From f6b2962e705eee64837e95d8150ae5a7057b612a Mon Sep 17 00:00:00 2001 From: Louis Maillard Date: Mon, 9 Sep 2024 10:44:06 -0400 Subject: [PATCH] config: replace jami.net servers by sfl.io We was using jami.net tun server and bootstrap node in docs, config and even source code as default. To split concerns, DHTNet now have it's own turn.sfl.io and bootstrap.sfl.io services for demonstration and public testing purpose. They are still not intended for production use. Also change default conf to allow anonymous by default. This is not a security concern as by default we only allow SSH access, which is secure and restricted by key / password. Change-Id: Ibcd3607dcd7f46ed21c0ac396fde0459edc2c92e --- src/connectionmanager.cpp | 2 +- tests/connectionManager.cpp | 2 +- tests/ice.cpp | 28 ++++++++++++++-------------- tests/turnCache.cpp | 16 ++++++++-------- tools/benchmark/main.cpp | 2 +- tools/dhtnet_crtmgr/main.cpp | 16 ++++++++-------- tools/dnc/dnc.yaml | 18 +++++++++--------- tools/dsh/dsh.yaml | 16 ++++++++-------- tools/dvpn/dvpn.1 | 2 +- tools/dvpn/dvpn.yaml | 16 ++++++++-------- 10 files changed, 59 insertions(+), 59 deletions(-) diff --git a/src/connectionmanager.cpp b/src/connectionmanager.cpp index 831762ba..544435e3 100644 --- a/src/connectionmanager.cpp +++ b/src/connectionmanager.cpp @@ -77,7 +77,7 @@ createConfig(std::shared_ptr config_) }; config_->dht = std::make_shared(); config_->dht->run(dhtConfig, std::move(dhtContext)); - config_->dht->bootstrap("bootstrap.jami.net"); + config_->dht->bootstrap("bootstrap.sfl.io"); } if (!config_->factory){ config_->factory = std::make_shared(config_->logger); diff --git a/tests/connectionManager.cpp b/tests/connectionManager.cpp index 17c9e4d6..b4d3af32 100644 --- a/tests/connectionManager.cpp +++ b/tests/connectionManager.cpp @@ -80,7 +80,7 @@ class ConnectionManagerTest : public CppUnit::TestFixture std::shared_ptr factory; private: - std::unique_ptr setupHandler(const dht::crypto::Identity& id, const std::string& bootstrap = "bootstrap.jami.net"); + std::unique_ptr setupHandler(const dht::crypto::Identity& id, const std::string& bootstrap = "bootstrap.sfl.io"); std::filesystem::path testDir_; void testConnectDevice(); diff --git a/tests/ice.cpp b/tests/ice.cpp index c2c13042..36906617 100644 --- a/tests/ice.cpp +++ b/tests/ice.cpp @@ -93,7 +93,7 @@ IceTest::setUp() }; dht_->run(0, config, std::move(context)); - dht_->bootstrap("bootstrap.jami.net:4222"); + dht_->bootstrap("bootstrap.sfl.io:4222"); // Wait for the DHT's public address to be available, otherwise the assertion that // `addr4.size() != 0` at the beginning of several of the tests will fail. cv.wait_for(lk, std::chrono::seconds(5), [&] { @@ -101,7 +101,7 @@ IceTest::setUp() }); } if (!turnV4_) { - turnV4_ = std::make_unique("turn.jami.net", AF_INET); + turnV4_ = std::make_unique("turn.sfl.io", AF_INET); } if (!upnpContext) { if (!ioContext) { @@ -293,9 +293,9 @@ IceTest::testTurnMasterIceConnection() ice_config.accountLocalAddr = dhtnet::ip_utils::getLocalAddr(AF_INET); ice_config.turnServers.emplace_back(dhtnet::TurnServerInfo() .setUri(turnV4_->toString(true)) - .setUsername("ring") - .setPassword("ring") - .setRealm("ring")); + .setUsername("sfl") + .setPassword("sfl") + .setRealm("sfl")); ice_config.master = true; ice_config.streamsCount = 1; ice_config.compCountPerStream = 1; @@ -476,9 +476,9 @@ IceTest::testTurnSlaveIceConnection() }; ice_config.turnServers.emplace_back(dhtnet::TurnServerInfo() .setUri(turnV4_->toString(true)) - .setUsername("ring") - .setPassword("ring") - .setRealm("ring")); + .setUsername("sfl") + .setPassword("sfl") + .setRealm("sfl")); ice_config.master = false; ice_config.streamsCount = 1; ice_config.compCountPerStream = 1; @@ -545,9 +545,9 @@ IceTest::testReceiveTooManyCandidates() ice_config.accountLocalAddr = dhtnet::ip_utils::getLocalAddr(AF_INET); ice_config.turnServers.emplace_back(dhtnet::TurnServerInfo() .setUri(turnV4_->toString(true)) - .setUsername("ring") - .setPassword("ring") - .setRealm("ring")); + .setUsername("sfl") + .setPassword("sfl") + .setRealm("sfl")); ice_config.master = true; ice_config.streamsCount = 1; ice_config.compCountPerStream = 1; @@ -716,9 +716,9 @@ IceTest::testCompleteOnFailure() }; ice_config.turnServers.emplace_back(dhtnet::TurnServerInfo() .setUri(turnV4_->toString(true)) - .setUsername("ring") - .setPassword("ring") - .setRealm("ring")); + .setUsername("sfl") + .setPassword("sfl") + .setRealm("sfl")); ice_config.master = false; ice_config.streamsCount = 