配置: Global configure with pre-share key:
``` ```
[root@olsw ~]# cd /etc/openlan/switch [root@switch ~]# cd /etc/openlan/switch
[root@olsw ~]# cat > switch.json <<EOF [root@switch ~]# cat > switch.json <<EOF
{ {
"cert": { "cert": {
"dir": "/var/openlan/cert" "dir": "/var/openlan/cert"
@@ -52,11 +52,11 @@ e108fe36-a2cd-43bc-82e2-f367aa429ed2
EOF EOF
``` ```
添加网络配置: Add a user network configuration:
``` ```
[root@olsw ~]# cd network [root@switch ~]# cd network
[root@olsw ~]# cat > central.json <<EOF [root@switch ~]# cat > central.json <<EOF
{ {
"name": "central", "name": "central",
"bridge": { "bridge": {
@@ -70,7 +70,7 @@ EOF
}, },
"hosts": [ "hosts": [
{ {
"hostname": "olap1.hostname", "hostname": "access1.hostname",
"address": "10.16.1.11" "address": "10.16.1.11"
} }
], ],
@@ -82,44 +82,44 @@ EOF
EOF EOF
``` ```
添加接入认证的用户: Add three access users on central network:
``` ```
[root@olsw ~]# openlan us add --name admin@central --role admin [root@switch ~]# openlan us add --name admin@central --role admin
[root@olsw ~]# openlan us add --name olap1@central [root@switch ~]# openlan us add --name access1@central
[root@olsw ~]# openlan us add --name olap2@central [root@switch ~]# openlan us add --name access2@central
[root@olsw ~]# openlan us add --name olap3@central [root@switch ~]# openlan us add --name access3@central
``` ```
## Configure OLAP ## Configure Access Point
添加一个网络: Add a user network configuration:
``` ```
[root@olap1 ~]# cd /etc/openlan [root@access1 ~]# cd /etc/openlan
[root@olap1 ~]# cat > central.json <<EOF [root@access1 ~]# cat > central.json <<EOF
{ {
"crypt": { "crypt": {
"secret": "f367aa429ed2" "secret": "f367aa429ed2"
}, },
"connection": "public-ip-of-olsw", "connection": "public-ip-of-switch",
"username": "olap1@central", "username": "access1@central",
"password": "get-password-of-olsw-administrator" "password": "get-password-of-switch-administrator"
} }
EOF EOF
[root@olap1 ~]# cat central.json | python -m json.tool [root@access1 ~]# cat central.json | python -m json.tool
``` ```
配置网络服务: Enable Access Point for central network:
``` ```
systemctl enable --now openlan-point@central systemctl enable --now openlan-point@central
``` ```
检查启动日志: Check journal log:
``` ```
journalctl -u openlan-point@central journalctl -u openlan-point@central

20
docs/ecmp.md
View File

@@ -1,36 +1,36 @@
# Topology # Topology
``` ```
OLAP1 OLAP2 OLAP3 10.16.10.x/24 Access1 Access2 Access3 10.16.10.x/24
| | | | | |
+-------------+--------------+ +-------------+--------------+
| |
| |
OLSW(BJ) 10.16.10.1/24 Switch(BJ) 10.16.10.1/24
| | | |
| | | |
+------------+ +-------------+ +------------+ +-------------+
| | | |
10.16.10.3/24 | | 10.16.10.2/24 10.16.10.3/24 | | 10.16.10.2/24
OLSW(NJ) OLSW(WH) Switch(NJ) Switch(WH)
10.18.10.3/24 | | 10.18.10.2/24 10.18.10.3/24 | | 10.18.10.2/24
| | | |
+------------+ +-------------+ +------------+ +-------------+
