Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Added config for vyos routers

Browse Source
This commit is contained in:
Stefan Hoffmann 2023-03-05 17:38:26 +01:00
parent 1198f1ee3d
commit eba39322ee
3 changed files with 511 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
host_vars/router4.yml
View File

@ -1,3 +1,64 @@
wan_address: 5.9.220.113/29
local_address: 172.16.7.1/24
ffrl_address: 185.66.193.107/32
wan_address: 5.9.220.113
wan_gateway: 5.9.220.112
wan_net: /29
lan_address: 172.16.7.1
lan_network: 172.16.7.0/24
ffrl_address: 185.66.193.107
ffrl_address_v6: 2a03:2260:121:600::0/128
ffrl_net_v6: 2a03:2260:121:600::/55
dhcp_start: 172.16.7.10
dhcp_end: 172.16.7.200
static_dhcp_leases:
vpn01:
mac_address: 36:f3:82:18:9b:03
ip_address: 172.16.7.2
gre_bb_transfer_net: /31
gre_bb_transfer_net_v6: /64
gre_bb_renote_as: 201701
gre_bb_local_as: 65066
gre_ber_a_address: 100.64.6.25
gre_ber_a_neighbor: 100.64.6.24
gre_ber_a_address_v6: 2a03:2260:0:30c::2
gre_ber_a_neighbor_v6: 2a03:2260:0:30c::1
gre_ber_a_description: gre_ber_a
gre_ber_a_remote: 185.66.195.0
gre_ber_b_address: 100.64.6.31
gre_ber_b_neighbor: 100.64.6.30
gre_ber_b_address_v6: 2a03:2260:0:30f::2
gre_ber_b_neighbor_v6: 2a03:2260:0:30f::1
gre_ber_b_description: gre_b_ber
gre_ber_b_remote: 185.66.195.1
gre_a_dus_address: 100.64.6.29
gre_a_dus_neighbor: 100.64.6.28
gre_a_dus_address_v6: 2a03:2260:0:30e::2
gre_a_dus_neighbor_v6: 2a03:2260:0:30e::1
gre_a_dus_description: gre_a_dus
gre_a_dus_remote: 185.66.193.0
gre_b_dus_address: 100.64.6.35
gre_b_dus_neighbor: 100.64.6.34
gre_b_dus_address_v6: 2a03:2260:0:311::2
gre_b_dus_neighbor_v6: 2a03:2260:0:311::1
gre_b_dus_description: gre_b_dus
gre_b_dus_remote: 185.66.193.1
gre_a_fra_address: 100.64.6.27
gre_a_fra_neighbor: 100.64.6.26
gre_a_fra_address_v6: 2a03:2260:0:30d::2
gre_a_fra_neighbor_v6: 2a03:2260:0:30d::1
gre_a_fra_description: gre_a_fra
gre_a_fra_remote: 185.66.194.0
gre_b_fra_address: 100.64.6.33
gre_b_fra_neighbor: 100.64.6.32
gre_b_fra_address_v6: 2a03:2260:0:310::2
gre_b_fra_neighbor_v6: 2a03:2260:0:310::1
gre_b_fra_description: gre_b_fra
gre_b_fra_remote: 185.66.194.1

3
roles/vyos-config/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
- name: render a Jinja2 template onto the VyOS router
vyos.vyos.vyos_config:
src: config.j2

