diff --git a/edgerouter_configs/edge1.md b/edgerouter_configs/edge1.md deleted file mode 100755 index 03535e0..0000000 --- a/edgerouter_configs/edge1.md +++ /dev/null @@ -1,123 +0,0 @@ -## Install Wireguard -cd /tmp -curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb -sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb - -#### -cd /config/auth -wg genkey | tee /config/auth/wg.key | wg pubkey > wg.public -cat wg.public -cat wg.key -#### - -set firewall all-ping enable -set firewall broadcast-ping disable -set firewall group network-group LAN-VPN-V6 description 'Networks on LAN destined to go out VPN by default' -set firewall group ipv6-network-group LAN-VPN-V6 ipv6-network '2a03:2260:121:603::/64' -set firewall group network-group LAN-VPN description 'Networks on LAN destined to go out VPN by default' -set firewall group network-group LAN-VPN network 10.1.0.0/16 - -set firewall ipv6-modify LAN_to_VPN_V6 rule 1 action modify -set firewall ipv6-modify LAN_to_VPN_V6 rule 1 modify table 2 -set firewall ipv6-modify LAN_to_VPN_V6 rule 1 source group ipv6-network-group LAN-VPN-V6 -set firewall ipv6-modify LAN_to_VPN_V6 rule 100 description 'Route traffic from group LAN-VPN through LAN_to_VPN_V6 table' -set firewall ipv6-receive-redirects disable -set firewall ipv6-src-route disable -set firewall ip-src-route disable -set firewall log-martians enable -set firewall modify LAN_to_VPN rule 100 action modify -set firewall modify LAN_to_VPN rule 100 description 'Route traffic from group LAN-VPN through LAN_to_VPN table' -set firewall modify LAN_to_VPN rule 100 modify table 2 -set firewall modify LAN_to_VPN rule 100 source group network-group LAN-VPN -set firewall name WAN_LOCAL default-action drop -set firewall name WAN_LOCAL rule 20 action accept -set firewall name WAN_LOCAL rule 20 description WireGuard -set firewall name WAN_LOCAL rule 20 destination port 51821 -set firewall name WAN_LOCAL rule 20 protocol udp -set firewall options mss-clamp interface-type all -set firewall options mss-clamp mss 1340 -set firewall options mss-clamp6 interface-type all -set firewall options mss-clamp6 mss 1340 -set firewall receive-redirects disable -set firewall send-redirects enable -set firewall source-validation disable -set firewall syn-cookies enable -set interfaces ethernet eth0 address dhcp -set interfaces ethernet eth0 description 'Internet via DHCP' -set interfaces ethernet eth0 duplex auto -set interfaces ethernet eth0 speed auto -set interfaces ethernet eth1 description Local -set interfaces ethernet eth1 duplex auto -set interfaces ethernet eth1 speed auto -set interfaces ethernet eth2 description Local -set interfaces ethernet eth2 duplex auto -set interfaces ethernet eth2 speed auto -set interfaces ethernet eth3 description Local -set interfaces ethernet eth3 duplex auto -set interfaces ethernet eth3 speed auto -set interfaces ethernet eth4 description Local -set interfaces ethernet eth4 duplex auto -set interfaces ethernet eth4 poe output off -set interfaces ethernet eth4 speed auto -set interfaces loopback lo -set interfaces switch switch0 address 10.1.0.1/24 -set interfaces switch switch0 address '2a03:2260:121:603::1/64' -set interfaces switch switch0 description Local -set interfaces switch switch0 firewall in ipv6-modify LAN_to_VPN_V6 -set interfaces switch switch0 firewall in modify LAN_to_VPN -set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1 -set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64 -set interfaces switch switch0 ipv6 router-advert link-mtu 1328 -set interfaces switch switch0 ipv6 router-advert managed-flag true -set interfaces switch switch0 ipv6 router-advert max-interval 600 -set interfaces switch switch0 ipv6 router-advert name-server '2606:4700:4700::1111' -set interfaces switch switch0 ipv6 router-advert other-config-flag false -set interfaces switch switch0 ipv6 router-advert prefix '2a03:2260:121:603::/64' autonomous-flag true -set interfaces switch switch0 ipv6 router-advert prefix '2a03:2260:121:603::/64' on-link-flag true -set interfaces switch switch0 ipv6 router-advert prefix '2a03:2260:121:603::/64' valid-lifetime 2592000 -set interfaces switch switch0 ipv6 router-advert reachable-time 0 -set interfaces switch switch0 ipv6 router-advert retrans-timer 0 -set interfaces switch switch0 ipv6 router-advert send-advert true -set interfaces switch switch0 mtu 1500 -set interfaces switch switch0 switch-port interface eth1 -set interfaces switch switch0 switch-port interface eth2 -set interfaces switch switch0 switch-port interface eth3 -set interfaces switch switch0 switch-port interface eth4 -set interfaces switch switch0 switch-port vlan-aware disable -set interfaces wireguard wg0 address 10.255.1.2/24 -set interfaces wireguard wg0 address 2a03:2260:121:600::1/64 -set interfaces wireguard wg0 listen-port 51822 -set interfaces wireguard wg0 mtu 1380 -set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips 0.0.0.0/0 -set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips '::0/0' -set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= endpoint 'vpn01.fftdf.de:42001' -set interfaces wireguard wg0 private-key /config/auth/wg.key -set interfaces wireguard wg0 route-allowed-ips false -set protocols static interface-route6 '::/0' next-hop-interface wg0 -set protocols static table 2 route 0.0.0.0/0 next-hop 10.255.1.1 -set protocols static table 2 interface-route6 '::/0' next-hop-interface wg0 -set protocols static interface-route6 '::/0' next-hop-interface wg0 -set service dhcp-server disabled false -set service dhcp-server hostfile-update disable -set service dhcp-server shared-network-name LAN authoritative enable -set service dhcp-server shared-network-name LAN subnet 10.1.0.1/24 default-router 10.1.0.1/24 -set service dhcp-server shared-network-name LAN subnet 10.1.0.1/24 dns-server 10.1.0.1/24 -set service dhcp-server shared-network-name LAN subnet 10.1.0.1/24 lease 86400 -set service dhcp-server shared-network-name LAN subnet 10.1.0.1/24 start 10.1.0.38 stop 10.1.0.243 -set service dhcp-server static-arp disable -set service dhcp-server use-dnsmasq disable -set service dns forwarding cache-size 150 -set service dns forwarding listen-on switch0 -set service gui http-port 80 -set service gui https-port 443 -set service gui older-ciphers enable -set service nat rule 5010 description 'masquerade for VPN' -set service nat rule 5010 outbound-interface wg0 -set service nat rule 5010 protocol all -set service nat rule 5010 type masquerade -set service ssh port 22 -set service ssh protocol-version v2 -set service unms -set service unms connection 'wss://unifi.freifunk-troisdorf.de:443+Jo_M9kbCiIXmkICVA15YT0fdMVHQPQw0qGSHnwuj_XUAAAAA+allowUntrustedCertificate' -set system host-name edge1 -set system time-zone UTC \ No newline at end of file