cf262a7ce2
firewall/mgmt-gw: add archive.openwrt.org to whitelist
2018-07-24 20:46:24 +02:00
b0ef3d6af9
bird: fix ULA BGP route
2018-06-26 23:02:33 +02:00
59667adf30
bind: ctxify 'public-ns'
2018-06-26 22:46:35 +02:00
f31506a36b
unbound: forward 99.22.172.in-addr.arpa to ns.c3d2.de
2018-06-25 00:45:48 +02:00
de9247cc70
collectd: forward to flatbert
2018-06-24 22:55:52 +02:00
0258849da2
dns slave updates
2018-06-23 02:57:46 +02:00
04583f4f2d
unbound/local-zones.conf: fix lines switcheroo
2018-06-23 02:39:33 +02:00
6e08db4af8
fix the python
2018-06-23 02:29:14 +02:00
fcb09714f3
unbound/local-zones.conf: fix the python
2018-06-23 02:28:18 +02:00
28f6181ba7
upstream.dyndns: specify bind root-domain ctx
2018-06-23 02:25:55 +02:00
c5aa7f9e11
bind: fix net-domain ctx
2018-06-23 02:22:31 +02:00
8729a12fbf
bind: ctx fixes
2018-06-23 02:14:10 +02:00
f709d39ffa
bind: fix syntax
2018-06-23 02:10:54 +02:00
537733a15b
bind: fix ctx for reverse.zone
2018-06-23 02:09:42 +02:00
72e3718bf5
bind, unbound: prepare dns in ctx
2018-06-23 02:04:35 +02:00
40806a77c7
dhcp6: fix prefix-interface ifid
2018-06-23 00:30:35 +02:00
0386953918
bird: fix radv for subnets-inet6 ctxs
2018-06-23 00:23:33 +02:00
15c6f5708c
bird: fix radv for subnets-inet6 ctxs
2018-06-23 00:22:05 +02:00
3c6fc16a90
hosts/subnet: add ctx to allow multiple inet6 addrs
2018-06-23 00:12:35 +02:00
6320ad92d0
bird: add 2a02:8106:208:5200::/56
2018-06-22 23:33:10 +02:00
58a75b6367
upstream1: enable 6slac for default route
2018-06-22 23:22:47 +02:00
5f265ea641
upstream1: prepare dhcp6
2018-06-22 23:06:52 +02:00
c8b7519948
route anon1 over upstream1
2018-06-18 23:21:15 +02:00
8df921c2c1
ap.sh TL-1043NDv4: fix WAN port id for mgmt vlan
2018-05-31 01:53:57 +02:00
03e9afa169
cpe: add switch configuration for TL-WR1043NDv4
2018-05-24 01:13:43 +02:00
f35110c15a
bird/bird6: add ZW HE routes for BGP export
2018-05-17 17:54:23 +02:00
9f56bd15a2
prepare switch from zentralwerk.online to zentralwerk.org
...
Fixes GH issue #37
2018-05-17 17:12:53 +02:00
f22d5ece93
salt/wireguard: fix syntax
2018-05-17 16:32:18 +02:00
4d6c5b0c89
salt/wireguard: add routes to endpoints
2018-05-17 16:31:06 +02:00
466a3ac49a
salt/wireguard/wireguard.service: add RemainAfterExit
2018-05-17 16:08:01 +02:00
9cebfaa70e
salt/wireguard: fix service name
2018-05-17 16:07:45 +02:00
e46894a6ba
salt/wireguard/wireguard.conf: use no DNS conf
...
