7b46fa12f1
firewall.priv-stateful: fix sh syntax
2018-04-14 21:49:28 +02:00
b75dc44dcf
add firewall.priv-stateful for priv13-gw
2018-04-14 21:43:27 +02:00
13c6405b86
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT
2018-01-20 18:43:19 +01:00
44861a4ba6
unbound: forward with DNS Over TLS
2018-01-20 17:49:15 +01:00
ed82a45730
unbound: forward to 9.9.9.9
2018-01-20 17:43:20 +01:00
8f63e23f1c
lxc-containers/config: fix gw6
2017-12-11 00:38:15 +01:00
d9d6c8cff0
Revert "apply mgmt-gw's firewall via lxc-hook"
...
This reverts commit 2f202d7b2f
.
The referenced mgmt-gw.sh gets provisioned inside the container so it
does not make sense to call it on the host.
2017-12-11 00:36:10 +01:00
7137841c96
Revert "unbound: enable forwarding to freenom.world caches"
...
This reverts commit 956c71944b
.
2017-11-16 17:55:36 +01:00
73b7339ac9
/etc/network/if-{pre-,}up.d/*: export PATH
2017-11-12 00:33:29 +01:00
885510e633
commit recent changes
2017-10-07 18:39:01 +02:00
372a0effd0
bird6.conf: export bgp into ospf
2017-10-03 16:44:27 +02:00
3dd3bb028b
bond-slaves: hot-fix
2017-07-18 20:17:48 +02:00
02e8b3948a
cpe: fix radius auth_secret
2017-07-13 01:24:07 +02:00
869bfc6c56
due to required auth_server_secret
2017-07-13 01:09:53 +02:00
b7014a7018
cpe: start radio/iface numbering at 0
2017-07-13 01:08:00 +02:00
a1a247f254
cpe: fix ifnum with this one weird trick
2017-07-13 01:03:31 +02:00
9628f7d370
cpe: fix jinja syntax
2017-07-13 00:53:59 +02:00
5b6f90e4be
cpe: discriminate wifi ifnames with -eap suffix
2017-07-13 00:41:21 +02:00
87d042e102
firewall.mgmt-gw: permit radius.hq.c3d2.de
2017-07-13 00:23:59 +02:00
2361978c55
configurable server and port
2017-07-03 23:34:45 +02:00
131fc9c73c
noauth eap with radius.hq.c3d2
...
so a network proofs its validity to the subscriber
2017-06-24 05:09:56 +02:00
root
07b838a4da
Merge branch 'master' of https://github.com/zentralwerk/network
2017-05-29 19:47:45 +02:00
webzwo0i
2f202d7b2f
apply mgmt-gw's firewall via lxc-hook
2017-05-29 19:46:45 +02:00
d52e9e6fe7
ipv6-tunnel: migrate to systemd-networkd
2017-05-18 23:52:24 +02:00
96c9a2d2f9
ipv6-tunnel: add ifupdown pkg dependency
2017-05-17 01:09:34 +02:00
5365eb116e
prepare ipv6-tunnel with he.net for upstream2
2017-05-17 01:07:06 +02:00
35da64f481
cpe: implement TL-WR740N, prepare ap22
2017-05-11 21:05:04 +02:00
0ca4e03a69
collectd: add network downstream
2017-03-28 17:31:37 +02:00
9fc6caec0d
cpe: stop dnsmasq+uhttpd on aps
2017-03-28 17:30:05 +02:00
ee98af9fa8
cpe: sensible wifi ifname in wifi-on-link.sh
2017-03-28 16:52:42 +02:00
08b1a1dd17
cpe: try configuring sensible wifi ifnames
...
