toby
|
f7738182af
|
fixing sed escape bug
|
2018-11-06 18:42:11 +01:00 |
toby
|
d6566cff38
|
enabling debugging
|
2018-11-06 18:30:27 +01:00 |
toby
|
1855169a42
|
adding bastion firewall rules to all firewalls. this is precausion so that we have the blocking rules in any event. the rest of bastion gets deployed through ansible but since if ansible gets forgotton or other things happen this will make sure the most critical things are there
|
2018-11-04 21:13:13 +01:00 |
toby
|
0868dd4df3
|
adding some early work for bastion support
|
2018-11-04 21:02:07 +01:00 |
toby
|
7aabd41def
|
simplifying and adding flexibility to the NOTRACK rules
|
2018-11-04 19:19:09 +00:00 |
toby
|
249e13bac6
|
adding mgmt IPs on the console output
|
2018-11-03 20:27:10 +01:00 |
toby
|
56d95d9bb8
|
build trigger
|
2018-11-03 19:55:06 +01:00 |
toby
|
14610d67a4
|
build trigger
|
2018-11-03 19:49:22 +01:00 |
toby
|
188c679218
|
fixing another bug for ipmi/mgmtgw interfaces
|
2018-11-03 00:02:42 +01:00 |
toby
|
51cef1a3e5
|
fixing minor bug on ipmigw/mgmtgw interface
|
2018-11-02 23:54:39 +01:00 |
toby
|
6c16ceb2c9
|
fixing typo
|
2018-11-01 21:12:23 +01:00 |
toby
|
c25c9f4e03
|
ipsec: swanctl work: binding to only lo and feth interfaces. this should potentially avoid some issues
|
2018-11-01 16:11:59 +01:00 |
toby
|
e7cdde0418
|
quick fix to allow build after adams repo release info change
|
2018-11-01 09:15:02 +01:00 |
toby
|
2bfed0b53e
|
leaving strongswan untouched since it would otherwise break a upgrade process
|
2018-10-31 23:22:31 +01:00 |
toby
|
03a8db740f
|
for now keeping the ikev1, the upgrade to v2 needs to be planned
|
2018-10-31 23:15:54 +01:00 |
toby
|
d3161082de
|
ipsec: setting source IP to loopback
|
2018-10-31 23:06:30 +01:00 |
toby
|
a6e4647a9c
|
adding more support for ipmigw/mgmtgw interfaces
|
2018-10-31 21:02:57 +01:00 |
toby
|
65b2ecb368
|
making sure systemd-timesyncd is enabled as well
|
2018-10-31 20:40:10 +01:00 |
toby
|
8b3d04f16e
|
need the .wit extension otherwise sed won't work ... doh
|
2018-10-29 20:15:58 +01:00 |
toby
|
633b0a7521
|
removing hardcoded ike version and also fixing file path for swanctl-conf file
|
2018-10-28 22:04:16 +01:00 |
toby
|
3f2238a090
|
adding swanctl draft config. not yet used but wanna eventually switch to it
|
2018-10-28 20:45:20 +01:00 |
toby
|
467548f6e8
|
ipsec: adding new key-proposal that we wanna move towards to. once rolled out, we'd like to deprecate the old weak ones
|
2018-10-26 21:46:49 +02:00 |
toby
|
056ca4c6ea
|
fixing bug in udev rule writing for mgmt/gw interfaces
|
2018-10-26 20:45:18 +02:00 |
toby
|
1dc2ca3525
|
fixing bug in udev rule writing for mgmt/gw interfaces
|
2018-10-26 20:24:47 +02:00 |
toby
|
87ee7e115e
|
first draft for bastion support, needs to be tested
|
2018-10-26 19:50:55 +02:00 |
toby
|
67c3928413
|
updateing updating/unifiying build with other repos
|
2018-10-26 00:36:25 +02:00 |
toby
|
11a6b51343
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-26 00:17:45 +02:00 |
toby
|
b9049ea671
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-26 00:03:59 +02:00 |
toby
|
d4c2dc33f3
|
pushing the unsigned deb to the new v2 cloud
|
2018-10-25 23:59:12 +02:00 |
toby
|
808090a480
|
build trigger
|
2018-10-25 19:55:05 +02:00 |
toby
|
b1e994cb79
|
build trigger
|
2018-10-25 19:54:18 +02:00 |
toby
|
f925ad46a0
|
updated IP for new mirrors in usw2
|
2018-10-24 23:07:54 +02:00 |
toby
|
31abf06342
|
setting leftsubnet to only be the local loopback instead of a wide range. this will avoid blackholing traffic for edges and potentially other nodes
|
2018-10-23 23:28:29 +02:00 |
toby
|
f9ed8fe88b
|
adding allowas-in 1 to iBGP peergroup. this allows routes coming in from peer-edge over the gre to be learn
|
2018-10-23 18:27:55 +02:00 |
toby
|
eb8a990fc8
|
tiny but major bug in frr config
|
2018-10-23 17:39:54 +02:00 |
toby
|
82146158cd
|
allowing the gre if local asn to be dynamically assigned as well
|
2018-10-23 16:59:12 +02:00 |
toby
|
d67b225792
|
cleanup firewall rules and making unnumbered bgp rules a tad more restrictive
|
2018-10-21 23:08:58 +02:00 |
toby
|
c7d116d1c1
|
adding firewall rules for edge boxes
|
2018-10-20 18:55:45 +02:00 |
toby
|
0eceabfe1d
|
implementing some ad-hoc patches I did yesterday to get it going
|
2018-10-20 17:51:53 +02:00 |
toby
|
3124cda0f2
|
up1 should not run dad attempts
|
2018-10-19 23:37:46 +02:00 |
toby
|
f2777bdbee
|
adding broadcom nic firmware as dependency
|
2018-10-19 23:18:44 +02:00 |
toby
|
1003c71e11
|
have ibgp interface also added to the neighbors obviously...
|
2018-10-19 23:08:31 +02:00 |
toby
|
aa0bef898b
|
adding ibgp interface to frrconfig and fixing syntax in up1-interfaces config
|
2018-10-19 23:01:19 +02:00 |
toby
|
ea89e74311
|
removing also test echo output
|
2018-10-19 21:44:46 +02:00 |
toby
|
d81aa58f7c
|
doh, actually removing the test code
|
2018-10-19 21:16:16 +02:00 |
toby
|
d446f995c8
|
adding edge-support branch to the drone pipeline
|
2018-10-19 20:45:19 +02:00 |
toby
|
ea70e243fe
|
more work on edge.... adding support for dynamic ipsec subnets and some more minor patches
|
2018-10-19 19:57:07 +02:00 |
toby
|
587bba4290
|
more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup...
|
2018-10-19 17:03:43 +02:00 |
toby
|
7e1d7993fe
|
more work on edge / dynamic frr config... .making progress but still ways to go,... just taking a backup...
|
2018-10-19 16:56:11 +02:00 |
toby
|
cfdc1cd3a9
|
more work ... .still ways to go,... just taking a backup...
|
2018-10-18 22:12:43 +02:00 |