Compare commits
5 Commits
d983feb729
...
4fa9ebfb44
Author | SHA1 | Date | |
---|---|---|---|
4fa9ebfb44 | |||
2c561b7709 | |||
d47407ab7b | |||
2263590eff | |||
66df20ddc7 |
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.DS_Store
|
@ -1,7 +1,7 @@
|
||||
wireguard_unmanaged_peers:
|
||||
vpn1-testing:
|
||||
public_key: 8BoLoKRwSNRdUe0uygneYFdTIx5iHwoMENbnzpomYCI=
|
||||
allowed_ips: 10.255.1.2/32, 10.1.0.0/16
|
||||
public_key: zaxk4sSdmg/NBnjdLaslBA6sljpeW0RPWX00tKq2bnI=
|
||||
allowed_ips: 10.255.1.2/32, 10.1.0.0/16, fd80:3ea2:e399:203a::2/128, 2a03:2260:121:7001::/64
|
||||
persistent_keepalive: 25
|
||||
# vpn2-stefan:
|
||||
# public_key: NvJKN6xorzvwL7NhMoY2bEwpDVTl9Ob/1gx9g8tHfic=
|
||||
|
@ -32,5 +32,5 @@ all:
|
||||
gre_bb_b_ix_dus_ipv6: 2a03:2260:0:311::2
|
||||
gre_bb_a_fra3_f_ipv6: 2a03:2260:0:30d::2
|
||||
gre_bb_b_fra3_f_ipv6: 2a03:2260:0:310::2
|
||||
wireguard_address: 10.255.1.1
|
||||
wireguard_address: "10.255.1.1/24, fd80:3ea2:e399:203a::1/64"
|
||||
wireguard_port: 42001
|
||||
|
15
readme.md
15
readme.md
@ -36,12 +36,14 @@ sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb
|
||||
## Config ER-X
|
||||
configure
|
||||
## Wireguard
|
||||
set interfaces wireguard wg0 address 10.255.1.2/30
|
||||
set interfaces wireguard wg0 address 10.255.1.2/24
|
||||
set interfaces wireguard wg0 address fd80:3ea2:e399:203a::2/64
|
||||
set interfaces wireguard wg0 listen-port 51821
|
||||
set interfaces wireguard wg0 route-allowed-ips false
|
||||
set interfaces wireguard wg0 persistent-keepalive 25
|
||||
set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= endpoint 7.fftdf.de:42001
|
||||
set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips 0.0.0.0/0
|
||||
set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips ::0/0
|
||||
set interfaces wireguard wg0 private-key /config/auth/wg.key
|
||||
## Firewall for Wireguard
|
||||
set firewall name WAN_LOCAL rule 20 action accept
|
||||
@ -50,22 +52,27 @@ sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb
|
||||
set firewall name WAN_LOCAL rule 20 destination port 51821
|
||||
set firewall group network-group LAN-VPN description 'Networks on LAN destined to go out VPN by default'
|
||||
set firewall group network-group LAN-VPN network 10.1.0.0/16
|
||||
set firewall group ipv6-network-group IPv6-VPN ipv6-network 2a03:2260:121:7001::/64
|
||||
set firewall group network-group RFC1918 network 10.0.0.0/8
|
||||
set firewall group network-group RFC1918 network 172.16.0.0/12
|
||||
set firewall group network-group RFC1918 network 192.168.0.0/16
|
||||
set firewall group network-group RFC1918 network 169.254.0.0/16
|
||||
set protocols static table 2 route 0.0.0.0/0 next-hop 10.255.1.1
|
||||
set protocols static table 2 route6 ::/0 next-hop fd80:3ea2:e399:203a::1
|
||||
