Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
knb:wireguard-offloader [2020/07/06 22:35] – lqb | knb:wireguard-offloader [2020/07/07 06:04] (aktuell) – lqb | ||
---|---|---|---|
Zeile 15: | Zeile 15: | ||
- | ===== Create | + | ===== / |
+ | Daten müssen bei FFMUC erfragt und in die Variablen eingepflegt werden. | ||
+ | |||
+ | mk_config.boot.sh: | ||
<code bash> | <code bash> | ||
#!/bin/bash | #!/bin/bash | ||
- | #USERNMAE/PASSWORD: ubnt/ubnt | + | #USERNAME/PASSWORD: ubnt/ubnt |
HOST_NAME=" | HOST_NAME=" | ||
Zeile 62: | Zeile 65: | ||
- | mk_config.boot.sh: | + | |
cat<< | cat<< | ||
firewall { | firewall { | ||
Zeile 121: | Zeile 124: | ||
description " | description " | ||
destination { | destination { | ||
- | address $CLIENT1_IPV6 | + | address $CLIENT1_IPV6 |
port 22 | port 22 | ||
} | } | ||
Zeile 196: | Zeile 199: | ||
description " | description " | ||
destination { | destination { | ||
- | address $CLIENT1_IPV4 | + | address $CLIENT1_IPV4 |
port 22 | port 22 | ||
} | } | ||
Zeile 261: | Zeile 264: | ||
duplex auto | duplex auto | ||
poe { | poe { | ||
- | output | + | output |
} | } | ||
speed auto | speed auto | ||
Zeile 268: | Zeile 271: | ||
} | } | ||
switch switch0 { | switch switch0 { | ||
- | address $HOST_IPV4 | + | address $HOST_IPV4 |
- | address $HOST_IPV6 | + | address $HOST_IPV6 |
firewall { | firewall { | ||
out { | out { | ||
Zeile 284: | Zeile 287: | ||
max-interval 600 | max-interval 600 | ||
other-config-flag false | other-config-flag false | ||
- | prefix $HOST_IPV6_PREFIX { #VAR | + | prefix $HOST_IPV6_PREFIX { |
autonomous-flag true | autonomous-flag true | ||
on-link-flag true | on-link-flag true | ||
Zeile 308: | Zeile 311: | ||
} | } | ||
wireguard wg0 { | wireguard wg0 { | ||
- | address $WG0_IPV4 | + | address $WG0_IPV4 |
- | address $WG0_IPV6 | + | address $WG0_IPV6 |
listen-port 51822 | listen-port 51822 | ||
mtu 1406 | mtu 1406 | ||
Zeile 315: | Zeile 318: | ||
allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
allowed-ips ::/0 | allowed-ips ::/0 | ||
- | endpoint $WG0_ENDPOINT | + | endpoint $WG0_ENDPOINT |
persistent-keepalive 25 | persistent-keepalive 25 | ||
} | } | ||
- | private-key $WG0_PRIVATE_KEY | + | private-key $WG0_PRIVATE_KEY |
route-allowed-ips false | route-allowed-ips false | ||
} | } | ||
wireguard wg1 { | wireguard wg1 { | ||
- | address $WG1_IPV4 | + | address $WG1_IPV4 |
- | address $WG1_IPV6 | + | address $WG1_IPV6 |
listen-port 51823 | listen-port 51823 | ||
mtu 1406 | mtu 1406 | ||
Zeile 329: | Zeile 332: | ||
allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
allowed-ips ::/0 | allowed-ips ::/0 | ||
- | endpoint $WG1_ENDPOINT | + | endpoint $WG1_ENDPOINT |
persistent-keepalive 25 | persistent-keepalive 25 | ||
} | } | ||
- | private-key $WG1_PRIVATE_KEY | + | private-key $WG1_PRIVATE_KEY |
route-allowed-ips false | route-allowed-ips false | ||
} | } | ||
} | } | ||
protocols { | protocols { | ||
- | bgp $BGP_AS { #VAR | + | bgp $BGP_AS { |
address-family { | address-family { | ||
ipv6-unicast { | ipv6-unicast { | ||
Zeile 349: | Zeile 352: | ||
ebgp 4 | ebgp 4 | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR1_IPV4 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPV4 { |
remote-as 65132 | remote-as 65132 | ||
soft-reconfiguration { | soft-reconfiguration { | ||
Zeile 355: | Zeile 358: | ||
} | } | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR2_IPv4 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv4 { |
remote-as 65132 | remote-as 65132 | ||
soft-reconfiguration { | soft-reconfiguration { | ||
Zeile 361: | Zeile 364: | ||
} | } | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR1_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPv6 { |
address-family { | address-family { | ||
ipv6-unicast { | ipv6-unicast { | ||
Zeile 371: | Zeile 374: | ||
} | } | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR2_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv6 { |
address-family { | address-family { | ||
ipv6-unicast { | ipv6-unicast { | ||
Zeile 412: | Zeile 415: | ||
table 11 { | table 11 { | ||
route 0.0.0.0/0 { | route 0.0.0.0/0 { | ||
- | next-hop $BGP_NEXTHOP_IPV4 { #VAR | + | next-hop $BGP_NEXTHOP_IPV4 { |
} | } | ||
} | } | ||
route6 ::/0 { | route6 ::/0 { | ||
- | next-hop $BGP_NEXTHOP_IPV6 { #VAR | + | next-hop $BGP_NEXTHOP_IPV6 { |
} | } | ||
} | } | ||
Zeile 428: | Zeile 431: | ||
shared-network-name internal { | shared-network-name internal { | ||
authoritative disable | authoritative disable | ||
- | subnet $DHCP_SUBNET { #VAR | + | subnet $DHCP_SUBNET { |
- | default-router $DHCP_DEFAULT_ROUTER | + | default-router $DHCP_DEFAULT_ROUTER |
- | dns-server $DHCP_DNS | + | dns-server $DHCP_DNS |
lease 600 | lease 600 | ||
- | start $DHCP_START { #VAR | + | start $DHCP_START { |
- | stop $DHCP_STOP | + | stop $DHCP_STOP |
} | } | ||
unifi-controller 195.30.94.28 | unifi-controller 195.30.94.28 | ||
Zeile 453: | Zeile 456: | ||
} | } | ||
snmp { | snmp { | ||
- | community $SNMP_COMMUNITY { #VAR | + | community $SNMP_COMMUNITY { |
authorization ro | authorization ro | ||
} | } | ||
- | contact $SNMP_CONTACT | + | contact $SNMP_CONTACT |
- | description $SNMP_DESCRIPTION | + | description $SNMP_DESCRIPTION |
- | location $SNMP_LOCATION | + | location $SNMP_LOCATION |
} | } | ||
ssh { | ssh { | ||
Zeile 496: | Zeile 499: | ||
syslog-facility daemon | syslog-facility daemon | ||
} | } | ||
- | host-name $HOST_NAME | + | host-name $HOST_NAME |
login { | login { | ||
user ubnt { | user ubnt { |