| | | |
| | | |
OLSW(SZ) 10.18.10.1/24 Switch(SZ) 10.18.10.1/24
| |
| |
+-------------+--------------+ 10.18.10.x/24 +-------------+--------------+ 10.18.10.x/24
| | | |
OLAP6 OLAP7 Access6 Access7
``` ```
# Test # Test
On OLAP6 On Access6
``` ```
ping 10.16.10.1 ping 10.16.10.1
``` ```
On OLAP7 On Access7
``` ```
ping 10.16.10.1 ping 10.16.10.1
``` ```

72
docs/install.md
View File

@@ -1,16 +1,16 @@
# Preface # Preface
openlan软件包含下面部分: OpenLAN软件包含下面部分:
* openlan switch具有公网地址的centos服务器、云主机或者dmz主机 * Central Switch : 具有公网地址的CentOS服务器、云主机或者DMZ主机
* openlan point运行在企业内部的centos主机或者移动办公的pc上,没有公网地址 * Access Point : 运行在企业内部的CentOS主机或者移动办公的PC上,没有公网地址
* openlan network管理员定义的逻辑网络 * User Network : 管理员定义的逻辑网络
# CentOS # CentOS
## OpenLAN Switch ## Central Switch
您可以在centos7上通过下面步骤部署openlan switch软件 您可以在CentOS7上通过下面步骤部署Central Switch软件
1. 安装依赖的软件; 1. 安装依赖的软件;
``` ```
yum install -y epel-release yum install -y epel-release
@@ -18,11 +18,11 @@ openlan软件包含下面部分
yum install -y centos-release-openstack-train yum install -y centos-release-openstack-train
yum install -y rdma-core libibverbs yum install -y rdma-core libibverbs
``` ```
2. 使用yum安装openlan switch软件 2. 使用yum安装Central Switch软件
``` ```
yum install -y https://github.com/luscis/openlan/releases/download/v5.8.22/openlan-switch-5.8.22-1.el7.x86_64.rpm yum install -y https://github.com/luscis/openlan/releases/download/v5.8.22/openlan-switch-5.8.22-1.el7.x86_64.rpm
``` ```
3. 配置openlan switch服务自启动 3. 配置Central Switch服务自启动
``` ```
systemctl enable --now openlan-switch systemctl enable --now openlan-switch
``` ```
@@ -41,26 +41,25 @@ openlan软件包含下面部分
openlan cfg co ## 配置预检查 openlan cfg co ## 配置预检查
``` ```
5. 添加一个新的openlan网络; 5. 添加一个新的OpenLAN网络;
``` ```
cd ./network cd ./network
cp ./network.json.example ./example.json cp ./network.json.example ./example.json
vim ./example.json vim ./example.json
{ {
"name": "example", "name": "example",
"provider": "openlan",
"bridge": { "bridge": {
"address": "172.32.10.10/24" ## 本地地址 "address": "172.32.10.10/24" ## 一个唯一的子网地址,如共享二层网络填充本地地址
}, },
"subnet": { ## 网络的子网配置,如果没有动态地址分配可以忽略 "subnet": { ## 网络的子网配置,如果没有动态地址分配可以忽略
"start": "172.32.10.100", ## 用于动态分配给point的起始地址 "start": "172.32.10.100", ## 用于动态分配给接入point的起始地址
"end": "172.32.10.150", ## 截止地址 "end": "172.32.10.150", ## 用于动态分配的截止地址
"netmask": "255.255.255.0" ## 子网掩码 "netmask": "255.255.255.0" ## 网络子网掩码
}, },
"hosts": [ ## 为point添加静态地址分配 "hosts": [ ## 为point添加静态地址分配
{ {
"hostname": "pc-99", ## point的主机名称 "hostname": "pc-99", ## 接入point的主机名称
"address": "172.32.10.99" ## 分配的地址 "address": "172.32.10.99" ## 固定的地址
} }
], ],
"routes": [ ## 注入给point的路由信息 "routes": [ ## 注入给point的路由信息
@@ -77,35 +76,34 @@ openlan软件包含下面部分
} }
openlan cfg co ## 配置预检查 openlan cfg co ## 配置预检查
``` ```
6. 重启openlan switch服务 6. 重启Central Switch服务
``` ```
systemctl restart openlan-switch systemctl restart openlan-switch