fixes GH issue #32
2017-03-28 16:51:13 +02:00
163f1a57f9
cpe, switches: replace ap18 with ap21
2017-03-28 16:38:23 +02:00
82144147e8
switches/HP-procurve-2824: split bond/trunk configuration
2017-03-18 23:31:11 +01:00
956c71944b
unbound: enable forwarding to freenom.world caches
2017-03-13 22:35:59 +01:00
3ed2225040
bind: pin dyn-domain.zone serial to 1
2017-03-13 01:28:31 +01:00
a0eebbdc67
bind: fix root-domain.zone
2017-03-12 03:17:15 +01:00
e562d1e519
bind: implement dyndns
2017-03-12 03:17:15 +01:00
8f64476c2a
bind: document named.conf
2017-03-12 03:17:15 +01:00
25b5f8b9fb
remove broken nat66 upstream for upstream[12]
2017-03-12 03:17:15 +01:00
webzwo0i
c2bfd17143
Jeder access Port ist default in vlan 1, welches wir auch als mgmt
...
belassen haben. Falls ein Port als mgmt konfiguriert werden soll, muss
das eventuell vorhandene vlan gelöscht werden. Explizit vlan 1 zu
setzen geht nicht.
2017-03-02 02:32:36 +01:00
webzwo0i
a236e82cff
name command is illegal illegal here
2017-03-02 02:31:08 +01:00
4378dfb7bd
switches: dynamic link-aggregation for 3com-4200G
...
no more trouble with static groups
2017-02-09 21:30:45 +01:00
c2ece5fd83
switches: fix 3com bonding
2017-02-09 01:59:50 +01:00
beedab8bb3
cpe/ap_install_collectd.sh: fix plugins
2017-02-07 02:52:51 +01:00
2123639965
cpe: fix gateways
2017-02-07 02:44:38 +01:00
c87ae7784f
cpe: syntax fixes
2017-02-07 02:43:26 +01:00
5b5f86eb8a
cpe: unify ap mgmt conf
2017-02-07 02:42:04 +01:00
d05eedc42c
cpe: script fixes
2017-02-07 02:36:15 +01:00
aca557a875
prepare cpe/ap_install_collectd.sh
2017-02-07 02:28:57 +01:00
565feefd28
add ssh pubkey for cpe.ap
2017-02-07 02:11:32 +01:00
b5c20fcd6e
cpe.ap: configure mgmt ipv6
2017-02-07 02:11:06 +01:00
b34306f458
salt.unbound: allow mgmt access
2017-02-07 01:56:37 +01:00
2ea56e8e4e
firewall.mgmt-gw: fixes
2017-02-07 01:35:03 +01:00
4a578f67e6
firewall.mgmt-gw: add interface context
2017-02-07 01:30:57 +01:00
d65d64e4c0
firewall.mgmt-gw: fix path
2017-02-07 01:26:42 +01:00
c119edc278
firewall.mgmt-gw: allow downloads.lede-project.org
2017-02-07 01:24:02 +01:00
e969a9b105
ipv6ify mgmt
2017-02-07 01:22:19 +01:00
568fa2102d
prepare mgmt-gw container
2017-02-07 01:16:16 +01:00
64685f254f
shaping: introduce downstream shaping
2017-02-05 03:23:15 +01:00
ab68c6c879
collectd: fix jinja
2017-02-05 03:01:09 +01:00
0a443f6ad4
implement stats collection with collectd
2017-02-05 02:50:56 +01:00
93f45cdbf8
cpe: prepare ap20
2017-01-26 17:50:33 +01:00
e0640f84d6
bind: fix
2017-01-23 22:59:37 +01:00
7cbd9c1089
bind: add explicity slaves
2017-01-23 22:38:11 +01:00
9f2b51db1e
bind: don't use public-ns for internal reverse zones
2017-01-23 22:13:36 +01:00
dfdf2a290e
bind: add root-domain in named.conf
2017-01-23 22:00:32 +01:00
webzwo0i
d6240d7d6c
deploy ap13 & dir-615 router template
2017-01-20 22:55:48 +01:00
412308a466
bird: tune radv intervals and lifetimes
2017-01-20 03:15:15 +01:00
ff3abbc5d3
bird: add radv
2017-01-20 02:27:04 +01:00
2e4d0e6fb0
unbound: add local & dn42 forward-zones
2017-01-20 00:52:56 +01:00
beec71f387
bind: merge reverse[46].zone
2017-01-20 00:52:56 +01:00
02663013a2
dns
2017-01-20 00:52:56 +01:00
cf6e8efddf
bird: export static routes to bgp
2017-01-20 00:30:22 +01:00
d3783f251f
replace quagga with bird
2017-01-19 23:27:29 +01:00
195c5a07d7
server1-network: disable hw offloading
...
causes warnings in hfsc and interferes with packet timing.
