config interface 'loopback' option device 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option packet_steering '1' option ula_prefix 'fd36:4280:eae3::/48' config device 'switch' option name 'switch' option type 'bridge' option vlan_filtering 1 list ports 'eth0' list ports 'eth1' list ports 'eth2' list ports 'eth3' config bridge-vlan 'mgmt_vlan' option vlan '1' option device 'switch' list ports 'eth1:u*' config bridge-vlan 'clients_vlan' option vlan '2' option device 'switch' list ports 'eth1:t' list ports 'eth3:u*' config bridge-vlan 'wan_vlan' option vlan '3' option device 'switch' list ports 'eth0:u*' list ports 'eth1:t' list ports 'eth2:u*' config bridge-vlan 'backoffice_vlan' option vlan '8' option device 'switch' list ports 'eth1:t' config interface 'mgmt' option device 'switch.1' option proto 'static' option ipaddr '10.85.1.1' option netmask '255.255.255.0' config interface 'wan' option device 'switch.3' option proto 'dhcp' config interface 'wan6' option device 'switch.3' option proto 'dhcpv6' config interface 'backoffice' option device 'switch.8' option proto 'static' option ipaddr '10.85.8.1' option netmask '255.255.255.0' config interface 'wg2' option proto 'wireguard' option private_key "{{ lookup('passwordstore', 'wg/wg2/{{ inventory_hostname }}') }}" option listen_port 51822 option mtu 1350 list addresses '10.85.254.1/31' config wireguard_wg2 'eap_adp_jump01' option public_key "{{ lookup('passwordstore', 'wg/wg2/eae-adp-jump01.pub') }}" option preshared_key "{{ lookup('passwordstore', 'wg/wg2/psk') }}" option endpoint_host '162.55.53.85' option endpoint_port '51822' option route_allowed_ips '0' option persistent_keepalive 15 list allowed_ips '0.0.0.0/0'