From aa779726bf98d1aa5e735d9f1ed5e0d69dc80de5 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sat, 14 Mar 2015 12:05:00 +0000 Subject: [PATCH] distorted.lisp, hosts.lisp: Assign VPN addresses to VPN hubs. Now that we have trusted wireless networks, we want to be able to allow hosts to use dynamically assigned addresses on those networks and still claim their stable VPN addresses (e.g., for centralized management). For this to work, the internal endpoint of the VPN hub has to be outside of the internal network range. This is currently especially broken for radius, since it's the main router in the house network. --- distorted.lisp | 14 +++++++++----- hosts.lisp | 4 ++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/distorted.lisp b/distorted.lisp index fbb1f8f..a1ababa 100644 --- a/distorted.lisp +++ b/distorted.lisp @@ -191,9 +191,10 @@ (fender :abbrev f (colo :abbrev fc) (jump :abbrev fj)) (fender (colo :addr fender.colo :sshfp "fender") (jump :addr fender.jump :sshfp "fender")) - (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj)) + (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj) (vpn :abbrev pv)) (precision (colo :addr precision.colo :sshfp "precision") - (jump :addr precision.jump :sshfp "precision")) + (jump :addr precision.jump :sshfp "precision") + (vpn :addr precision.vpn :sshfp "precision")) (telecaster :alias tele :abbrev t (colo :alias tele.colo :abbrev tc) (jump :alias tele.jump :abbrev tj)) @@ -204,9 +205,10 @@ (jump :alias strat.jump :abbrev sj)) (stratocaster (colo :addr stratocaster.colo :sshfp "stratocaster") (jump :addr stratocaster.jump :sshfp "stratocaster")) - (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj)) + (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj) (vpn :abbrev :zv)) (jazz (colo :addr jazz.colo :sshfp "jazz") (jump :addr jazz.jump :sshfp "jazz") + (vpn :addr jazz.vpn :sshfp "jazz") (iodine :addr jazz.iodine :sshfp "jazz")) ;; Media server (on loan to Good Technology HSTG). @@ -236,20 +238,22 @@ (safe :net safe) (untrusted :net untrusted) (vampire :abbrev v - (unsafe :abbrev vu) (dmz :abbrev vd) + (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv) (safe :abbrev vs) (untrusted :abbrev vx)) (vampire (unsafe :addr vampire.unsafe :sshfp "vampire") (dmz :addr vampire.dmz :sshfp "vampire") + (vpn :addr vampire.vpn :sshfp "vampire") (safe :addr vampire.safe :sshfp "vampire") (untrusted :addr vampire.untrusted :sshfp "vampire")) (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id)) (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez") (dmz :addr ibanez.dmz :sshfp "ibanez")) (radius :abbrev r - (unsafe :abbrev ru) (dmz :abbrev rd) + (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv) (safe :abbrev rs) (untrusted :abbrev rx)) (radius (unsafe :addr radius.unsafe :sshfp "radius") (dmz :addr radius.dmz :sshfp "radius") + (vpn :addr radius.vpn :sshfp "radius") (safe :addr radius.safe :sshfp "radius") (untrusted :addr radius.untrusted :sshfp "radius")) (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd)) diff --git a/hosts.lisp b/hosts.lisp index 45a05dd..d28b0e7 100644 --- a/hosts.lisp +++ b/hosts.lisp @@ -111,6 +111,10 @@ (defhost terror.vpn ((:ipv4 vpn 2))) (defhost orange.vpn ((:ipv4 vpn 3) (:ipv6 vpn "::3:1"))) (defhost haze.vpn ((:ipv4 vpn 4) (:ipv6 vpn "::4:1"))) +(defhost radius.vpn ((:ipv4 vpn 5) (:ipv6 vpn "::5:1"))) +(defhost precision.vpn ((:ipv4 vpn 6) (:ipv6 vpn "::6:1"))) +(defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1"))) +(defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1"))) ;; Iodine network. (defhost jazz.iodine (iodine 1)) -- 2.11.0