network: Declare the new opnsense vpn network range (!367) · Merge requests · Platform / Infrastructure / Puppet / puppet-swh-site

Vincent Sellier requested to merge generated-differential-D5800-source into generated-differential-D5800-target May 28, 2021

rename the current vpn and gateway as legacy
allow the new vpn network range to query the dns
declare the new route to this range

Related to T1526

Test Plan

octocatalog-diff pergamon:

diff origin/production/pergamon.softwareheritage.org current/pergamon.softwareheritage.org
*******************************************
  Bind::View[private] =>
   parameters =>
     match_clients =>
      - ["192.168.50.0/24", "192.168.100.0/24", "192.168.101.0/24", "192.168.130.0/24", "192.168.200.0/21", "127.0.0.0/8", "::1/128"]
      + ["192.168.50.0/24", "192.168.100.0/24", "192.168.101.0/24", "192.168.102.0/23", "192.168.130.0/24", "192.168.200.0/21", "127.0.0.0/8", "::1/128"]
*******************************************
  Concat::Fragment[bind-view-private] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
       		192.168.100.0/24;
       		192.168.101.0/24;
      +		192.168.102.0/23;
       		192.168.130.0/24;
       		192.168.200.0/21;
*******************************************
  Concat::Fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
         netmask 255.255.255.0
         up ip route add 192.168.101.0/24 via 192.168.100.1
      +  up ip route add 192.168.102.0/23 via 192.168.100.130
         up ip route add 192.168.200.0/21 via 192.168.100.1
         up ip route add 192.168.128.0/24 via 192.168.100.125
      @@ -20,4 +21,5 @@
         down ip route del 192.168.128.0/24 via 192.168.100.125
         down ip route del 192.168.200.0/21 via 192.168.100.1
      +  down ip route del 192.168.102.0/23 via 192.168.100.130
         down ip route del 192.168.101.0/24 via 192.168.100.1
         down ip route flush cache
*******************************************
  Concat_fragment[bind-view-private] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
       		192.168.100.0/24;
       		192.168.101.0/24;
      +		192.168.102.0/23;
       		192.168.130.0/24;
       		192.168.200.0/21;
*******************************************
  Concat_fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
         netmask 255.255.255.0
         up ip route add 192.168.101.0/24 via 192.168.100.1
      +  up ip route add 192.168.102.0/23 via 192.168.100.130
         up ip route add 192.168.200.0/21 via 192.168.100.1
         up ip route add 192.168.128.0/24 via 192.168.100.125
      @@ -20,4 +21,5 @@
         down ip route del 192.168.128.0/24 via 192.168.100.125
         down ip route del 192.168.200.0/21 via 192.168.100.1
      +  down ip route del 192.168.102.0/23 via 192.168.100.130
         down ip route del 192.168.101.0/24 via 192.168.100.1
         down ip route flush cache
*******************************************
  Debnet::Iface[eth1] =>
   parameters =>
     downs =>
      - ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip rule del from 192.168.100.29 table private", "ip route del 192.168.50.0/24 via 192.168.100.130", "ip route del 192.168.130.0/24 via 192.168.100.130", "ip route del 192.168.128.0/24 via 192.168.100.125", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
      + ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip rule del from 192.168.100.29 table private", "ip route del 192.168.50.0/24 via 192.168.100.130", "ip route del 192.168.130.0/24 via 192.168.100.130", "ip route del 192.168.128.0/24 via 192.168.100.125", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.102.0/23 via 192.168.100.130", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
     ups =>
      - ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip route add 192.168.128.0/24 via 192.168.100.125", "ip route add 192.168.130.0/24 via 192.168.100.130", "ip route add 192.168.50.0/24 via 192.168.100.130", "ip rule add from 192.168.100.29 table private", "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
      + ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.102.0/23 via 192.168.100.130", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip route add 192.168.128.0/24 via 192.168.100.125", "ip route add 192.168.130.0/24 via 192.168.100.130", "ip route add 192.168.50.0/24 via 192.168.100.130", "ip rule add from 192.168.100.29 table private", "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
*******************************************
*** End octocatalog-diff on pergamon.softwareheritage.org

tate:

