interfaces { ethernet eth0 { address {{ wan_address }}{{ wan_net }} description WAN } ethernet eth1 { address {{ lan_address }}/24 description "Freifunk WAN" ipv6 { address { autoconf } } } loopback lo { address {{ ffrl_address }}/32 address {{ ffrl_address_v6 }} } tunnel tun0 { address {{ gre_ber_a_address }}{{gre_bb_transfer_net}} address {{ gre_ber_a_address_v6 }}{{ gre_bb_transfer_net_v6 }} description {{ gre_ber_a_description }} encapsulation gre remote {{ gre_ber_a_remote }} source-address {{ wan_address }} } tunnel tun1 { address {{ gre_ber_b_address }}{{gre_bb_transfer_net}} address {{ gre_ber_b_address_v6 }}{{ gre_bb_transfer_net_v6 }} description {{ gre_ber_b_description }} encapsulation gre remote {{ gre_ber_b_remote }} source-address {{ wan_address }} } tunnel tun2 { address {{ gre_a_dus_address }}{{gre_bb_transfer_net}} address {{ gre_a_dus_address_v6 }}{{ gre_bb_transfer_net_v6 }} description {{ gre_a_dus_description }} encapsulation gre remote {{ gre_a_dus_remote }} source-address {{ wan_address }} } tunnel tun3 { address {{ gre_b_dus_address }}{{gre_bb_transfer_net}} address {{ gre_b_dus_address_v6 }}{{ gre_bb_transfer_net_v6 }} description {{ gre_b_dus_description }} encapsulation gre remote {{ gre_b_dus_remote }} source-address {{ wan_address }} } tunnel tun4 { address {{ gre_a_fra_address }}{{gre_bb_transfer_net}} address {{ gre_a_fra_address_v6 }}{{ gre_bb_transfer_net_v6 }} description {{ gre_a_fra_description }} encapsulation gre remote {{ gre_a_fra_remote }} source-address {{ wan_address }} } tunnel tun5 { address {{ gre_b_fra_address }}{{gre_bb_transfer_net}} address {{ gre_b_fra_address_v6 }}{{ gre_bb_transfer_net_v6 }} description {{ gre_b_fra_description }} encapsulation gre remote {{ gre_b_fra_remote }} source-address {{ wan_address }} } } nat { source { rule 1 { outbound-interface any source { address {{ lan_network }} } translation { address {{ ffrl_address }} } } } } policy { local-route { rule 10 { set { table 42 } source {{ wan_address }} } } prefix-list FFRL-IN { rule 10 { action permit prefix 0.0.0.0/0 } } prefix-list FFRL-OUT { rule 10 { action permit prefix {{ ffrl_address }}/32 } } prefix-list6 FFRL-IN-6 { rule 10 { action permit prefix ::/0 } } prefix-list6 FFRL-OUT-6 { rule 10 { action permit prefix {{ ffrl_net_v6 }} } } route-map FFRL-IN { rule 10 { action permit match { ip { address { prefix-list FFRL-IN } } } } } route-map FFRL-OUT { rule 10 { action permit match { ip { address { prefix-list FFRL-OUT } } } } } route-map FFRL-IN-6 { rule 10 { action permit match { ipv6 { address { prefix-list FFRL-IN-6 } } } } } route-map FFRL-OUT-6 { rule 10 { action permit match { ipv6 { address { prefix-list FFRL-OUT-6 } } } } } } protocols { bgp { address-family { ipv4-unicast { network {{ ffrl_address }}/32 { } } ipv6-unicast { network {{ ffrl_net_v6 }} { } } } neighbor {{ gre_ber_a_neighbor }} { address-family { ipv4-unicast { route-map { export FFRL-OUT import FFRL-IN } } } description {{ gre_ber_a_description }} remote-as {{ gre_bb_renote_as }} update-source {{ gre_ber_a_address }} } neighbor {{ gre_ber_b_neighbor }} { address-family { ipv4-unicast { route-map { export FFRL-OUT import FFRL-IN } } } description {{ gre_ber_b_description }} remote-as {{ gre_bb_renote_as }} update-source {{ gre_ber_b_address }} } neighbor {{ gre_a_dus_neighbor }} { address-family { ipv4-unicast { route-map { export FFRL-OUT import FFRL-IN } } } description {{ gre_a_dus_description }} remote-as {{ gre_bb_renote_as }} update-source {{ gre_a_dus_address }} } neighbor {{ gre_b_dus_neighbor }} { address-family { ipv4-unicast { route-map { export FFRL-OUT import FFRL-IN } } } description {{ gre_b_dus_description }} remote-as {{ gre_bb_renote_as }} update-source {{ gre_b_dus_address }} } neighbor {{ gre_a_fra_neighbor }} { address-family { ipv4-unicast { route-map { export FFRL-OUT import FFRL-IN } } } description {{ gre_a_fra_description }} remote-as {{ gre_bb_renote_as }} update-source {{ gre_a_fra_address }} } neighbor {{ gre_b_fra_neighbor }} { address-family { ipv4-unicast { route-map { export FFRL-OUT import FFRL-IN } } } description {{ gre_b_fra_description }} remote-as {{ gre_bb_renote_as }} update-source {{ gre_b_fra_address }} } neighbor {{ gre_ber_a_neighbor_v6 }} { address-family { ipv6-unicast { route-map { export FFRL-OUT-6 import FFRL-IN-6 } } } remote-as {{ gre_bb_renote_as }} update-source {{ gre_ber_a_address_v6 }} } neighbor {{ gre_ber_b_neighbor_v6 }} { address-family { ipv6-unicast { route-map { export FFRL-OUT-6 import FFRL-IN-6 } } } remote-as {{ gre_bb_renote_as }} update-source {{ gre_ber_b_address_v6 }} } neighbor {{ gre_a_dus_neighbor_v6 }} { address-family { ipv6-unicast { route-map { export FFRL-OUT-6 import FFRL-IN-6 } } } remote-as {{ gre_bb_renote_as }} update-source {{ gre_a_dus_address_v6 }} } neighbor {{ gre_b_dus_neighbor_v6 }} { address-family { ipv6-unicast { route-map { export FFRL-OUT-6 import FFRL-IN-6 } } } remote-as {{ gre_bb_renote_as }} update-source {{ gre_b_dus_address_v6 }} } neighbor {{ gre_a_fra_neighbor_v6 }} { address-family { ipv6-unicast { route-map { export FFRL-OUT-6 import FFRL-IN-6 } } } remote-as {{ gre_bb_renote_as }} update-source {{ gre_a_fra_address_v6 }} } neighbor {{ gre_b_fra_neighbor_v6 }} { address-family { ipv6-unicast { route-map { export FFRL-OUT-6 import FFRL-IN-6 } } } remote-as {{ gre_bb_renote_as }} update-source {{ gre_b_fra_address_v6 }} } parameters { router-id {{ wan_address }} } system-as {{ gre_bb_local_as }} } static { table 42 { route 0.0.0.0/0 { next-hop {{ wan_gateway }} { } } } } } service { ntp { allow-client { address 0.0.0.0/0 address ::/0 } server time1.vyos.net { } server time2.vyos.net { } server time3.vyos.net { } } router-advert { interface eth1 { default-lifetime 300 default-preference high hop-limit 64 interval { max 30 } link-mtu 1500 name-server 2606:4700:4700::1111 prefix {{ ffrl_net_v6 }} { preferred-lifetime 300 valid-lifetime 900 } reachable-time 90000 retrans-timer 0 } } ssh { port 22 } } system { config-management { commit-revisions 100 } conntrack { modules { ftp h323 nfs pptp sip sqlnet tftp } } console { device ttyS0 { speed 115200 } } host-name {{ inventory_hostname }} login { banner { post-login "Welcome to the core Freifunk Router for Troisdorf!\n\nEnjoy it while you are here!\n" } user vyos { authentication { public-keys nils { key AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== type ssh-rsa } public-keys stefan { key AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB type ssh-rsa } } } } syslog { global { facility all { level info } facility protocols { level debug } } } }