strange issue with set::tls

This forum is for everyone having trouble with linking two UnrealIRCd servers

Moderator: Supporters

Post Reply
CrazyCat
Posts: 215
Joined: Thu Apr 28, 2005 1:05 pm
Location: France
Contact:
Contact CrazyCat

strange issue with set::tls

Post by CrazyCat »

I there,

I noticed a strange thing with the configuration of tls.
I made an adaptative configuration which includes files depending on a variable setted in unreal. This file contains two important things: the server set::tls{} block and the link{} blocks.
I load this file really early in unrealircd.conf.

When I tried to link the servers, I got a spkifp error. So I decided to move the tls setting in the main set{} block and then it works.

Why doesn't it work previously ? Is it because in my included file I setted the set::tls{} block before the link{} one ?
Top
Syzop
UnrealIRCd head coder
Posts: 2112
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:
Contact Syzop

Re: strange issue with set::tls

Post by Syzop »

After all files are retrieved and parsed, UnrealIRCd first processes the set blocks (does not matter in which files they are), and only after all set blocks have been processed then it continues with the link blocks and the other blocks. So I don't think it's that.

Just to double check, are you sure it was that? And it wasn't like... just the "act" of REHASHing, even without any config changes, may have solved the issue already, because it rereads the certificate for example and it was changed?

Maybe you can illustrate what your config was (when you had the problem). I think I understand you but just to be sure... and so we have an easy to try test case :)
Top
CrazyCat
Posts: 215
Joined: Thu Apr 28, 2005 1:05 pm
Location: France
Contact:
Contact CrazyCat

Re: strange issue with set::tls

Post by CrazyCat »

Here is my unrealircd:

Code: Select all

@define $SERVER "server1"
include "modules.default.conf";
loadmodule "websocket";
loadmodule "webserver";
loadmodule "cloak_md5";
include "help/help.conf";
include "badwords.conf";
include "operclass.default.conf";

### HERE IS THE INCLUDE ###
include "$SERVER.conf";

tld {
   mask *;
   motd "$SERVER.ircd.motd";
   rules "ircd.rules";
   botmotd "$SERVER.bot.motd";
};

class clients {
    pingfreq 90;
    maxclients 2000;
    sendq 100000;
    recvq 8000;
};

class servers {
    pingfreq 90;
    maxclients 10;
    sendq 5M;
    connfreq 100;
};

allow {
    mask "*@*";
    class clients;
    maxperip 3;
};

include "olines.conf";

listen {
    ip $MYIP;
    port 6665-6670;
    options { websocket { type text; }; };
    tls-options {
      certificate "tls/domain/fullchain.pem";
      key "tls/domain/privkey.pem";
    };
};

listen {
    ip $MYIP;
    port 6697;
    options { tls; websocket { type text; }; };
    tls-options {
      certificate "tls/domain/fullchain.pem";
      key "tls/domain/privkey.pem";
    };
};

listen {
    ip $MYIP;
    port 8000;
    options { tls; websocket { type text; }; };
    tls-options {
      certificate "tls/domain/fullchain.pem";
      key "tls/domain/privkey.pem";
    };
};

listen {
    ip $MYIP;
    port 7000;
    options { tls; serversonly; };
};
listen {
    ip 127.0.0.1;
    port 7001;
    options { serversonly; };
};

ulines {
    services.domain.chat;
};

drpass {
    restart "iamapassword";
    die "iamapassword";
};

log {
    source {
        !debug;
        all;
    };
    destination {
        file "ircd.%Y%m.log" { maxsize 100M; };
    };
};

blacklist-module "chanmodes/chanowner";
blacklist-module "chanmodes/chanadmin";

include "cgiirc.conf";
include "snomasks.default.conf";
include "deny.conf";
include "spamfilter.conf";
include "vhosts.conf";
include "aliases/anope.conf";
include "blacklist.conf";

