Intl domain configuration #41

Merged
sb10q merged 1 commits from 134-intl-configuration into master 2024-10-21 15:48:17 +08:00
Owner

Currently WIP, needs testing.
Already working.

~~Currently WIP, needs testing.~~ Already working.
esavkin added 4 commits 2024-08-14 11:21:57 +08:00
Signed-off-by: Egor Savkin <es@m-labs.hk>
Signed-off-by: Egor Savkin <es@m-labs.hk>
Signed-off-by: Egor Savkin <es@m-labs.hk>
Signed-off-by: Egor Savkin <es@m-labs.hk>
esavkin force-pushed 134-intl-configuration from 2ec85bfa16 to 4bbf162a87 2024-08-15 13:09:21 +08:00 Compare
esavkin added 1 commit 2024-08-16 17:50:16 +08:00
Signed-off-by: Egor Savkin <es@m-labs.hk>
esavkin force-pushed 134-intl-configuration from df24c92e54 to eb7a22729a 2024-08-19 17:23:45 +08:00 Compare
esavkin force-pushed 134-intl-configuration from eb7a22729a to 7ecabeaadc 2024-08-22 11:50:53 +08:00 Compare
esavkin force-pushed 134-intl-configuration from 7ecabeaadc to dda6a06454 2024-10-18 17:37:08 +08:00 Compare
esavkin force-pushed 134-intl-configuration from dda6a06454 to 683a565a1d 2024-10-18 17:40:15 +08:00 Compare
esavkin changed title from WIP: Intl domain configuration to Intl domain configuration 2024-10-18 17:41:57 +08:00
sb10q reviewed 2024-10-18 17:47:49 +08:00
@ -0,0 +6,4 @@
encap = no
mobike = no
send_certreq = no
proposals = aes128gcm128-sha256-prfsha256-curve25519,aes128gcm128-sha256-prfsha256-ecp256
Owner

That many?

That many?
Author
Owner

Legacy from https://git.m-labs.hk/M-Labs/it-infra/src/branch/master/remote-ipsec.txt .
I'm not fan of tweaking swanctl files

Legacy from https://git.m-labs.hk/M-Labs/it-infra/src/branch/master/remote-ipsec.txt . I'm not fan of tweaking swanctl files
sb10q reviewed 2024-10-18 17:51:56 +08:00
@ -0,0 +91,4 @@
ufw allow 587/tcp
ufw limit 500,4500/udp
ufw route allow in on gre1 out on eth0
Owner

This is already done in gretun.sh

Do we really need ufw at all anyway? Only ports open on VPS should be 22/80/443 anyway. What problem is ufw supposed to solve?

This is already done in gretun.sh Do we really need ufw at all anyway? Only ports open on VPS should be 22/80/443 anyway. What problem is ufw supposed to solve?
Author
Owner

UFW is persistent and just has simpler UX (it uses iptables anyway) -> less chances to misconfigure something and easier to read

UFW is persistent and just has simpler UX (it uses iptables anyway) -> less chances to misconfigure something and easier to read
Owner

If it's persistent then it should not be in the gretun scripts?

The other question is not answered.

If it's persistent then it should not be in the gretun scripts? The other question is not answered.
esavkin marked this conversation as resolved
esavkin force-pushed 134-intl-configuration from 683a565a1d to c7c6e56a1e 2024-10-21 10:26:41 +08:00 Compare
sb10q merged commit d27ee750a2 into master 2024-10-21 15:48:17 +08:00
esavkin deleted branch 134-intl-configuration 2024-10-22 11:24:06 +08:00
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: M-Labs/it-infra#41
No description provided.