jcarr
/
wit-network-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
158 Commits 1 Branch 0 Tags 268 KiB
Commit Graph

158 Commits

Author SHA1 Message Date
toby c25c9f4e03 ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues 2018-11-01 16:11:59 +01:00
toby e7cdde0418 quick fix to allow build after adams repo release info change 2018-11-01 09:15:02 +01:00
toby 2bfed0b53e leaving strongswan untouched since it would otherwise break a upgrade process 2018-10-31 23:22:31 +01:00
toby 03a8db740f for now keeping the ikev1, the upgrade to v2 needs to be planned 2018-10-31 23:15:54 +01:00
toby d3161082de ipsec: setting source IP to loopback 2018-10-31 23:06:30 +01:00
toby a6e4647a9c adding more support for ipmigw/mgmtgw interfaces 2018-10-31 21:02:57 +01:00
toby 65b2ecb368 making sure systemd-timesyncd is enabled as well 2018-10-31 20:40:10 +01:00
toby 8b3d04f16e need the .wit extension otherwise sed won't work ... doh 2018-10-29 20:15:58 +01:00
toby 633b0a7521 removing hardcoded ike version and also fixing file path for swanctl-conf file 2018-10-28 22:04:16 +01:00
toby 3f2238a090 adding swanctl draft config. not yet used but wanna eventually switch to it 2018-10-28 20:45:20 +01:00
toby 467548f6e8 ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones 2018-10-26 21:46:49 +02:00
toby 056ca4c6ea fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:45:18 +02:00
toby 1dc2ca3525 fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:24:47 +02:00
toby 87ee7e115e first draft for bastion support, needs to be tested 2018-10-26 19:50:55 +02:00
toby 67c3928413 updateing updating/unifiying build with other repos 2018-10-26 00:36:25 +02:00
toby 11a6b51343 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:17:45 +02:00
toby b9049ea671 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:03:59 +02:00
toby d4c2dc33f3 pushing the unsigned deb to the new v2 cloud 2018-10-25 23:59:12 +02:00
toby 808090a480 build trigger 2018-10-25 19:55:05 +02:00
toby b1e994cb79 build trigger 2018-10-25 19:54:18 +02:00
toby f925ad46a0 updated IP for new mirrors in usw2 2018-10-24 23:07:54 +02:00
toby 31abf06342 setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes 2018-10-23 23:28:29 +02:00
toby f9ed8fe88b adding allowas-in 1 to iBGP peergroup. this allows routes coming in from peer-edge over the gre to be learn 2018-10-23 18:27:55 +02:00
toby eb8a990fc8 tiny but major bug in frr config 2018-10-23 17:39:54 +02:00
toby 82146158cd allowing the gre if local asn to be dynamically assigned as well 2018-10-23 16:59:12 +02:00
toby d67b225792 cleanup firewall rules and making unnumbered bgp rules a tad more restrictive 2018-10-21 23:08:58 +02:00
toby c7d116d1c1 adding firewall rules for edge boxes 2018-10-20 18:55:45 +02:00
toby 0eceabfe1d implementing some ad-hoc patches I did yesterday to get it going 2018-10-20 17:51:53 +02:00
toby 3124cda0f2 up1 should not run dad attempts 2018-10-19 23:37:46 +02:00
toby f2777bdbee adding broadcom nic firmware as dependency 2018-10-19 23:18:44 +02:00
toby 1003c71e11 have ibgp interface also added to the neighbors obviously... 2018-10-19 23:08:31 +02:00
toby aa0bef898b adding ibgp interface to frrconfig and fixing syntax in up1-interfaces config 2018-10-19 23:01:19 +02:00
toby ea89e74311 removing also test echo output 2018-10-19 21:44:46 +02:00
toby d81aa58f7c doh, actually removing the test code 2018-10-19 21:16:16 +02:00
toby d446f995c8 adding edge-support branch to the drone pipeline 2018-10-19 20:45:19 +02:00
toby ea70e243fe more work on edge.... adding support for dynamic ipsec subnets and some more minor patches 2018-10-19 19:57:07 +02:00
toby 587bba4290 more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup... 2018-10-19 17:03:43 +02:00
toby 7e1d7993fe more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup... 2018-10-19 16:56:11 +02:00
toby cfdc1cd3a9 more work ... .still ways to go,... just taking a backup... 2018-10-18 22:12:43 +02:00
toby 0e9142c15e first major commit for edge boxes support, not nearly done yet 2018-10-16 22:44:57 +02:00
toby fc2e803533 adding a function to build only on the master branch. this avoids releasing packages to the repo before they are at least somewhat ready 2018-10-15 18:04:41 +02:00
toby d30e523aed disabling strongswan service by default. I turn it back on in ansible when certs are in place 2018-10-10 18:59:23 +02:00
toby db5f5107fa nicer output formatting 2018-10-09 18:46:35 +00:00
toby e69f60957c .... me being anal... 2018-10-09 18:09:38 +00:00
toby 347291d1a9 re-factor of interface config compile process 2018-10-09 18:06:28 +00:00
toby 4a89aa2c93 re-arranging before interface config refactor 2018-10-09 16:25:45 +00:00
toby 1f58cd3918 cleaning up leading space vs tab bs 2018-10-09 16:23:52 +00:00
toby 4f7f177cc6 fixing bug in regex of qemu-ifup-public public IP matching 2018-10-08 18:22:22 +02:00
toby 1b891db635 renaming WIT customers prefix-list to be more consistent, in preparation for edge support 2018-10-08 18:20:48 +02:00
toby 460ee34f03 adding support for ibgp interfaces and feth/up/ibgp support for up to 4 nics 2018-10-08 11:33:18 +02:00