jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups

This commit is contained in:
toby 2018-12-01 18:30:10 +01:00
parent bfbd9068e4
commit adefd694e4
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
debian/wit-network-config.postinst vendored
View File

@ -3,7 +3,7 @@
#
# see: dh_installdeb(1)
set -e
set -xe
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
@ -27,6 +27,7 @@ case "$1" in
FRRCONFIG="/etc/frr/frr.conf.wit"
IPSECCONFIG="/etc/ipsec.conf.wit"
SWANCTLCONFIG="/etc/swanctl/conf.d/wit-swanctl.conf"
DOMAINNAME=$(hostname -d)
@ -263,7 +264,7 @@ case "$1" in
## compile public IP space prefix lists, this is what's going to be advertised out the upstream provider
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.public.prefixlist.usw2.admin.wit.com)" || break
TEMP="$(dig_txt $i.ipv4.public.prefixlist.$DOMAINNAME)" || break
TEMPAGGS=" !!! aggregate-address ${TEMP}\n"
FRR_IPV4_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV4_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="!!! ip prefix-list WITv4-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
@ -273,7 +274,7 @@ case "$1" in
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.public.prefixlist.usw2.admin.wit.com)" || break
TEMP="$(dig_txt $i.ipv6.public.prefixlist.$DOMAINNAME)" || break
TEMPAGGS=" !!! aggregate-address ${TEMP}\n"
FRR_IPV6_EDGE_SUMMARIES_AGGREGATS="${FRR_IPV6_EDGE_SUMMARIES_AGGREGATS}${TEMPAGGS}"
TEMPSUM="!!! ipv6 prefix-list WITv6-SUMMARIES seq $((i*5)) permit ${TEMP}\n"
@ -285,7 +286,7 @@ case "$1" in
## compile customer IP blocks that we accept. this in theory should be a combination of *all* public blocks used accross regions while limiting it a smaller subnet size
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.customers.prefixlist.usw2.admin.wit.com)" || break
TEMP="$(dig_txt $i.ipv4.customers.prefixlist.$DOMAINNAME)" || break
TEMPSUM="ip prefix-list WITv4-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 25\n"
FRR_IPV4_CUSTOMERS_PFLIST="${FRR_IPV4_CUSTOMERS_PFLIST}${TEMPSUM}"
let i+=1
@ -293,7 +294,7 @@ case "$1" in
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.customers.prefixlist.usw2.admin.wit.com)" || break
TEMP="$(dig_txt $i.ipv6.customers.prefixlist.$DOMAINNAME)" || break
TEMPSUM="ipv6 prefix-list WITv6-CUSTOMERS seq $((i*5)) permit ${TEMP} ge 64\n"
FRR_IPV6_CUSTOMERS_PFLIST="${FRR_IPV6_CUSTOMERS_PFLIST}${TEMPSUM}"
let i+=1
@ -303,7 +304,7 @@ case "$1" in
## compile loopback IP blocks that we wanna accept to be injected into the bgp
i=1
while true; do
TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.usw2.admin.wit.com)" || break
TEMP="$(dig_txt $i.ipv4.loopback.prefixlist.$DOMAINNAME)" || break
TEMPSUM="ip prefix-list LOOPBACKv4 seq $((i*5)) permit ${TEMP} ge 32\n"
FRR_IPV4_LOOPBACK_PFLIST="${FRR_IPV4_LOOPBACK_PFLIST}${TEMPSUM}"
[ -z $IPSEC_IPV4_SUBNETS ] || IPSEC_IPV4_SUBNETS="${IPSEC_IPV4_SUBNETS},"
@ -313,7 +314,7 @@ case "$1" in
i=1
while true; do
TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.usw2.admin.wit.com)" || break
TEMP="$(dig_txt $i.ipv6.loopback.prefixlist.$DOMAINNAME)" || break
TEMPSUM="ipv6 prefix-list LOOPBACKv6 seq $((i*5)) permit ${TEMP} ge 128\n"
FRR_IPV6_LOOPBACK_PFLIST="${FRR_IPV6_LOOPBACK_PFLIST}${TEMPSUM}"
[ -z $IPSEC_IPV6_SUBNETS ] || IPSEC_IPV6_SUBNETS="${IPSEC_IPV6_SUBNETS},"

2
files/ipsec.conf.wit
View File

@ -4,7 +4,7 @@ config setup
conn %default
#keyexchange=ikev1
#keyexchange=ikev2
keyingtries=%forever
dpdtimeout=10
dpddelay=2