From 74fa1908be5fefb76de69d7128f78a2a4414b305 Mon Sep 17 00:00:00 2001 From: Stefan Date: Sat, 4 Mar 2023 14:56:15 +0100 Subject: [PATCH] Keine ahnung --- conf.conf | 156 ++++++++++++++++++-- roles/00-ubuntu-basic/tasks/main.yml | 25 +--- roles/01-vpn-offloader-setup/tasks/main.yml | 20 ++- 3 files changed, 168 insertions(+), 33 deletions(-) diff --git a/conf.conf b/conf.conf index ed30c67..dbec209 100644 --- a/conf.conf +++ b/conf.conf @@ -6,9 +6,15 @@ interfaces { ethernet eth1 { address 172.16.7.1/24 description "Freifunk WAN" + ipv6 { + address { + autoconf + } + } } loopback lo { address 185.66.193.107/32 + address 2a03:2260:121:600::0/128 } tunnel tun0 { address 100.64.6.25/31 @@ -120,6 +126,18 @@ policy { prefix 185.66.193.107/32 } } + prefix-list6 FFRL-IN-6 { + rule 10 { + action permit + prefix ::/0 + } + } + prefix-list6 FFRL-OUT-6 { + rule 10 { + action permit + prefix 2a03:2260:121:600::/55 + } + } route-map FFRL-IN { rule 10 { action permit @@ -144,6 +162,30 @@ policy { } } } + route-map FFRL-IN-6 { + rule 10 { + action permit + match { + ipv6 { + address { + prefix-list FFRL-IN-6 + } + } + } + } + } + route-map FFRL-OUT-6 { + rule 10 { + action permit + match { + ipv6 { + address { + prefix-list FFRL-OUT-6 + } + } + } + } + } } protocols { bgp { @@ -152,6 +194,10 @@ protocols { network 185.66.193.107/32 { } } + ipv6-unicast { + network 2a03:2260:121:600::/55 { + } + } } neighbor 100.64.6.24 { address-family { @@ -231,12 +277,88 @@ protocols { remote-as 201701 update-source 100.64.6.35 } + neighbor 2a03:2260:0:30c::1 { + address-family { + ipv6-unicast { + route-map { + export FFRL-OUT-6 + import FFRL-IN-6 + } + } + } + remote-as 201701 + update-source 2a03:2260:0:30c::2 + } + neighbor 2a03:2260:0:30d::1 { + address-family { + ipv6-unicast { + route-map { + export FFRL-OUT-6 + import FFRL-IN-6 + } + } + } + remote-as 201701 + update-source 2a03:2260:0:30d::2 + } + neighbor 2a03:2260:0:30e::1 { + address-family { + ipv6-unicast { + route-map { + export FFRL-OUT-6 + import FFRL-IN-6 + } + } + } + remote-as 201701 + update-source 2a03:2260:0:30e::2 + } + neighbor 2a03:2260:0:30f::1 { + address-family { + ipv6-unicast { + route-map { + export FFRL-OUT-6 + import FFRL-IN-6 + } + } + } + remote-as 201701 + update-source 2a03:2260:0:30f::2 + } + neighbor 2a03:2260:0:310::1 { + address-family { + ipv6-unicast { + route-map { + export FFRL-OUT-6 + import FFRL-IN-6 + } + } + } + remote-as 201701 + update-source 2a03:2260:0:310::2 + } + neighbor 2a03:2260:0:311::1 { + address-family { + ipv6-unicast { + route-map { + export FFRL-OUT-6 + import FFRL-IN-6 + } + } + } + remote-as 201701 + update-source 2a03:2260:0:311::2 + } parameters { router-id 10.188.255.7 } system-as 65066 } static { + route6 2a03:2260:121:e000::/54 { + interface eth1 { + } + } table 42 { route 0.0.0.0/0 { next-hop 5.9.220.112 { @@ -276,6 +398,25 @@ service { server time3.vyos.net { } } + router-advert { + interface eth1 { + default-lifetime 300 + default-preference high + hop-limit 64 + interval { + max 30 + } + link-mtu 1500 + name-server 2001:4860:4860::8888 + other-config-flag + prefix 2a03:2260:121:600::/58 { + preferred-lifetime 300 + valid-lifetime 900 + } + reachable-time 90000 + retrans-timer 0 + } + } ssh { port 22 } @@ -307,14 +448,14 @@ system { } user vyos { authentication { - encrypted-password $6$WJiQoTPHLN8qj3s2$3vPtbSA48u8axMRDuOTaH4Hzg6kUuUJ8rkNuuSBacLfJ3YKRhDu5q4hxyhYr22n9F7E5NtovDM3A1.Ahpralf0 - plaintext-password "" + encrypted-password **************** + plaintext-password **************** public-keys nils { - key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== + key **************** type ssh-rsa } public-keys stefan { - key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB + key **************** type ssh-rsa } } @@ -330,9 +471,4 @@ system { } } } -} - - -// Warning: Do not remove the following line. -// vyos-config-version: "bgp@3:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@9:flow-accounting@1:https@4:ids@1:interfaces@26:ipoe-server@1:ipsec@11:isis@2:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@2:openconnect@2:ospf@1:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@10:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@25:vrf@3:vrrp@3:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2" -// Release version: 1.4-rolling-202302041536 +} \ No newline at end of file diff --git a/roles/00-ubuntu-basic/tasks/main.yml b/roles/00-ubuntu-basic/tasks/main.yml index 06b22b3..5c05713 100644 --- a/roles/00-ubuntu-basic/tasks/main.yml +++ b/roles/00-ubuntu-basic/tasks/main.yml @@ -1,4 +1,5 @@ --- +# Set System Hostname - name: Ensure hostname set hostname: name: "{{ inventory_hostname }}" @@ -16,10 +17,8 @@ test_command: whoami when: hostname_set.changed -# # Users defined in /vars/main.yml -# pub key files in /files/USER.key.pub -# +# pub key files in /files/{USER}.key.pub - name: "Create user accounts and add users to groups" user: @@ -41,9 +40,7 @@ line: '%wheel ALL=(ALL) NOPASSWD: ALL' validate: '/usr/sbin/visudo -cf %s' -# # Install basic packages for Ubuntu minimal Systems -# - name: Install all Packages ansible.builtin.apt: name: @@ -60,21 +57,5 @@ - iw - speedtest-cli - telnet - - libndp0 - - libndp-tools - - ndppd - - iptables-persistent state: latest - update_cache: yes - -# -# Copy ndppd Config -# - -- name: Generate NDPPD Config - ansible.builtin.template: - src: ndppd.conf.j2 - dest: /etc/ndppd.conf - owner: root - group: root - mode: 755 \ No newline at end of file + update_cache: yes \ No newline at end of file diff --git a/roles/01-vpn-offloader-setup/tasks/main.yml b/roles/01-vpn-offloader-setup/tasks/main.yml index a57c13d..ba5d35a 100644 --- a/roles/01-vpn-offloader-setup/tasks/main.yml +++ b/roles/01-vpn-offloader-setup/tasks/main.yml @@ -42,4 +42,22 @@ ansible.builtin.lineinfile: path: /etc/iproute2/rt_tables line: 42 ffrl - create: yes \ No newline at end of file + create: yes + +- name: Generate NDPPD Config + ansible.builtin.template: + src: ndppd.conf.j2 + dest: /etc/ndppd.conf + owner: root + group: root + mode: 755 + +- name: Install all Packages for VPN Servers + ansible.builtin.apt: + name: + - libndp0 + - libndp-tools + - ndppd + - iptables-persistent + state: latest + update_cache: yes \ No newline at end of file