Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
beeb08eb01
ansible.fftdf.supernode/roles/vyos-config/templates/config.j2

444 lines
13 KiB
Plaintext
Raw Normal View History

Added config for vyos routers
2023-03-05 16:38:26 +00:00
interfaces {
ethernet eth0 {
address {{ wan_address }}
description WAN
}
ethernet eth1 {
address {{ lan_address }}/24
description "Freifunk WAN"
ipv6 {
address {
autoconf
}
}
}
loopback lo {
address {{ ffrl_address }}/32
address {{ ffrl_address_v6 }}
}
tunnel tun0 {
address {{ gre_ber_a_address }}{{gre_bb_transfer_net}}
address {{ gre_ber_a_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_ber_a_description }}
encapsulation gre
remote {{ gre_ber_a_remote }}
source-address {{ wan_address }}
}
tunnel tun1 {
address {{ gre_ber_b_address }}{{gre_bb_transfer_net}}
address {{ gre_ber_b_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_ber_b_description }}
encapsulation gre
remote {{ gre_ber_b_remote }}
source-address {{ wan_address }}
}
tunnel tun2 {
address {{ gre_a_dus_address }}{{gre_bb_transfer_net}}
address {{ gre_a_dus_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_a_dus_description }}
encapsulation gre
remote {{ gre_a_dus_remote }}
source-address {{ wan_address }}
}
tunnel tun3 {
address {{ gre_b_dus_address }}{{gre_bb_transfer_net}}
address {{ gre_b_dus_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_b_dus_description }}
encapsulation gre
remote {{ gre_b_dus_remote }}
source-address {{ wan_address }}
}
tunnel tun4 {
address {{ gre_a_fra_address }}{{gre_bb_transfer_net}}
address {{ gre_a_fra_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_a_fra_description }}
encapsulation gre
remote {{ gre_a_fra_remote }}
source-address {{ wan_address }}
}
tunnel tun5 {
address {{ gre_b_fra_address }}{{gre_bb_transfer_net}}
address {{ gre_b_fra_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_b_fra_description }}
encapsulation gre
remote {{ gre_b_fra_remote }}
source-address {{ wan_address }}
}
}
nat {
source {
rule 1 {
outbound-interface any
source {
address {{ lan_network }}
}
translation {
address {{ ffrl_address }}
}
}
}
}
policy {
local-route {
rule 10 {
set {
table 42
}
source {{ wan_address }}
}
}
prefix-list FFRL-IN {
rule 10 {
action permit
prefix 0.0.0.0/0
}
}
prefix-list FFRL-OUT {
rule 10 {
action permit
prefix {{ ffrl_address }}
}
}
prefix-list6 FFRL-IN-6 {
rule 10 {
action permit
prefix ::/0
}
}
prefix-list6 FFRL-OUT-6 {
rule 10 {
action permit
prefix {{ ffrl_net_v6 }}
}
}
route-map FFRL-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list FFRL-IN
}
}
}
}
}
route-map FFRL-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list FFRL-OUT
}
}
}
}
}
route-map FFRL-IN-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-IN-6
}
}
}
}
}
route-map FFRL-OUT-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-OUT-6
}
}
}
}
}
}
protocols {
bgp {
address-family {
ipv4-unicast {
network {{ ffrl_address }} {
}
}
ipv6-unicast {
network {{ ffrl_net_v6 }} {
}
}
}
neighbor {{ gre_ber_a_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_ber_a_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_a_address }}
}
neighbor {{ gre_ber_b_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_ber_b_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_b_address }}
}
neighbor {{ gre_a_dus_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_a_dus_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_dus_address }}
}
neighbor {{ gre_b_dus_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_b_dus_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_dus_address }}
}
neighbor {{ gre_a_fra_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_a_fra_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_fra_address }}
}
neighbor {{ gre_b_fra_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_b_fra_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_fra_address }}
}
neighbor {{ gre_ber_a_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_a_address_v6 }}
}
neighbor {{ gre_ber_b_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_b_address_v6 }}
}
neighbor {{ gre_a_dus_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_dus_address_v6 }}
}
neighbor {{ gre_b_dus_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_dus_address_v6 }}
}
neighbor {{ gre_a_fra_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_fra_address_v6 }}
}
neighbor {{ gre_b_fra_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_fra_address_v6 }}
}
parameters {
router-id {{ wan_address }}
}
system-as {{ gre_bb_local_as }}
}
static {
table 42 {
route 0.0.0.0/0 {
next-hop {{ wan_gateway }} {
}
}
}
}
}
service {
dhcp-server {
listen-address {{ lan_address }}
shared-network-name freifunk {
subnet {{ lan_network }} {
default-router {{ lan_address }}
name-server 1.1.1.1
name-server 1.0.0.1
range dhcp {
start {{ dhcp_start }}
stop {{ dhcp_end }}
}
{% if static_dhcp_leases is defined %}
{% for lease in static_dhcp_leases.keys() %}
static-mapping {{ lease }} {
ip-address {{ static_dhcp_leases[lease].ip_address }}
mac-address {{ static_dhcp_leases[lease].mac_address }}
}
{% endfor %}
{% endif %}
}
}
}
ntp {
allow-client {
address 0.0.0.0/0
address ::/0
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
router-advert {
interface eth1 {
default-lifetime 300
default-preference high
hop-limit 64
interval {
max 30
}
link-mtu 1500
name-server 2606:4700:4700::1111
prefix {{ ffrl_net_v6 }} {
preferred-lifetime 300
valid-lifetime 900
}
reachable-time 90000
retrans-timer 0
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name {{ inventory_hostname }}
login {
banner {
post-login "Welcome to the core Freifunk Router for Troisdorf!\n\nEnjoy it while you are here!\n"
}
user vyos {
authentication {
public-keys nils {
key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ==
type ssh-rsa
}
public-keys stefan {
key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB
type ssh-rsa
}
}
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}
Reference in New Issue Copy Permalink