this requires pkg `resolvconf'
2018-05-17 16:07:33 +02:00
7df354439d
salt/vpn/openvpn.conf: remove obsolete tun-ipv6
2018-05-17 16:04:13 +02:00
8dd79aaffe
salt/wireguard/wireguard.service: fix /etc path
2018-05-17 15:44:36 +02:00
6771506162
salt/wireguard: fix service name
2018-05-17 15:44:26 +02:00
30e72b2e72
salt/wireguard: fix .service file name
2018-05-17 15:43:15 +02:00
390607873f
salt/wireguard/wireguard.service: fix wg-quick paths
2018-05-17 15:32:37 +02:00
2a59f2cab2
salt/wireguard: replace /etc path
2018-05-17 15:29:49 +02:00
2092b2ae26
add salt/wireguard/wireguard.conf
2018-05-17 15:28:36 +02:00
f0abcb522d
prepare switching anon1 from openvpn to wireguard
2018-05-17 15:16:49 +02:00
ea35ec41d0
unbound: update dn42-zones forward-addr
2018-05-15 21:56:34 +02:00
Daniel Poelzleithner
acc4995197
give lxc containers more memory to reduce oom killings
2018-05-03 22:09:48 +02:00
562fe53936
cpe: prepare TL-Archer-C7v4 switching config
2018-04-24 21:17:59 +02:00
2a730e81c9
upstream.iptables: default to accept icmp
2018-04-15 20:42:55 +02:00
e8d76ced00
fix upstream/ipv6-tunnel-update.sh
2018-04-15 20:41:09 +02:00
14c60093cb
upstream.ipv6-tunnel: fix ipv6-tunnel-update.sh for upstream2
2018-04-14 23:51:56 +02:00
5ef733a0d7
forgot closing "
2018-04-14 22:51:25 +02:00
4ec750f083
different ifname prefixes for nightly
...
related to issue #39
2018-04-14 22:41:59 +02:00
bf6f4ae912
upstream.ipv6-tunnel: add ipv6-tunnel-update.sh for upstream2
2018-04-14 22:32:06 +02:00
483ae6fc9a
firewall/priv-stateful: fix rules
2018-04-14 21:50:38 +02:00
7b46fa12f1
firewall.priv-stateful: fix sh syntax
2018-04-14 21:49:28 +02:00
b75dc44dcf
add firewall.priv-stateful for priv13-gw
2018-04-14 21:43:27 +02:00
13c6405b86
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT
2018-01-20 18:43:19 +01:00
44861a4ba6
unbound: forward with DNS Over TLS
2018-01-20 17:49:15 +01:00
ed82a45730
unbound: forward to 9.9.9.9
2018-01-20 17:43:20 +01:00
8f63e23f1c
lxc-containers/config: fix gw6
2017-12-11 00:38:15 +01:00
d9d6c8cff0
Revert "apply mgmt-gw's firewall via lxc-hook"
...
This reverts commit 2f202d7b2f
.
The referenced mgmt-gw.sh gets provisioned inside the container so it
does not make sense to call it on the host.
2017-12-11 00:36:10 +01:00
7137841c96
Revert "unbound: enable forwarding to freenom.world caches"
...
This reverts commit 956c71944b
.
2017-11-16 17:55:36 +01:00
73b7339ac9
/etc/network/if-{pre-,}up.d/*: export PATH
2017-11-12 00:33:29 +01:00
885510e633
commit recent changes
2017-10-07 18:39:01 +02:00
372a0effd0
bird6.conf: export bgp into ospf
2017-10-03 16:44:27 +02:00
3dd3bb028b
bond-slaves: hot-fix
2017-07-18 20:17:48 +02:00
02e8b3948a
cpe: fix radius auth_secret
2017-07-13 01:24:07 +02:00
869bfc6c56
due to required auth_server_secret
2017-07-13 01:09:53 +02:00
b7014a7018
cpe: start radio/iface numbering at 0
2017-07-13 01:08:00 +02:00
a1a247f254
cpe: fix ifnum with this one weird trick
2017-07-13 01:03:31 +02:00
9628f7d370
cpe: fix jinja syntax
2017-07-13 00:53:59 +02:00
5b6f90e4be
cpe: discriminate wifi ifnames with -eap suffix
2017-07-13 00:41:21 +02:00
87d042e102
firewall.mgmt-gw: permit radius.hq.c3d2.de
2017-07-13 00:23:59 +02:00
2361978c55
configurable server and port
2017-07-03 23:34:45 +02:00
131fc9c73c
noauth eap with radius.hq.c3d2
...
