[eduVPN-deploy] eduVPN v3 questions: multiple profile setup, Shibboleth impact on access to node-api.php, NAT using node IP
Louis Twomey
louis.twomey at heanet.ie
Wed Sep 21 16:37:24 CEST 2022
Hi François,
Apologies, I forgot to respond to this part of your earlier mail:
> Yes, this should be added to the SHIBBOLETH_SP.md documentation file:
>
> https://github.com/eduvpn/documentation/blob/v3/SHIBBOLETH_SP.md#apache
>
> I just did that, does this matches with what you did?
Yes, I added a section like that. The only difference is that I added “Require ip xxx” for the IP addresses of the nodes, I didn’t test “Require all granted”.
Regards,
Louis
-------
Louis Twomey
Technical Architect
PGP key: C77D9256
HEAnet CLG, Ireland’s National Education and Research Network
1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
+353 (0)1 6609040 louis.twomey at heanet.ie www.heanet.ie
Registered in Ireland, No. 275301. CRA No. 20036270
> On 20 Sep 2022, at 13:34, Louis Twomey <louis.twomey at heanet.ie> wrote:
>
> Hi François,
> Thanks a lot for the info, and for resolving the issue so quickly. Fantastic work!
>
> Regards,
> Louis
> -------
> Louis Twomey
> Technical Architect
> PGP key: C77D9256
> HEAnet CLG, Ireland’s National Education and Research Network
> 1st Floor, 5 George’s Dock, IFSC, Dublin D01 X8N7, Ireland
> +353 (0)1 6609040 louis.twomey at heanet.ie www.heanet.ie
> Registered in Ireland, No. 275301. CRA No. 20036270
>
>
>
>
>
>
>
>> On 20 Sep 2022, at 13:24, François Kooman <fkooman at deic.dk> wrote:
>>
>> CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
>>
>>
>> Hi Louis,
>>
>> Version 3.0.6 has been released:
>>
>> https://list.surfnet.nl/pipermail/eduvpn-deploy/2022-September/000464.html
>>
>> Regards,
>> François
>>
>> On 19.09.22 11:55, François Kooman wrote:
>>> On 14.09.22 16:16, François Kooman via eduVPN-deploy wrote:
>>>> Made a little progress there, see issue. So I think we should soon
>>>> have something that will work for deploying profiles only on some nodes.
>>>>
>>>> It is not perfect, we'll need to keep existing deployments work,
>>>> otherwise I could have reworked it a bit more clever, but alas we'll
>>>> have to deal with it somehow.
>>>
>>> The solution now chosen is that _per profile_ you can specify which
>>> node(s), by its "nodeNumber"(s) it is deployed using the 'onNode'
>>> configuration option, e.g.:
>>>
>>> 'ProfileList' => [
>>> [
>>> 'onNode' => [2,3],
>>> 'profileId' => 'default',
>>> 'displayName' => 'Default',
>>> 'hostName' => 'vpn.example',
>>> 'dnsServerList' => ['9.9.9.9', '2620:fe::fe'],
>>> 'wRangeFour' => '10.43.43.0/24',
>>> 'wRangeSix' => 'fd43::/64',
>>> 'oRangeFour' => '10.42.42.0/24',
>>> 'oRangeSix' => 'fd42::/64',
>>> ],
>>> ],
>>>
>>> Performing some last minute testing and will push it to v3 branch
>>> shortly and then hopefully later this week a 3.0.6 release.
>>>
>>> Regards,
>>> François
>
More information about the eduVPN-deploy
mailing list