Keine ahnung

This commit is contained in:
Stefan Hoffmann 2023-03-04 14:56:15 +01:00
parent 199b22a3c5
commit 74fa1908be
3 changed files with 168 additions and 33 deletions

156
conf.conf
View File

@ -6,9 +6,15 @@ interfaces {
ethernet eth1 { ethernet eth1 {
address 172.16.7.1/24 address 172.16.7.1/24
description "Freifunk WAN" description "Freifunk WAN"
ipv6 {
address {
autoconf
}
}
} }
loopback lo { loopback lo {
address 185.66.193.107/32 address 185.66.193.107/32
address 2a03:2260:121:600::0/128
} }
tunnel tun0 { tunnel tun0 {
address 100.64.6.25/31 address 100.64.6.25/31
@ -120,6 +126,18 @@ policy {
prefix 185.66.193.107/32 prefix 185.66.193.107/32
} }
} }
prefix-list6 FFRL-IN-6 {
rule 10 {
action permit
prefix ::/0
}
}
prefix-list6 FFRL-OUT-6 {
rule 10 {
action permit
prefix 2a03:2260:121:600::/55
}
}
route-map FFRL-IN { route-map FFRL-IN {
rule 10 { rule 10 {
action permit action permit
@ -144,6 +162,30 @@ policy {
} }
} }
} }
route-map FFRL-IN-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-IN-6
}
}
}
}
}
route-map FFRL-OUT-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-OUT-6
}
}
}
}
}
} }
protocols { protocols {
bgp { bgp {
@ -152,6 +194,10 @@ protocols {
network 185.66.193.107/32 { network 185.66.193.107/32 {
} }
} }
ipv6-unicast {
network 2a03:2260:121:600::/55 {
}
}
} }
neighbor 100.64.6.24 { neighbor 100.64.6.24 {
address-family { address-family {
@ -231,12 +277,88 @@ protocols {
remote-as 201701 remote-as 201701
update-source 100.64.6.35 update-source 100.64.6.35
} }
neighbor 2a03:2260:0:30c::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30c::2
}
neighbor 2a03:2260:0:30d::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30d::2
}
neighbor 2a03:2260:0:30e::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30e::2
}
neighbor 2a03:2260:0:30f::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:30f::2
}
neighbor 2a03:2260:0:310::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:310::2
}
neighbor 2a03:2260:0:311::1 {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as 201701
update-source 2a03:2260:0:311::2
}
parameters { parameters {
router-id 10.188.255.7 router-id 10.188.255.7
} }
system-as 65066 system-as 65066
} }
static { static {
route6 2a03:2260:121:e000::/54 {
interface eth1 {
}
}
table 42 { table 42 {
route 0.0.0.0/0 { route 0.0.0.0/0 {
next-hop 5.9.220.112 { next-hop 5.9.220.112 {
@ -276,6 +398,25 @@ service {
server time3.vyos.net { server time3.vyos.net {
} }
} }
router-advert {
interface eth1 {
default-lifetime 300
default-preference high
hop-limit 64
interval {
max 30
}
link-mtu 1500
name-server 2001:4860:4860::8888
other-config-flag
prefix 2a03:2260:121:600::/58 {
preferred-lifetime 300
valid-lifetime 900
}
reachable-time 90000
retrans-timer 0
}
}
ssh { ssh {
port 22 port 22
} }
@ -307,14 +448,14 @@ system {
} }
user vyos { user vyos {
authentication { authentication {
encrypted-password $6$WJiQoTPHLN8qj3s2$3vPtbSA48u8axMRDuOTaH4Hzg6kUuUJ8rkNuuSBacLfJ3YKRhDu5q4hxyhYr22n9F7E5NtovDM3A1.Ahpralf0 encrypted-password ****************
plaintext-password "" plaintext-password ****************
public-keys nils { public-keys nils {
key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== key ****************
type ssh-rsa type ssh-rsa
} }
public-keys stefan { public-keys stefan {
key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB key ****************
type ssh-rsa type ssh-rsa
} }
} }
@ -330,9 +471,4 @@ system {
} }
} }
} }
} }
// Warning: Do not remove the following line.
// vyos-config-version: "bgp@3:broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@9:flow-accounting@1:https@4:ids@1:interfaces@26:ipoe-server@1:ipsec@11:isis@2:l2tp@4:lldp@1:mdns@1:monitoring@1:nat@5:nat66@1:ntp@2:openconnect@2:ospf@1:policy@5:pppoe-server@6:pptp@2:qos@2:quagga@10:rpki@1:salt@1:snmp@3:ssh@2:sstp@4:system@25:vrf@3:vrrp@3:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
// Release version: 1.4-rolling-202302041536

View File

@ -1,4 +1,5 @@
--- ---
# Set System Hostname
- name: Ensure hostname set - name: Ensure hostname set
hostname: hostname:
name: "{{ inventory_hostname }}" name: "{{ inventory_hostname }}"
@ -16,10 +17,8 @@
test_command: whoami test_command: whoami
when: hostname_set.changed when: hostname_set.changed
#
# Users defined in /vars/main.yml # Users defined in /vars/main.yml
# pub key files in /files/USER.key.pub # pub key files in /files/{USER}.key.pub
#
- name: "Create user accounts and add users to groups" - name: "Create user accounts and add users to groups"
user: user:
@ -41,9 +40,7 @@
line: '%wheel ALL=(ALL) NOPASSWD: ALL' line: '%wheel ALL=(ALL) NOPASSWD: ALL'
validate: '/usr/sbin/visudo -cf %s' validate: '/usr/sbin/visudo -cf %s'
#
# Install basic packages for Ubuntu minimal Systems # Install basic packages for Ubuntu minimal Systems
#
- name: Install all Packages - name: Install all Packages
ansible.builtin.apt: ansible.builtin.apt:
name: name:
@ -60,21 +57,5 @@
- iw - iw
- speedtest-cli - speedtest-cli
- telnet - telnet
- libndp0
- libndp-tools
- ndppd
- iptables-persistent
state: latest state: latest
update_cache: yes update_cache: yes
#
# Copy ndppd Config
#
- name: Generate NDPPD Config
ansible.builtin.template:
src: ndppd.conf.j2
dest: /etc/ndppd.conf
owner: root
group: root
mode: 755

View File

@ -42,4 +42,22 @@
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/iproute2/rt_tables path: /etc/iproute2/rt_tables
line: 42 ffrl line: 42 ffrl
create: yes create: yes
- name: Generate NDPPD Config
ansible.builtin.template:
src: ndppd.conf.j2
dest: /etc/ndppd.conf
owner: root
group: root
mode: 755
- name: Install all Packages for VPN Servers
ansible.builtin.apt:
name:
- libndp0
- libndp-tools
- ndppd
- iptables-persistent
state: latest
update_cache: yes