1; ice_config.compCountPerStream = 1; diff --git a/tests/turnCache.cpp b/tests/turnCache.cpp index 4767c648..443e0563 100644 --- a/tests/turnCache.cpp +++ b/tests/turnCache.cpp @@ -90,10 +90,10 @@ TurnCacheTest::testTurnResolution() auto cachePath = testDir_ / "cache"; TurnTransportParams turnParams; - turnParams.domain = "turn.jami.net"; - turnParams.realm = "ring"; - turnParams.username = "ring"; - turnParams.password = "ring"; + turnParams.domain = "turn.sfl.io"; + turnParams.realm = "sfl"; + turnParams.username = "sfl"; + turnParams.password = "sfl"; auto turnCache = std::make_shared("dummyAccount", cachePath.string(), @@ -129,10 +129,10 @@ TurnCacheTest::testRefreshMultipleTimes() bool enabled = true; TurnTransportParams turnParams; - turnParams.domain = "turn.jami.net"; - turnParams.realm = "ring"; - turnParams.username = "ring"; - turnParams.password = "ring"; + turnParams.domain = "turn.sfl.io"; + turnParams.realm = "sfl"; + turnParams.username = "sfl"; + turnParams.password = "sfl"; auto turnCache = std::make_shared("dummyAccount", cachePath.string(), diff --git a/tools/benchmark/main.cpp b/tools/benchmark/main.cpp index ff4ed72b..d001fd82 100644 --- a/tools/benchmark/main.cpp +++ b/tools/benchmark/main.cpp @@ -60,7 +60,7 @@ setupHandler(const std::string& name, h->dht = std::make_shared(); h->dht->run(dhtConfig, std::move(dhtContext)); h->dht->bootstrap("127.0.0.1:36432"); - //h->dht->bootstrap("bootstrap.jami.net"); + //h->dht->bootstrap("bootstrap.sfl.io"); auto config = std::make_shared(); config->dht = h->dht; diff --git a/tools/dhtnet_crtmgr/main.cpp b/tools/dhtnet_crtmgr/main.cpp index 34e9ab25..bd79b7e0 100644 --- a/tools/dhtnet_crtmgr/main.cpp +++ b/tools/dhtnet_crtmgr/main.cpp @@ -105,19 +105,19 @@ int create_yaml_config(std::filesystem::path file, std::filesystem::path certifi std::ofstream yaml_file (file); if (yaml_file.is_open()) { yaml_file << "# The bootstrap node serves as the entry point to the DHT network.\n"; - yaml_file << "# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only.\n"; + yaml_file << "# By default, bootstrap.sfl.io is configured for the public DHT network and should be used for personal use only.\n"; yaml_file << "# For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network.\n"; yaml_file << "# Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping\n"; - yaml_file << "bootstrap: \"bootstrap.jami.net\"\n"; + yaml_file << "bootstrap: \"bootstrap.sfl.io\"\n"; yaml_file << "\n# TURN server is used as a fallback for connections if the NAT block all possible connections.\n"; - yaml_file << "# By default is turn.jami.net (which uses coturn) but can be any TURN.\n"; + yaml_file << "# By default is turn.sfl.io (which uses coturn) but can be any TURN.\n"; yaml_file << "# Developer must set up their own TURN server.\n"; yaml_file << "# Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html\n"; - yaml_file << "turn_host: \"turn.jami.net\"\n"; - yaml_file << "turn_user: \"ring\"\n"; - yaml_file << "turn_pass: \"ring\"\n"; - yaml_file << "turn_realm: \"ring\"\n"; + yaml_file << "turn_host: \"turn.sfl.io\"\n"; + yaml_file << "turn_user: \"sfl\"\n"; + yaml_file << "turn_pass: \"sfl\"\n"; + yaml_file << "turn_realm: \"sfl\"\n"; yaml_file << "\n# When verbose is set to true, the server logs all incoming connections\n"; yaml_file << "verbose: false\n"; @@ -137,7 +137,7 @@ int create_yaml_config(std::filesystem::path file, std::filesystem::path certifi } else { yaml_file << "\n# When anonymous is set to true, the server accepts any connection without checking CA\n"; yaml_file << "# When anonymous is set to false, the server allows only connection which are issued by the same CA as the server\n"; - yaml_file << "anonymous: false\n"; + yaml_file << "anonymous: true\n"; yaml_file << "\n# List of authorized services\n"; yaml_file << "# Each service is defined by an IP and a port\n"; diff --git a/tools/dnc/dnc.yaml b/tools/dnc/dnc.yaml index e3dc30bf..b445a106 100644 --- a/tools/dnc/dnc.yaml +++ b/tools/dnc/dnc.yaml @@ -1,17 +1,17 @@ # The bootstrap node serves as the entry point to the DHT network. -# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only. +# By default, bootstrap.sfl.io is configured for the public DHT network and should be used for personal use only. # For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network. # Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping -bootstrap: "bootstrap.jami.net" +bootstrap: "bootstrap.sfl.io" # TURN server is used as a fallback for connections if the NAT block all