From 49ea117c038f34eff237081a5e43d2d5914a5c1e Mon Sep 17 00:00:00 2001 From: Varac Date: Tue, 18 Jul 2017 21:04:29 +0200 Subject: Add openvpn service to ibex, new cert --- hiera/ibex.yaml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 111 insertions(+), 10 deletions(-) (limited to 'hiera') diff --git a/hiera/ibex.yaml b/hiera/ibex.yaml index a8e99d9..62ec2e6 100644 --- a/hiera/ibex.yaml +++ b/hiera/ibex.yaml @@ -47,6 +47,41 @@ couchdb_port: 5984 definition_files: eip_service: |- { + "gateways": [ + { + "capabilities": { + "adblock": false, + "filter_dns": true, + "limited": false, + "ports": [ + "1194", + "443", + "53", + "80" + ], + "protocols": [ + "tcp", + "udp" + ], + "transport": [ + "openvpn" + ], + "user_ips": false + }, + "host": "ibex.ci.leap.se", + "ip_address": "37.218.247.97" + } + ], + "locations": { + + }, + "openvpn_configuration": { + "auth": "SHA1", + "cipher": "AES-128-CBC", + "keepalive": "10 30", + "tls-cipher": "DHE-RSA-AES128-SHA", + "tun-ipv6": true + }, "serial": 1, "version": 1 } @@ -85,7 +120,8 @@ definition_files: } }, "services": [ - "mx" + "mx", + "openvpn" ] } smtp_service: | @@ -157,6 +193,15 @@ firewall: port: 22 to: "37.218.247.96" stunnel: [] + vpn: + from: "*" + port: + - "1194" + - 28171 + - "443" + - "53" + - "80" + to: "37.218.247.97" webapp: from: "*" port: @@ -204,10 +249,12 @@ nagios: domain_internal_suffix: ci.leap.i environment: latest ip_address: "37.218.247.96" + openvpn_gateway_address: "37.218.247.97" services: - couchdb - monitor - mx + - openvpn - soledad - webapp ssh_port: 22 @@ -221,6 +268,38 @@ nickserver: couchdb_port: 5984 domain: nicknym.ci.leap.se port: 6425 +obfsproxy: + gateway_address: "37.218.247.97" + scramblesuit: + password: II4TKOKIONCUKS3HO5RFUZLCK5TXA6KY + port: 28171 +openvpn: + adblock: false + allow_free: false + allow_limited: false + allow_unlimited: true + configuration: + auth: SHA1 + cipher: AES-128-CBC + fragment: 1500 + keepalive: "10 30" + tls-cipher: DHE-RSA-AES128-SHA + tun-ipv6: true + filter_dns: true + gateway_address: "37.218.247.97" + limited_prefix: LIMITED + ports: + - "1194" + - "443" + - "53" + - "80" + protocols: + - tcp + - udp + rate_limit: ~ + second_gateway_address: ~ + unlimited_prefix: UNLIMITED + user_ips: false platform: major_version: "0.10" version: "0.10" @@ -231,6 +310,7 @@ services: - couchdb - monitor - mx + - openvpn - soledad - webapp soledad: @@ -447,6 +527,7 @@ webapp: description: "Please donate." name: free services: + - eip - email x509: ca_cert: | @@ -606,10 +687,10 @@ x509: commercial_ca_cert: ~ commercial_cert: | -----BEGIN CERTIFICATE----- - MIIF9zCCBN+gAwIBAgISA9kCtjuFf164UcjdnBD/7f3hMA0GCSqGSIb3DQEBCwUA + MIIF9zCCBN+gAwIBAgISBCc2irfLZrl3QD8ru600RkbVMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD - ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA2MDgyMjAxMDBaFw0x - NzA5MDYyMjAxMDBaMBUxEzARBgNVBAMTCmNpLmxlYXAuc2UwggIiMA0GCSqGSIb3 + ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA3MTgxODAyMDBaFw0x + NzEwMTYxODAyMDBaMBUxEzARBgNVBAMTCmNpLmxlYXAuc2UwggIiMA0GCSqGSIb3 DQEBAQUAA4ICDwAwggIKAoICAQC9JM0dQyuX1nno1y3vb45R/U0e/dsFduslfADd UQ9eIKasp2itVRG/iikSvYxUbFBtbzUqHboZQEY3bm7dQbJgfbv9kBKWwNuEyWar gcjGhXJsBx8LhEsdutY19kPsWevM4ZPy3m1XY2QZHoBCgOAMVOSaZf+1qbvQpa8P @@ -632,12 +713,12 @@ x509: IENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcg UGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmlj YXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBv - c2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAhCEZf9INAvZykNd0lL/SEg3UcAFn - WThCr2QKoQSYaNrfi8F46OqRKvoVCddShztrC4NveRD/4xGKdPpF1X2XG5h9fQSs - +mJ/gNjIiH3YJAgaOadcarC0RVVrC3zDwCZhWSTOWv3nX5QZJTGtrVKaK43IV9o5 - yscq6gCe0VwnpClf/fiGEtYLCVFxyKNBPchX84XRIaFA6mSMWHriOwYFbUOEdWwD - cTAsDmDKdZZh+FonWxCO9xBqnyY4OdgqvhFXHLN+esQB3bkxtEZdg9c1kpmdhBZn - 26xPcorJh6tyo0qhoMi6y8q4SU9dikQqNCEQQiQcxsCV+yMrZKytWW5ZgA== + c2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAPoVIo2EmLDl7O10uWgT5+EKo9XTE + ja2hX2tWVIvRJE0Nekq0/ULYbYO/PiqsSIAuPaHxdlLB/8H0yn//lt1HhX5sosCS + SPGienuqJgddlA/ck3boMzse/7UZZDkPYUA52kvQxGUF6hAPtndssUXQDe7SW6l4 + 6c61hBtWQFKkylOA7xtNXSXPdEQanqIA7BDgn7rdns3CEpotUqeTcTCBKUct7rpo + h0NlaXeK0ufQWkR47V01sJxZtKOf+chZ63Mc9apuBhMOUXrIi3rdwNgL5PW65cqB + g32b0CiXAaPxiABU/mBj/kedm9pGUr+/fy0gb/Fv5pKas1h6NK9OnTtrUw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ @@ -718,6 +799,26 @@ x509: +6TpJJd8JETQb6yItIBs5/MfSGIKoydj21UY8+jh0/vwd0xBjfdzP+wj+n6yd9jn Jqieey5xCNZkz92PfirrbBmokf4eTfbh74tuS0emN9WqK4g6zoJDo8PO6Jk= -----END RSA PRIVATE KEY----- + dh: | + -----BEGIN DH PARAMETERS----- + MIIDDQKCAYEAhIcg0xhUusSNbrAdDVJU+YZ/O83CLcCf38lJdG8rrqzRacjGzxKM + 1godXXDqJIv3EVeDtYqITkZN6gOMC4DQratPyLPuXxllj820SesEiWgNdl8/lyp4 + Jh8bB8zd68yY4Sl2dUka5OVibdZnsbgoKleImVwwaeAvZSECYlhV6HKQNyK+bMja + EJeR88xaJsLelNixO+NMLqvIoTj24qOc3A5np2YOfsHtmFb1scBP5Jh/t5hOz+/V + MAy0fRzW81ZFgrV/JMBBM/YweOtRifks2jay3dGpa7tWpAGo78BIPQWg0F4ajhI0 + 4+wwBpymJR/paiIvh5VEx+dEdVzD39rWWfuplZyHLtJgwx49lkQGXJjHHeTXvwji + uvIS5kcEKhQioud+alYY+lJcCEmHUuDBikPSyPmJVNeDd9cRvjuD2MQv/L+iZ8IN + yPcB+TTgqZaDWOWIe6sqyG7vGg+P5rtswRZPA/7YSrdOt2hKqmErGPKHL41bQUu4 + v/CTD/xf5pWfAoIBgDYUElLXOy90o+SyYC9e0ZnHFWcej1Wqy3FdT3dm509/FNf2 + jQB/XOVu865FenX5GiDSJAFw4wu41Ibx4aHIA7gfBXVyswvLj7R4cDBxQxIUG9tf + 8qL53Gr8e+vTGgl/cUVY7FcSDxzekPdlo1qBkVFSBtgLOlctfbLv0ZKnMwbZp/QZ + f8cIc3UA/2fBmoC6yDNSjPD41mxZtJAbZmYdQnntOV30PRv2cxrUpSVPOyUFtdS2 + wa1wIVFQPHca/Gucw5z6VFxTmmp3Je9oUgAFfIKMaRnRdDENNwX9GkzYTEoH5HsH + AvUtpItBDEy+4ZSTOYX/YRI//3ZCkbRAlEjxfBGM6Jxsm2rRAUT68sL0Mt++nAFu + 70dlbHIRRYRsHpXJ58vrEyzyeeaHzcWVMjYPekIGPx6pU0Eqg8raQj0LV836AWZ4 + bVSahHkSKkhg95DQzV9eymfx/wW6LXZvZx2fAdmPxhRIOzW5pUtqpLdg770EFUMk + FoGN5pOkPzDkzERtDwICAQA= + -----END DH PARAMETERS----- key: | -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEArwsEh0vom2fDDhPqs8XZExo/mgWqzsuMQjGWdCwiyhe3pPlB -- cgit v1.2.3