Commit Graph

169 Commits

Author SHA1 Message Date
toby f7738182af fixing sed escape bug 2018-11-06 18:42:11 +01:00
toby d6566cff38 enabling debugging 2018-11-06 18:30:27 +01:00
toby 1855169a42 adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there 2018-11-04 21:13:13 +01:00
toby 0868dd4df3 adding some early work for bastion support 2018-11-04 21:02:07 +01:00
toby 7aabd41def simplifying and adding flexibility to the NOTRACK rules 2018-11-04 19:19:09 +00:00
toby 249e13bac6 adding mgmt IPs on the console output 2018-11-03 20:27:10 +01:00
toby 56d95d9bb8 build trigger 2018-11-03 19:55:06 +01:00
toby 14610d67a4 build trigger 2018-11-03 19:49:22 +01:00
toby 188c679218 fixing another bug for ipmi/mgmtgw interfaces 2018-11-03 00:02:42 +01:00
toby 51cef1a3e5 fixing minor bug on ipmigw/mgmtgw interface 2018-11-02 23:54:39 +01:00
toby 6c16ceb2c9 fixing typo 2018-11-01 21:12:23 +01:00
toby c25c9f4e03 ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues 2018-11-01 16:11:59 +01:00
toby e7cdde0418 quick fix to allow build after adams repo release info change 2018-11-01 09:15:02 +01:00
toby 2bfed0b53e leaving strongswan untouched since it would otherwise break a upgrade process 2018-10-31 23:22:31 +01:00
toby 03a8db740f for now keeping the ikev1, the upgrade to v2 needs to be planned 2018-10-31 23:15:54 +01:00
toby d3161082de ipsec: setting source IP to loopback 2018-10-31 23:06:30 +01:00
toby a6e4647a9c adding more support for ipmigw/mgmtgw interfaces 2018-10-31 21:02:57 +01:00
toby 65b2ecb368 making sure systemd-timesyncd is enabled as well 2018-10-31 20:40:10 +01:00
toby 8b3d04f16e need the .wit extension otherwise sed won't work ... doh 2018-10-29 20:15:58 +01:00
toby 633b0a7521 removing hardcoded ike version and also fixing file path for swanctl-conf file 2018-10-28 22:04:16 +01:00
toby 3f2238a090 adding swanctl draft config. not yet used but wanna eventually switch to it 2018-10-28 20:45:20 +01:00
toby 467548f6e8 ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones 2018-10-26 21:46:49 +02:00
toby 056ca4c6ea fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:45:18 +02:00
toby 1dc2ca3525 fixing bug in udev rule writing for mgmt/gw interfaces 2018-10-26 20:24:47 +02:00
toby 87ee7e115e first draft for bastion support, needs to be tested 2018-10-26 19:50:55 +02:00
toby 67c3928413 updateing updating/unifiying build with other repos 2018-10-26 00:36:25 +02:00
toby 11a6b51343 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:17:45 +02:00
toby b9049ea671 pushing the unsigned deb to the new v2 cloud 2018-10-26 00:03:59 +02:00
toby d4c2dc33f3 pushing the unsigned deb to the new v2 cloud 2018-10-25 23:59:12 +02:00
toby 808090a480 build trigger 2018-10-25 19:55:05 +02:00
toby b1e994cb79 build trigger 2018-10-25 19:54:18 +02:00
toby f925ad46a0 updated IP for new mirrors in usw2 2018-10-24 23:07:54 +02:00
toby 31abf06342 setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes 2018-10-23 23:28:29 +02:00
toby f9ed8fe88b adding allowas-in 1 to iBGP peergroup. this allows routes coming in from peer-edge over the gre to be learn 2018-10-23 18:27:55 +02:00
toby eb8a990fc8 tiny but major bug in frr config 2018-10-23 17:39:54 +02:00
toby 82146158cd allowing the gre if local asn to be dynamically assigned as well 2018-10-23 16:59:12 +02:00
toby d67b225792 cleanup firewall rules and making unnumbered bgp rules a tad more restrictive 2018-10-21 23:08:58 +02:00
toby c7d116d1c1 adding firewall rules for edge boxes 2018-10-20 18:55:45 +02:00
toby 0eceabfe1d implementing some ad-hoc patches I did yesterday to get it going 2018-10-20 17:51:53 +02:00
toby 3124cda0f2 up1 should not run dad attempts 2018-10-19 23:37:46 +02:00
toby f2777bdbee adding broadcom nic firmware as dependency 2018-10-19 23:18:44 +02:00
toby 1003c71e11 have ibgp interface also added to the neighbors obviously... 2018-10-19 23:08:31 +02:00
toby aa0bef898b adding ibgp interface to frrconfig and fixing syntax in up1-interfaces config 2018-10-19 23:01:19 +02:00
toby ea89e74311 removing also test echo output 2018-10-19 21:44:46 +02:00
toby d81aa58f7c doh, actually removing the test code 2018-10-19 21:16:16 +02:00
toby d446f995c8 adding edge-support branch to the drone pipeline 2018-10-19 20:45:19 +02:00
toby ea70e243fe more work on edge.... adding support for dynamic ipsec subnets and some more minor patches 2018-10-19 19:57:07 +02:00
toby 587bba4290 more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup... 2018-10-19 17:03:43 +02:00
toby 7e1d7993fe more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup... 2018-10-19 16:56:11 +02:00
toby cfdc1cd3a9 more work ... .still ways to go,... just taking a backup... 2018-10-18 22:12:43 +02:00