toby
|
86d5c80bbb
|
ipsec changes: IKEv2, and more ipsec changes to hopefully inclrease stability
|
2018-11-18 22:06:53 +01:00 |
toby
|
e3fba4ecad
|
prepping to flip back bastion to a loopback ip. setting firewall rule accordingly
|
2018-11-18 02:22:04 +01:00 |
toby
|
9028be6de6
|
fixing live migration iptables rules
|
2018-11-17 02:06:37 +01:00 |
toby
|
a0d2d87355
|
adding ceph rgw rules to firewall
|
2018-11-16 18:26:57 +01:00 |
toby
|
052aeec779
|
we obviously wanna remove our private ASNs on IPv6 as well
|
2018-11-15 21:05:45 +01:00 |
toby
|
26f34e482f
|
adding smarthost to the firewall
|
2018-11-13 20:41:41 +01:00 |
toby
|
346f3516d4
|
more/better bastion support
|
2018-11-13 17:22:42 +01:00 |
toby
|
045736616f
|
fixng small console error so that systemd actually thinks firewall started successfully
|
2018-11-12 21:08:25 +01:00 |
toby
|
cd7566f253
|
god damn control file syntax and pickiness
|
2018-11-07 22:10:26 +01:00 |
toby
|
1316620232
|
god damn control file syntax and pickiness
|
2018-11-07 19:11:06 +01:00 |
toby
|
39e447d633
|
adjustments for frr 6.0
|
2018-11-07 17:16:12 +01:00 |
toby
|
039b56b15d
|
fixing issue showing IPs
|
2018-11-07 17:07:47 +01:00 |
toby
|
b5caf073ba
|
fixing DNS querry for bastion public IP
|
2018-11-06 21:14:44 +01:00 |
toby
|
01d5a92771
|
doh... typo...
|
2018-11-06 19:30:03 +01:00 |
toby
|
f7738182af
|
fixing sed escape bug
|
2018-11-06 18:42:11 +01:00 |
toby
|
d6566cff38
|
enabling debugging
|
2018-11-06 18:30:27 +01:00 |
toby
|
1855169a42
|
adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there
|
2018-11-04 21:13:13 +01:00 |
toby
|
0868dd4df3
|
adding some early work for bastion support
|
2018-11-04 21:02:07 +01:00 |
toby
|
7aabd41def
|
simplifying and adding flexibility to the NOTRACK rules
|
2018-11-04 19:19:09 +00:00 |
toby
|
249e13bac6
|
adding mgmt IPs on the console output
|
2018-11-03 20:27:10 +01:00 |
toby
|
56d95d9bb8
|
build trigger
|
2018-11-03 19:55:06 +01:00 |
toby
|
14610d67a4
|
build trigger
|
2018-11-03 19:49:22 +01:00 |
toby
|
188c679218
|
fixing another bug for ipmi/mgmtgw interfaces
|
2018-11-03 00:02:42 +01:00 |
toby
|
51cef1a3e5
|
fixing minor bug on ipmigw/mgmtgw interface
|
2018-11-02 23:54:39 +01:00 |
toby
|
6c16ceb2c9
|
fixing typo
|
2018-11-01 21:12:23 +01:00 |
toby
|
c25c9f4e03
|
ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues
|
2018-11-01 16:11:59 +01:00 |
toby
|
e7cdde0418
|
quick fix to allow build after adams repo release info change
|
2018-11-01 09:15:02 +01:00 |
toby
|
2bfed0b53e
|
leaving strongswan untouched since it would otherwise break a upgrade process
|
2018-10-31 23:22:31 +01:00 |
toby
|
03a8db740f
|
for now keeping the ikev1, the upgrade to v2 needs to be planned
|
2018-10-31 23:15:54 +01:00 |
toby
|
d3161082de
|
ipsec: setting source IP to loopback
|
2018-10-31 23:06:30 +01:00 |
toby
|
a6e4647a9c
|
adding more support for ipmigw/mgmtgw interfaces
|
2018-10-31 21:02:57 +01:00 |
toby
|
65b2ecb368
|
making sure systemd-timesyncd is enabled as well
|
2018-10-31 20:40:10 +01:00 |
toby
|
8b3d04f16e
|
need the .wit extension otherwise sed won't work ... doh
|
2018-10-29 20:15:58 +01:00 |
toby
|
633b0a7521
|
removing hardcoded ike version and also fixing file path for swanctl-conf file
|
2018-10-28 22:04:16 +01:00 |
toby
|
3f2238a090
|
adding swanctl draft config. not yet used but wanna eventually switch to it
|
2018-10-28 20:45:20 +01:00 |
toby
|
467548f6e8
|
ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones
|
2018-10-26 21:46:49 +02:00 |
toby
|
056ca4c6ea
|
fixing bug in udev rule writing for mgmt/gw interfaces
|
2018-10-26 20:45:18 +02:00 |
toby
|
1dc2ca3525
|
fixing bug in udev rule writing for mgmt/gw interfaces
|
2018-10-26 20:24:47 +02:00 |
toby
|
87ee7e115e
|
first draft for bastion support, needs to be tested
|
2018-10-26 19:50:55 +02:00 |
toby
|
67c3928413
|
updateing updating/unifiying build with other repos
|
2018-10-26 00:36:25 +02:00 |
toby
|
11a6b51343
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-26 00:17:45 +02:00 |
toby
|
b9049ea671
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-26 00:03:59 +02:00 |
toby
|
d4c2dc33f3
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-25 23:59:12 +02:00 |
toby
|
808090a480
|
build trigger
|
2018-10-25 19:55:05 +02:00 |
toby
|
b1e994cb79
|
build trigger
|
2018-10-25 19:54:18 +02:00 |
toby
|
f925ad46a0
|
updated IP for new mirrors in usw2
|
2018-10-24 23:07:54 +02:00 |
toby
|
31abf06342
|
setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes
|
2018-10-23 23:28:29 +02:00 |
toby
|
f9ed8fe88b
|
adding allowas-in 1 to iBGP peergroup. this allows routes coming in from peer-edge over the gre to be learn
|
2018-10-23 18:27:55 +02:00 |
toby
|
eb8a990fc8
|
tiny but major bug in frr config
|
2018-10-23 17:39:54 +02:00 |
toby
|
82146158cd
|
allowing the gre if local asn to be dynamically assigned as well
|
2018-10-23 16:59:12 +02:00 |