diff origin/production/tate.softwareheritage.org current/tate.softwareheritage.org
*******************************************
  Concat::Fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
         netmask 255.255.255.0
         up ip route add 192.168.101.0/24 via 192.168.100.1
      +  up ip route add 192.168.102.0/23 via 192.168.100.130
         up ip route add 192.168.200.0/21 via 192.168.100.1
         up ip rule add from 192.168.100.30 table private
      @@ -14,4 +15,5 @@
         down ip rule del from 192.168.100.30 table private
         down ip route del 192.168.200.0/21 via 192.168.100.1
      +  down ip route del 192.168.102.0/23 via 192.168.100.130
         down ip route del 192.168.101.0/24 via 192.168.100.1
         down ip route flush cache
*******************************************
  Concat_fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
         netmask 255.255.255.0
         up ip route add 192.168.101.0/24 via 192.168.100.1
      +  up ip route add 192.168.102.0/23 via 192.168.100.130
         up ip route add 192.168.200.0/21 via 192.168.100.1
         up ip rule add from 192.168.100.30 table private
      @@ -14,4 +15,5 @@
         down ip rule del from 192.168.100.30 table private
         down ip route del 192.168.200.0/21 via 192.168.100.1
      +  down ip route del 192.168.102.0/23 via 192.168.100.130
         down ip route del 192.168.101.0/24 via 192.168.100.1
         down ip route flush cache
*******************************************
  Debnet::Iface[eth1] =>
   parameters =>
     downs =>
      - ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.30 dev eth1 table private", "ip rule del from 192.168.100.30 table private", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
      + ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.30 dev eth1 table private", "ip rule del from 192.168.100.30 table private", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.102.0/23 via 192.168.100.130", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
     ups =>
      - ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip rule add from 192.168.100.30 table private", "ip route add 192.168.100.0/24 src 192.168.100.30 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
      + ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.102.0/23 via 192.168.100.130", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip rule add from 192.168.100.30 table private", "ip route add 192.168.100.0/24 src 192.168.100.30 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
*******************************************
*** End octocatalog-diff on tate.softwareheritage.org

moma:

diff origin/production/moma.softwareheritage.org current/moma.softwareheritage.org
*******************************************
  Concat::Fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
         netmask 255.255.255.0
         up ip route add 192.168.101.0/24 via 192.168.100.1
      +  up ip route add 192.168.102.0/23 via 192.168.100.130
         up ip route add 192.168.200.0/21 via 192.168.100.1
         up ip rule add from 192.168.100.31 table private
      @@ -14,4 +15,5 @@
         down ip rule del from 192.168.100.31 table private
         down ip route del 192.168.200.0/21 via 192.168.100.1
      +  down ip route del 192.168.102.0/23 via 192.168.100.130
         down ip route del 192.168.101.0/24 via 192.168.100.1
         down ip route flush cache
*******************************************
  Concat_fragment[eth1_stanza] =>
   parameters =>
     content =>
      @@ -5,4 +5,5 @@
         netmask 255.255.255.0
         up ip route add 192.168.101.0/24 via 192.168.100.1
      +  up ip route add 192.168.102.0/23 via 192.168.100.130
         up ip route add 192.168.200.0/21 via 192.168.100.1
         up ip rule add from 192.168.100.31 table private
      @@ -14,4 +15,5 @@
         down ip rule del from 192.168.100.31 table private
         down ip route del 192.168.200.0/21 via 192.168.100.1
      +  down ip route del 192.168.102.0/23 via 192.168.100.130
         down ip route del 192.168.101.0/24 via 192.168.100.1
         down ip route flush cache
*******************************************
  Debnet::Iface[eth1] =>
   parameters =>
     downs =>
      - ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.31 dev eth1 table private", "ip rule del from 192.168.100.31 table private", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
      + ["ip route del default via 192.168.100.1 dev eth1 table private", "ip route del 192.168.100.0/24 src 192.168.100.31 dev eth1 table private", "ip rule del from 192.168.100.31 table private", "ip route del 192.168.200.0/21 via 192.168.100.1", "ip route del 192.168.102.0/23 via 192.168.100.130", "ip route del 192.168.101.0/24 via 192.168.100.1", "ip route flush cache"]
     ups =>
      - ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip rule add from 192.168.100.31 table private", "ip route add 192.168.100.0/24 src 192.168.100.31 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
      + ["ip route add 192.168.101.0/24 via 192.168.100.1", "ip route add 192.168.102.0/23 via 192.168.100.130", "ip route add 192.168.200.0/21 via 192.168.100.1", "ip rule add from 192.168.100.31 table private", "ip route add 192.168.100.0/24 src 192.168.100.31 dev eth1 table private", "ip route add default via 192.168.100.1 dev eth1 table private", "ip route flush cache"]
*******************************************
*** End octocatalog-diff on moma.softwareheritage.org

Migrated from D5800 (view on Phabricator)

Silent mode is enabled

network: Declare the new opnsense vpn network range

Test Plan

Merge request reports