f35110c15a
bird/bird6: add ZW HE routes for BGP export
2018-05-17 17:54:23 +02:00
9f56bd15a2
prepare switch from zentralwerk.online to zentralwerk.org
...
Fixes GH issue #37
2018-05-17 17:12:53 +02:00
f22d5ece93
salt/wireguard: fix syntax
2018-05-17 16:32:18 +02:00
4d6c5b0c89
salt/wireguard: add routes to endpoints
2018-05-17 16:31:06 +02:00
466a3ac49a
salt/wireguard/wireguard.service: add RemainAfterExit
2018-05-17 16:08:01 +02:00
9cebfaa70e
salt/wireguard: fix service name
2018-05-17 16:07:45 +02:00
e46894a6ba
salt/wireguard/wireguard.conf: use no DNS conf
...
this requires pkg `resolvconf'
2018-05-17 16:07:33 +02:00
7df354439d
salt/vpn/openvpn.conf: remove obsolete tun-ipv6
2018-05-17 16:04:13 +02:00
8dd79aaffe
salt/wireguard/wireguard.service: fix /etc path
2018-05-17 15:44:36 +02:00
6771506162
salt/wireguard: fix service name
2018-05-17 15:44:26 +02:00
30e72b2e72
salt/wireguard: fix .service file name
2018-05-17 15:43:15 +02:00
390607873f
salt/wireguard/wireguard.service: fix wg-quick paths
2018-05-17 15:32:37 +02:00
2a59f2cab2
salt/wireguard: replace /etc path
2018-05-17 15:29:49 +02:00
2092b2ae26
add salt/wireguard/wireguard.conf
2018-05-17 15:28:36 +02:00
f0abcb522d
prepare switching anon1 from openvpn to wireguard
2018-05-17 15:16:49 +02:00
ea35ec41d0
unbound: update dn42-zones forward-addr
2018-05-15 21:56:34 +02:00
Daniel Poelzleithner
acc4995197
give lxc containers more memory to reduce oom killings
2018-05-03 22:09:48 +02:00
562fe53936
cpe: prepare TL-Archer-C7v4 switching config
2018-04-24 21:17:59 +02:00
2a730e81c9
upstream.iptables: default to accept icmp
2018-04-15 20:42:55 +02:00
e8d76ced00
fix upstream/ipv6-tunnel-update.sh
2018-04-15 20:41:09 +02:00
14c60093cb
upstream.ipv6-tunnel: fix ipv6-tunnel-update.sh for upstream2
2018-04-14 23:51:56 +02:00
5ef733a0d7
forgot closing "
2018-04-14 22:51:25 +02:00
4ec750f083
different ifname prefixes for nightly
...
related to issue #39
2018-04-14 22:41:59 +02:00
bf6f4ae912
upstream.ipv6-tunnel: add ipv6-tunnel-update.sh for upstream2
2018-04-14 22:32:06 +02:00
483ae6fc9a
firewall/priv-stateful: fix rules
2018-04-14 21:50:38 +02:00
7b46fa12f1
firewall.priv-stateful: fix sh syntax
2018-04-14 21:49:28 +02:00
b75dc44dcf
add firewall.priv-stateful for priv13-gw
2018-04-14 21:43:27 +02:00
13c6405b86
upstream, mgmt-gw: ip{,6}tables -i lo -j ACCEPT
2018-01-20 18:43:19 +01:00
44861a4ba6
unbound: forward with DNS Over TLS
2018-01-20 17:49:15 +01:00
ed82a45730
unbound: forward to 9.9.9.9
2018-01-20 17:43:20 +01:00
8f63e23f1c
lxc-containers/config: fix gw6
2017-12-11 00:38:15 +01:00
d9d6c8cff0
Revert "apply mgmt-gw's firewall via lxc-hook"
...
This reverts commit 2f202d7b2f
.
The referenced mgmt-gw.sh gets provisioned inside the container so it
does not make sense to call it on the host.
2017-12-11 00:36:10 +01:00
7137841c96
Revert "unbound: enable forwarding to freenom.world caches"
...
This reverts commit 956c71944b
.
