m4ce

[edit security]
 ike {
     policy ike-dyn-vpn-policy {
         mode aggressive;
         proposal-set standard;
         pre-shared-key ascii-text "<key>"; ## SECRET-DATA
     }
     gateway dyn-vpn-local-gw {
         ike-policy ike-dyn-vpn-policy;
         dynamic {

m4ce

 redistribute connected metric 1 route-map filter_connected_routes
 redistribute static metric 1
 redistribute kernel metric 1

 route-map filter_connected_routes permit 10
   match ip address filter_connected_routes

 access-list filter_connected_routes deny <network>
 access-list filter_connected_routes permit any

m4ce

# Rules for transparent proxying
iptables -N NO_PROXY -t nat
iptables -A NO_PROXY -t nat -d 0.0.0.0/8 -j ACCEPT
iptables -A NO_PROXY -t nat -d 10.0.0.0/8 -j ACCEPT
iptables -A NO_PROXY -t nat -d 127.0.0.0/8 -j ACCEPT
iptables -A NO_PROXY -t nat -d 169.254.0.0/16 -j ACCEPT
iptables -A NO_PROXY -t nat -d 172.16.0.0/12 -j ACCEPT
iptables -A NO_PROXY -t nat -d 192.168.0.0/16 -j ACCEPT
iptables -A NO_PROXY -t nat -d 224.0.0.0/4 -j ACCEPT
iptables -A NO_PROXY -t nat -d 240.0.0.0/4 -j ACCEPT

m4ce

server_host = <ipa_host>
server_port = 389
bind = no
search_base = cn=users,cn=accounts,dc=example,dc=org
query_filter = (&(objectClass=person)(uid=%u))
result_attribute = mail
result_format = %s
start_tls = yes
version = 3
tls_key = <key>

m4ce

frontend example
  bind 0.0.0.0:80
  bind 0.0.0.0:443 ssl crt <pem>
  mode http
  option httplog

  acl is_test hdr(host) -i test.example.org

  use_backend test if is_test
  default_backend welcome

m4ce

$ pulp-admin auth user create --login registrator --password=secret --name "Used for unattended registrations"
$ pulp-admin auth permission grant --login registrator --resource /v2/consumers/ -o CREATE -o READ
$ pulp-consumer -u registrator -p secret register --consumer-id `hostname -f`

m4ce

formatted_inventory do
  page_length 50
  page_heading <<TOP

Hostname:                 Serial:                 Hardware:                                                   Distribution:
------------------------------------------------------------------------------------------------------------------------------
TOP

  page_body <<BODY
@<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<< @<<<

m4ce

Keybase proof

I hereby claim:

• I am m4ce on github.
• I am m4ce (https://keybase.io/m4ce) on keybase.
• I have a public key whose fingerprint is 168E FD43 E44A 13D0 3BDE 59FA 148D 5C94 66C3 CF73

To claim this, I am signing this object:

m4ce

conn site1
    left=%defaultroute
    leftid=@site1
    leftrsasigkey=/etc/ipsec.d/certs/site1.pem
    right=<SITE2_IP>
    rightid=@site2
    rightrsasigkey="dns:<Base64 RFC 3110 RSA key from site2>"
    authby=rsasig
    auto=add
    type=tunnel

m4ce

on box1:
  cat < /dev/tcp/<IP>/<PORT> > file

on box2:
  nc -v -l <PORT> < file