[eduVPN-deploy] eduVPN v3 questions: multiple profile setup, Shibboleth impact on access to node-api.php, NAT using node IP

Louis Twomey louis.twomey at heanet.ie
Wed Sep 21 16:37:24 CEST 2022 

Hi François,
Apologies, I forgot to respond to this part of your earlier mail:

> Yes, this should be added to the SHIBBOLETH_SP.md documentation file:
> 
>    https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md#apache
> 
> I just did that, does this matches with what you did?

Yes, I added a section like that. The only difference is that I added “Require ip xxx” for the IP addresses of the nodes, I didn’t test “Require all granted”.

Regards,
Louis
-------
Louis Twomey
Technical Architect
PGP key: C77D9256
HEAnet CLG, Ireland’s National Education and Research Network
1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
+353 (0)1 6609040   louis.twomey at heanet.ie  www.heanet.ie
Registered in Ireland, No. 275301.  CRA No. 20036270







> On 20 Sep 2022, at 13:34, Louis Twomey <louis.twomey at heanet.ie> wrote:
> 
> Hi François,
> Thanks a lot for the info, and for resolving the issue so quickly. Fantastic work!
> 
> Regards,
> Louis
> -------
> Louis Twomey
> Technical Architect
> PGP key: C77D9256
> HEAnet CLG, Ireland’s National Education and Research Network
> 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
> +353 (0)1 6609040   louis.twomey at heanet.ie  www.heanet.ie
> Registered in Ireland, No. 275301.  CRA No. 20036270
> 
> 
> 
> 
> 
> 
> 
>> On 20 Sep 2022, at 13:24, François Kooman <fkooman at deic.dk> wrote:
>> 
>> CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
>> 
>> 
>> Hi Louis,
>> 
>> Version 3.0.6 has been released:
>> 
>> https://list.surfnet.nl/pipermail/eduvpn-deploy/2022-September/000464.html
>> 
>> Regards,
>> François
>> 
>> On 19.09.22 11:55, François Kooman wrote:
>>> On 14.09.22 16:16, François Kooman via eduVPN-deploy wrote:
>>>> Made a little progress there, see issue. So I think we should soon
>>>> have something that will work for deploying profiles only on some nodes.
>>>> 
>>>> It is not perfect, we'll need to keep existing deployments work,
>>>> otherwise I could have reworked it a bit more clever, but alas we'll
>>>> have to deal with it somehow.
>>> 
>>> The solution now chosen is that _per profile_ you can specify which
>>> node(s), by its "nodeNumber"(s) it is deployed using the 'onNode'
>>> configuration option, e.g.:
>>> 
>>>    'ProfileList' => [
>>>        [
>>>            'onNode' => [2,3],
>>>            'profileId' => 'default',
>>>            'displayName' => 'Default',
>>>            'hostName' => 'vpn.example',
>>>            'dnsServerList' => ['9.9.9.9', '2620:fe::fe'],
>>>            'wRangeFour' => '10.43.43.0/24',
>>>            'wRangeSix' => 'fd43::/64',
>>>            'oRangeFour' => '10.42.42.0/24',
>>>            'oRangeSix' => 'fd42::/64',
>>>        ],
>>>    ],
>>> 
>>> Performing some last minute testing and will push it to v3 branch
>>> shortly and then hopefully later this week a 3.0.6 release.
>>> 
>>> Regards,
>>> François
>

More information about the eduVPN-deploy mailing list