set firewall modify VPN_TDF7 rule 100 action modify
|
||||
set firewall modify VPN_TDF7 rule 100 description 'Route traffic from group LAN-VPN through VPN-TDF7 table'
|
||||
set firewall modify VPN_TDF7 rule 100 modify table 2
|
||||
set firewall modify VPN_TDF7 rule 100 source group network-group LAN-VPN
|
||||
set interfaces ethernet eth2 firewall in modify VPN_TDF7
|
||||
set interfaces swtich switch0 firewall in modify VPN_TDF7
|
||||
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 action modify
|
||||
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 description 'Route traffic from group IPv6-VPN through IPv6-VPN-TDF7 table'
|
||||
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 modify table 2
|
||||
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 source group ipv6-network-group IPv6-VPN
|
||||
set interfaces switch switch0 firewall in modify VPN_TDF7
|
||||
set interfaces switch switch0 firewall in modify IPv6-VPN_TDF7
|
||||
## NAT einrichten
|
||||
set service nat rule 5010 description 'masquerade for VPN'
|
||||
set service nat rule 5010 outbound-interface wg0
|
||||
set service nat rule 5010 type masquerade
|
||||
set service nat rule 5010 protocol all
|
||||
|
||||
## Speichern
|
||||
commit ; save
|
||||
|
@ -8,6 +8,7 @@ network:
|
||||
addresses:
|
||||
- {{ gre_bb_a_ak_ber_ipv4 }}/31
|
||||
- {{ gre_bb_a_ak_ber_ipv6 }}/64
|
||||
- fe80::200:5efe:2e04:9c72/64
|
||||
gre-bb-b.ak.ber:
|
||||
mode: gre
|
||||
local: {{ ansible_host }}
|
||||
@ -16,6 +17,7 @@ network:
|
||||
addresses:
|
||||
- {{ gre_bb_b_ak_ber_ipv4 }}/31
|
||||
- {{ gre_bb_b_ak_ber_ipv6 }}/64
|
||||
- fe80::200:5efe:2e04:9c72/64
|
||||
gre-bb-a.ix.dus:
|
||||
mode: gre
|
||||
local: {{ ansible_host }}
|
||||
@ -24,6 +26,7 @@ network:
|
||||
addresses:
|
||||
- {{ gre_bb_a_ix_dus_ipv4 }}/31
|
||||
- {{ gre_bb_a_ix_dus_ipv6 }}/64
|
||||
- fe80::200:5efe:2e04:9c72/64
|
||||
gre-bb-b.ix.dus:
|
||||
mode: gre
|
||||
local: {{ ansible_host }}
|
||||
@ -32,6 +35,7 @@ network:
|
||||
addresses:
|
||||
- {{ gre_bb_b_ix_dus_ipv4 }}/31
|
||||
- {{ gre_bb_b_ix_dus_ipv6}}/64
|
||||
- fe80::200:5efe:2e04:9c72/64
|
||||
gre-bb-a.fra3.f:
|
||||
mode: gre
|
||||
local: {{ ansible_host }}
|
||||
@ -40,6 +44,7 @@ network:
|
||||
addresses:
|
||||
- {{ gre_bb_a_fra3_f_ipv4 }}/31
|
||||
- {{ gre_bb_a_fra3_f_ipv6 }}/64
|
||||
- fe80::200:5efe:2e04:9c72/64
|
||||
gre-bb-b.fra3.f:
|
||||
mode: gre
|
||||
local: {{ ansible_host }}
|
||||
@ -48,6 +53,7 @@ network:
|
||||
addresses:
|
||||
- {{ gre_bb_b_fra3_f_ipv4 }}/31
|
||||
- {{ gre_bb_b_fra3_f_ipv6 }}/64
|
||||
- fe80::200:5efe:2e04:9c72/64
|
||||
ethernets:
|
||||
lo:
|
||||
addresses:
|
||||
|
@ -14,3 +14,4 @@
|
||||
- iputils-ping
|
||||
- iw
|
||||
- speedtest-cli
|
||||
- telnet
|
Loading…
Reference in New Issue
Block a user