2017-11-16 17:55:36 +01:00
73b7339ac9
/etc/network/if-{pre-,}up.d/*: export PATH
2017-11-12 00:33:29 +01:00
885510e633
commit recent changes
2017-10-07 18:39:01 +02:00
372a0effd0
bird6.conf: export bgp into ospf
2017-10-03 16:44:27 +02:00
3dd3bb028b
bond-slaves: hot-fix
2017-07-18 20:17:48 +02:00
02e8b3948a
cpe: fix radius auth_secret
2017-07-13 01:24:07 +02:00
869bfc6c56
due to required auth_server_secret
2017-07-13 01:09:53 +02:00
b7014a7018
cpe: start radio/iface numbering at 0
2017-07-13 01:08:00 +02:00
a1a247f254
cpe: fix ifnum with this one weird trick
2017-07-13 01:03:31 +02:00
9628f7d370
cpe: fix jinja syntax
2017-07-13 00:53:59 +02:00
5b6f90e4be
cpe: discriminate wifi ifnames with -eap suffix
2017-07-13 00:41:21 +02:00
87d042e102
firewall.mgmt-gw: permit radius.hq.c3d2.de
2017-07-13 00:23:59 +02:00
2361978c55
configurable server and port
2017-07-03 23:34:45 +02:00
131fc9c73c
noauth eap with radius.hq.c3d2
...
so a network proofs its validity to the subscriber
2017-06-24 05:09:56 +02:00
root
07b838a4da
Merge branch 'master' of https://github.com/zentralwerk/network
2017-05-29 19:47:45 +02:00
webzwo0i
2f202d7b2f
apply mgmt-gw's firewall via lxc-hook
2017-05-29 19:46:45 +02:00
d52e9e6fe7
ipv6-tunnel: migrate to systemd-networkd
2017-05-18 23:52:24 +02:00
96c9a2d2f9
ipv6-tunnel: add ifupdown pkg dependency
2017-05-17 01:09:34 +02:00
5365eb116e
prepare ipv6-tunnel with he.net for upstream2
2017-05-17 01:07:06 +02:00
35da64f481
cpe: implement TL-WR740N, prepare ap22
2017-05-11 21:05:04 +02:00
0ca4e03a69
collectd: add network downstream
2017-03-28 17:31:37 +02:00
9fc6caec0d
cpe: stop dnsmasq+uhttpd on aps
2017-03-28 17:30:05 +02:00
ee98af9fa8
cpe: sensible wifi ifname in wifi-on-link.sh
2017-03-28 16:52:42 +02:00
08b1a1dd17
cpe: try configuring sensible wifi ifnames
...
fixes GH issue #32
2017-03-28 16:51:13 +02:00
163f1a57f9
cpe, switches: replace ap18 with ap21
2017-03-28 16:38:23 +02:00
82144147e8
switches/HP-procurve-2824: split bond/trunk configuration
2017-03-18 23:31:11 +01:00
956c71944b
unbound: enable forwarding to freenom.world caches
2017-03-13 22:35:59 +01:00
3ed2225040
bind: pin dyn-domain.zone serial to 1
2017-03-13 01:28:31 +01:00
a0eebbdc67
bind: fix root-domain.zone
2017-03-12 03:17:15 +01:00
e562d1e519
bind: implement dyndns
2017-03-12 03:17:15 +01:00
8f64476c2a
bind: document named.conf
2017-03-12 03:17:15 +01:00
25b5f8b9fb
remove broken nat66 upstream for upstream[12]
2017-03-12 03:17:15 +01:00
webzwo0i
c2bfd17143
Jeder access Port ist default in vlan 1, welches wir auch als mgmt
...
belassen haben. Falls ein Port als mgmt konfiguriert werden soll, muss
das eventuell vorhandene vlan gelöscht werden. Explizit vlan 1 zu
setzen geht nicht.