possible connections. -# By default is turn.jami.net (which uses coturn) but can be any TURN. -# Developer must set up their own TURN server. +# By default is turn.sfl.io (which uses coturn) but can be any TURN. +# Developer must set up their own TURN server before going to production, as this one will not scale. # Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html -turn_host: "turn.jami.net" -turn_user: "ring" -turn_pass: "ring" -turn_realm: "ring" +turn_host: "turn.sfl.io" +turn_user: "sfl" +turn_pass: "sfl" +turn_realm: "sfl" # When verbose is set to true, the server logs all incoming connections verbose: false @@ -40,7 +40,7 @@ port: 22 # When anonymous is set to true, the server accepts any connection without checking CA # When anonymous is set to false, the server allows only connection which are issued by the same CA as the server -anonymous: false +anonymous: true # List of authorized services # Each service is defined by an IP and a port diff --git a/tools/dsh/dsh.yaml b/tools/dsh/dsh.yaml index 3241ebfc..95b8558c 100644 --- a/tools/dsh/dsh.yaml +++ b/tools/dsh/dsh.yaml @@ -1,17 +1,17 @@ # The bootstrap node serves as the entry point to the DHT network. -# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only. +# By default, bootstrap.sfl.io is configured for the public DHT network and should be used for personal use only. # For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network. # Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping -bootstrap: "bootstrap.jami.net" +bootstrap: "bootstrap.sfl.io" # TURN server is used as a fallback for connections if the NAT block all possible connections. -# By default is turn.jami.net (which uses coturn) but can be any TURN. +# By default is turn.sfl.io (which uses coturn) but can be any TURN. # Developer must set up their own TURN server. # Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html -turn_host: "turn.jami.net" -turn_user: "ring" -turn_pass: "ring" -turn_realm: "ring" +turn_host: "turn.sfl.io" +turn_user: "sfl" +turn_pass: "sfl" +turn_realm: "sfl" # On server, identities are saved in /etc/dhtnet/id/ # On client, they are generaly saved in ~/.dnc/ @@ -33,5 +33,5 @@ binary: "bash" # When anonymous is set to true, the server accepts any connection without checking CA # When anonymous is set to false, the server allows only connection which are issued by the same CA as the server -anonymous: false +anonymous: true diff --git a/tools/dvpn/dvpn.1 b/tools/dvpn/dvpn.1 index 67084de0..b7a5452c 100644 --- a/tools/dvpn/dvpn.1 +++ b/tools/dvpn/dvpn.1 @@ -30,7 +30,7 @@ Run dvpn in listen mode, allowing the program to accept incoming VPN connections .TP .B \-b, \-\-bootstrap \fIADDRESS\fR -Specify the address of a bootstrap node to connect to an existing DHT network. Default is "bootstrap.jami.net" if not specified. +Specify the address of a bootstrap node to connect to an existing DHT network. Default is "bootstrap.sfl.io" if not specified. .TP .B \-t, \-\-turn_host \fIADDRESS\fR diff --git a/tools/dvpn/dvpn.yaml b/tools/dvpn/dvpn.yaml index 7df7f534..d84d8098 100644 --- a/tools/dvpn/dvpn.yaml +++ b/tools/dvpn/dvpn.yaml @@ -1,17 +1,17 @@ # The bootstrap node serves as the entry point to the DHT network. -# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only. +# By default, bootstrap.sfl.io is configured for the public DHT network and should be used for personal use only. # For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network. # Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping -bootstrap: "bootstrap.jami.net" +bootstrap: "bootstrap.sfl.io" # TURN server is used as a fallback for connections if the NAT block all possible connections. -# By default is turn.jami.net (which uses coturn) but can be any TURN. +# By default is turn.sfl.io (which uses coturn) but can be any TURN. # Developer must set up their own TURN server. # Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html -turn_host: "turn.jami.net" -turn_user: "ring" -turn_pass: "ring" -turn_realm: "ring" +turn_host: "turn.sfl.io" +turn_user: "sfl" +turn_pass: "sfl" +turn_realm: "sfl" # On server, identities are saved in /etc/dhtnet/id/ # On client, they are generaly saved in ~/.dnc/ @@ -25,4 +25,4 @@ turn_realm: "ring" # When anonymous is set to true, the server accepts any connection without checking CA # When anonymous is set to false, the server allows only connection which are issued by the same CA as the server -anonymous: false \ No newline at end of file +anonymous: true \ No newline at end of file