journalctl -u openlan-switch ## 查看日志信息 journalctl -u openlan-switch ## 查看日志信息
``` ```
7. 导出openvpn的客户端配置文件 7. 添加一个新的接入认证的用户
```
cd /var/openlan/openvpn/example ## openvpn的配置信息存放目录
cat ./client.ovpn ## 导出后编辑remote配置项替换0.0.0.0为公网IP地址
```
或者通过http接口获取
```
cat /etc/openlan/switch/token | md5sum | cut -b 1-12
a01234abc00 ## 获取口令
curl -k https://a01234abc00@<access-ip>:10000/get/network/example/tcp1194.ovpn
## 替换access-ip为公网IP地址
```
8. 添加一个新的接入认证的用户;
``` ```
openlan us add --name hi@example ## <用户名>@<网络> openlan us add --name hi@example ## <用户名>@<网络>
openlan us ls | grep example ## 查看随机密码 openlan us ls --network example ## 查看随机密码
hi@example l6llot97yxulsw1qqbm07vn1 guest ## <用户名>@<网络> 密码 角色 租期 hi@example l6llot97yx guest ## <用户名>@<网络> 密码 角色 租期
openlan us rm --name hi@example ## 删除一个用户 openlan us rm --name hi@example ## 删除一个用户
``` ```
## OpenLAN Point 8. 导出OpenVPN的客户端配置文件
同样的您也可以在centos7上通过下面步骤部署openlan point软件 在浏览器直接访问接口获取VPN Profile弹出框中输入账户密码。
1. 使用yum安装openlan point软件 ```
curl -k https://<access-ip>:10000/get/network/example/ovpn
## 替换access-ip为公网IP地址
```
在OpenVPN的客户端`via URL`的方式自动导入,输入框中录入用户名密码。
```
https://<access-ip>:10000
```
## Access Point
同样的您也可以在CentOS7上通过下面步骤部署Access Point软件
1. 使用yum安装Access Point软件
``` ```
yum install -y https://github.com/luscis/openlan/releases/download/v5.6.4/openlan-point-5.6.4-1.el7.x86_64.rpm yum install -y https://github.com/luscis/openlan/releases/download/v5.6.4/openlan-point-5.6.4-1.el7.x86_64.rpm
``` ```
@@ -126,7 +124,7 @@ openlan软件包含下面部分
} }
cat example.json | python -m json.tool ## 配置预检查 cat example.json | python -m json.tool ## 配置预检查
``` ```
3. 配置openlan point服务自启动 3. 配置Access Point服务自启动
``` ```
systemctl enable --now openlan-point@example systemctl enable --now openlan-point@example
journalctl -u openlan-point@example ## 查看日志信息 journalctl -u openlan-point@example ## 查看日志信息

64
docs/multiarea.md
View File

@@ -5,13 +5,13 @@
``` ```
192.168.1.20/24 192.168.1.21/24 192.168.1.20/24 192.168.1.21/24
| | | |
OLAP1 -- Hotal Wifi --> OLSW(NJ) <--- Other Wifi --- OLAP2 Access1 -- Hotal Wifi --> Switch(NJ) <--- Other Wifi --- Access2
| |
| |
Internet Internet
| |
| |
OLSW(SH) - 192.168.1.10/24 Switch(SH) - 192.168.1.10/24
| |
| |
+------------------------+---------------------------+ +------------------------+---------------------------+
@@ -19,17 +19,17 @@
| | | | | |
Office Wifi Home Wifi Hotal Wifi Office Wifi Home Wifi Hotal Wifi
| | | | | |
OLAP3 OLAP4 OLAP5 Access3 Access4 Access5
192.168.1.11/24 192.168.1.12/24 192.168.1.13/24 192.168.1.11/24 192.168.1.12/24 192.168.1.13/24
``` ```
## Configure OLSW for Nanjing ## Configure Central Switch for Nanjing
配置交换机: Global configure:
``` ```
[root@olsw-nj ~]# cd /etc/openlan/switch [root@switch-nj ~]# cd /etc/openlan/switch
[root@olsw-nj ~]# cat > switch.json <<EOF [root@switch-nj ~]# cat > switch.json <<EOF
{ {
"cert": { "cert": {
"dir": "/var/openlan/cert" "dir": "/var/openlan/cert"
@@ -44,11 +44,11 @@
