339 lines
9.5 KiB
Plaintext
339 lines
9.5 KiB
Plaintext
|
interfaces {
|
||
|
ethernet eth0 {
|
||
|
address 5.9.220.113/29
|
||
|
description WAN
|
||
|
}
|
||
|
ethernet eth1 {
|
||
|
address 172.16.7.1/24
|
||
|
description "Freifunk WAN"
|
||
|
}
|
||
|
loopback lo {
|
||
|
address 185.66.193.107/32
|
||
|
}
|
||
|
tunnel tun0 {
|
||
|
address 100.64.6.25/31
|
||
|
address 2a03:2260:0:30c::2/64
|
||
|
description gre_bb_a_ak_ber
|
||
|
encapsulation gre
|
||
|
remote 185.66.195.0
|
||
|
source-address 5.9.220.113
|
||
|
}
|
||
|
tunnel tun1 {
|
||
|
address 100.64.6.31/31
|
||
|
address 2a03:2260:0:30f::2/64
|
||
|
description gre_bb_b_ak_ber
|
||
|
encapsulation gre
|
||
|
remote 185.66.195.1
|
||
|
source-address 5.9.220.113
|
||
|
}
|
||
|
tunnel tun2 {
|
||
|
address 100.64.6.29/31
|
||
|
address 2a03:2260:0:30e::2/64
|
||
|
description gre_bb_a_ix_dus
|
||
|
encapsulation gre
|
||
|
remote 185.66.193.0
|
||
|
source-address 5.9.220.113
|
||
|
}
|
||
|
tunnel tun3 {
|
||
|
address 100.64.6.35/31
|
||
|
address 2a03:2260:0:311::2/64
|
||
|
description gre_bb_b_ix_dus
|
||
|
encapsulation gre
|
||
|
remote 185.66.193.1
|
||
|
source-address 5.9.220.113
|
||
|
}
|
||
|
tunnel tun4 {
|
||
|
address 100.64.6.27/31
|
||
|
address 2a03:2260:0:30d::2/64
|
||
|
description gre_bb_a_fra3_f
|
||
|
encapsulation gre
|
||
|
remote 185.66.194.0
|
||
|
source-address 5.9.220.113
|
||
|
}
|
||
|
tunnel tun5 {
|
||
|
address 100.64.6.33/31
|
||
|
address 2a03:2260:0:310::2/64
|
||
|
description gre-bb-b.fra3.f
|
||
|
encapsulation gre
|
||
|
remote 185.66.194.1
|
||
|
source-address 5.9.220.113
|
||
|
}
|
||
|
}
|
||
|
nat {
|
||
|
destination {
|
||
|
rule 1 {
|
||
|
description "Allow SSH to VPN-01 Port 2222"
|
||
|
destination {
|
||
|
address 185.66.193.107/32
|
||
|
port 2222
|
||
|
}
|
||
|
inbound-interface any
|
||
|
protocol tcp
|
||
|
translation {
|
||
|
address 172.16.7.2
|
||
|
port 22
|
||
|
}
|
||
|
}
|
||
|
rule 2 {
|
||
|
description "Wireguard VPN-01 42001"
|
||
|
destination {
|
||
|
address 185.66.193.107
|
||
|
port 42001
|
||
|
}
|
||
|
inbound-interface any
|
||
|
protocol udp
|
||
|
translation {
|
||
|
address 172.16.7.2
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
source {
|
||
|
rule 1 {
|
||
|
outbound-interface any
|
||
|
source {
|
||
|
address 172.16.7.0/24
|
||
|
}
|
||
|
translation {
|
||
|
address 185.66.193.107
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
policy {
|
||
|
local-route {
|
||
|
rule 10 {
|
||
|
set {
|
||
|
table 42
|
||
|
}
|
||
|
source 5.9.220.113
|
||
|
}
|
||
|
}
|
||
|
prefix-list FFRL-IN {
|
||
|
rule 10 {
|
||
|
action permit
|
||
|
prefix 0.0.0.0/0
|
||
|
}
|
||
|
}
|
||
|
prefix-list FFRL-OUT {
|
||
|
rule 10 {
|
||
|
action permit
|
||
|
prefix 185.66.193.107/32
|
||
|
}
|
||
|
}
|
||
|
route-map FFRL-IN {
|
||
|
rule 10 {
|
||
|
action permit
|
||
|
match {
|
||
|
ip {
|
||
|
address {
|
||
|
prefix-list FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
route-map FFRL-OUT {
|
||
|
rule 10 {
|
||
|
action permit
|
||
|
match {
|
||
|
ip {
|
||
|
address {
|
||
|
prefix-list FFRL-OUT
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
protocols {
|
||
|
bgp {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
network 185.66.193.107/32 {
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
neighbor 100.64.6.24 {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
route-map {
|
||
|
export FFRL-OUT
|
||
|
import FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
description ffrl_bb_a_ak_ber
|
||
|
remote-as 201701
|
||
|
update-source 100.64.6.25
|
||
|
}
|
||
|
neighbor 100.64.6.26 {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
route-map {
|
||
|
export FFRL-OUT
|
||
|
import FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
description ffrl_bb_a_fra3_fra
