Mastodawn

Kevin Karhan

Dec 25, 2024

To answer @pearl's original question:

#pfSense & #OPNsense allow importing and exporting the entire systems configuration as a single #XML file and #tnsr should have support for #Ansible...

Maybe @geerlingguy is having a closer look at #CI / #CD-ing #SDN distros.

Personally, I'd stick to non-automated but well documented networking like #LawrenceSystems.

asyncmeow (pearl) (@[email protected])

networking nerds of fedi are there any good software-based routers that i can easily configure with tools like terraform? im sick of manually managing stuff in the opnsense web ui... the features i need supported on the router and configurable via terraform would be (using the terminology opnsense has for everything where applicable) - virtual IPs - NAT between a WAN network and several internal networks (incl. port forwarding and SNAT based on source subnet) - wireguard VPNs - DHCP static leases - internal DNS from DHCP leases - BGP routing - simple routing between many internal networks, with firewalling between the networks (ie. networks should be mostly isolated, but there's a few holes punched through for some shared services)

rrr.sh

Show thread

ClickyMcTicker

@kkarhan @pearl @geerlingguy All of the enterprise level equipment supports loading configurations from files, pretty much. *sense, tnsr, vyos, Cisco, juniper, presumably Aruba.

Those configs usually come from working hardware that dies, though. If that person can craft full configurations from scratch and drop them fully functional in a router, I have a job paying several hundreds of thousands of dollars to offer them.

Show thread

Kevin Karhan

Dec 25, 2024

@ClickyMcTicker @pearl @geerlingguy

From scratch should (and would) be possible if said #configuration isn't just proprietary bs but actually following a documented syntax akin to any proper #configuration.

I assume this is NOT the case cuz otherwise you'd not offer said job.

Not to mention #vendors prefer #siloing amd #Enshittifying products, so having #InterchangeableFormats goes against their primary #commercial interests.

We can see this peak with #Cisco & #Microsoft pushing both proprietary #SingleVendor & #SingleProvider standards, #patenting the implementation (i.e. #VRRP) and sueing everyone who wants to implement them (i.e. #CARP had to do a shitton of redundant work!) whilst also refusing to follow #Standards (i.e. #Posix new line ) & #Conventions (I've seen literal CISCO <=> #IETF dictionaries!)...