Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Use a dedicated, non-routable, IPv4 for IPSec. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | | | At the each IPSec end-point the traffic is DNAT'ed to / MASQUERADE'd from our dedicated IP after ESP decapsulation. Also, some IP tables ensure that alien (not coming from / going to the tunnel end-point) is dropped. | |||
* | Add a 'check' switch to the firewall. | Guilhem Moulin | 2015-06-07 | 1 |
| | | | | | update-firewall.sh -c does not update the firewall, but returns a non-zero value iff. running it without the switch would modify it. | |||
* | Basic ansible setup. | Guilhem Moulin | 2015-06-07 | 1 |
To run the playbook: cd ./ansible ansible-playbook -i vms site.yml |