|
||
|
remote-as 201701
|
||
|
update-source 100.64.6.27
|
||
|
}
|
||
|
neighbor 100.64.6.28 {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
route-map {
|
||
|
export FFRL-OUT
|
||
|
import FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
description ffrl_bb_a_ix_dus
|
||
|
remote-as 201701
|
||
|
update-source 100.64.6.29
|
||
|
}
|
||
|
neighbor 100.64.6.30 {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
route-map {
|
||
|
export FFRL-OUT
|
||
|
import FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
description ffrl_bb_b_ak_ber
|
||
|
remote-as 201701
|
||
|
update-source 100.64.6.31
|
||
|
}
|
||
|
neighbor 100.64.6.32 {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
route-map {
|
||
|
export FFRL-OUT
|
||
|
import FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
description ffrl_bb_b_fra3_fra
|
||
|
remote-as 201701
|
||
|
update-source 100.64.6.33
|
||
|
}
|
||
|
neighbor 100.64.6.34 {
|
||
|
address-family {
|
||
|
ipv4-unicast {
|
||
|
route-map {
|
||
|
export FFRL-OUT
|
||
|
import FFRL-IN
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
description ffrl_bb_b_ix_dus
|
||
|
remote-as 201701
|
||
|
update-source 100.64.6.35
|
||
|
}
|
||
|
parameters {
|
||
|
router-id 10.188.255.7
|
||
|
}
|
||
|
system-as 65066
|
||
|
}
|
||
|
static {
|
||
|
table 42 {
|
||
|
route 0.0.0.0/0 {
|
||
|
next-hop 5.9.220.112 {
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
service {
|
||
|
dhcp-server {
|
||
|
listen-address 172.16.7.1
|
||
|
shared-network-name freifunk {
|
||
|
subnet 172.16.7.0/24 {
|
||
|
default-router 172.16.7.1
|
||
|
name-server 1.1.1.1
|
||
|
name-server 1.0.0.1
|
||
|
range dhcp {
|
||
|
start 172.16.7.10
|
||
|
stop 172.16.7.200
|
||
|
}
|
||
|
static-mapping vpn-01 {
|
||
|
ip-address 172.16.7.2
|
||
|
mac-address 36:f3:82:18:9b:03
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
ntp {
|
||
|
allow-client {
|
||
|
address 0.0.0.0/0
|
||
|
address ::/0
|
||
|
}
|
||
|
server time1.vyos.net {
|
||
|
}
|
||
|
server time2.vyos.net {
|
||
|
}
|
||
|
server time3.vyos.net {
|
||
|
}
|
||
|
}
|
||
|
ssh {
|
||
|
port 22
|
||
|
}
|
||
|
}
|
||
|
system {
|
||
|
config-management {
|
||
|
commit-revisions 100
|
||
|
}
|
||
|
conntrack {
|
||
|
modules {
|
||
|
ftp
|
||
|
h323
|
||
|
nfs
|
||
|
pptp
|
||
|
sip
|
||
|
sqlnet
|
||
|
tftp
|
||
|
}
|
||
|
}
|
||
|
console {
|
||
|
device ttyS0 {
|
||
|
speed 115200
|
||
|
}
|
||
|
}
|
||
|
host-name 7.fftdf.de
|
||
|
login {
|
||
|
banner {
|
||
|
post-login "Welcome to the core Freifunk Router for Troisdorf!\n\nEnjoy it while you are here!\n"
|
||
|
}
|
||
|
user vyos {
|
||
|
authentication {
|
||
|
encrypted-password $6$WJiQoTPHLN8qj3s2$3vPtbSA48u8axMRDuOTaH4Hzg6kUuUJ8rkNuuSBacLfJ3YKRhDu5q4hxyhYr22n9F7E5NtovDM3A1.Ahpralf0
|
||
|
plaintext-password ""
|
||
|
public-keys nils {
|
||
|
key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ==
|
||
|
type ssh-rsa
|
||
|
}
|
||
|
public-keys stefan {
|
||
|
key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB
|
||
|
type ssh-rsa
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
syslog {
|
||
|
global {
|
||
|
facility all {
|
||
|
level info
|
||
|
}
|
||
|
facility protocols {
|
||
|
level debug
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
// Warning: Do not remove the following line.
|
||
|
// vyos-config-version: "bgp@3:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@9:flow-accounting@1:https@4:ids@1:interfaces@26:ipoe-server@1:ipsec@11:isis@2:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@2:openconnect@2:ospf@1:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@10:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@25:vrf@3:vrrp@3:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
|
||
|
// Release version: 1.4-rolling-202302041536
|