Compare commits

...

5 Commits

Author SHA1 Message Date
4fa9ebfb44 Add IPv6 to Wireguard 2022-05-20 19:26:31 +02:00
2c561b7709 Add Link-Local Adresses to GRE 2022-05-20 19:23:03 +02:00
d47407ab7b Changed wireguard key 2022-05-20 19:17:43 +02:00
2263590eff Changed Router Config 2022-05-20 19:14:30 +02:00
66df20ddc7 Add Gitignore 2022-05-20 19:14:22 +02:00
6 changed files with 23 additions and 8 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.DS_Store

View File

@ -1,7 +1,7 @@
wireguard_unmanaged_peers:
vpn1-testing:
public_key: 8BoLoKRwSNRdUe0uygneYFdTIx5iHwoMENbnzpomYCI=
allowed_ips: 10.255.1.2/32, 10.1.0.0/16
public_key: zaxk4sSdmg/NBnjdLaslBA6sljpeW0RPWX00tKq2bnI=
allowed_ips: 10.255.1.2/32, 10.1.0.0/16, fd80:3ea2:e399:203a::2/128, 2a03:2260:121:7001::/64
persistent_keepalive: 25
# vpn2-stefan:
# public_key: NvJKN6xorzvwL7NhMoY2bEwpDVTl9Ob/1gx9g8tHfic=

View File

@ -32,5 +32,5 @@ all:
gre_bb_b_ix_dus_ipv6: 2a03:2260:0:311::2
gre_bb_a_fra3_f_ipv6: 2a03:2260:0:30d::2
gre_bb_b_fra3_f_ipv6: 2a03:2260:0:310::2
wireguard_address: 10.255.1.1
wireguard_address: "10.255.1.1/24, fd80:3ea2:e399:203a::1/64"
wireguard_port: 42001

View File

@ -36,12 +36,14 @@ sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb
## Config ER-X
configure
## Wireguard
set interfaces wireguard wg0 address 10.255.1.2/30
set interfaces wireguard wg0 address 10.255.1.2/24
set interfaces wireguard wg0 address fd80:3ea2:e399:203a::2/64
set interfaces wireguard wg0 listen-port 51821
set interfaces wireguard wg0 route-allowed-ips false
set interfaces wireguard wg0 persistent-keepalive 25
set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= endpoint 7.fftdf.de:42001
set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips 0.0.0.0/0
set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips ::0/0
set interfaces wireguard wg0 private-key /config/auth/wg.key
## Firewall for Wireguard
set firewall name WAN_LOCAL rule 20 action accept
@ -50,22 +52,27 @@ sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb
set firewall name WAN_LOCAL rule 20 destination port 51821
set firewall group network-group LAN-VPN description 'Networks on LAN destined to go out VPN by default'
set firewall group network-group LAN-VPN network 10.1.0.0/16
set firewall group ipv6-network-group IPv6-VPN ipv6-network 2a03:2260:121:7001::/64
set firewall group network-group RFC1918 network 10.0.0.0/8
set firewall group network-group RFC1918 network 172.16.0.0/12
set firewall group network-group RFC1918 network 192.168.0.0/16
set firewall group network-group RFC1918 network 169.254.0.0/16
set protocols static table 2 route 0.0.0.0/0 next-hop 10.255.1.1
set protocols static table 2 route6 ::/0 next-hop fd80:3ea2:e399:203a::1
set firewall modify VPN_TDF7 rule 100 action modify
set firewall modify VPN_TDF7 rule 100 description 'Route traffic from group LAN-VPN through VPN-TDF7 table'
set firewall modify VPN_TDF7 rule 100 modify table 2
set firewall modify VPN_TDF7 rule 100 source group network-group LAN-VPN
set interfaces ethernet eth2 firewall in modify VPN_TDF7
set interfaces swtich switch0 firewall in modify VPN_TDF7
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 action modify
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 description 'Route traffic from group IPv6-VPN through IPv6-VPN-TDF7 table'
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 modify table 2
set firewall ipv6-modify IPv6-VPN_TDF7 rule 100 source group ipv6-network-group IPv6-VPN
set interfaces switch switch0 firewall in modify VPN_TDF7
set interfaces switch switch0 firewall in modify IPv6-VPN_TDF7
## NAT einrichten
set service nat rule 5010 description 'masquerade for VPN'
set service nat rule 5010 outbound-interface wg0
set service nat rule 5010 type masquerade
set service nat rule 5010 protocol all
## Speichern
commit ; save

View File

@ -8,6 +8,7 @@ network:
addresses:
- {{ gre_bb_a_ak_ber_ipv4 }}/31
- {{ gre_bb_a_ak_ber_ipv6 }}/64
- fe80::200:5efe:2e04:9c72/64
gre-bb-b.ak.ber:
mode: gre
local: {{ ansible_host }}
@ -16,6 +17,7 @@ network:
addresses:
- {{ gre_bb_b_ak_ber_ipv4 }}/31
- {{ gre_bb_b_ak_ber_ipv6 }}/64
- fe80::200:5efe:2e04:9c72/64
gre-bb-a.ix.dus:
mode: gre
local: {{ ansible_host }}
@ -24,6 +26,7 @@ network:
addresses:
- {{ gre_bb_a_ix_dus_ipv4 }}/31
- {{ gre_bb_a_ix_dus_ipv6 }}/64
- fe80::200:5efe:2e04:9c72/64
gre-bb-b.ix.dus:
mode: gre
local: {{ ansible_host }}
@ -32,6 +35,7 @@ network:
addresses:
- {{ gre_bb_b_ix_dus_ipv4 }}/31
- {{ gre_bb_b_ix_dus_ipv6}}/64
- fe80::200:5efe:2e04:9c72/64
gre-bb-a.fra3.f:
mode: gre
local: {{ ansible_host }}
@ -40,6 +44,7 @@ network:
addresses:
- {{ gre_bb_a_fra3_f_ipv4 }}/31
- {{ gre_bb_a_fra3_f_ipv6 }}/64
- fe80::200:5efe:2e04:9c72/64
gre-bb-b.fra3.f:
mode: gre
local: {{ ansible_host }}
@ -48,6 +53,7 @@ network:
addresses:
- {{ gre_bb_b_fra3_f_ipv4 }}/31
- {{ gre_bb_b_fra3_f_ipv6 }}/64
- fe80::200:5efe:2e04:9c72/64
ethernets:
lo:
addresses:

View File

@ -14,3 +14,4 @@
- iputils-ping
- iw
- speedtest-cli
- telnet