EOF EOF
``` ```
配置网络: Network configure:
``` ```
[root@olsw-nj ~]# cd network [root@switch-nj ~]# cd network
[root@olsw-nj ~]# cat > private.json <<EOF [root@switch-nj ~]# cat > private.json <<EOF
{ {
"name": "private", "name": "private",
"bridge": { "bridge": {
@@ -66,25 +66,25 @@ EOF
} }
} }
EOF EOF
[root@olsw-nj ~]# openlan cfg co [root@switch-nj ~]# openlan cfg co
[root@olsw-sh ~]# systemctl restart openlan-switch [root@switch-sh ~]# systemctl restart openlan-switch
``` ```
添加认证用户: Add two access users on private network:
``` ```
[root@olsw-nj ~]# openlan us add --name admin@private --role admin [root@switch-nj ~]# openlan us add --name admin@private --role admin
[root@olsw-nj ~]# openlan us add --name olap1@private [root@switch-nj ~]# openlan us add --name access1@private
[root@olsw-nj ~]# openlan us add --name olap2@private [root@switch-nj ~]# openlan us add --name access2@private
``` ```
## Configure OLSW for ShangHai ## Configure Central Switch for ShangHai
配置交换机: Global configure:
``` ```
[root@olsw-sh ~]# cd /etc/openlan/switch [root@switch-sh ~]# cd /etc/openlan/switch
[root@olsw-sh ~]# cat > switch.json <<EOF [root@switch-sh ~]# cat > switch.json <<EOF
{ {
"cert": { "cert": {
"dir": "/var/openlan/cert" "dir": "/var/openlan/cert"
@@ -99,11 +99,11 @@ EOF
EOF EOF
``` ```
配置网络: Network configure:
``` ```
[root@olsw-sh ~]# cd network [root@switch-sh ~]# cd network
[root@olsw-sh ~]# cat > private.json <<EOF [root@switch-sh ~]# cat > private.json <<EOF
{ {
"name": "private", "name": "private",
"bridge": { "bridge": {
@@ -121,8 +121,8 @@ EOF
}, },
"links": [ "links": [
{ {
"connection": "address-of-olsw-nj", "connection": "address-of-switch-nj",
"password": "get-it-from-olsw-nj", "password": "get-it-from-switch-nj",
"username": "admin", "username": "admin",
"crypt": { "crypt": {
"secret": "f367aa429ed2" "secret": "f367aa429ed2"
@@ -131,16 +131,16 @@ EOF
] ]
} }
EOF EOF
[root@olsw-sh ~]# openlan cfg co [root@switch-sh ~]# openlan cfg co
[root@olsw-sh ~]# systemctl restart openlan-switch [root@switch-sh ~]# systemctl restart openlan-switch
``` ```
添加认证用户: Add three access users on private network:
``` ```
[root@olsw-sh ~]# openlan us add --name admin@private --role admin [root@switch-sh ~]# openlan us add --name admin@private --role admin
[root@olsw-sh ~]# openlan us add --name olap3@private [root@switch-sh ~]# openlan us add --name access3@private
[root@olsw-sh ~]# openlan us add --name olap4@private [root@switch-sh ~]# openlan us add --name access4@private
[root@olsw-sh ~]# openlan us add --name olap5@private [root@switch-sh ~]# openlan us add --name access5@private
``` ```

2
pkg/config/switch.go
View File

@@ -139,7 +139,7 @@ func (s *Switch) Correct() {
s.Protocol = "tcp" s.Protocol = "tcp"
} }
if s.AddrPool == "" { if s.AddrPool == "" {
s.AddrPool = "100.44" s.AddrPool = "169.254"
} }
s.Queue.Correct() s.Queue.Correct()
} }