tjo-cloud/network
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
network/README.md
Tine 5f312f17af
docs: dependencies
2024-11-03 19:02:09 +01:00

62 lines
2.3 KiB
Markdown
Raw Blame History

# `network.tjo.cloud`
Handling networking between nodes and between virtual machines.
# Architecture
<img align="left" src="docs/arhitecture.excalidraw.svg" width="40%">
__WAN interface__ either represents an actual public interface (on Hetzner) or an interface in home LAN that has port-forwarded ports to it from home router.
__LAN interface__ is an ordinary lan network.
__ingress.tjo.cloud__ has port-forwarded all public ports to it (22, 25, 80, 443, 587 etc.). No other VM is accessible from the internet.
__network.tjo.cloud__ establishes Tailscale VPN connection between other network.tjo.cloud VMs. Using subnet routing it makes it possible that each VM can connect to all other VMs on any Proxmox host.
# Subnets
| Host | IPv4 | IPv6 |
|------------|---------------|-----------------------|
| _reserved_ | 10.0.0.0/20 | fd9b:5314:0:0000::/52 |
| batuu | 10.0.16.0/20 | fd9b:5314:0:1000::/52 |
| jakku | 10.0.32.0/20 | fd9b:5314:0:2000::/52 |
| nevaroo | 10.0.48.0/20 | fd9b:5314:0:3000::/52 |
| | 10.0.64.0/20 | fd9b:5314:0:4000::/52 |
| | 10.0.80.0/20 | fd9b:5314:0:5000::/52 |
| | 10.0.96.0/20 | fd9b:5314:0:6000::/52 |
| | 10.0.112.0/20 | fd9b:5314:0:7000::/52 |
| | 10.0.128.0/20 | fd9b:5314:0:8000::/52 |
| | 10.0.144.0/20 | fd9b:5314:0:9000::/52 |
| | 10.0.160.0/20 | fd9b:5314:0:a000::/52 |
| | 10.0.176.0/20 | fd9b:5314:0:b000::/52 |
| | 10.0.192.0/20 | fd9b:5314:0:c000::/52 |
| | 10.0.208.0/20 | fd9b:5314:0:d000::/52 |
| | 10.0.224.0/20 | fd9b:5314:0:e000::/52 |
| | 10.0.240.0/20 | fd9b:5314:0:f000::/52 |
# Setting up new Host
### 1. Add new device to terraform.tfvars.
### 2. Manually configure vmbr0 and use import to import it.
### 3. Deploy terraform.
### 4. Manually configure Tailscale.
Ref: https://github.com/adyanth/openwrt-tailscale-enabler
```
opkg update
opkg install iptables-nft kmod-ipt-conntrack kmod-ipt-conntrack-extra kmod-ipt-conntrack-label kmod-ipt-nat kmod-nft-nat
tailscale up --accept-routes --advertise-routes=$IPV4_SUBNET,$IPV6_SUBNET --accept-dns=false --ssh
```
### 5. Configure `NAT`, `DHCP`.
# TODO
## IPv6 Connectivity.
As we assign private ipv6 addresses, we would have to ise ipv6 nat to translate those to real ipv6 addresses.
Reference in a new issue View git blame Copy permalink