Keine ahnung
This commit is contained in:
parent
199b22a3c5
commit
74fa1908be
156
conf.conf
156
conf.conf
@ -6,9 +6,15 @@ interfaces {
|
|||||||
ethernet eth1 {
|
ethernet eth1 {
|
||||||
address 172.16.7.1/24
|
address 172.16.7.1/24
|
||||||
description "Freifunk WAN"
|
description "Freifunk WAN"
|
||||||
|
ipv6 {
|
||||||
|
address {
|
||||||
|
autoconf
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
loopback lo {
|
loopback lo {
|
||||||
address 185.66.193.107/32
|
address 185.66.193.107/32
|
||||||
|
address 2a03:2260:121:600::0/128
|
||||||
}
|
}
|
||||||
tunnel tun0 {
|
tunnel tun0 {
|
||||||
address 100.64.6.25/31
|
address 100.64.6.25/31
|
||||||
@ -120,6 +126,18 @@ policy {
|
|||||||
prefix 185.66.193.107/32
|
prefix 185.66.193.107/32
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
prefix-list6 FFRL-IN-6 {
|
||||||
|
rule 10 {
|
||||||
|
action permit
|
||||||
|
prefix ::/0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
prefix-list6 FFRL-OUT-6 {
|
||||||
|
rule 10 {
|
||||||
|
action permit
|
||||||
|
prefix 2a03:2260:121:600::/55
|
||||||
|
}
|
||||||
|
}
|
||||||
route-map FFRL-IN {
|
route-map FFRL-IN {
|
||||||
rule 10 {
|
rule 10 {
|
||||||
action permit
|
action permit
|
||||||
@ -144,6 +162,30 @@ policy {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
route-map FFRL-IN-6 {
|
||||||
|
rule 10 {
|
||||||
|
action permit
|
||||||
|
match {
|
||||||
|
ipv6 {
|
||||||
|
address {
|
||||||
|
prefix-list FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
route-map FFRL-OUT-6 {
|
||||||
|
rule 10 {
|
||||||
|
action permit
|
||||||
|
match {
|
||||||
|
ipv6 {
|
||||||
|
address {
|
||||||
|
prefix-list FFRL-OUT-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
protocols {
|
protocols {
|
||||||
bgp {
|
bgp {
|
||||||
@ -152,6 +194,10 @@ protocols {
|
|||||||
network 185.66.193.107/32 {
|
network 185.66.193.107/32 {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
ipv6-unicast {
|
||||||
|
network 2a03:2260:121:600::/55 {
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
neighbor 100.64.6.24 {
|
neighbor 100.64.6.24 {
|
||||||
address-family {
|
address-family {
|
||||||
@ -231,12 +277,88 @@ protocols {
|
|||||||
remote-as 201701
|
remote-as 201701
|
||||||
update-source 100.64.6.35
|
update-source 100.64.6.35
|
||||||
}
|
}
|
||||||
|
neighbor 2a03:2260:0:30c::1 {
|
||||||
|
address-family {
|
||||||
|
ipv6-unicast {
|
||||||
|
route-map {
|
||||||
|
export FFRL-OUT-6
|
||||||
|
import FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
remote-as 201701
|
||||||
|
update-source 2a03:2260:0:30c::2
|
||||||
|
}
|
||||||
|
neighbor 2a03:2260:0:30d::1 {
|
||||||
|
address-family {
|
||||||
|
ipv6-unicast {
|
||||||
|
route-map {
|
||||||
|
export FFRL-OUT-6
|
||||||
|
import FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
remote-as 201701
|
||||||
|
update-source 2a03:2260:0:30d::2
|
||||||
|
}
|
||||||
|
neighbor 2a03:2260:0:30e::1 {
|
||||||
|
address-family {
|
||||||
|
ipv6-unicast {
|
||||||
|
route-map {
|
||||||
|
export FFRL-OUT-6
|
||||||
|
import FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
remote-as 201701
|
||||||
|
update-source 2a03:2260:0:30e::2
|
||||||
|
}
|
||||||
|
neighbor 2a03:2260:0:30f::1 {
|
||||||
|
address-family {
|
||||||
|
ipv6-unicast {
|
||||||
|
route-map {
|
||||||
|
export FFRL-OUT-6
|
||||||
|
import FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
remote-as 201701
|
||||||
|
update-source 2a03:2260:0:30f::2
|
||||||
|
}
|
||||||
|
neighbor 2a03:2260:0:310::1 {
|
||||||
|
address-family {
|
||||||
|
ipv6-unicast {
|
||||||
|
route-map {
|
||||||
|
export FFRL-OUT-6
|
||||||
|
import FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
remote-as 201701
|
||||||
|
update-source 2a03:2260:0:310::2
|
||||||
|
}
|
||||||
|
neighbor 2a03:2260:0:311::1 {
|
||||||
|
address-family {
|
||||||
|
ipv6-unicast {
|
||||||
|
route-map {
|
||||||
|
export FFRL-OUT-6
|
||||||
|
import FFRL-IN-6
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
remote-as 201701
|
||||||
|
update-source 2a03:2260:0:311::2
|
||||||
|
}
|
||||||
parameters {
|
parameters {
|
||||||
router-id 10.188.255.7
|
router-id 10.188.255.7
|
||||||
}
|
}
|
||||||
system-as 65066
|
system-as 65066
|
||||||
}
|
}
|
||||||
static {
|
static {
|
||||||
|
route6 2a03:2260:121:e000::/54 {
|
||||||
|
interface eth1 {
|
||||||
|
}
|
||||||
|
}
|
||||||
table 42 {
|
table 42 {
|
||||||
route 0.0.0.0/0 {
|
route 0.0.0.0/0 {
|
||||||
next-hop 5.9.220.112 {
|
next-hop 5.9.220.112 {
|
||||||
