Go to file
2022-05-09 12:16:09 +02:00
host_vars Running config v1 2022-05-09 12:16:09 +02:00
roles Running config v1 2022-05-09 12:16:09 +02:00
.DS_Store Changed to Wireguard VPN 2022-05-08 21:32:16 +02:00
hosts.yml Changed to Wireguard VPN 2022-05-08 21:32:16 +02:00
readme.md Bugfixing 2022-05-09 10:18:05 +02:00
system-setup.yml Changed to Wireguard VPN 2022-05-08 21:32:16 +02:00

Supernode mit direkter VPN Ausleitung

ER-X Stock Firmware Config:

cd /tmp curl -OL https://github.com/WireGuard/wireguard-vyatta-ubnt/releases/download/1.0.20211208-1/e50-v2-v1.0.20211208-v1.0.20210914.deb sudo dpkg -i e50-v2-v1.0.20211208-v1.0.20210914.deb

cd /config/auth wg genkey | tee /config/auth/wg.key | wg pubkey > wg.public cat wg.public cat wg.key

configure

Wireguard

set interfaces wireguard wg0 address 10.255.1.2/30 set interfaces wireguard wg0 listen-port 51821 set interfaces wireguard wg0 route-allowed-ips false set interfaces wireguard wg0 persistent-keepalive 25 set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= endpoint 7.fftdf.de:42001 set interfaces wireguard wg0 peer 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= allowed-ips 0.0.0.0/0 set interfaces wireguard wg0 private-key /config/auth/wg.key

Firewall for Wireguard

set firewall name WAN_LOCAL rule 20 action accept set firewall name WAN_LOCAL rule 20 protocol udp set firewall name WAN_LOCAL rule 20 description 'WireGuard' set firewall name WAN_LOCAL rule 20 destination port 51821

Config WAN Interface

delete interfaces ethernet eth0

set interfaces ethernet eth0 address dhcp

Config Client Interface

set interfaces ethernet eth2 address 10.1.0.1/16

NAT Rules & DHCP

configure

set service dhcp-server disabled false

set service dhcp-server shared-network-name Client authoritative enable

set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 default-router 10.1.0.1

set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 dns-server 1.1.1.1

set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 lease 86400

set service dhcp-server shared-network-name Client subnet 10.1.0.0/16 start 10.1.1.1 stop 10.1.255.254

set firewall group network-group LAN-VPN description 'Networks on LAN destined to go out VPN by default' set firewall group network-group LAN-VPN network 10.1.0.0/16

set firewall group network-group RFC1918 network 10.0.0.0/8 set firewall group network-group RFC1918 network 172.16.0.0/12 set firewall group network-group RFC1918 network 192.168.0.0/16 set firewall group network-group RFC1918 network 169.254.0.0/16

set protocols static table 2 route 0.0.0.0/0 next-hop 10.255.1.1

set firewall modify VPN_TDF7 rule 100 action modify set firewall modify VPN_TDF7 rule 100 description 'Route traffic from group LAN-VPN through VPN-TDF7 table' set firewall modify VPN_TDF7 rule 100 modify table 2 set firewall modify VPN_TDF7 rule 100 source group network-group LAN-VPN

set interfaces ethernet eth2 firewall in modify VPN_TDF7 set interfaces ethernet switch0 firewall in modify VPN_TDF7

nat

set service nat rule 5010 description 'masquerade for VPN' set service nat rule 5010 outbound-interface wg0 set service nat rule 5010 type masquerade set service nat rule 5010 protocol all

commit ; save