2017-03-02 02:32:36 +01:00
webzwo0i
a236e82cff
name command is illegal illegal here
2017-03-02 02:31:08 +01:00
4378dfb7bd
switches: dynamic link-aggregation for 3com-4200G
...
no more trouble with static groups
2017-02-09 21:30:45 +01:00
c2ece5fd83
switches: fix 3com bonding
2017-02-09 01:59:50 +01:00
beedab8bb3
cpe/ap_install_collectd.sh: fix plugins
2017-02-07 02:52:51 +01:00
2123639965
cpe: fix gateways
2017-02-07 02:44:38 +01:00
c87ae7784f
cpe: syntax fixes
2017-02-07 02:43:26 +01:00
5b5f86eb8a
cpe: unify ap mgmt conf
2017-02-07 02:42:04 +01:00
d05eedc42c
cpe: script fixes
2017-02-07 02:36:15 +01:00
aca557a875
prepare cpe/ap_install_collectd.sh
2017-02-07 02:28:57 +01:00
565feefd28
add ssh pubkey for cpe.ap
2017-02-07 02:11:32 +01:00
b5c20fcd6e
cpe.ap: configure mgmt ipv6
2017-02-07 02:11:06 +01:00
b34306f458
salt.unbound: allow mgmt access
2017-02-07 01:56:37 +01:00
2ea56e8e4e
firewall.mgmt-gw: fixes
2017-02-07 01:35:03 +01:00
4a578f67e6
firewall.mgmt-gw: add interface context
2017-02-07 01:30:57 +01:00
d65d64e4c0
firewall.mgmt-gw: fix path
2017-02-07 01:26:42 +01:00
c119edc278
firewall.mgmt-gw: allow downloads.lede-project.org
2017-02-07 01:24:02 +01:00
e969a9b105
ipv6ify mgmt
2017-02-07 01:22:19 +01:00
568fa2102d
prepare mgmt-gw container
2017-02-07 01:16:16 +01:00
64685f254f
shaping: introduce downstream shaping
2017-02-05 03:23:15 +01:00
ab68c6c879
collectd: fix jinja
2017-02-05 03:01:09 +01:00
0a443f6ad4
implement stats collection with collectd
2017-02-05 02:50:56 +01:00
93f45cdbf8
cpe: prepare ap20
2017-01-26 17:50:33 +01:00
e0640f84d6
bind: fix
2017-01-23 22:59:37 +01:00
7cbd9c1089
bind: add explicity slaves
2017-01-23 22:38:11 +01:00
9f2b51db1e
bind: don't use public-ns for internal reverse zones
2017-01-23 22:13:36 +01:00
dfdf2a290e
bind: add root-domain in named.conf
2017-01-23 22:00:32 +01:00
webzwo0i
d6240d7d6c
deploy ap13 & dir-615 router template
2017-01-20 22:55:48 +01:00
412308a466
bird: tune radv intervals and lifetimes
2017-01-20 03:15:15 +01:00
ff3abbc5d3
bird: add radv
2017-01-20 02:27:04 +01:00
2e4d0e6fb0
unbound: add local & dn42 forward-zones
2017-01-20 00:52:56 +01:00
beec71f387
bind: merge reverse[46].zone
2017-01-20 00:52:56 +01:00
02663013a2
dns
2017-01-20 00:52:56 +01:00
cf6e8efddf
bird: export static routes to bgp
2017-01-20 00:30:22 +01:00
d3783f251f
replace quagga with bird
2017-01-19 23:27:29 +01:00
195c5a07d7
server1-network: disable hw offloading
...
causes warnings in hfsc and interferes with packet timing.
2017-01-18 01:12:27 +01:00
8e174cdcf5
cpe: fixed ap mcast_rate
2017-01-18 01:11:51 +01:00
ec9cc8bc8a
cpe: configure TL-WR841Nv8 ports
2017-01-17 22:02:43 +01:00
25045fc440
switches/HP-procurve-2824: enable/disable lacp
2017-01-17 19:42:44 +01:00
bd400985a4
switches: fix & deploy switch-d1
2017-01-17 16:12:24 +01:00
5b92d5db50
vpn.openvpn: route over upstream2
2017-01-16 01:16:52 +01:00
8d0bcc70dc
implement the bgp container
2017-01-12 22:58:49 +01:00
2132a4b078
switches/HP-procurve-2824: fix bond/trunk tagging
2017-01-12 18:33:14 +01:00
716e968e83
quagga update!
2017-01-02 18:26:46 +01:00
01a8115a0f
quagga update!
2017-01-02 17:35:18 +01:00
b00abb7bc8
quagga update!