2017-01-18 01:12:27 +01:00
8e174cdcf5
cpe: fixed ap mcast_rate
2017-01-18 01:11:51 +01:00
ec9cc8bc8a
cpe: configure TL-WR841Nv8 ports
2017-01-17 22:02:43 +01:00
25045fc440
switches/HP-procurve-2824: enable/disable lacp
2017-01-17 19:42:44 +01:00
bd400985a4
switches: fix & deploy switch-d1
2017-01-17 16:12:24 +01:00
5b92d5db50
vpn.openvpn: route over upstream2
2017-01-16 01:16:52 +01:00
8d0bcc70dc
implement the bgp container
2017-01-12 22:58:49 +01:00
2132a4b078
switches/HP-procurve-2824: fix bond/trunk tagging
2017-01-12 18:33:14 +01:00
716e968e83
quagga update!
2017-01-02 18:26:46 +01:00
01a8115a0f
quagga update!
2017-01-02 17:35:18 +01:00
b00abb7bc8
quagga update!
2017-01-02 17:33:26 +01:00
dd9a278263
ap.sh: remove spurious reboot arg
2016-12-22 23:58:38 +01:00
ef1bdb8c3c
quagga.zebra: enable forwarding
2016-12-19 22:07:53 +01:00
9e719980b9
quagga: rm dup SLS ID 'quagga'
2016-12-19 22:07:35 +01:00
8d51221952
quagga.zebra: enable ipv6 nd
2016-12-19 03:53:05 +01:00
1fb5f05160
internal ipv6 routing
2016-12-19 03:11:26 +01:00
6d8306bc7a
ospfd: rm obsolete TODO note
2016-12-19 03:06:29 +01:00
0ceccb4746
split ospf/ into quagga/{zebra,ospfd}/
2016-12-19 01:29:38 +01:00
f233277330
ospfd: fix systemd.service ExecStart paths
...
absolute paths are required :(
2016-12-19 00:41:09 +01:00
9c6def3c00
Merge pull request #14 from zentralwerk/dhcp-adaptive-lease
...
c
2016-12-16 00:34:17 +01:00
a9142187f2
add upstream.port-forwarding
2016-12-16 00:12:46 +01:00
webzwo0i
210ae688ce
fix intend
2016-12-16 00:01:06 +01:00
webzwo0i
a026b6e960
if a threshold is defined, use it
2016-12-15 23:03:13 +01:00
webzwo0i
0d551a082d
if pub has more than 50% active leases, limit max-lifetime
2016-12-15 22:41:03 +01:00
ceec7bf5db
dhcp: fix templating
2016-12-15 19:11:07 +01:00
3517219972
unbound: allow from c3d2
2016-12-13 01:52:58 +01:00
3d0f354a91
switches/3com-4200G: try resetting link-aggregation groups before setting them
2016-12-13 01:15:27 +01:00
691e3ebbc4
vlan c3d2 + 2 containers
2016-12-12 23:01:38 +01:00
3a6445c070
ospf: rm wrong paths
2016-12-11 03:40:14 +01:00
dc19d1a1f2
server1-network: remove unneeded up/priv bridges
2016-12-11 03:11:20 +01:00
f7b491b90f
cpe: fix all the shell syntax
2016-12-11 02:49:07 +01:00
94d6593659
cpe: tune wifis
2016-12-11 02:45:24 +01:00
779c583d13
cpe: implement wifi-on-link.sh
2016-12-11 02:25:48 +01:00
bdf0ef9a58
cpe: prepare TL-Archer-C7v2 config, deploy ap3
2016-12-11 01:46:25 +01:00
webzwo0i
2e375be97b
make unbound less verbose
2016-12-10 02:44:27 +01:00
d0f108745e
more switching shit
2016-12-09 02:52:38 +01:00
4522b8612e
server1-network: extend bonding with new NIC
2016-12-09 02:52:08 +01:00
ac8d0c7ef8
switches: prettify 3com-4200G link-aggreation group numbers
2016-12-06 03:34:04 +01:00
9c7dca3423
cpe: attempt TL-WR1043ND
2016-12-06 03:33:24 +01:00
e5d25ee36e
openvpn: systemd restart
