I hereby claim:
- I am timodjatomika on github.
- I am timo_dwins (https://keybase.io/timo_dwins) on keybase.
- I have a public key ASDtfaDH6-wP3gekhCTF_GwvjXaW7YI2LPihGZfK2Xnl9Qo
To claim this, I am signing this object:
# ipsec.conf - strongSwan IPsec configuration file | |
# basic configuration | |
# hier stellt man nur das Logformat ein | |
# es wird in die Datei /var/log/syslog geschrieben | |
config setup | |
charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4" | |
# diese Parameter gelten fuer alle "conn" |
root@strongswan:~# ls -lah /etc/ipsec.d/ | |
total 44K | |
drwxr-xr-x 11 root root 4.0K Dec 26 19:48 . | |
drwxr-xr-x 93 root root 4.0K Dec 26 19:48 .. | |
drwxr-xr-x 2 root root 4.0K Apr 5 2016 aacerts | |
drwxr-xr-x 2 root root 4.0K Apr 5 2016 acerts | |
drwxr-xr-x 2 root root 4.0K Apr 5 2016 cacerts | |
drwxr-xr-x 2 root root 4.0K Apr 5 2016 certs | |
drwxr-xr-x 2 root root 4.0K Apr 5 2016 crls | |
drwxr-xr-x 2 root root 4.0K Apr 5 2016 ocspcerts |
root@strongswan:~# ls -lah /etc/letsencrypt/live/vpn.brainoftimo.com/ | |
total 8.0K | |
drwxr-xr-x 2 root root 4.0K Dec 26 20:13 . | |
drwx------ 3 root root 4.0K Dec 26 20:13 .. | |
lrwxrwxrwx 1 root root 43 Dec 26 20:13 cert.pem -> ../../archive/vpn.brainoftimo.com/cert1.pem | |
lrwxrwxrwx 1 root root 44 Dec 26 20:13 chain.pem -> ../../archive/vpn.brainoftimo.com/chain1.pem | |
lrwxrwxrwx 1 root root 48 Dec 26 20:13 fullchain.pem -> ../../archive/vpn.brainoftimo.com/fullchain1.pem | |
lrwxrwxrwx 1 root root 46 Dec 26 20:13 privkey.pem -> ../../archive/vpn.brainoftimo.com/privkey1.pem |
root@strongswan:~# ipsec statusall | |
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-57-generic, x86_64): | |
uptime: 3 minutes, since Dec 26 20:47:26 2016 | |
malloc: sbrk 1642496, mmap 0, used 561136, free 1081360 | |
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0 | |
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp lookip error-notify certexpire led addrblock unity | |
Virtual IP pools (size/online/offline): | |
10.30.30.0/24: 254/0/0 | |
Listening IP addresses: | |
207.154.207.69 |
root@strongswan:~# dig A vpn.brainoftimo.com | |
; <<>> DiG 9.10.3-P4-Ubuntu <<>> A vpn.brainoftimo.com | |
;; global options: +cmd | |
;; Got answer: | |
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23467 | |
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | |
;; OPT PSEUDOSECTION: | |
; EDNS: version: 0, flags:; udp: 512 |
I hereby claim:
To claim this, I am signing this object:
backend "file" { | |
path = "/vault/filestorage" | |
} | |
listener "tcp" { | |
address = "0.0.0.0:8200" | |
tls_disable = "true" | |
} |
backend "consul" { | |
address = "127.0.0.1:8500" | |
token = "398073a8-5091-4d9c-871a-bbbeb030d1f6" | |
path = "vault/" | |
} | |
listener "tcp" { | |
address = "0.0.0.0:8200" | |
tls_disable = "true" | |
} |
#!/bin/bash | |
# author: Timo Stankowitz <timo.stankowitz@inf.h-brs.de> | |
# create date: 2017-11-04 | |
# last change: 2018-12-12 | |
# version 5 | |
# this script creates 3 servers in 3 different AZ's in EU-Central (aka. Frankfurt) | |
# make sure you have the following variables set in your .bashrc or declare it in this script | |
# - AWS_ACCESS_KEY_ID |
path "secret/hbrs/*" { | |
policy = "read" | |
} |