| Commit message (Collapse) | Author | Age | Files | |
|---|---|---|---|---|
| * | Prohibit binding against the IP reserved for IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | | | Packets originating from our (non-routable) $ipsec are marked; there is no xfrm lookup (i.e., no matching IPSec association), the packet will retain its mark and be null routed later on, thanks to ip rule add fwmark "$secmark" table 666 priority 666 ip route add blackhole default table 666 | |||
| * | Use a dedicated, non-routable, IPv4 for IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | | At the each IPSec end-point the traffic is DNAT'ed to / MASQUERADE'd from our dedicated IP after ESP decapsulation. Also, some IP tables ensure that alien (not coming from / going to the tunnel end-point) is dropped. | |||
| * | Configure IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
 |
index : fripost-ansible | |
| Fripost ansible scripts |
| summaryrefslogtreecommitdiffstats |