toby
|
adefd694e4
|
enabling debug post-script again and removing hardcoded domain name in post-script for subnets lookups
|
2018-12-01 18:30:10 +01:00 |
|
toby
|
91e34ea5e1
|
ipsec: removing old proposal now that we are 100% upgraded, also tweaking some settings making use of ikev2
|
2018-11-30 18:27:18 +01:00 |
|
toby
|
b2b902672b
|
raising dpdtimeout to be 5x the delay, it's much more agressive than defaults but at least its the same multiplier than default
|
2018-11-18 23:18:29 +01:00 |
|
toby
|
9d11caf8f9
|
changed my mind about closeaction, we should maybe have that, but trying to use hold instead
|
2018-11-18 22:14:26 +01:00 |
|
toby
|
86d5c80bbb
|
ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability
|
2018-11-18 22:06:53 +01:00 |
|
toby
|
03a8db740f
|
for now keeping the ikev1, the upgrade to v2 needs to be planned
|
2018-10-31 23:15:54 +01:00 |
|
toby
|
d3161082de
|
ipsec: setting source IP to loopback
|
2018-10-31 23:06:30 +01:00 |
|
toby
|
633b0a7521
|
removing hardcoded ike version and also fixing file path for swanctl-conf file
|
2018-10-28 22:04:16 +01:00 |
|
toby
|
467548f6e8
|
ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones
|
2018-10-26 21:46:49 +02:00 |
|
toby
|
31abf06342
|
setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes
|
2018-10-23 23:28:29 +02:00 |
|
toby
|
ea70e243fe
|
more work on edge.... adding support for dynamic ipsec subnets and some more minor patches
|
2018-10-19 19:57:07 +02:00 |
|
toby
|
37c69ab507
|
adding ipv6 tunnel to strongswan and matching firewall rules
|
2018-09-17 21:28:02 +02:00 |
|
toby
|
4a69025703
|
removing legacy dhcp stuff and starting to rely on DNS for loopback v4/v6 and asn
|
2018-09-12 20:01:52 +02:00 |
root
|
906bcb2a7c
|
adding ipsec config as well
|
2018-07-27 20:34:21 +00:00 |