From adefd694e49b326620fe33ebaf80de11248684db Mon Sep 17 00:00:00 2001 From: toby Date: Sat, 1 Dec 2018 18:30:10 +0100 Subject: [PATCH] enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups --- debian/wit-network-config.postinst | 15 ++++++++------- files/ipsec.conf.wit | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/debian/wit-network-config.postinst b/debian/wit-network-config.postinst index 06a4655..0e01de7 100755 --- a/debian/wit-network-config.postinst +++ b/debian/wit-network-config.postinst @@ -3,7 +3,7 @@ # # see: dh_installdeb(1) -set -e +set -xe # summary of how this script can be called: # * `configure' @@ -27,6 +27,7 @@ case "$1" in FRRCONFIG="/etc/frr/frr.conf.wit" IPSECCONFIG="/etc/ipsec.conf.wit" SWANCTLCONFIG="/etc/swanctl/conf.d/wit-swanctl.conf" + DOMAINNAME=$(hostname -d) @@ -263,7 +264,7 @@ case "$1" in ## compile public IP space prefix lists, this is what's going to be advertised out the upstream provider i=1 while true; do - TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break + TEMP="$(dig_txt $i.ipv4.public.prefixlist.$DOMAINNAME)" || break TEMPAGGS=" !!! aggregate-address ${TEMP}\n" FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}" TEMPSUM="!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}\n" @@ -273,7 +274,7 @@ case "$1" in i=1 while true; do - TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break + TEMP="$(dig_txt $i.ipv6.public.prefixlist.$DOMAINNAME)" || break TEMPAGGS=" !!! aggregate-address ${TEMP}\n" FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}" TEMPSUM="!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}\n" @@ -285,7 +286,7 @@ case "$1" in ## compile customer IP blocks that we accept. this in theory should be a combination of *all* public blocks used accross regions while limiting it a smaller subnet size i=1 while true; do - TEMP="$(dig_txt $i.ipv4.customers.prefixlist.usw2.admin.wit.com)" || break + TEMP="$(dig_txt $i.ipv4.customers.prefixlist.$DOMAINNAME)" || break TEMPSUM="ip prefix-list WITv4-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 25\n" FRR_IPV4_CUSTOMERS_PFLIST="${FRR_IPV4_CUSTOMERS_PFLIST}${TEMPSUM}" let i+=1 @@ -293,7 +294,7 @@ case "$1" in i=1 while true; do - TEMP="$(dig_txt $i.ipv6.customers.prefixlist.usw2.admin.wit.com)" || break + TEMP="$(dig_txt $i.ipv6.customers.prefixlist.$DOMAINNAME)" || break TEMPSUM="ipv6 prefix-list WITv6-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 64\n" FRR_IPV6_CUSTOMERS_PFLIST="${FRR_IPV6_CUSTOMERS_PFLIST}${TEMPSUM}" let i+=1 @@ -303,7 +304,7 @@ case "$1" in ## compile loopback IP blocks that we wanna accept to be injected into the bgp i=1 while true; do - TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.usw2.admin.wit.com)" || break + TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.$DOMAINNAME)" || break TEMPSUM="ip prefix-list LOOPBACKv4 seq $((i*5)) permit ${TEMP} ge 32\n" FRR_IPV4_LOOPBACK_PFLIST="${FRR_IPV4_LOOPBACK_PFLIST}${TEMPSUM}" [ -z $IPSEC_IPV4_SUBNETS ] || IPSEC_IPV4_SUBNETS="${IPSEC_IPV4_SUBNETS}," @@ -313,7 +314,7 @@ case "$1" in i=1 while true; do - TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.usw2.admin.wit.com)" || break + TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.$DOMAINNAME)" || break TEMPSUM="ipv6 prefix-list LOOPBACKv6 seq $((i*5)) permit ${TEMP} ge 128\n" FRR_IPV6_LOOPBACK_PFLIST="${FRR_IPV6_LOOPBACK_PFLIST}${TEMPSUM}" [ -z $IPSEC_IPV6_SUBNETS ] || IPSEC_IPV6_SUBNETS="${IPSEC_IPV6_SUBNETS}," diff --git a/files/ipsec.conf.wit b/files/ipsec.conf.wit index 283d06a..966ef37 100644 --- a/files/ipsec.conf.wit +++ b/files/ipsec.conf.wit @@ -4,7 +4,7 @@ config setup conn %default - #keyexchange=ikev1 + #keyexchange=ikev2 keyingtries=%forever dpdtimeout=10 dpddelay=2