2017-01-02 17:33:26 +01:00
dd9a278263
ap.sh: remove spurious reboot arg
2016-12-22 23:58:38 +01:00
ef1bdb8c3c
quagga.zebra: enable forwarding
2016-12-19 22:07:53 +01:00
9e719980b9
quagga: rm dup SLS ID 'quagga'
2016-12-19 22:07:35 +01:00
8d51221952
quagga.zebra: enable ipv6 nd
2016-12-19 03:53:05 +01:00
1fb5f05160
internal ipv6 routing
2016-12-19 03:11:26 +01:00
6d8306bc7a
ospfd: rm obsolete TODO note
2016-12-19 03:06:29 +01:00
0ceccb4746
split ospf/ into quagga/{zebra,ospfd}/
2016-12-19 01:29:38 +01:00
f233277330
ospfd: fix systemd.service ExecStart paths
...
absolute paths are required :(
2016-12-19 00:41:09 +01:00
9c6def3c00
Merge pull request #14 from zentralwerk/dhcp-adaptive-lease
...
c
2016-12-16 00:34:17 +01:00
a9142187f2
add upstream.port-forwarding
2016-12-16 00:12:46 +01:00
webzwo0i
210ae688ce
fix intend
2016-12-16 00:01:06 +01:00
webzwo0i
a026b6e960
if a threshold is defined, use it
2016-12-15 23:03:13 +01:00
webzwo0i
0d551a082d
if pub has more than 50% active leases, limit max-lifetime
2016-12-15 22:41:03 +01:00
ceec7bf5db
dhcp: fix templating
2016-12-15 19:11:07 +01:00
3517219972
unbound: allow from c3d2
2016-12-13 01:52:58 +01:00
3d0f354a91
switches/3com-4200G: try resetting link-aggregation groups before setting them
2016-12-13 01:15:27 +01:00
691e3ebbc4
vlan c3d2 + 2 containers
2016-12-12 23:01:38 +01:00
3a6445c070
ospf: rm wrong paths
2016-12-11 03:40:14 +01:00
dc19d1a1f2
server1-network: remove unneeded up/priv bridges
2016-12-11 03:11:20 +01:00
f7b491b90f
cpe: fix all the shell syntax
2016-12-11 02:49:07 +01:00
94d6593659
cpe: tune wifis
2016-12-11 02:45:24 +01:00
779c583d13
cpe: implement wifi-on-link.sh
2016-12-11 02:25:48 +01:00
bdf0ef9a58
cpe: prepare TL-Archer-C7v2 config, deploy ap3
2016-12-11 01:46:25 +01:00
webzwo0i
2e375be97b
make unbound less verbose
2016-12-10 02:44:27 +01:00
d0f108745e
more switching shit
2016-12-09 02:52:38 +01:00
4522b8612e
server1-network: extend bonding with new NIC
2016-12-09 02:52:08 +01:00
ac8d0c7ef8
switches: prettify 3com-4200G link-aggreation group numbers
2016-12-06 03:34:04 +01:00
9c7dca3423
cpe: attempt TL-WR1043ND
2016-12-06 03:33:24 +01:00
e5d25ee36e
openvpn: systemd restart
2016-12-01 19:45:55 +01:00
0104ffa55c
server1-network: load-modules
2016-12-01 19:45:55 +01:00
5c7e8139c0
add multiple ipv6 upstream mechanisms (6to4, slac)
2016-11-29 21:52:29 +01:00
420dbea8d1
cpe: use integreated manageable switch in TL-WDR4300
2016-11-29 18:14:44 +01:00
9530840265
switches/3com-4200G: fix vlan deconfiguration
2016-11-29 18:10:08 +01:00
7b7530764d
switches: deconfigure all VLANs on 3com-4200G
2016-11-29 17:41:13 +01:00
568a22b328
switches: name 3com-4200G vlans
2016-11-29 17:36:11 +01:00
4f6da292be
cpe: TL-WDR4300
2016-11-29 16:18:35 +01:00
0a078d5115
shaping: tweak, bring back #flows
2016-11-29 16:18:07 +01:00
9fee71e219
server1-network: fix dns-nameservers
2016-11-29 02:27:37 +01:00
00cebca61b
switches: attempt fixing 3com-4200G
2016-11-29 02:24:13 +01:00
4c15782650
switches: try to improve the lacp deconfiguration situation
2016-11-29 00:44:23 +01:00