Workshop:2018/05/24
From SOWNWiki
Workshop (to be) held on 2018/05/24 at 18:00 in Nuffield Small Lecture Room
Previous workshop: 10 May 2018 18:00:00 Next workshop: 14 June 2018 18:00:00
Contents
Task List
Projects
SOWN IPv4 Migration
- Switching over other servers to 162.78.103.160/27 addresses
- Sown-data1
- Sown-vms
- Sown-monitor - Want to retain DMZ IP until DNS switch can be done
- Sown-monitor-new - New IP as not currently on DMZ
Node Firmware
- Mobile interfaces code
- Discussion about rolling out more regular wireless config updates for better usage cap application and quicker SSID switching.
Documentation
- Always work to be done.
- Update topology diagram
802.11ac SOWN Zepler
- May get a chance to access server room to see if node can be remotely rebooted. Needs long enough disconnection to ensure PoE splitter is drained.
Todo List
- Figure out and fix why ttls-eap-mschapv2 RADIUS check is failing on auth2
- Munge check_eapol script to allow it to send RADIUS accounting start and stop messages to keep iSolutions happy
- Investigate why new ido2db are spawned when Icinga restarts after update_icinga_config
- Update staticly configured DNS nameservers to use University rather than old ECS ones
- Consider how to setup openwrt git repo and branches so it can easily be pushed/pulled on buildroot and buildroot-dev
- Get node to detect modified config files
- Configure server-side openvpn tunnels to work with ipv6
- Improve security of our OpenWRT packages
- More regular usage cap checking for nodes
- Review maintain_sown_tunnel script to see why old openvpn processes hang about
- Figure out how auth2.sown.org.uk should be register on SOWN and Soton DNS servers and configured in Apache
- Figure out how to setup LAN port on AR150 to passive passthrough
- Provide a mechanism to prevent certain MAC addresses connecting to certain nodes without breaking eduroam for those MACs
- review v4 firewall on sown-gw, tidy up and appropriately comment
- Figure out how the update_nass script within the admin site can be fixed to allow for multiple is1x mac addresses.
- Figure out why snmpd is missing on node303 and add it manually
- Fix validation on Node Interface to block "offerDhcpV6" with no IPv6 address
... more about "2018/05/24"