set {
    network-name "domain";
    default-server "irc.domain.chat";
    services-server "services.domain.chat";
    stats-server "stats.domain.chat";
    help-channel "#aide";
    hiddenhost-prefix "domain";
    allowed-nickchars { "latin-utf8"; };
    cloak-keys {
        mycloack;
        mycloack;
        mycloack;
    };
    kline-address "[email protected]";
    modes-on-connect "+ix";
    modes-on-oper "+ixwgsW";
    modes-on-join "+nt";
    options {
        hide-ulines;
        show-connect-info;
    };
    maxchannelsperuser 15;
    anti-flood {
        everyone {
            connect-flood 3:60;
            handshake-data-flood {
                amount 4k;
                ban-action zline;
                ban-time 5m;
            };
            target-flood {
                channel-privmsg 45:5;
                channel-notice 15:5;
                channel-tagmsg 15:5;
                private-privmsg 30:5;
                private-notice 10:5;
                private-tagmsg 10:5;
            };
        };
        known-users {
            nick-flood 3:60;
            join-flood 3:90;
            away-flood 4:120;
            invite-flood 4:60;
            knock-flood 4:120;
            max-concurrent-conversations {
                users 10;
                new-user-every 15s;
            };
            lag-penalty 750;
            lag-penalty-bytes 180;
        };
        unknown-users {
            nick-flood 2:60;
            join-flood 2:90;
            away-flood 4:120;
            invite-flood 2:60;
            knock-flood 2:120;
            max-concurrent-conversations {
                users 4;
                new-user-every 15s;
            };
            lag-penalty 1000;
            lag-penalty-bytes 90;
        };
    };
    ### THE TLS DEFAULT ARE NOW HERE ###
    sasl-server services.domain.chat;
    sasl-timeout 5;
};
loadmodule "reputation";
loadmodule "connthrottle";
set {
    connthrottle {
        known-users {
            minimum-reputation-score 24;
            sasl-bypass yes;
            webirc-bypass yes;
        };
        new-users {
            local-throttle 10:60;
            global-throttle 30:60;
        };
        disabled-when {
            reputation-gathering 1w;
            start-delay 3m;
        };
        reason "Too much connections in a short time. Please wait a while and try again";
    };
};

include "antimixedutf8.conf";
include "countries.conf";
and server1.conf :

Code: Select all

@define $MYIP "10.0.0.1";
me {
    name "$SERVER.zeolia.chat";
    info "Serveur $SERVER sur zeolia.chat";
    sid 001;
};
admin { "CrazyCat <[email protected]>"; };
allow { mask *@$MYIP; class clients; maxperip 30; };
### HERE IS THE FAULTY ###
set {
    tls {
        certificate "tls/server.cert.pem";
        key "tls/server.key.pem";
    };
};
link server2.zeolia.chat {
    incoming { mask *; }
    outgoing {
        hostname 10.0.0.2;
        port 7000;
        options { tls; autoconnect; }
    }
    password "theserver2spfifingerprint" { spkifp; }
    class servers;
}
server2.conf:

Code: Select all

@define $MYIP "10.0.0.2";
me {
    name "$SERVER.zeolia.chat";
    info "Serveur $SERVER sur zeolia.chat";
    sid 001;
};
admin { "Other <[email protected]>"; };
allow { mask *@$MYIP; class clients; maxperip 30; };
### HERE IS THE FAULTY ###
set {
    tls {
        certificate "tls/server.cert.pem";
        key "tls/server.key.pem";
    };
};
link server1.zeolia.chat {
    incoming { mask *; }
    outgoing {
        hostname 10.0.0.1;
        port 7000;
        options { tls; autoconnect; }
    }
    password "theserver1spfifingerprint" { spkifp; }
    class servers;
}
The two servers use the same unrealircd.conf file, the only difference between the two is the @define $SERVER.
When I moved the set { tls {...}} into the main set{} block, it worked...
Top
Post Reply

Return to “Linking servers”