distorted.lisp, hosts.lisp: Assign VPN addresses to VPN hubs.

Now that we have trusted wireless networks, we want to be able to
allow hosts to use dynamically assigned addresses on those networks
and still claim their stable VPN addresses (e.g., for centralized
management).  For this to work, the internal endpoint of the VPN hub
has to be outside of the internal network range.

This is currently especially broken for radius, since it's the main
router in the house network.

diff --git a/distorted.lisp b/distorted.lisp
index fbb1f8ff65c7de0300b24d36b25807adf31718e8..a1ababa36a7edc733c80550f1c0bf23601d2ff28 100644 (file)
--- a/distorted.lisp
+++ b/distorted.lisp
@@ -191,9 +191,10 @@ (defzone distorted.org.uk
   (fender :abbrev f (colo :abbrev fc) (jump :abbrev fj))
   (fender (colo :addr fender.colo :sshfp "fender")
          (jump :addr fender.jump :sshfp "fender"))
-  (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj))
+  (precision :abbrev p (colo :abbrev pc) (jump :abbrev pj) (vpn :abbrev pv))
   (precision (colo :addr precision.colo :sshfp "precision")
-            (jump :addr precision.jump :sshfp "precision"))
+            (jump :addr precision.jump :sshfp "precision")
+            (vpn :addr precision.vpn :sshfp "precision"))
   (telecaster :alias tele :abbrev t
              (colo :alias tele.colo :abbrev tc)
              (jump :alias tele.jump :abbrev tj))
@@ -204,9 +205,10 @@ (defzone distorted.org.uk
                (jump :alias strat.jump :abbrev sj))
   (stratocaster (colo :addr stratocaster.colo :sshfp "stratocaster")
                (jump :addr stratocaster.jump :sshfp "stratocaster"))
-  (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj))
+  (jazz :abbrev z (colo :abbrev zc) (jump :abbrev zj) (vpn :abbrev :zv))
   (jazz (colo :addr jazz.colo :sshfp "jazz")
        (jump :addr jazz.jump :sshfp "jazz")
+       (vpn :addr jazz.vpn :sshfp "jazz")
        (iodine :addr jazz.iodine :sshfp "jazz"))
 
   ;; Media server (on loan to Good Technology HSTG).
@@ -236,20 +238,22 @@ (defzone distorted.org.uk
   (safe :net safe)
   (untrusted :net untrusted)
   (vampire :abbrev v
-          (unsafe :abbrev vu) (dmz :abbrev vd)
+          (unsafe :abbrev vu) (dmz :abbrev vd) (vpn :abbrev vv)
           (safe :abbrev vs) (untrusted :abbrev vx))
   (vampire (unsafe :addr vampire.unsafe :sshfp "vampire")
           (dmz :addr vampire.dmz :sshfp "vampire")
+          (vpn :addr vampire.vpn :sshfp "vampire")
           (safe :addr vampire.safe :sshfp "vampire")
           (untrusted :addr vampire.untrusted :sshfp "vampire"))
   (ibanez :abbrev i (unsafe :abbrev iu) (dmz :abbrev id))
   (ibanez (unsafe :addr ibanez.unsafe :sshfp "ibanez")
          (dmz :addr ibanez.dmz :sshfp "ibanez"))
   (radius :abbrev r
-         (unsafe :abbrev ru) (dmz :abbrev rd)
+         (unsafe :abbrev ru) (dmz :abbrev rd) (vpn :abbrev rv)
          (safe :abbrev rs) (untrusted :abbrev rx))
   (radius (unsafe :addr radius.unsafe :sshfp "radius")
          (dmz :addr radius.dmz :sshfp "radius")
+         (vpn :addr radius.vpn :sshfp "radius")
          (safe :addr radius.safe :sshfp "radius")
          (untrusted :addr radius.untrusted :sshfp "radius"))
   (roadstar :abbrev rg (unsafe :abbrev rgu) (dmz :abbrev rgd))

diff --git a/hosts.lisp b/hosts.lisp
index 45a05ddc350044d4f3b3756d5cb38c58f45d465b..d28b0e7cfc480a4a1f36b27965e2f23349b6e274 100644 (file)
--- a/hosts.lisp
+++ b/hosts.lisp
@@ -111,6 +111,10 @@ (defhost crybaby.vpn ((:ipv4 vpn 1) (:ipv6 vpn "::1:1")))
 (defhost terror.vpn ((:ipv4 vpn 2)))
 (defhost orange.vpn ((:ipv4 vpn 3) (:ipv6 vpn "::3:1")))
 (defhost haze.vpn ((:ipv4 vpn 4) (:ipv6 vpn "::4:1")))
+(defhost radius.vpn ((:ipv4 vpn 5) (:ipv6 vpn "::5:1")))
+(defhost precision.vpn ((:ipv4 vpn 6) (:ipv6 vpn "::6:1")))
+(defhost jazz.vpn ((:ipv4 vpn 7) (:ipv6 vpn "::7:1")))
+(defhost vampire.vpn ((:ipv4 vpn 8) (:ipv6 vpn "::8:1")))
 
 ;; Iodine network.
 (defhost jazz.iodine (iodine 1))