Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung | |||
knb:wireguard-offloader [2020/07/06 22:49] – lqb | knb:wireguard-offloader [2020/07/07 06:04] (aktuell) – lqb | ||
---|---|---|---|
Zeile 23: | Zeile 23: | ||
#!/bin/bash | #!/bin/bash | ||
- | #USERNMAE/PASSWORD: ubnt/ubnt | + | #USERNAME/PASSWORD: ubnt/ubnt |
HOST_NAME=" | HOST_NAME=" | ||
Zeile 46: | Zeile 46: | ||
WG1_PRIVATE_KEY=" | WG1_PRIVATE_KEY=" | ||
- | BGP_AS=" | + | BGP_AS=" |
BGP_NEIGHBOR1_IPV4=" | BGP_NEIGHBOR1_IPV4=" | ||
BGP_NEIGHBOR1_IPv6=" | BGP_NEIGHBOR1_IPv6=" | ||
Zeile 61: | Zeile 61: | ||
CLIENT1_IPV4=" | CLIENT1_IPV4=" | ||
CLIENT1_IPV6=" | CLIENT1_IPV6=" | ||
+ | |||
Zeile 123: | Zeile 124: | ||
description " | description " | ||
destination { | destination { | ||
- | address $CLIENT1_IPV6 | + | address $CLIENT1_IPV6 |
port 22 | port 22 | ||
} | } | ||
Zeile 198: | Zeile 199: | ||
description " | description " | ||
destination { | destination { | ||
- | address $CLIENT1_IPV4 | + | address $CLIENT1_IPV4 |
port 22 | port 22 | ||
} | } | ||
Zeile 270: | Zeile 271: | ||
} | } | ||
switch switch0 { | switch switch0 { | ||
- | address $HOST_IPV4 | + | address $HOST_IPV4 |
- | address $HOST_IPV6 | + | address $HOST_IPV6 |
firewall { | firewall { | ||
out { | out { | ||
Zeile 286: | Zeile 287: | ||
max-interval 600 | max-interval 600 | ||
other-config-flag false | other-config-flag false | ||
- | prefix $HOST_IPV6_PREFIX { #VAR | + | prefix $HOST_IPV6_PREFIX { |
autonomous-flag true | autonomous-flag true | ||
on-link-flag true | on-link-flag true | ||
Zeile 310: | Zeile 311: | ||
} | } | ||
wireguard wg0 { | wireguard wg0 { | ||
- | address $WG0_IPV4 | + | address $WG0_IPV4 |
- | address $WG0_IPV6 | + | address $WG0_IPV6 |
listen-port 51822 | listen-port 51822 | ||
mtu 1406 | mtu 1406 | ||
Zeile 317: | Zeile 318: | ||
allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
allowed-ips ::/0 | allowed-ips ::/0 | ||
- | endpoint $WG0_ENDPOINT | + | endpoint $WG0_ENDPOINT |
persistent-keepalive 25 | persistent-keepalive 25 | ||
} | } | ||
- | private-key $WG0_PRIVATE_KEY | + | private-key $WG0_PRIVATE_KEY |
route-allowed-ips false | route-allowed-ips false | ||
} | } | ||
wireguard wg1 { | wireguard wg1 { | ||
- | address $WG1_IPV4 | + | address $WG1_IPV4 |
- | address $WG1_IPV6 | + | address $WG1_IPV6 |
listen-port 51823 | listen-port 51823 | ||
mtu 1406 | mtu 1406 | ||
Zeile 331: | Zeile 332: | ||
allowed-ips 0.0.0.0/0 | allowed-ips 0.0.0.0/0 | ||
allowed-ips ::/0 | allowed-ips ::/0 | ||
- | endpoint $WG1_ENDPOINT | + | endpoint $WG1_ENDPOINT |
persistent-keepalive 25 | persistent-keepalive 25 | ||
} | } | ||
- | private-key $WG1_PRIVATE_KEY | + | private-key $WG1_PRIVATE_KEY |
route-allowed-ips false | route-allowed-ips false | ||
} | } | ||
} | } | ||
protocols { | protocols { | ||
- | bgp $BGP_AS { #VAR | + | bgp $BGP_AS { |
address-family { | address-family { | ||
ipv6-unicast { | ipv6-unicast { | ||
Zeile 351: | Zeile 352: | ||
ebgp 4 | ebgp 4 | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR1_IPV4 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPV4 { |
remote-as 65132 | remote-as 65132 | ||
soft-reconfiguration { | soft-reconfiguration { | ||
Zeile 357: | Zeile 358: | ||
} | } | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR2_IPv4 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv4 { |
remote-as 65132 | remote-as 65132 | ||
soft-reconfiguration { | soft-reconfiguration { | ||
Zeile 363: | Zeile 364: | ||
} | } | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR1_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR1_IPv6 { |
address-family { | address-family { | ||
ipv6-unicast { | ipv6-unicast { | ||
Zeile 373: | Zeile 374: | ||
} | } | ||
} | } | ||
- | neighbor $BGP_NEIGHBOR2_IPv6 { #VAR | + | neighbor $BGP_NEIGHBOR2_IPv6 { |
address-family { | address-family { | ||
ipv6-unicast { | ipv6-unicast { | ||
Zeile 414: | Zeile 415: | ||
table 11 { | table 11 { | ||
route 0.0.0.0/0 { | route 0.0.0.0/0 { | ||
- | next-hop $BGP_NEXTHOP_IPV4 { #VAR | + | next-hop $BGP_NEXTHOP_IPV4 { |
} | } | ||
} | } | ||
route6 ::/0 { | route6 ::/0 { | ||
- | next-hop $BGP_NEXTHOP_IPV6 { #VAR | + | next-hop $BGP_NEXTHOP_IPV6 { |
} | } | ||
} | } | ||
Zeile 430: | Zeile 431: | ||
shared-network-name internal { | shared-network-name internal { | ||
authoritative disable | authoritative disable | ||
- | subnet $DHCP_SUBNET { #VAR | + | subnet $DHCP_SUBNET { |
- | default-router $DHCP_DEFAULT_ROUTER | + | default-router $DHCP_DEFAULT_ROUTER |
- | dns-server $DHCP_DNS | + | dns-server $DHCP_DNS |
lease 600 | lease 600 | ||
- | start $DHCP_START { #VAR | + | start $DHCP_START { |
- | stop $DHCP_STOP | + | stop $DHCP_STOP |
} | } | ||
unifi-controller 195.30.94.28 | unifi-controller 195.30.94.28 | ||
Zeile 455: | Zeile 456: | ||
} | } | ||
snmp { | snmp { | ||
- | community $SNMP_COMMUNITY { #VAR | + | community $SNMP_COMMUNITY { |
authorization ro | authorization ro | ||
} | } | ||
- | contact $SNMP_CONTACT | + | contact $SNMP_CONTACT |
- | description $SNMP_DESCRIPTION | + | description $SNMP_DESCRIPTION |
- | location $SNMP_LOCATION | + | location $SNMP_LOCATION |
} | } | ||
ssh { | ssh { | ||
Zeile 498: | Zeile 499: | ||
syslog-facility daemon | syslog-facility daemon | ||
} | } | ||
- | host-name $HOST_NAME | + | host-name $HOST_NAME |
login { | login { | ||
user ubnt { | user ubnt { |