vyos config
This commit is contained in:
parent
beeb08eb01
commit
cab184b5cf
@ -13,15 +13,6 @@ ffrl_address: 185.66.193.107
|
|||||||
ffrl_address_v6: 2a03:2260:121:600::0/128
|
ffrl_address_v6: 2a03:2260:121:600::0/128
|
||||||
ffrl_net_v6: 2a03:2260:121:600::/55
|
ffrl_net_v6: 2a03:2260:121:600::/55
|
||||||
|
|
||||||
dhcp_start: 172.16.7.10
|
|
||||||
dhcp_end: 172.16.7.200
|
|
||||||
|
|
||||||
static_dhcp_leases:
|
|
||||||
vpn01:
|
|
||||||
mac_address: 36:f3:82:18:9b:03
|
|
||||||
ip_address: 172.16.7.2
|
|
||||||
|
|
||||||
|
|
||||||
gre_bb_transfer_net: /31
|
gre_bb_transfer_net: /31
|
||||||
gre_bb_transfer_net_v6: /64
|
gre_bb_transfer_net_v6: /64
|
||||||
gre_bb_renote_as: 201701
|
gre_bb_renote_as: 201701
|
||||||
|
|||||||
@ -33,10 +33,10 @@
|
|||||||
reload: true
|
reload: true
|
||||||
|
|
||||||
- name: saveip6tables
|
- name: saveip6tables
|
||||||
shell: ip6tables-save > /etc/iptables/rules.v6
|
ansible.builtin.shell: ip6tables-save > /etc/iptables/rules.v6
|
||||||
|
|
||||||
- name: saveip4tables
|
- name: saveip4tables
|
||||||
shell: iptables-save > /etc/iptables/rules.v4
|
ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4
|
||||||
|
|
||||||
- name: Create Routing Table 42
|
- name: Create Routing Table 42
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
interfaces {
|
interfaces {
|
||||||
ethernet eth0 {
|
ethernet eth0 {
|
||||||
address {{ wan_address }}
|
address {{ wan_address }}{{ wan_net }}
|
||||||
description WAN
|
description WAN
|
||||||
}
|
}
|
||||||
ethernet eth1 {
|
ethernet eth1 {
|
||||||
@ -96,7 +96,7 @@ policy {
|
|||||||
prefix-list FFRL-OUT {
|
prefix-list FFRL-OUT {
|
||||||
rule 10 {
|
rule 10 {
|
||||||
action permit
|
action permit
|
||||||
prefix {{ ffrl_address }}
|
prefix {{ ffrl_address }}/32
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
prefix-list6 FFRL-IN-6 {
|
prefix-list6 FFRL-IN-6 {
|
||||||
@ -164,7 +164,7 @@ protocols {
|
|||||||
bgp {
|
bgp {
|
||||||
address-family {
|
address-family {
|
||||||
ipv4-unicast {
|
ipv4-unicast {
|
||||||
network {{ ffrl_address }} {
|
network {{ ffrl_address }}/32 {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ipv6-unicast {
|
ipv6-unicast {
|
||||||
@ -337,28 +337,6 @@ protocols {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
service {
|
service {
|
||||||
dhcp-server {
|
|
||||||
listen-address {{ lan_address }}
|
|
||||||
shared-network-name freifunk {
|
|
||||||
subnet {{ lan_network }} {
|
|
||||||
default-router {{ lan_address }}
|
|
||||||
name-server 1.1.1.1
|
|
||||||
name-server 1.0.0.1
|
|
||||||
range dhcp {
|
|
||||||
start {{ dhcp_start }}
|
|
||||||
stop {{ dhcp_end }}
|
|
||||||
}
|
|
||||||
{% if static_dhcp_leases is defined %}
|
|
||||||
{% for lease in static_dhcp_leases.keys() %}
|
|
||||||
static-mapping {{ lease }} {
|
|
||||||
ip-address {{ static_dhcp_leases[lease].ip_address }}
|
|
||||||
mac-address {{ static_dhcp_leases[lease].mac_address }}
|
|
||||||
}
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
ntp {
|
ntp {
|
||||||
allow-client {
|
allow-client {
|
||||||
address 0.0.0.0/0
|
address 0.0.0.0/0
|
||||||
@ -421,11 +399,11 @@ system {
|
|||||||
user vyos {
|
user vyos {
|
||||||
authentication {
|
authentication {
|
||||||
public-keys nils {
|
public-keys nils {
|
||||||
key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ==
|
key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ==
|
||||||
type ssh-rsa
|
type ssh-rsa
|
||||||
}
|
}
|
||||||
public-keys stefan {
|
public-keys stefan {
|
||||||
key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB
|
key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB
|
||||||
type ssh-rsa
|
type ssh-rsa
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,4 +2,5 @@
|
|||||||
- name: System preperation
|
- name: System preperation
|
||||||
hosts: router
|
hosts: router
|
||||||
roles:
|
roles:
|
||||||
- vyos-config
|
- vyos-config
|
||||||
|
gather_facts: no
|
||||||
Loading…
Reference in New Issue
Block a user