139 lines
3.9 KiB
Plaintext
139 lines
3.9 KiB
Plaintext
|
|
config interface 'loopback'
|
|
option device 'lo'
|
|
option proto 'static'
|
|
option ipaddr '127.0.0.1'
|
|
option netmask '255.0.0.0'
|
|
|
|
config globals 'globals'
|
|
option packet_steering '1'
|
|
option ula_prefix 'fd80:b6e3:d4e0::/48'
|
|
|
|
config device 'switch'
|
|
option name 'switch'
|
|
option type 'bridge'
|
|
option vlan_filtering 1
|
|
list ports 'eth0'
|
|
list ports 'eth1'
|
|
list ports 'eth2'
|
|
list ports 'eth3'
|
|
list ports 'eth4'
|
|
list ports 'eth5'
|
|
list ports 'eth6'
|
|
list ports 'eth7'
|
|
|
|
config bridge-vlan 'mgmt_vlan'
|
|
option vlan '1'
|
|
option device 'switch'
|
|
list ports 'eth2:u*'
|
|
list ports 'eth3:u*'
|
|
list ports 'eth4:u*'
|
|
list ports 'eth5:u*'
|
|
list ports 'eth6:u*'
|
|
list ports 'eth7:u*'
|
|
|
|
config bridge-vlan 'clients_vlan'
|
|
option vlan '2'
|
|
option device 'switch'
|
|
list ports 'eth2:t'
|
|
list ports 'eth3:t'
|
|
list ports 'eth4:t'
|
|
list ports 'eth5:t'
|
|
list ports 'eth6:t'
|
|
list ports 'eth7:t'
|
|
|
|
config bridge-vlan 'wan_vlan'
|
|
option vlan '3'
|
|
option device 'switch'
|
|
list ports 'eth0:u*'
|
|
list ports 'eth4:t'
|
|
|
|
config bridge-vlan 'backoffice_vlan'
|
|
option vlan '8'
|
|
option device 'switch'
|
|
list ports 'eth1:u*'
|
|
list ports 'eth2:t'
|
|
list ports 'eth3:t'
|
|
list ports 'eth4:t'
|
|
list ports 'eth5:t'
|
|
list ports 'eth6:t'
|
|
list ports 'eth7:t'
|
|
|
|
config interface 'mgmt'
|
|
option device 'switch.1'
|
|
option proto 'static'
|
|
option ipaddr '10.84.1.1'
|
|
option netmask '255.255.255.0'
|
|
|
|
config interface 'clients'
|
|
option device 'switch.2'
|
|
option proto 'static'
|
|
option ipaddr '10.84.4.1'
|
|
option netmask '255.255.252.0'
|
|
|
|
config interface 'wan'
|
|
option device 'switch.3'
|
|
option proto 'dhcp'
|
|
option peerdns '0'
|
|
list dns '9.9.9.9'
|
|
list dns '1.1.1.1'
|
|
|
|
config interface 'wan6'
|
|
option device 'switch.3'
|
|
option proto 'dhcpv6'
|
|
|
|
config interface 'backoffice'
|
|
option device 'switch.8'
|
|
option proto 'static'
|
|
option ipaddr '10.84.8.1'
|
|
option netmask '255.255.255.0'
|
|
|
|
config interface 'wg0'
|
|
option proto 'wireguard'
|
|
option private_key "{{ lookup('passwordstore', 'wg/wg0/gw-core01') }}"
|
|
option mtu 1350
|
|
list addresses '10.84.254.1/31'
|
|
|
|
config wireguard_wg0 'eap_adp_jump01'
|
|
option public_key "{{ lookup('passwordstore', 'wg/wg0/eae-adp-jump01.pub') }}"
|
|
option preshared_key "{{ lookup('passwordstore', 'wg/wg0/psk') }}"
|
|
option endpoint_host '162.55.53.85'
|
|
option endpoint_port '51820'
|
|
option route_allowed_ips '0'
|
|
option persistent_keepalive 15
|
|
list allowed_ips '0.0.0.0/0'
|
|
|
|
config interface 'wg1'
|
|
option mtu 1420
|
|
option proto 'wireguard'
|
|
option private_key "{{ lookup('passwordstore', 'wg/wg1/gw-core01') }}"
|
|
list addresses '10.64.70.162/32'
|
|
option ip4table 'launder'
|
|
|
|
config wireguard_wg1 'mullvad_fr'
|
|
option public_key "{{ lookup('passwordstore', 'wg/wg1/mullvad_fr.pub') }}"
|
|
option endpoint_host "{{ lookup('passwordstore', 'wg/wg1/mullvad_fr.endpoint') | split(':') | first }}"
|
|
option endpoint_port "{{ lookup('passwordstore', 'wg/wg1/mullvad_fr.endpoint') | split(':') | last }}"
|
|
option route_allowed_ips '1'
|
|
option persistent_keepalive 15
|
|
list allowed_ips '0.0.0.0/0'
|
|
|
|
config rule
|
|
option in 'clients'
|
|
option dest '10.0.0.0/8'
|
|
option lookup 'main'
|
|
option priority 49
|
|
option disabled '0'
|
|
|
|
config rule
|
|
option in 'clients'
|
|
option lookup 'launder'
|
|
option priority 50
|
|
option disabled '0'
|
|
|
|
config rule
|
|
option in 'clients'
|
|
option action prohibit
|
|
option priority 51
|
|
option disabled '0'
|