@ -276,6 +398,25 @@ service {
|
|||||||
server time3.vyos.net {
|
server time3.vyos.net {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
router-advert {
|
||||||
|
interface eth1 {
|
||||||
|
default-lifetime 300
|
||||||
|
default-preference high
|
||||||
|
hop-limit 64
|
||||||
|
interval {
|
||||||
|
max 30
|
||||||
|
}
|
||||||
|
link-mtu 1500
|
||||||
|
name-server 2001:4860:4860::8888
|
||||||
|
other-config-flag
|
||||||
|
prefix 2a03:2260:121:600::/58 {
|
||||||
|
preferred-lifetime 300
|
||||||
|
valid-lifetime 900
|
||||||
|
}
|
||||||
|
reachable-time 90000
|
||||||
|
retrans-timer 0
|
||||||
|
}
|
||||||
|
}
|
||||||
ssh {
|
ssh {
|
||||||
port 22
|
port 22
|
||||||
}
|
}
|
||||||
@ -307,14 +448,14 @@ system {
|
|||||||
}
|
}
|
||||||
user vyos {
|
user vyos {
|
||||||
authentication {
|
authentication {
|
||||||
encrypted-password $6$WJiQoTPHLN8qj3s2$3vPtbSA48u8axMRDuOTaH4Hzg6kUuUJ8rkNuuSBacLfJ3YKRhDu5q4hxyhYr22n9F7E5NtovDM3A1.Ahpralf0
|
encrypted-password ****************
|
||||||
plaintext-password ""
|
plaintext-password ****************
|
||||||
public-keys nils {
|
public-keys nils {
|
||||||
key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ==
|
key ****************
|
||||||
type ssh-rsa
|
type ssh-rsa
|
||||||
}
|
}
|
||||||
public-keys stefan {
|
public-keys stefan {
|
||||||
key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB
|
key ****************
|
||||||
type ssh-rsa
|
type ssh-rsa
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -330,9 +471,4 @@ system {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Warning: Do not remove the following line.
|
|
||||||
// vyos-config-version: "bgp@3:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@9:flow-accounting@1:https@4:ids@1:interfaces@26:ipoe-server@1:ipsec@11:isis@2:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@2:openconnect@2:ospf@1:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@10:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@25:vrf@3:vrrp@3:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
|
|
||||||
// Release version: 1.4-rolling-202302041536
|
|
@ -1,4 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
# Set System Hostname
|
||||||
- name: Ensure hostname set
|
- name: Ensure hostname set
|
||||||
hostname:
|
hostname:
|
||||||
name: "{{ inventory_hostname }}"
|
name: "{{ inventory_hostname }}"
|
||||||
@ -16,10 +17,8 @@
|
|||||||
test_command: whoami
|
test_command: whoami
|
||||||
when: hostname_set.changed
|
when: hostname_set.changed
|
||||||
|
|
||||||
#
|
|
||||||
# Users defined in /vars/main.yml
|
# Users defined in /vars/main.yml
|
||||||
# pub key files in /files/USER.key.pub
|
# pub key files in /files/{USER}.key.pub
|
||||||
#
|
|
||||||
|
|
||||||
- name: "Create user accounts and add users to groups"
|
- name: "Create user accounts and add users to groups"
|
||||||
user:
|
user:
|
||||||
@ -41,9 +40,7 @@
|
|||||||
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
|
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
|
|
||||||
#
|
|
||||||
# Install basic packages for Ubuntu minimal Systems
|
# Install basic packages for Ubuntu minimal Systems
|
||||||
#
|
|
||||||
- name: Install all Packages
|
- name: Install all Packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
@ -60,21 +57,5 @@
|
|||||||
- iw
|
- iw
|
||||||
- speedtest-cli
|
- speedtest-cli
|
||||||
- telnet
|
- telnet
|
||||||
- libndp0
|
|
||||||
- libndp-tools
|
|
||||||
- ndppd
|
|
||||||
- iptables-persistent
|
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
#
|
|
||||||
# Copy ndppd Config
|
|
||||||
#
|
|
||||||
|
|
||||||
- name: Generate NDPPD Config
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: ndppd.conf.j2
|
|
||||||
dest: /etc/ndppd.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 755
|
|
@ -42,4 +42,22 @@
|
|||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/iproute2/rt_tables
|
path: /etc/iproute2/rt_tables
|
||||||
line: 42 ffrl
|
line: 42 ffrl
|
||||||
create: yes
|
create: yes
|
||||||
|
|
||||||
|
- name: Generate NDPPD Config
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ndppd.conf.j2
|
||||||
|
dest: /etc/ndppd.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 755
|
||||||
|
|
||||||
|
- name: Install all Packages for VPN Servers
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- libndp0
|
||||||
|
- libndp-tools
|
||||||
|
- ndppd
|
||||||
|
- iptables-persistent
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
Loading…
Reference in New Issue
Block a user