2016-12-01 19:45:55 +01:00
0104ffa55c
server1-network: load-modules
2016-12-01 19:45:55 +01:00
5c7e8139c0
add multiple ipv6 upstream mechanisms (6to4, slac)
2016-11-29 21:52:29 +01:00
420dbea8d1
cpe: use integreated manageable switch in TL-WDR4300
2016-11-29 18:14:44 +01:00
9530840265
switches/3com-4200G: fix vlan deconfiguration
2016-11-29 18:10:08 +01:00
7b7530764d
switches: deconfigure all VLANs on 3com-4200G
2016-11-29 17:41:13 +01:00
568a22b328
switches: name 3com-4200G vlans
2016-11-29 17:36:11 +01:00
4f6da292be
cpe: TL-WDR4300
2016-11-29 16:18:35 +01:00
0a078d5115
shaping: tweak, bring back #flows
2016-11-29 16:18:07 +01:00
9fee71e219
server1-network: fix dns-nameservers
2016-11-29 02:27:37 +01:00
00cebca61b
switches: attempt fixing 3com-4200G
2016-11-29 02:24:13 +01:00
4c15782650
switches: try to improve the lacp deconfiguration situation
2016-11-29 00:44:23 +01:00
d80943b491
switches: fix TL-SG3210 bonding
2016-11-29 00:30:36 +01:00
865e26b720
server1-network: core dns-nameservers
2016-11-29 00:27:57 +01:00
81813cc13f
ospf: mkdir /var/run/quagga fixes
2016-11-29 00:22:42 +01:00
0d99dc4d56
lxc-containers: allow fixed hwaddr
2016-11-29 00:19:10 +01:00
04f28303ec
ospf: mkdir /var/run/quagga fixes
2016-11-28 23:49:37 +01:00
9b9b2fe575
lxc-containers: fix hwaddr templating
2016-11-28 23:24:00 +01:00
5b733dc069
lxc-containers: use the proper way to create /dev/net/tun for openvpn
2016-11-28 23:23:06 +01:00
aa0d40e6c4
switches: split trunk mode into trunk and bond
2016-11-28 23:15:02 +01:00
72cf0ed464
cpe ap configuration
2016-11-28 17:17:59 +01:00
2dd16b60f5
server1-network: fix lacp
...
separate slave configuration led to slaves being added before bond mode
was set which must not happen.
2016-11-28 17:12:28 +01:00
821922e8e8
switches: HP-procurve-2824 docs
2016-11-27 01:10:36 +01:00
1100432b95
fix switches
2016-11-26 03:02:27 +01:00
89be4dae61
lxc-containers: generate hwaddrs
2016-11-26 02:53:58 +01:00
67056cf2fa
shaping: fix dangerous divisor!
2016-11-26 02:43:14 +01:00
88710eb24e
switches: nostp for up*
2016-11-26 02:42:20 +01:00
1f4faf081d
unbound: allow localhost
2016-11-26 01:03:43 +01:00
db70f1403d
fix ospf
2016-11-26 01:03:30 +01:00
07efe1620d
rewire lxc-containers to 100% bridging
2016-11-23 01:11:32 +01:00
952c0f3b19
switches/HP-procurve-2824: don't deconfig trunks
...
these switches will immediately autoconfigure a "dynamnic trunk" that is
quickest dissolved by going onsite, unlocking the rack, and unplugging
the cables.
2016-11-22 23:55:15 +01:00
710f5973f5
ospf: limit redistribute
2016-11-22 20:01:49 +01:00
b40d21fe17
server1-network: bond+br tuning
2016-11-22 17:35:20 +01:00
7b99b079eb
unbound: fixes, root.hint
2016-11-22 17:35:00 +01:00
ebba2d1473
dns improvements
2016-11-18 02:59:53 +01:00
1fb88bd139
openvpn improvement
2016-11-18 02:34:44 +01:00
df227f48cf
unbound fix
2016-11-18 02:34:27 +01:00