jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
153 Commits 1 Branch 0 Tags 268 KiB
Commit Graph

57 Commits

Author SHA1 Message Date
toby 633b0a7521 removing hardcoded ike version and also fixing file path for swanctl-conf file 2018-10-28 22:04:16 +01:00
toby 3f2238a090 adding swanctl draft config. not yet used but wanna eventually switch to it 2018-10-28 20:45:20 +01:00
toby 467548f6e8 ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones 2018-10-26 21:46:49 +02:00
toby f925ad46a0 updated IP for new mirrors in usw2 2018-10-24 23:07:54 +02:00
toby 31abf06342 setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes 2018-10-23 23:28:29 +02:00
toby f9ed8fe88b adding allowas-in 1 to iBGP peergroup. this allows routes coming in from peer-edge over the gre to be learn 2018-10-23 18:27:55 +02:00
toby eb8a990fc8 tiny but major bug in frr config 2018-10-23 17:39:54 +02:00
toby d67b225792 cleanup firewall rules and making unnumbered bgp rules a tad more restrictive 2018-10-21 23:08:58 +02:00
toby c7d116d1c1 adding firewall rules for edge boxes 2018-10-20 18:55:45 +02:00
toby 0eceabfe1d implementing some ad-hoc patches I did yesterday to get it going 2018-10-20 17:51:53 +02:00
toby ea70e243fe more work on edge.... adding support for dynamic ipsec subnets and some more minor patches 2018-10-19 19:57:07 +02:00
toby 587bba4290 more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup... 2018-10-19 17:03:43 +02:00
toby 7e1d7993fe more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup... 2018-10-19 16:56:11 +02:00
toby cfdc1cd3a9 more work ... .still ways to go,... just taking a backup... 2018-10-18 22:12:43 +02:00
toby 0e9142c15e first major commit for edge boxes support, not nearly done yet 2018-10-16 22:44:57 +02:00
toby 4f7f177cc6 fixing bug in regex of qemu-ifup-public public IP matching 2018-10-08 18:22:22 +02:00
toby 1b891db635 renaming WIT customers prefix-list to be more consistent, in preparation for edge support 2018-10-08 18:20:48 +02:00
toby a343ade9c4 adding new firewall rule for stackapi 2018-10-05 22:27:10 +00:00
toby 928142ce70 updating the qemu-ifup scripts to reflect the new versions usling local files 2018-10-05 18:29:12 +00:00
toby bc97208b34 typo in ipv6 prefix list for new customer blocks 2018-10-04 20:07:50 +02:00
toby 23c5b533c1 adding more IPv6 customer blocks for paul for the new v2 stack in usw2 2018-10-04 18:22:45 +02:00
toby b5860daf1d typo in firewall rule 2018-10-01 18:25:50 +02:00
toby 7a948a6fbf adding ipv6 ssh support from bastion (in theory we should actually only need that, but keep ipv4 for now ... just in case) 2018-10-01 15:04:23 +02:00
toby 1c50cecdb5 adding direct ssh access on default for bastion, and migrating to admin domain instead of 3 different zones 2018-10-01 10:39:17 +02:00
toby b18d2c03c8 adding mirrors.wit.com to the firewall 2018-09-26 23:47:01 +02:00
toby d87f7c1720 configuring etc/network/interfaces from postinst instead of installing a static file 2018-09-25 23:24:42 +02:00
Adam Frank 6a01e4988b adding local ceph traffic rules 2018-09-22 04:57:07 +00:00
toby c8195a9cf8 adding first estimated rules for ceph 2018-09-20 16:40:25 +02:00
toby 37c69ab507 adding ipv6 tunnel to strongswan and matching firewall rules 2018-09-17 21:28:02 +02:00
toby 05cb6ef35f quick fix for ifup since introduction of IPv6 loopback IPs 2018-09-13 23:51:03 +02:00
toby 002d2e0221 fixing firewall scirpt and rolling back to hardcoded IP till I get the systemd unit file 2018-09-13 23:41:28 +02:00
toby 2e95eb7bad orginizing the firewall a little bit, no changes in theory 2018-09-13 12:08:40 +02:00
toby 8bdbba3016 orginizing the firewall a little bit, no changes in theory 2018-09-13 01:17:40 +02:00
toby 4a69025703 removing legacy dhcp stuff and starting to rely on DNS for loopback v4/v6 and asn 2018-09-12 20:01:52 +02:00
toby dc6a02d0d4 fixing ipv6 mgmt firewall rules (again) and setting mgmt1 interface to be dhcp as well (not just auto) 2018-09-10 21:03:57 +02:00
toby 7d30951603 fixing DHCP6 offer packets on firewall to come through 2018-09-09 23:37:24 +02:00
toby d96371752d adding DHCP6 offer packets on firewall to come through 2018-09-09 23:20:30 +02:00
toby 52e4f93928 cleanup / orginizing frr.conf a little bit for dual stack 2018-09-09 20:06:05 +02:00
toby 660343046e fix firewall to support our DNS 2018-09-09 15:42:45 +02:00
toby 4df3901bc2 adjusting ipv6 prefix filter to match new subnet definitions 2018-09-09 14:30:22 +02:00
toby 8beb8a5aa9 removing pre-defined loopback subnet from firewall dependency 2018-09-09 13:30:30 +02:00
toby 37125104c3 pulling loopback IP from DNS instead of relaying on dhcp and configfile, moving net-interfaces to each own files in interfaces.d, cleaning up the postinst scritp a bit for easier read 2018-09-09 12:58:45 +02:00
root f6303f817b adding support for frr 5.0 2018-08-12 16:34:19 +00:00
root 8508708aaf re-enabling frr dependencies and upping version for push to repo 2018-08-09 13:32:24 +00:00
root 13fbc9d572 I may come close to the full support finally 2018-08-09 10:18:19 +00:00
root 6739750f31 moving back to tier_id from loopback since we need that in more cases than just loopback 2018-08-08 21:45:07 +00:00
root e8a00a6adf adding first steps for dhcp-loopback support and vcs info in control 2018-08-08 20:59:37 +00:00
root b8368a446f just a coupe more comments and adding vteps to auto-detect 2018-08-06 18:45:35 +00:00
root 35e370d4d7 addign dhcpcd5 conflict dependency and fixing rc.local to exit 0 2018-08-02 21:54:14 +00:00
root 248bdb7f80 refacotring to some extend now that we switched to dhcpcd and turned off networkd entirely. 2018-08-02 21:35:37 +00:00