Add VPN service to monitor Fox machine #121

rarias · 2025-06-18T16:56:53+02:00

rarias commented

2025-06-18 16:56:53 +02:00

For now we keep it systemwide, but it would be nice to restrict it to a network namespace.

See it in action: https://jungle.bsc.es/grafana/d/ceoogwh0u9udce/tent?orgId=1&from=now-6h&to=now&timezone=browser&refresh=5s&viewPanel=panel-5

For now we keep it systemwide, but it would be nice to restrict it to a network namespace. Fix #118 See it in action: https://jungle.bsc.es/grafana/d/ceoogwh0u9udce/tent?orgId=1&from=now-6h&to=now&timezone=browser&refresh=5s&viewPanel=panel-5

rarias added 3 commits 2025-06-18 16:56:53 +02:00

Add ac.upc.edu as name search server f433051d37

Allows referring to fox.ac.upc.edu directly as fox.

Add OpenVPN service to connect to fox BMC d7cbef0c30

Monitor fox via VPN e95ffcd7d7

rarias requested review from arocanon 2025-06-18 16:56:59 +02:00

rarias requested review from abonerib 2025-06-18 16:56:59 +02:00

rarias commented

2025-06-20 13:32:25 +02:00

Hmm, something has caused the ICMP probes to break:

https://jungle.bsc.es/grafana/d/ceoogwh0u9udce/tent?orgId=1&from=now-24h&to=now&timezone=browser&refresh=5s

They must have been banned them via the VPN? We are passing the traffic via the route, maybe we can limit it to only include the BMC network instead of the whole subnet /16:

147.83.0.0/16 via 10.1.0.1 dev tun0

Hmm, something has caused the ICMP probes to break: https://jungle.bsc.es/grafana/d/ceoogwh0u9udce/tent?orgId=1&from=now-24h&to=now&timezone=browser&refresh=5s They must have been banned them via the VPN? We are passing the traffic via the route, maybe we can limit it to only include the BMC network instead of the whole subnet /16: ``` 147.83.0.0/16 via 10.1.0.1 dev tun0 ```

rarias added 1 commit 2025-06-20 14:52:30 +02:00

Restrict DAC VPN to fox-ipmi machine only f1c87ac19a

rarias commented

2025-06-20 14:54:03 +02:00

Solved, now we only have a route to reach fox BMC:

147.83.35.27 via 10.1.0.1 dev tun0

Solved, now we only have a route to reach fox BMC: ``` 147.83.35.27 via 10.1.0.1 dev tun0 ``` ![image](/attachments/cdd28dd3-fc46-4a16-9c48-d95e4eb69d90)

image.png

31 KiB

rarias added 1 commit 2025-06-20 16:11:17 +02:00

Monitor Fox BMC with ICMP probes too d27af9fc9f

rarias force-pushed fox-vpn from d27af9fc9f to d40e9197f4

2025-07-02 15:33:02 +02:00

Compare

abonerib reviewed 2025-07-02 15:39:43 +02:00

m/module/vpn-dac.nix Outdated

						
				@@ -0,0 +15,4 @@

				        resolv-retry infinite

				        nobind

				        ;user nobody

				        ;group nogroup

abonerib commented

2025-07-02 15:39:43 +02:00

Are the comments left here intentionally?

rarias commented

2025-07-02 15:44:02 +02:00

There were in the original file provided by UPC, but it is no longer recommended to use nobody, rather we should have a openvpn user. Currently runs as root for now, so I can remove those.

Opened #127 so I don't forget.

There were in the original file provided by UPC, but it is no longer recommended to use nobody, rather we should have a openvpn user. Currently runs as root for now, so I can remove those. Opened https://jungle.bsc.es/git/rarias/jungle/issues/127 so I don't forget.

👍 1

rarias commented

2025-07-02 15:48:04 +02:00

Removed.

rarias marked this conversation as resolved

rarias force-pushed fox-vpn from d40e9197f4 to b5f2ed0a16

2025-07-02 15:47:45 +02:00

Compare

abonerib approved these changes 2025-07-02 15:48:21 +02:00

rarias force-pushed fox-vpn from b5f2ed0a16 to b0875816f2

2025-07-02 15:51:38 +02:00

Compare

rarias manually merged commit b0875816f2 into master

2025-07-02 15:57:57 +02:00

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: rarias/jungle#121