ansible.fftdf.supernode/conf.conf

474 lines
11 KiB
Plaintext
Raw Normal View History

2023-02-06 22:13:32 +00:00
interfaces {
ethernet eth0 {
address 5.9.220.113/29
description WAN
}
ethernet eth1 {
address 172.16.7.1/24
description "Freifunk WAN"
2023-03-04 13:56:15 +00:00
ipv6 {
address {
autoconf
}
}
2023-02-06 22:13:32 +00:00
}
loopback lo {
address 185.66.193.107/32
2023-03-04 13:56:15 +00:00
address 2a03:2260:121:600::0/128
2023-02-06 22:13:32 +00:00
}
tunnel tun0 {
address 100.64.6.25/31
address 2a03:2260:0:30c::2/64
description gre_bb_a_ak_ber
encapsulation gre
remote 185.66.195.0
source-address 5.9.220.113
}
tunnel tun1 {
address 100.64.6.31/31
address 2a03:2260:0:30f::2/64
description gre_bb_b_ak_ber
encapsulation gre
remote 185.66.195.1
source-address 5.9.220.113
}
tunnel tun2 {
address 100.64.6.29/31
address 2a03:2260:0:30e::2/64
description gre_bb_a_ix_dus
encapsulation gre
remote 185.66.193.0
source-address 5.9.220.113
}
tunnel tun3 {
address 100.64.6.35/31
address 2a03:2260:0:311::2/64
description gre_bb_b_ix_dus
encapsulation gre
remote 185.66.193.1
source-address 5.9.220.113
}
tunnel tun4 {
address 100.64.6.27/31
address 2a03:2260:0:30d::2/64
description gre_bb_a_fra3_f
encapsulation gre
remote 185.66.194.0
source-address 5.9.220.113
}
tunnel tun5 {
address 100.64.6.33/31
address 2a03:2260:0:310::2/64
description gre-bb-b.fra3.f
encapsulation gre
remote 185.66.194.1
source-address 5.9.220.113
}
}
nat {
destination {
rule 1 {
description "Allow SSH to VPN-01 Port 2222"
destination {
address 185.66.193.107/32
port 2222
}
inbound-interface any
protocol tcp
translation {
address 172.16.7.2
port 22
}
}
rule 2 {
description "Wireguard VPN-01 42001"
destination {
address 185.66.193.107
port 42001
}
inbound-interface any
protocol udp
translation {
address 172.16.7.2
}
}
}
source {
rule 1 {
outbound-interface any
source {
address 172.16.7.0/24
}
translation {
address 185.66.193.107
}
}
}
}
policy {
local-route {
rule 10 {
set {
table 42
}
source 5.9.220.113
}
}
prefix-list FFRL-IN {
rule 10 {
action permit
prefix 0.0.0.0/0
}
}
prefix-list FFRL-OUT {
rule 10 {
action permit
prefix 185.66.193.107/32
}
}
2023-03-04 13:56:15 +00:00
prefix-list6 FFRL-IN-6 {
rule 10 {
action permit
prefix ::/0
}
}
prefix-list6 FFRL-OUT-6 {
rule 10 {
action permit
prefix 2a03:2260:121:600::/55
}
}
2023-02-06 22:13:32 +00:00
route-map FFRL-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list FFRL-IN
}
}
}
}
}
route-map FFRL-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list FFRL-OUT
}
}
}
}
}
2023-03-04 13:56:15 +00:00
route-map FFRL-IN-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-IN-6
}
}
}
}
}
route-map FFRL-OUT-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-OUT-6
}
}
}
}
}
2023-02-06 22:13:32 +00:00
}
protocols {
bgp {
address-family {
ipv4-unicast {
network 185.66.193.107/32 {
}
}
2023-03-04 13:56:15 +00:00
ipv6-unicast {
network 2a03:2260:121:600::/55 {
}
}
2023-02-06 22:13:32 +00:00
}
neighbor 100.64.6.24 {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description ffrl_bb_a_ak_ber
remote-as 201701
update-source 100.64.6.25
}
neighbor 100.64.6.26 {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description ffrl_bb_a_fra3_fra
remote-as 201701
update-source 100.64.6.27
}
neighbor 100.64.6.28 {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description ffrl_bb_a_ix_dus
remote-as 201701
update-source 100.64.6.29
}
neighbor 100.64.6.30 {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description ffrl_bb_b_ak_ber
remote-as 201701
update-source 100.64.6.31
}
neighbor 100.64.6.32 {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description ffrl_bb_b_fra3_fra
remote-as 201701
update-source 100.64.6.33
}
neighbor 100.64.6.34 {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description ffrl_bb_b_ix_dus
remote-as 201701
update-source 100.64.6.35
}
2023-03-04 13:56:15 +00:00
neighbor 2a03:2260:0:30c::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30c::2
}
neighbor 2a03:2260:0:30d::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30d::2
}
neighbor 2a03:2260:0:30e::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30e::2
}
neighbor 2a03:2260:0:30f::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30f::2
}
neighbor 2a03:2260:0:310::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:310::2
}
neighbor 2a03:2260:0:311::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:311::2
}
2023-02-06 22:13:32 +00:00
parameters {
router-id 10.188.255.7
}
system-as 65066
}
static {
2023-03-04 13:56:15 +00:00
route6 2a03:2260:121:e000::/54 {
interface eth1 {
}
}
2023-02-06 22:13:32 +00:00
table 42 {
route 0.0.0.0/0 {
next-hop 5.9.220.112 {
}
}
}
}
}
service {
dhcp-server {
listen-address 172.16.7.1
shared-network-name freifunk {
subnet 172.16.7.0/24 {
default-router 172.16.7.1
name-server 1.1.1.1
name-server 1.0.0.1
range dhcp {
start 172.16.7.10
stop 172.16.7.200
}
static-mapping vpn-01 {
ip-address 172.16.7.2
mac-address 36:f3:82:18:9b:03
}
}
}
}
ntp {
allow-client {
address 0.0.0.0/0
address ::/0
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
2023-03-04 13:56:15 +00:00
router-advert {
interface eth1 {
default-lifetime 300
default-preference high
hop-limit 64
interval {
max 30
}
link-mtu 1500
name-server 2001:4860:4860::8888
other-config-flag
prefix 2a03:2260:121:600::/58 {
preferred-lifetime 300
valid-lifetime 900
}
reachable-time 90000
retrans-timer 0
}
}
2023-02-06 22:13:32 +00:00
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name 7.fftdf.de
login {
banner {
post-login "Welcome to the core Freifunk Router for Troisdorf!\n\nEnjoy it while you are here!\n"
}
user vyos {
authentication {
2023-03-04 13:56:15 +00:00
encrypted-password ****************
plaintext-password ****************
2023-02-06 22:13:32 +00:00
public-keys nils {
2023-03-04 13:56:15 +00:00
key ****************
2023-02-06 22:13:32 +00:00
type ssh-rsa
}
public-keys stefan {
2023-03-04 13:56:15 +00:00
key ****************
2023-02-06 22:13:32 +00:00
type ssh-rsa
}
}
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
2023-03-04 13:56:15 +00:00
}