# IPMI ## Architecture basique ``` +--------+ | client | +--------+ tun | | tun +---------------+ | rebond-public | +---------------+ eth1 | | +------+ | IPMI | +------+ ``` * 172.16.0.0/24 / VLAN34 : Range des IPMI (.254 pour rebond-public eth1) * 172.16.2.0/23 : Range d’interco des tunnels (un /31 par client) ## Procédure de création de tunnel ### sur constance - éditer `/var/db/nsd/0.16.172.in-addr.arpa.zone` - éditer `/var/db/nsd/2.16.172.in-addr.arpa.zone` (ou `3.16.172.in-addr.arpa.zone` si le premier /24 est plein) - redémarrer nsd, quitter constance - enregistrer les IPs dans l’IPAM ### sur rebond-public.grifon.fr #### Cas générique ```bash cd /etc/init.d/ ln -s openvpn openvpn.${machin} cd /etc/openvpn openvpn --genkey --secret ${machin}.key vim ${machin}.conf lport 11${IPv4} # Dernier octet de l’IPv4 proto udp6 dev tun secret ${machin}.key daemon ovpn-${machin} ifconfig 172.16.2.${1ereIP} 172.16.2.{2ndIP} rc-service openvpn.${machin} start rc-update add openvpn.${machin} default iptables -A FORWARD -s ${IPMI}/32 -d ${xco}/31 -j ACCEPT -m comment --comment "${machin} ${machine}" iptables -A FORWARD -s ${xco}/31 -d ${IPMI}/32 -j ACCEPT -m comment --comment "${machin} ${machine}" rc-service iptables save ``` #### Exemple alarig ```bash cd /etc/init.d/ ln -s openvpn openvpn.alarig cd /etc/openvpn/ vim alarig.conf # lport 1127 # cf. IPv4 `host regis.swordarmor.fr` # proto udp6 # dev tun # secret alarig.key # daemon ovpn-alarig # # ifconfig 172.16.2.4 172.16.2.5 rc-service openvpn.alarig start rc-update add openvpn.alarig default iptables -A FORWARD -s 172.16.0.4 -d 172.16.2.4/31 -j ACCEPT -m comment --comment "alarig regis" iptables -A FORWARD -s 172.16.2.4/31 -d 172.16.0.4 -j ACCEPT -m comment --comment "alarig regis" rc-service iptables save ``` ## Configuration client ### Générique ``` remote rebond-public.grifon.fr ${port} dev tun secret ${machin}.key daemon ovpn-grifon-ipmi ifconfig 172.16.2.${2ndIP} 172.16.2.${1ereIP} route 172.16.0.0 255.255.255.0 ``` ### Exemple alarig ``` remote rebond-public.grifon.fr 1127 dev tun secret alarig.key daemon ovpn-grifon-ipmi ifconfig 172.16.2.5 172.16.2.4 route 172.16.0.0 255.255.255.0 ```