Commit Graph

183 Commits

Author SHA1 Message Date
toby 86d5c80bbb ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability 2018-11-18 22:06:53 +01:00
toby e3fba4ecad prepping to flip back bastion to a loopback ip. setting firewall rule accordingly 2018-11-18 02:22:04 +01:00
toby 9028be6de6 fixing live migration iptables rules 2018-11-17 02:06:37 +01:00
toby a0d2d87355 adding ceph rgw rules to firewall 2018-11-16 18:26:57 +01:00
toby 052aeec779 we obviously wanna remove our private ASNs on IPv6 as well 2018-11-15 21:05:45 +01:00
toby 26f34e482f adding smarthost to the firewall 2018-11-13 20:41:41 +01:00
toby 346f3516d4 more/better bastion support 2018-11-13 17:22:42 +01:00
toby 045736616f fixng small console error so that systemd actually thinks firewall started successfully 2018-11-12 21:08:25 +01:00
toby cd7566f253 god damn control file syntax and pickiness 2018-11-07 22:10:26 +01:00
toby 1316620232 god damn control file syntax and pickiness 2018-11-07 19:11:06 +01:00
toby 39e447d633 adjustments for frr 6.0 2018-11-07 17:16:12 +01:00
toby 039b56b15d fixing issue showing IPs 2018-11-07 17:07:47 +01:00
toby b5caf073ba fixing DNS querry for bastion public IP 2018-11-06 21:14:44 +01:00
toby 01d5a92771 doh... typo... 2018-11-06 19:30:03 +01:00
toby f7738182af fixing sed escape bug 2018-11-06 18:42:11 +01:00
toby d6566cff38 enabling debugging 2018-11-06 18:30:27 +01:00
toby 1855169a42 adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there 2018-11-04 21:13:13 +01:00
toby 0868dd4df3 adding some early work for bastion support 2018-11-04 21:02:07 +01:00
toby 7aabd41def simplifying and adding flexibility to the NOTRACK rules 2018-11-04 19:19:09 +00:00
toby 249e13bac6 adding mgmt IPs on the console output 2018-11-03 20:27:10 +01:00
toby 56d95d9bb8 build trigger 2018-11-03 19:55:06 +01:00
toby 14610d67a4 build trigger 2018-11-03 19:49:22 +01:00
toby 188c679218 fixing another bug for ipmi/mgmtgw interfaces 2018-11-03 00:02:42 +01:00
toby 51cef1a3e5 fixing minor bug on ipmigw/mgmtgw interface 2018-11-02 23:54:39 +01:00
toby 6c16ceb2c9 fixing typo 2018-11-01 21:12:23 +01:00
toby c25c9f4e03 ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues 2018-11-01 16:11:59 +01:00
toby e7cdde0418 quick fix to allow build after adams repo release info change 2018-11-01 09:15:02 +01:00
toby 2bfed0b53e leaving strongswan untouched since it would otherwise break a upgrade process 2018-10-31 23:22:31 +01:00
toby 03a8db740f for now keeping the ikev1, the upgrade to v2 needs to be planned 2018-10-31 23:15:54 +01:00
toby d3161082de ipsec: setting source IP to loopback 2018-10-31 23:06:30 +01:00
toby a6e4647a9c adding more support for ipmigw/mgmtgw interfaces 2018-10-31 21:02:57 +01:00
toby 65b2ecb368 making sure systemd-timesyncd is enabled as well 2018-10-31 20:40:10 +01:00
toby 8b3d04f16e need the .wit extension otherwise sed won't work ... doh 2018-10-29 20:15:58 +01:00
toby 633b0a7521 removing hardcoded ike version and also fixing file path for swanctl-conf file 2018-10-28 22:04:16 +01:00
toby 3f2238a090 adding swanctl draft config. not yet used but wanna eventually switch to it 2018-10-28 20:45:20 +01:00
toby 467548f6e8 ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones 2018-10-26 21:46:49 +02:00
toby 056ca4c6ea fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:45:18 +02:00
toby 1dc2ca3525 fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:24:47 +02:00
toby 87ee7e115e first draft for bastion support, needs to be tested 2018-10-26 19:50:55 +02:00
toby 67c3928413 updateing updating/unifiying build with other repos 2018-10-26 00:36:25 +02:00
toby 11a6b51343 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:17:45 +02:00
toby b9049ea671 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:03:59 +02:00
toby d4c2dc33f3 pushing the unsigned deb to the new v2 cloud 2018-10-25 23:59:12 +02:00
toby 808090a480 build trigger 2018-10-25 19:55:05 +02:00
toby b1e994cb79 build trigger 2018-10-25 19:54:18 +02:00
toby f925ad46a0 updated IP for new mirrors in usw2 2018-10-24 23:07:54 +02:00
toby 31abf06342 setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes 2018-10-23 23:28:29 +02:00
toby f9ed8fe88b adding allowas-in 1 to iBGP peergroup. this allows routes coming in from peer-edge over the gre to be learn 2018-10-23 18:27:55 +02:00
toby eb8a990fc8 tiny but major bug in frr config 2018-10-23 17:39:54 +02:00
toby 82146158cd allowing the gre if local asn to be dynamically assigned as well 2018-10-23 16:59:12 +02:00