config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option packet_steering '1' option ula_prefix 'fd80:b6e3:d4e0::/48' config device 'switch' option name 'switch' option type 'bridge' option vlan_filtering 1 list ports 'eth0' list ports 'eth1' list ports 'eth2' list ports 'eth3' list ports 'eth4' list ports 'eth5' list ports 'eth6' list ports 'eth7' config bridge-vlan 'mgmt_vlan' option vlan '1' option device 'switch' list ports 'eth2:u*' list ports 'eth3:u*' list ports 'eth4:u*' list ports 'eth5:u*' list ports 'eth6:u*' list ports 'eth7:u*' config bridge-vlan 'clients_vlan' option vlan '2' option device 'switch' list ports 'eth2:t' list ports 'eth3:t' list ports 'eth4:t' list ports 'eth5:t' list ports 'eth6:t' list ports 'eth7:t' config bridge-vlan 'wan_vlan' option vlan '3' option device 'switch' list ports 'eth0:u*' list ports 'eth4:t' config bridge-vlan 'backoffice_vlan' option vlan '8' option device 'switch' list ports 'eth1:u*' list ports 'eth2:t' list ports 'eth3:t' list ports 'eth4:t' list ports 'eth5:t' list ports 'eth6:t' list ports 'eth7:t' config interface 'mgmt' option device 'switch.1' option proto 'static' option ipaddr '10.84.1.1' option netmask '255.255.255.0' config interface 'clients' option device 'switch.2' option proto 'static' option ipaddr '10.84.4.1' option netmask '255.255.252.0' config interface 'wan' option device 'switch.3' option proto 'dhcp' option peerdns '0' list dns '9.9.9.9' list dns '1.1.1.1' config interface 'wan6' option device 'switch.3' option proto 'dhcpv6' config interface 'backoffice' option device 'switch.8' option proto 'static' option ipaddr '10.84.8.1' option netmask '255.255.255.0' config interface 'wg0' option proto 'wireguard' option private_key "{{ lookup('passwordstore', 'wg/wg0/gw-core01') }}" option mtu 1350 list addresses '10.84.254.1/31' config wireguard_wg0 'eap_adp_jump01' option public_key "{{ lookup('passwordstore', 'wg/wg0/eae-adp-jump01.pub') }}" option preshared_key "{{ lookup('passwordstore', 'wg/wg0/psk') }}" option endpoint_host '162.55.53.85' option endpoint_port '51820' option route_allowed_ips '0' option persistent_keepalive 15 list allowed_ips '0.0.0.0/0' config interface 'wg1' option mtu 1420 option proto 'wireguard' option private_key "{{ lookup('passwordstore', 'wg/wg1/gw-core01') }}" list addresses '10.64.70.162/32' option ip4table 'launder' config wireguard_wg1 'mullvad_fr' option public_key "{{ lookup('passwordstore', 'wg/wg1/mullvad_fr.pub') }}" option endpoint_host "{{ lookup('passwordstore', 'wg/wg1/mullvad_fr.endpoint') | split(':') | first }}" option endpoint_port "{{ lookup('passwordstore', 'wg/wg1/mullvad_fr.endpoint') | split(':') | last }}" option route_allowed_ips '1' option persistent_keepalive 15 list allowed_ips '0.0.0.0/0' config rule option in 'clients' option dest '10.0.0.0/8' option lookup 'main' option priority 49 option disabled '0' config rule option in 'clients' option lookup 'launder' option priority 50 option disabled '0' config rule option in 'clients' option action prohibit option priority 51 option disabled '0'