444
roles/vyos-config/templates/config.j2 Normal file
View File

@ -0,0 +1,444 @@
interfaces {
ethernet eth0 {
address {{ wan_address }}
description WAN
}
ethernet eth1 {
address {{ lan_address }}/24
description "Freifunk WAN"
ipv6 {
address {
autoconf
}
}
}
loopback lo {
address {{ ffrl_address }}/32
address {{ ffrl_address_v6 }}
}
tunnel tun0 {
address {{ gre_ber_a_address }}{{gre_bb_transfer_net}}
address {{ gre_ber_a_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_ber_a_description }}
encapsulation gre
remote {{ gre_ber_a_remote }}
source-address {{ wan_address }}
}
tunnel tun1 {
address {{ gre_ber_b_address }}{{gre_bb_transfer_net}}
address {{ gre_ber_b_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_ber_b_description }}
encapsulation gre
remote {{ gre_ber_b_remote }}
source-address {{ wan_address }}
}
tunnel tun2 {
address {{ gre_a_dus_address }}{{gre_bb_transfer_net}}
address {{ gre_a_dus_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_a_dus_description }}
encapsulation gre
remote {{ gre_a_dus_remote }}
source-address {{ wan_address }}
}
tunnel tun3 {
address {{ gre_b_dus_address }}{{gre_bb_transfer_net}}
address {{ gre_b_dus_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_b_dus_description }}
encapsulation gre
remote {{ gre_b_dus_remote }}
source-address {{ wan_address }}
}
tunnel tun4 {
address {{ gre_a_fra_address }}{{gre_bb_transfer_net}}
address {{ gre_a_fra_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_a_fra_description }}
encapsulation gre
remote {{ gre_a_fra_remote }}
source-address {{ wan_address }}
}
tunnel tun5 {
address {{ gre_b_fra_address }}{{gre_bb_transfer_net}}
address {{ gre_b_fra_address_v6 }}{{ gre_bb_transfer_net_v6 }}
description {{ gre_b_fra_description }}
encapsulation gre
remote {{ gre_b_fra_remote }}
source-address {{ wan_address }}
}
}
nat {
source {
rule 1 {
outbound-interface any
source {
address {{ lan_network }}
}
translation {
address {{ ffrl_address }}
}
}
}
}
policy {
local-route {
rule 10 {
set {
table 42
}
source {{ wan_address }}
}
}
prefix-list FFRL-IN {
rule 10 {
action permit
prefix 0.0.0.0/0
}
}
prefix-list FFRL-OUT {
rule 10 {
action permit
prefix {{ ffrl_address }}
}
}
prefix-list6 FFRL-IN-6 {
rule 10 {
action permit
prefix ::/0
}
}
prefix-list6 FFRL-OUT-6 {
rule 10 {
action permit
prefix {{ ffrl_net_v6 }}
}
}
route-map FFRL-IN {
rule 10 {
action permit
match {
ip {
address {
prefix-list FFRL-IN
}
}
}
}
}
route-map FFRL-OUT {
rule 10 {
action permit
match {
ip {
address {
prefix-list FFRL-OUT
}
}
}
}
}
route-map FFRL-IN-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-IN-6
}
}
}
}
}
route-map FFRL-OUT-6 {
rule 10 {
action permit
match {
ipv6 {
address {
prefix-list FFRL-OUT-6
}
}
}
}
}
}
protocols {
bgp {
address-family {
ipv4-unicast {
network {{ ffrl_address }} {
}
}
ipv6-unicast {
network {{ ffrl_net_v6 }} {
}
}
}
neighbor {{ gre_ber_a_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_ber_a_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_a_address }}
}
neighbor {{ gre_ber_b_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_ber_b_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_b_address }}
}
neighbor {{ gre_a_dus_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_a_dus_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_dus_address }}
}
neighbor {{ gre_b_dus_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_b_dus_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_dus_address }}
}
neighbor {{ gre_a_fra_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_a_fra_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_fra_address }}
}
neighbor {{ gre_b_fra_neighbor }} {
address-family {
ipv4-unicast {
route-map {
export FFRL-OUT
import FFRL-IN
}
}
}
description {{ gre_b_fra_description }}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_fra_address }}
}
neighbor {{ gre_ber_a_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_a_address_v6 }}
}
neighbor {{ gre_ber_b_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_ber_b_address_v6 }}
}
neighbor {{ gre_a_dus_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_dus_address_v6 }}
}
neighbor {{ gre_b_dus_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_dus_address_v6 }}
}
neighbor {{ gre_a_fra_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_a_fra_address_v6 }}
}
neighbor {{ gre_b_fra_neighbor_v6 }} {
address-family {
ipv6-unicast {
route-map {
export FFRL-OUT-6
import FFRL-IN-6
}
}
}
remote-as {{ gre_bb_renote_as }}
update-source {{ gre_b_fra_address_v6 }}
}
parameters {
router-id {{ wan_address }}
}
system-as {{ gre_bb_local_as }}
}
static {
table 42 {
route 0.0.0.0/0 {
next-hop {{ wan_gateway }} {
}
}
}
}
}
service {
dhcp-server {
listen-address {{ lan_address }}
shared-network-name freifunk {
subnet {{ lan_network }} {
default-router {{ lan_address }}
name-server 1.1.1.1
name-server 1.0.0.1
range dhcp {
start {{ dhcp_start }}
stop {{ dhcp_end }}
}
{% if static_dhcp_leases is defined %}
{% for lease in static_dhcp_leases.keys() %}
static-mapping {{ lease }} {
ip-address {{ static_dhcp_leases[lease].ip_address }}
mac-address {{ static_dhcp_leases[lease].mac_address }}
}
{% endfor %}
{% endif %}
}
}
}
ntp {
allow-client {
address 0.0.0.0/0
address ::/0
}
server time1.vyos.net {
}
server time2.vyos.net {
}
server time3.vyos.net {
}
}
router-advert {
interface eth1 {
default-lifetime 300
default-preference high
hop-limit 64
interval {
max 30
}
link-mtu 1500
name-server 2606:4700:4700::1111
prefix {{ ffrl_net_v6 }} {
preferred-lifetime 300
valid-lifetime 900
}
reachable-time 90000
retrans-timer 0
}
}
ssh {
port 22
}
}
system {
config-management {
commit-revisions 100
}
conntrack {
modules {
ftp
h323
nfs
pptp
sip
sqlnet
tftp
}
}
console {
device ttyS0 {
speed 115200
}
}
host-name {{ inventory_hostname }}
login {
banner {
post-login "Welcome to the core Freifunk Router for Troisdorf!\n\nEnjoy it while you are here!\n"
}
user vyos {
authentication {
public-keys nils {
key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ==
type ssh-rsa
}
public-keys stefan {
key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB
type ssh-rsa
}
}
}
}
syslog {
global {
facility all {
level info
}
facility protocols {
level debug
}
}
}
}