Airren Ren
Monday, January 1, 1
LXC
Set proxy
1sudo lxc config set core.proxy_https http://username:password@<IP>:<port>/
LXC
https://www.linode.com/docs/guides/beginners-guide-to-lxd-reverse-proxy/
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-lxd-on-ubuntu-20-04
SDEWAN - direct connect
Edge-1
1# PREROUTTING
2sudo iptables -I PREROUTING -d 10.10.70.49/32 -p tcp -m tcp --dport 6443 -j DNAT --to-destination 10.96.0.1:443 -t nat
Hub
1# PREROUTTING
2
3sudo iptables -I PREROUTING --destination 10.95.62.68/32 -p esp -j DNAT --to-destination 10.233.108.10 -t nat
4sudo iptables -I PREROUTING --destination 10.95.62.68/32 -p udp --dport 4500 -j DNAT --to-destination 10.233.108.10:4500 -t nat
5sudo iptables -I PREROUTING --destination 10.95.62.68/32 -p udp --dport 500 -j DNAT --to-destination 10.233.108.10:500 -t nat
6
7
8
9
10
11sudo iptables -I PREROUTING --destination 10.95.62.119/32 -p esp -j DNAT --to-destination 10.233.65.140 -t nat
12sudo iptables -I PREROUTING --destination 10.95.62.119/32 -p udp --dport 4500 -j DNAT --to-destination 10.233.65.140:4500 -t nat
13sudo iptables -I PREROUTING --destination 10.95.62.119/32 -p ud --dport 500 -j DNAT --to-destination 10.233.65.140:500 -t nat
14
15sudo iptables -I PREROUTING --destination 10.95.62.119/32 -p tcp --dport 4500 -j DNAT --to-destination 10.233.65.140:4500 -t nat
16sudo iptables -I PREROUTING --destination 10.95.62.119/32 -p tcp --dport 500 -j DNAT --to-destination 10.233.65.140:500 -t nat
17
18
19
20
21sudo iptables -D POSTROUTING -d 10.154.142.12/32 -j SNAT --to-source 10.154.142.7 -t nat
22
23sudo iptables -I POSTROUTING -d 192.168.0.8/32 -j SNAT --to-source 10.20.0.118 -t nat
24
25sudo iptables -I POSTROUTING -d 10.20.0.118/32 -j SNAT --to-source 192.169.0.4 -t nat
26
27
28192.169.0.4/32 === 10.20.0.118/32
remove mark of the client
1# modify config
- new nodus with sdewan -> test failed -> test host direct mode
- 4
1
2conn localtodevice1-Conndevice1
3 left=192.168.0.1
4 right=%any
5 leftsubnet=192.168.0.1/32
6 rightsourceip=192.168.0.5
7 rightsubnet=192.168.0.5/32
8 ikelifetime=3h
9 lifetime=1h
10 margintime=9m
11 keyingtries=%forever
12 dpdaction=restart
13 dpddelay=30s
14 leftauth=pubkey
15 rightauth=pubkey
16 leftcert=/etc/ipsec.d/certs/localtodevice1_public.pem
17 leftsendcert=yes
18 rightsendcert=yes
19 auto=start
20 leftid="CN=sdewan-controller-base"
21 rightid="CN=device-device-1-cert"
22 leftupdown=/etc/updown
23 keyexchange=ikev2
24 mark=30
25 esp=aes128-sha256-modp3072,aes256-sha256-modp3072
26 ike=aes128-sha256-modp3072,aes256-sha256-modp3072
27 type=tunnel
1conn localtodevice1-Conndevice1
2 left=%any
3 right=10.95.62.217
4 rightsubnet=192.168.0.1/32
5 # rightsubnet=10.233.108.12/32
6 leftsourceip=%config
7 ikelifetime=3h
8 lifetime=1h
9 margintime=9m
10 keyingtries=%forever
11 dpdaction=restart
12 dpddelay=30s
13 leftauth=pubkey
14 rightauth=pubkey
15 leftcert=/etc/ipsec.d/certs/localtodevice1_public.pem
16 leftsendcert=yes
17 rightsendcert=yes
18 auto=start
19 leftid="CN=device-device-1-cert"
20 rightid="CN=sdewan-controller-base"
21 leftupdown=/usr/lib/ipsec/_updown iptables
22 keyexchange=ikev2
23 esp=aes128-sha256-modp3072,aes256-sha256-modp3072
24 ike=aes128-sha256-modp3072,aes256-sha256-modp3072
25 type=tunnel