Changed Readme

2022-05-09 12:27:42 +02:00 · 2022-05-09 12:27:42 +02:00 · d983feb729
commit d983feb729
parent 150be2ac7c
1 changed files with 61 additions and 60 deletions
--- a/readme.md
+++ b/readme.md
@ -1,70 +1,71 @@
 # Supernode mit direkter VPN Ausleitung

+Ausleitung über das FFRL Backbone.
+Supernode Config:
+- GRE-Tunnel zum FFRL Backbone
+- VPN per Wireguard
+- NAT auf VPN Routern
+
+## Adressbereiche:
+
+Supernode: 10.255.1.1/32
+
+VPN01: 10.255.1.2/32, Client: 10.1.0.0/16
+VPN02: 10.255.1.3/32, Client: 10.2.0.0/16
+VPN03: 10.255.1.4/32, Client: 10.3.0.0/16
+etc.
+

 ## ER-X Stock Firmware Config:
+> Vor der Installation:
+> - eth0 als DHCP Client
+> - eth1-4 auf den Switch
+> - Switch mit DHCP Server einrichten. Adressbereich aus Tabelle beachten!
+
+## Install Wireguard
 cd /tmp
 curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb
 sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb

-cd /config/auth
-wg genkey | tee /config/auth/wg.key | wg pubkey >  wg.public
-cat wg.public
-cat wg.key
-######
-configure
-######
-# Wireguard
-set interfaces wireguard wg0 address 10.255.1.2/30
-set interfaces wireguard wg0 listen-port 51821
-set interfaces wireguard wg0 route-allowed-ips false
-set interfaces wireguard wg0 persistent-keepalive 25
-set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= endpoint 7.fftdf.de:42001
-set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips 0.0.0.0/0
-set interfaces wireguard wg0 private-key /config/auth/wg.key
-# Firewall for Wireguard
-set firewall name WAN_LOCAL rule 20 action accept
-set firewall name WAN_LOCAL rule 20 protocol udp
-set firewall name WAN_LOCAL rule 20 description 'WireGuard'
-set firewall name WAN_LOCAL rule 20 destination port 51821
+## Generate Keys
+    cd /config/auth
+    wg genkey | tee /config/auth/wg.key | wg pubkey >  wg.public
+    cat wg.public
+    cat wg.key

-# Config WAN Interface
-# delete interfaces ethernet eth0
-# set interfaces ethernet eth0 address dhcp
+## Config ER-X
+    configure
+## Wireguard
+    set interfaces wireguard wg0 address 10.255.1.2/30
+    set interfaces wireguard wg0 listen-port 51821
+    set interfaces wireguard wg0 route-allowed-ips false
+    set interfaces wireguard wg0 persistent-keepalive 25
+    set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= endpoint 7.fftdf.de:42001
+    set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips 0.0.0.0/0
+    set interfaces wireguard wg0 private-key /config/auth/wg.key
+## Firewall for Wireguard
+    set firewall name WAN_LOCAL rule 20 action accept
+    set firewall name WAN_LOCAL rule 20 protocol udp
+    set firewall name WAN_LOCAL rule 20 description 'WireGuard'
+    set firewall name WAN_LOCAL rule 20 destination port 51821
+    set firewall group network-group LAN-VPN description 'Networks on LAN destined to go out VPN by default'
+    set firewall group network-group LAN-VPN network 10.1.0.0/16
+    set firewall group network-group RFC1918 network 10.0.0.0/8
+    set firewall group network-group RFC1918 network 172.16.0.0/12
+    set firewall group network-group RFC1918 network 192.168.0.0/16
+    set firewall group network-group RFC1918 network 169.254.0.0/16
+    set protocols static table 2 route 0.0.0.0/0 next-hop 10.255.1.1
+    set firewall modify VPN_TDF7 rule 100 action modify
+    set firewall modify VPN_TDF7 rule 100 description 'Route traffic from group LAN-VPN through VPN-TDF7 table'
+    set firewall modify VPN_TDF7 rule 100 modify table 2
+    set firewall modify VPN_TDF7 rule 100 source group network-group LAN-VPN
+    set interfaces ethernet eth2 firewall in modify VPN_TDF7
+    set interfaces swtich switch0 firewall in modify VPN_TDF7
+## NAT einrichten
+    set service nat rule 5010 description 'masquerade for VPN'
+    set service nat rule 5010 outbound-interface wg0
+    set service nat rule 5010 type masquerade
+    set service nat rule 5010 protocol all

-# Config Client Interface
-# set interfaces ethernet eth2 address 10.1.0.1/16
-###### NAT Rules & DHCP
-# configure
-# set service dhcp-server disabled false
-# set service dhcp-server shared-network-name Client authoritative enable
-# set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 default-router 10.1.0.1
-# set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 dns-server 1.1.1.1
-# set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 lease 86400
-# set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 start 10.1.1.1 stop 10.1.255.254
-
-
-set firewall group network-group LAN-VPN description 'Networks on LAN destined to go out VPN by default'
-set firewall group network-group LAN-VPN network 10.1.0.0/16
-
-set firewall group network-group RFC1918 network 10.0.0.0/8
-set firewall group network-group RFC1918 network 172.16.0.0/12
-set firewall group network-group RFC1918 network 192.168.0.0/16
-set firewall group network-group RFC1918 network 169.254.0.0/16
-
-set protocols static table 2 route 0.0.0.0/0 next-hop 10.255.1.1
-
-set firewall modify VPN_TDF7 rule 100 action modify
-set firewall modify VPN_TDF7 rule 100 description 'Route traffic from group LAN-VPN through VPN-TDF7 table'
-set firewall modify VPN_TDF7 rule 100 modify table 2
-set firewall modify VPN_TDF7 rule 100 source group network-group LAN-VPN
-
-set interfaces ethernet eth2 firewall in modify VPN_TDF7
-set interfaces ethernet switch0 firewall in modify VPN_TDF7
-### nat
-set service nat rule 5010 description 'masquerade for VPN'
-set service nat rule 5010 outbound-interface wg0
-set service nat rule 5010 type masquerade
-set service nat rule 5010 protocol all
-
-
-commit ; save
+## Speichern
+    commit ; save