so a network proofs its validity to the subscriber
2017-06-24 05:09:56 +02:00
root
07b838a4da
Merge branch 'master' of https://github.com/zentralwerk/network
2017-05-29 19:47:45 +02:00
webzwo0i
2f202d7b2f
apply mgmt-gw's firewall via lxc-hook
2017-05-29 19:46:45 +02:00
d52e9e6fe7
ipv6-tunnel: migrate to systemd-networkd
2017-05-18 23:52:24 +02:00
96c9a2d2f9
ipv6-tunnel: add ifupdown pkg dependency
2017-05-17 01:09:34 +02:00
5365eb116e
prepare ipv6-tunnel with he.net for upstream2
2017-05-17 01:07:06 +02:00
35da64f481
cpe: implement TL-WR740N, prepare ap22
2017-05-11 21:05:04 +02:00
0ca4e03a69
collectd: add network downstream
2017-03-28 17:31:37 +02:00
9fc6caec0d
cpe: stop dnsmasq+uhttpd on aps
2017-03-28 17:30:05 +02:00
ee98af9fa8
cpe: sensible wifi ifname in wifi-on-link.sh
2017-03-28 16:52:42 +02:00
08b1a1dd17
cpe: try configuring sensible wifi ifnames
...
fixes GH issue #32
2017-03-28 16:51:13 +02:00
163f1a57f9
cpe, switches: replace ap18 with ap21
2017-03-28 16:38:23 +02:00
82144147e8
switches/HP-procurve-2824: split bond/trunk configuration
2017-03-18 23:31:11 +01:00
956c71944b
unbound: enable forwarding to freenom.world caches
2017-03-13 22:35:59 +01:00
3ed2225040
bind: pin dyn-domain.zone serial to 1
2017-03-13 01:28:31 +01:00
a0eebbdc67
bind: fix root-domain.zone
2017-03-12 03:17:15 +01:00
e562d1e519
bind: implement dyndns
2017-03-12 03:17:15 +01:00
8f64476c2a
bind: document named.conf
2017-03-12 03:17:15 +01:00
25b5f8b9fb
remove broken nat66 upstream for upstream[12]
2017-03-12 03:17:15 +01:00
webzwo0i
c2bfd17143
Jeder access Port ist default in vlan 1, welches wir auch als mgmt
...
belassen haben. Falls ein Port als mgmt konfiguriert werden soll, muss
das eventuell vorhandene vlan gelöscht werden. Explizit vlan 1 zu
setzen geht nicht.
2017-03-02 02:32:36 +01:00
webzwo0i
a236e82cff
name command is illegal illegal here
2017-03-02 02:31:08 +01:00
4378dfb7bd
switches: dynamic link-aggregation for 3com-4200G
...
no more trouble with static groups
2017-02-09 21:30:45 +01:00
c2ece5fd83
switches: fix 3com bonding
2017-02-09 01:59:50 +01:00
beedab8bb3
cpe/ap_install_collectd.sh: fix plugins
2017-02-07 02:52:51 +01:00
2123639965
cpe: fix gateways
2017-02-07 02:44:38 +01:00
c87ae7784f
cpe: syntax fixes
2017-02-07 02:43:26 +01:00
5b5f86eb8a
cpe: unify ap mgmt conf
2017-02-07 02:42:04 +01:00
d05eedc42c
cpe: script fixes
2017-02-07 02:36:15 +01:00
aca557a875
prepare cpe/ap_install_collectd.sh
2017-02-07 02:28:57 +01:00
565feefd28
add ssh pubkey for cpe.ap
2017-02-07 02:11:32 +01:00