Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung | |||
| knb:wireguard-offloader [2020/07/06 22:49] – lqb | knb:wireguard-offloader [2020/07/07 06:04] (aktuell) – lqb | ||
|---|---|---|---|
| Zeile 23: | Zeile 23: | ||
| #!/bin/bash | #!/bin/bash | ||
| - | #USERNMAE/PASSWORD: ubnt/ubnt | + | #USERNAME/PASSWORD: ubnt/ubnt |
| HOST_NAME=" | HOST_NAME=" | ||
| Zeile 46: | Zeile 46: | ||
| WG1_PRIVATE_KEY=" | WG1_PRIVATE_KEY=" | ||
| - | BGP_AS=" | + | BGP_AS=" |
| BGP_NEIGHBOR1_IPV4=" | BGP_NEIGHBOR1_IPV4=" | ||
| BGP_NEIGHBOR1_IPv6=" | BGP_NEIGHBOR1_IPv6=" | ||
| Zeile 61: | Zeile 61: | ||
| CLIENT1_IPV4=" | CLIENT1_IPV4=" | ||
| CLIENT1_IPV6=" | CLIENT1_IPV6=" | ||
| + | |||
| Zeile 123: | Zeile 124: | ||
| description " | description " | ||
| destination { | destination { | ||
| - | address $CLIENT1_IPV6 | + | address $CLIENT1_IPV6 |
| port 22 | port 22 | ||
| } | } | ||
| Zeile 198: | Zeile 199: | ||
| description " | description " | ||
| destination { | destination { | ||
| - | address $CLIENT1_IPV4 | + | address $CLIENT1_IPV4 |
| port 22 | port 22 | ||
| } | } | ||
| Zeile 270: | Zeile 271: | ||
| } | } | ||
| switch switch0 { | switch switch0 { | ||
| - | address $HOST_IPV4 | + | address $HOST_IPV4 |
| - | address $HOST_IPV6 | + | address $HOST_IPV6 |
| firewall { | firewall { | ||
| out { | out { | ||
| Zeile 286: | Zeile 287: | ||
| max-interval 600 | max-interval 600 | ||
| other-config-flag false | other-config-flag false | ||
| - | prefix $HOST_IPV6_PREFIX { #VAR | + | prefix $HOST_IPV6_PREFIX { |
| autonomous-flag true | autonomous-flag true | ||
| on-link-flag true | on-link-flag true | ||
| Zeile 310: | Zeile 311: | ||
| } | } | ||
| wireguard wg0 { | wireguard wg0 { | ||
| - | address $WG0_IPV4 | + | address $WG0_IPV4 |
| - | address $WG0_IPV6 | + | address $WG0_IPV6 |
| listen-port 51822 | listen-port 51822 | ||
| mtu 1406 | mtu 1406 | ||
| Zeile 317: | Zeile 318: | ||
| allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
| allowed-ips ::/0 | allowed-ips ::/0 | ||
| - | endpoint $WG0_ENDPOINT | + | endpoint $WG0_ENDPOINT |
| persistent-keepalive 25 | persistent-keepalive 25 | ||
| } | } | ||
| - | private-key $WG0_PRIVATE_KEY | + | private-key $WG0_PRIVATE_KEY |
| route-allowed-ips false | route-allowed-ips false | ||
| } | } | ||
| wireguard wg1 { | wireguard wg1 { | ||
| - | address $WG1_IPV4 | + | address $WG1_IPV4 |
| - | address $WG1_IPV6 | + | address $WG1_IPV6 |
| listen-port 51823 | listen-port 51823 | ||
| mtu 1406 | mtu 1406 | ||
| Zeile 331: | Zeile 332: | ||
| allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
| allowed-ips ::/0 | allowed-ips ::/0 | ||
| - | endpoint $WG1_ENDPOINT | + | endpoint $WG1_ENDPOINT |
| persistent-keepalive 25 | persistent-keepalive 25 | ||
| } | } | ||
| - | private-key $WG1_PRIVATE_KEY | + | private-key $WG1_PRIVATE_KEY |
| route-allowed-ips false | route-allowed-ips false | ||
| } | } | ||
| } | } | ||
| protocols { | protocols { | ||
| - | bgp $BGP_AS { #VAR | + | bgp $BGP_AS { |
| address-family { | address-family { | ||
| ipv6-unicast { | ipv6-unicast { | ||
| Zeile 351: | Zeile 352: | ||
| ebgp 4 | ebgp 4 | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR1_IPV4 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPV4 { |
| remote-as 65132 | remote-as 65132 | ||
| soft-reconfiguration { | soft-reconfiguration { | ||
| Zeile 357: | Zeile 358: | ||
| } | } | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR2_IPv4 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv4 { |
| remote-as 65132 | remote-as 65132 | ||
| soft-reconfiguration { | soft-reconfiguration { | ||
| Zeile 363: | Zeile 364: | ||
| } | } | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR1_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPv6 { |
| address-family { | address-family { | ||
| ipv6-unicast { | ipv6-unicast { | ||
| Zeile 373: | Zeile 374: | ||
| } | } | ||
| } | } | ||
| - | neighbor $BGP_NEIGHBOR2_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv6 { |
| address-family { | address-family { | ||
| ipv6-unicast { | ipv6-unicast { | ||
| Zeile 414: | Zeile 415: | ||
| table 11 { | table 11 { | ||
| route 0.0.0.0/0 { | route 0.0.0.0/0 { | ||
| - | next-hop $BGP_NEXTHOP_IPV4 { #VAR | + | next-hop $BGP_NEXTHOP_IPV4 { |
| } | } | ||
| } | } | ||
| route6 ::/0 { | route6 ::/0 { | ||
| - | next-hop $BGP_NEXTHOP_IPV6 { #VAR | + | next-hop $BGP_NEXTHOP_IPV6 { |
| } | } | ||
| } | } | ||
| Zeile 430: | Zeile 431: | ||
| shared-network-name internal { | shared-network-name internal { | ||
| authoritative disable | authoritative disable | ||
| - | subnet $DHCP_SUBNET { #VAR | + | subnet $DHCP_SUBNET { |
| - | default-router $DHCP_DEFAULT_ROUTER | + | default-router $DHCP_DEFAULT_ROUTER |
| - | dns-server $DHCP_DNS | + | dns-server $DHCP_DNS |
| lease 600 | lease 600 | ||
| - | start $DHCP_START { #VAR | + | start $DHCP_START { |
| - | stop $DHCP_STOP | + | stop $DHCP_STOP |
| } | } | ||
| unifi-controller 195.30.94.28 | unifi-controller 195.30.94.28 | ||
| Zeile 455: | Zeile 456: | ||
| } | } | ||
| snmp { | snmp { | ||
| - | community $SNMP_COMMUNITY { #VAR | + | community $SNMP_COMMUNITY { |
| authorization ro | authorization ro | ||
| } | } | ||
| - | contact $SNMP_CONTACT | + | contact $SNMP_CONTACT |
| - | description $SNMP_DESCRIPTION | + | description $SNMP_DESCRIPTION |
| - | location $SNMP_LOCATION | + | location $SNMP_LOCATION |
| } | } | ||
| ssh { | ssh { | ||
| Zeile 498: | Zeile 499: | ||
| syslog-facility daemon | syslog-facility daemon | ||
| } | } | ||
| - | host-name $HOST_NAME | + | host-name $HOST_NAME |
| login { | login { | ||
| user ubnt { | user ubnt { | ||
lqb