|
|
a7ec878518
|
feat(enrollment): implement token-based enrollment flow
Changes:
1. ✅ Updated SHA256SUMS with new ostp-server binary
2. ✅ Made oncp-master optional in deploy.sh (two deployment modes)
3. ✅ Added enrollment_token support to ostp-server
4. ✅ Updated config examples with token field
Deployment Modes:
- Mode 1 (Standalone): Connect to existing master with enrollment token
- Mode 2 (Full Stack): Deploy both master + server on one host
ostp-server Enrollment Flow:
1. Admin generates token on master: \oncp-master node token --expiry 60\
2. Node submits enrollment with token in config (psk: 'AUTO')
3. Master validates token (silent drop if invalid - security)
4. Admin approves node: \oncp-master node approve <node-id>\
5. Node receives PSK + IP from 10.X.0.0/16 pool
6. Update config with PSK, restart server
deploy.sh Features:
- Interactive mode selection
- Conditional oncp-master installation
- Automated token generation (full stack mode)
- Enrollment submission (standalone mode)
Config Examples:
- server.json.example: Full stack with local master
- server-enrollment.json.example: Standalone with token
Security:
- Token validation before enrollment acceptance
- Silent drop on invalid token (prevents enumeration)
- One-time use tokens with expiration
- IPAM automatic IP allocation from pool
Documentation:
- Updated README with deployment modes
- Added enrollment workflow explanation
- Security features documented
- CLI examples for both modes
|
2026-01-02 03:36:20 +03:00 |
|
|
|
f779404e0f
|
feat(ostp-client-linux): add CLI VPN client for Linux
New CLI client for Linux with TUN interface support:
- Interactive setup wizard with profile management
- Connect/disconnect commands with root privilege check
- Status monitoring (interface stats, traffic counters)
- Test connection (handshake verification)
- Profile management (add/remove/set-default)
- Anti-VM detection (production mode only)
- Stealth mode (TLS mimicry, geo-SNI selection)
Features:
- Static musl binary (2.0 MB) - universal Linux
- Config storage: ~/.config/ostp/profiles.json
- TUN interface: ostp0 (10.X.Y.Z)
- Security: libc::geteuid() root check, ostp-guard integration
- Error handling: graceful disconnect on Ctrl+C
Commands:
- ostp-client-linux setup # Interactive wizard
- ostp-client-linux connect --profile default
- ostp-client-linux connect --server 1.2.3.4:443 --psk HEX
- ostp-client-linux status # Show connection info
- ostp-client-linux disconnect # Kill running client
- ostp-client-linux profiles list # List saved profiles
- ostp-client-linux test --server X --psk Y
Distribution updates:
- Added ostp-client-linux (2.0 MB) to linux-x64 package
- Updated SHA256SUMS with all 3 binaries
- Updated README.md with client installation guide
- Rebuilt ostp-server-linux-x64.tar.gz (6.86 MB total)
Note: TUN interface and traffic relay are TODO (placeholders)
|
2026-01-02 03:06:29 +03:00 |
|
|
|
963feb1582
|
feat(dist): add distribution packages with docs and checksums
Linux Server Package (ostp-server-linux-x64.tar.gz - 5.94 MB):
- ostp-server (9.2 MB) + oncp-master (4.8 MB)
- Automated deploy.sh script with systemd integration
- README.md with quick start guide
- systemd service units (ostp-server.service, oncp-master.service)
- Config examples (server.json, server-enrollment.json)
- SHA256SUMS for integrity verification
Windows Client Package (ostp-client-windows-x64.zip - 1.29 MB):
- ostp-client.exe (1.64 MB) - CLI client
- ostp-daemon.exe (0.53 MB) - Windows Service
- ostp-installer.exe (0.37 MB) - Setup wizard
- README.md with GUI/CLI usage guide
- SHA256SUMS.txt for integrity verification
Deploy Script Features:
- Automated PSK generation
- Systemd service installation
- Firewall configuration (ufw)
- OTP token generation (60 min)
- Network validation (10.X.0.0/16)
- Security hardening (NoNewPrivileges, ProtectSystem)
Documentation includes:
- Installation instructions
- Configuration examples
- Troubleshooting guides
- Security best practices
- API reference
|
2026-01-02 02:59:08 +03:00 |
|
