Without masquerading, packets sent by the gateway through the TUN
interface use the wrong source address (the TUN device's address)
instead of the gateway's actual network interface.
We set this env variable in all our uses of the gateway, thus we might
as well remove it and always perform unconditionally.
---------
Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
Co-authored-by: Reactor Scram <ReactorScram@users.noreply.github.com>
- Adds the AWS equivalent of our GCP scalable NAT Gateway.
- Adds a new kb section `/kb/automate` that will contain various
automation / IaaC recipes going forward. It's better to have these
guides in the main docs with all the other info.
~~Will update the GCP example in another PR.~~
Portal helper docs in the gateway deploy page will come in another PR
after this is merged.
* Small typo in AWS bastion host was preventing unattended upgrades.
* Update all AWS modules to recreate the EC2 instance if the `user_data`
is ever changed.
Why:
* The previous terraform was not replacing the EC2 instance when the
`user_data` changed. This resulted in the instance only being restarted,
which meant the latest gateway image would not be pulled down. This also
highlighted the fact that the systemd unit file for the gateway was not
quite correct and if the system were to ever reboot the gateway would
not start automatically. Both issues have been corrected with this
commit.
Why:
* The previous command that was used to start the gateway running in AWS
was not explicitly using any `sysctl` flags in the command. This ended
up causing issues with IPv6 in the container, even though the sysctl
properties on the host were set as expected. Adding the `sysctl` flags
to the command allows the container to work as expected.
Why:
* Previously the terraform for all of the AWS infra was created and run
outside of the mono repo. While this was very quick to setup and work
with, keeping the gateway up to date was easy to forget about. Moving
all of the AWS infra TF into the mono repo will allow everything to stay
up to date and will make sure everyone has easy access to update any of
the infra as needed.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
