dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

Move VPN server to dedicated VM

Browse Source 
The VPN capability of the UniFi Security Gateway is extremely limited.
It does not support road-warrior IPsec/IKEv2 configuration, and its
OpenVPN configuration is inflexible. As with DHCP, the best solution is
to simply move service to another machine.

To that end, I created a new VM, *vpn0.pyrocufflink.blue*, to host both
strongSwan and OpenVPN. For this to work, the necessary TCP/UDP ports
need to be forwarded, of course, and all of the remote subnets need
static routes on the gateway, specifying this machine as the next hop.
Additionally, ICMP redirects need to be disabled, to prevent confusing
the routing tables of devices on the same subnet as the VPN gateway.
This commit is contained in:
Dustin
2018-10-07 12:12:39 -05:00
parent 9f32f94780
commit a1ca06a3c5
9 changed files with 701 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/ssh-hostkeys/files/ssh_known_hosts
View File

@@ -61,3 +61,6 @@ proxy0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfsGYZVyo0LHLYiXt2
dns1.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDV3rIYg/SznHhgf3R3qG1QsctCe3GYmsOQdy/OlF4IN4xyWlnWeBWFmgw5kWpBizIwEUK0SeWXdkH1/QafWVKaEKkk81aHqfaB4hQvP4B4juBY8/V6hzGXkS2qJMUR/VNIvzrHAFkEipns7tzyxYh68CLH8IGcz45gyixs/cplSu/peEcyOVw0c36b2sLiDJ2lRDehFtkGl4GGz7xNCqcOpJmq+ZLd0i5yVSDuV3d5wXtiEVrxQTihgNSLkFh1GRMrVCEzN6nhU9e5P7J6kqEpC2GfZPUOqxP4BAphg++k5ATQewEyoFbajB9LJ5TDb5J+boPzXg6MVQVBPGFUo9Uz
dns1.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDunyBM7jgqippqTCwL5ro+wurEa8Pqyxq+LQs7Cmfg2
dns1.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNwJx42l0mSmiXmU9fHhNAVyOoHPV30gVbho5WWeJAZSf9Gd6K5BOSsvOCGRxsT5F2UG+5tpwKCNSPYD4GeD3mo=
vpn0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3DEkmC48at0dTJRbMYUx0RIHPBrL2HuQ4nAm/ldFRY862NbAEhSWEwSj1+6UhtNPYcr1MZssfeAL+8us9U7Z81sjyi9Yz69mXJ2RHsaNcc2LBLu0IRomfwswfnNq6GHr2pEUdJfV16GLGE/22IqfZoI+ifScCiR9D4VEB9xsRgOGG2IxCSpEVVMTNZlcxdSdp8nmMPBjYDKS8Zb4+WlfTxKLVCUsZTYzN8B4ZcDzdGPfgk30to521tKUizq1DMMIi9Bqu2ZTuW50h2FRMDYDGBJlKhUKftjo8ICVttkMoTNnQvCg1UCAB5VrZtuM3roUBj93NSIhpxCSSyMbZeUQn
vpn0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC9PwSL7e0y9a3yQcejWslorSiM5x31a0YFFnkb4Ie6pKhADmxfJSJPjQOVGRgXmzKxFY2Jdm2IXjSs+m06aHVo=
vpn0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJC4ZaE6b+bFTfm2hQ5h5AhWoqF0iiaefQA2syl9xCgx