Now that we have trusted wireless networks, we want to be able to
allow hosts to use dynamically assigned addresses on those networks
and still claim their stable VPN addresses (e.g., for centralized
management). For this to work, the internal endpoint of the VPN hub
has to be outside of the internal network range.
This is currently especially broken for radius, since it's the main
router in the house network.
(fender :abbrev f (colo :abbrev fc) (jump :abbrev fj))
(fender (colo :addr fender.colo :sshfp "fender")
(jump :addr fender.jump :sshfp "fender"))
(fender :abbrev f (colo :abbrev fc) (jump :abbrev fj))
(fender (colo :addr fender.colo :sshfp "fender")
(jump :addr fender.jump :sshfp "fender"))
- (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj))
+ (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj) (vpn :abbrev pv))
(precision (colo :addr precision.colo :sshfp "precision")
(precision (colo :addr precision.colo :sshfp "precision")
- (jump :addr precision.jump :sshfp "precision"))
+ (jump :addr precision.jump :sshfp "precision")
+ (vpn :addr precision.vpn :sshfp "precision"))
(telecaster :alias tele :abbrev t
(colo :alias tele.colo :abbrev tc)
(jump :alias tele.jump :abbrev tj))
(telecaster :alias tele :abbrev t
(colo :alias tele.colo :abbrev tc)
(jump :alias tele.jump :abbrev tj))
(jump :alias strat.jump :abbrev sj))
(stratocaster (colo :addr stratocaster.colo :sshfp "stratocaster")
(jump :addr stratocaster.jump :sshfp "stratocaster"))
(jump :alias strat.jump :abbrev sj))
(stratocaster (colo :addr stratocaster.colo :sshfp "stratocaster")
(jump :addr stratocaster.jump :sshfp "stratocaster"))
- (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj))
+ (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj) (vpn :abbrev :zv))
(jazz (colo :addr jazz.colo :sshfp "jazz")
(jump :addr jazz.jump :sshfp "jazz")
(jazz (colo :addr jazz.colo :sshfp "jazz")
(jump :addr jazz.jump :sshfp "jazz")
+ (vpn :addr jazz.vpn :sshfp "jazz")
(iodine :addr jazz.iodine :sshfp "jazz"))
;; Media server (on loan to Good Technology HSTG).
(iodine :addr jazz.iodine :sshfp "jazz"))
;; Media server (on loan to Good Technology HSTG).
(safe :net safe)
(untrusted :net untrusted)
(vampire :abbrev v
(safe :net safe)
(untrusted :net untrusted)
(vampire :abbrev v
- (unsafe :abbrev vu) (dmz :abbrev vd)
+ (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv)
(safe :abbrev vs) (untrusted :abbrev vx))
(vampire (unsafe :addr vampire.unsafe :sshfp "vampire")
(dmz :addr vampire.dmz :sshfp "vampire")
(safe :abbrev vs) (untrusted :abbrev vx))
(vampire (unsafe :addr vampire.unsafe :sshfp "vampire")
(dmz :addr vampire.dmz :sshfp "vampire")
+ (vpn :addr vampire.vpn :sshfp "vampire")
(safe :addr vampire.safe :sshfp "vampire")
(untrusted :addr vampire.untrusted :sshfp "vampire"))
(ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id))
(ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez")
(dmz :addr ibanez.dmz :sshfp "ibanez"))
(radius :abbrev r
(safe :addr vampire.safe :sshfp "vampire")
(untrusted :addr vampire.untrusted :sshfp "vampire"))
(ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id))
(ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez")
(dmz :addr ibanez.dmz :sshfp "ibanez"))
(radius :abbrev r
- (unsafe :abbrev ru) (dmz :abbrev rd)
+ (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv)
(safe :abbrev rs) (untrusted :abbrev rx))
(radius (unsafe :addr radius.unsafe :sshfp "radius")
(dmz :addr radius.dmz :sshfp "radius")
(safe :abbrev rs) (untrusted :abbrev rx))
(radius (unsafe :addr radius.unsafe :sshfp "radius")
(dmz :addr radius.dmz :sshfp "radius")
+ (vpn :addr radius.vpn :sshfp "radius")
(safe :addr radius.safe :sshfp "radius")
(untrusted :addr radius.untrusted :sshfp "radius"))
(roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd))
(safe :addr radius.safe :sshfp "radius")
(untrusted :addr radius.untrusted :sshfp "radius"))
(roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd))
(defhost terror.vpn ((:ipv4 vpn 2)))
(defhost orange.vpn ((:ipv4 vpn 3) (:ipv6 vpn "::3:1")))
(defhost haze.vpn ((:ipv4 vpn 4) (:ipv6 vpn "::4:1")))
(defhost terror.vpn ((:ipv4 vpn 2)))
(defhost orange.vpn ((:ipv4 vpn 3) (:ipv6 vpn "::3:1")))
(defhost haze.vpn ((:ipv4 vpn 4) (:ipv6 vpn "::4:1")))
+(defhost radius.vpn ((:ipv4 vpn 5) (:ipv6 vpn "::5:1")))
+(defhost precision.vpn ((:ipv4 vpn 6) (:ipv6 vpn "::6:1")))
+(defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1")))
+(defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))
;; Iodine network.
(defhost jazz.iodine (iodine 1))
;; Iodine network.
(defhost jazz.iodine (iodine 1))
~mdw / zones / commitdiff