eae-am-deutschen-platz/templates/gateways/ffl-ans-gw-core01/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd36:4280:eae3::/48'

config device 'switch'
        option name 'switch'
        option type 'bridge'
        option vlan_filtering 1
        list ports 'eth0'
        list ports 'eth1'
        list ports 'eth2'
        list ports 'eth3'

config bridge-vlan 'mgmt_vlan'
        option vlan '1'
        option device 'switch'
        list ports 'eth1:u*'

config bridge-vlan 'clients_vlan'
        option vlan '2'
        option device 'switch'
        list ports 'eth1:t'
        list ports 'eth3:u*'

config bridge-vlan 'wan_vlan'
        option vlan '3'
        option device 'switch'
        list ports 'eth0:u*'
        list ports 'eth1:t'
        list ports 'eth2:u*'

config bridge-vlan 'backoffice_vlan'
        option vlan '8'
        option device 'switch'
        list ports 'eth1:t'

config interface 'mgmt'
        option device 'switch.1'
        option proto 'static'
        option ipaddr '10.85.1.1'
        option netmask '255.255.255.0'

config interface 'wan'
        option device 'switch.3'
        option proto 'dhcp'

config interface 'wan6'
        option device 'switch.3'
        option proto 'dhcpv6'

config interface 'backoffice'
        option device 'switch.8'
        option proto 'static'
        option ipaddr '10.85.8.1'
        option netmask '255.255.255.0'

config interface 'wg2'
        option proto 'wireguard'
        option private_key "{{ lookup('passwordstore', 'wg/wg2/{{ inventory_hostname }}') }}"
        option listen_port 51822
        option mtu 1350
        list addresses '10.85.254.1/31'

config wireguard_wg2 'eap_adp_jump01'
        option public_key "{{ lookup('passwordstore', 'wg/wg2/eae-adp-jump01.pub') }}"
        option preshared_key "{{ lookup('passwordstore', 'wg/wg2/psk') }}"
        option endpoint_host '162.55.53.85'
        option endpoint_port '51822'
        option route_allowed_ips '0'
        option persistent_keepalive 15
        list allowed_ips '0.0.0.0/0'