IPMI
Architecture basique
+--------+
| client |
+--------+
tun
|
|
tun
+---------------+
| rebond-public |
+---------------+
eth1
|
|
+------+
| IPMI |
+------+
Procédure de création de tunnel
sur constance
éditer /var/db/nsd/0.16.172.in-addr.arpa.zone
éditer /var/db/nsd/2.16.172.in-addr.arpa.zone
(ou 3.16.172.in-addr.arpa.zone
si le premier /24 est plein)
redémarrer nsd, quitter constance
enregistrer les IPs dans l’IPAM
sur rebond-public.grifon.fr
Cas générique
- snippet.bash
cd /etc/init.d/
ln -s openvpn openvpn.${machin}
cd /etc/openvpn
openvpn --genkey --secret ${machin}.key
vim ${machin}.conf
lport 11${IPv4} # Dernier octet de l’IPv4
proto udp6
dev tun
secret ${machin}.key
daemon ovpn-${machin}
ifconfig 172.16.2.${1ereIP} 172.16.2.{2ndIP}
rc-service openvpn.${machin} start
rc-update add openvpn.${machin} default
iptables -A FORWARD -s ${IPMI}/32 -d ${xco}/31 -j ACCEPT -m comment --comment "${machin} ${machine}"
iptables -A FORWARD -s ${xco}/31 -d ${IPMI}/32 -j ACCEPT -m comment --comment "${machin} ${machine}"
rc-service iptables save
Exemple alarig
- snippet.bash
cd /etc/init.d/
ln -s openvpn openvpn.alarig
cd /etc/openvpn/
vim alarig.conf
# lport 1127 # cf. IPv4 `host regis.swordarmor.fr`
# proto udp6
# dev tun
# secret alarig.key
# daemon ovpn-alarig
#
# ifconfig 172.16.2.4 172.16.2.5
rc-service openvpn.alarig start
rc-update add openvpn.alarig default
iptables -A FORWARD -s 172.16.0.4 -d 172.16.2.4/31 -j ACCEPT -m comment --comment "alarig regis"
iptables -A FORWARD -s 172.16.2.4/31 -d 172.16.0.4 -j ACCEPT -m comment --comment "alarig regis"
rc-service iptables save
Configuration client
Générique
remote rebond-public.grifon.fr ${port}
dev tun
secret ${machin}.key
daemon ovpn-grifon-ipmi
ifconfig 172.16.2.${2ndIP} 172.16.2.${1ereIP}
route 172.16.0.0 255.255.255.0
Exemple alarig
remote rebond-public.grifon.fr 1127
dev tun
secret alarig.key
daemon ovpn-grifon-ipmi
ifconfig 172.16.2.5 172.16.2.4
route 172.16.0.0 255.255.255.0