142 lines
4.0 KiB
Plaintext
142 lines
4.0 KiB
Plaintext
|
|
config interface 'loopback'
|
|
option device 'lo'
|
|
option proto 'static'
|
|
option ipaddr '127.0.0.1'
|
|
option netmask '255.0.0.0'
|
|
|
|
config globals 'globals'
|
|
option packet_steering '1'
|
|
|
|
config device 'switch'
|
|
option name 'switch'
|
|
option type 'bridge'
|
|
option vlan_filtering 1
|
|
list ports 'eth0'
|
|
list ports 'eth1'
|
|
list ports 'eth2'
|
|
list ports 'eth3'
|
|
list ports 'eth4'
|
|
list ports 'eth5'
|
|
list ports 'eth6'
|
|
list ports 'eth7'
|
|
|
|
config bridge-vlan 'mgmt_vlan'
|
|
option vlan '1'
|
|
option device 'switch'
|
|
list ports 'eth1:u*'
|
|
list ports 'eth2:u*'
|
|
list ports 'eth3:u*'
|
|
list ports 'eth4:u*'
|
|
list ports 'eth5:u*'
|
|
list ports 'eth6:u*'
|
|
|
|
config bridge-vlan 'clients_vlan'
|
|
option vlan '2'
|
|
option device 'switch'
|
|
list ports 'eth1:t'
|
|
list ports 'eth2:t'
|
|
list ports 'eth3:t'
|
|
list ports 'eth4:t'
|
|
list ports 'eth5:t'
|
|
list ports 'eth6:t'
|
|
|
|
config bridge-vlan 'wan_vlan'
|
|
option vlan '3'
|
|
option device 'switch'
|
|
list ports 'eth0:u*'
|
|
|
|
config bridge-vlan 'backoffice_vlan'
|
|
option vlan '8'
|
|
option device 'switch'
|
|
list ports 'eth1:t'
|
|
list ports 'eth2:t'
|
|
list ports 'eth3:t'
|
|
list ports 'eth4:t'
|
|
list ports 'eth5:t'
|
|
list ports 'eth6:t'
|
|
list ports 'eth7:u*'
|
|
|
|
config interface 'mgmt'
|
|
option device 'switch.1'
|
|
option proto 'static'
|
|
option ipaddr '10.86.1.1'
|
|
option netmask '255.255.255.0'
|
|
|
|
config interface 'wan'
|
|
option device 'switch.3'
|
|
option proto 'dhcp'
|
|
|
|
config interface 'wan6'
|
|
option device 'switch.3'
|
|
option proto 'dhcpv6'
|
|
|
|
config interface 'clients'
|
|
option device 'switch.2'
|
|
option proto 'static'
|
|
option ipaddr '10.86.4.1'
|
|
option netmask '255.255.252.0'
|
|
|
|
config interface 'backoffice'
|
|
option device 'switch.8'
|
|
option proto 'static'
|
|
option ipaddr '10.86.8.1'
|
|
option netmask '255.255.255.0'
|
|
|
|
config interface 'wg3'
|
|
option proto 'wireguard'
|
|
option private_key "{{ lookup('passwordstore', 'wg/wg3/sax-rgs-gw-core01') }}"
|
|
option listen_port 51823
|
|
option mtu 1350
|
|
list addresses '10.86.254.1/31'
|
|
option disabled '0'
|
|
|
|
config wireguard_wg3 'eap_adp_jump01'
|
|
option public_key "{{ lookup('passwordstore', 'wg/wg3/eae-adp-jump01.pub') }}"
|
|
option preshared_key "{{ lookup('passwordstore', 'wg/wg3/psk') }}"
|
|
option endpoint_host '162.55.53.85'
|
|
option endpoint_port '51823'
|
|
option route_allowed_ips '0'
|
|
option persistent_keepalive 15
|
|
list allowed_ips '0.0.0.0/0'
|
|
|
|
config interface 'wg4'
|
|
option proto 'wireguard'
|
|
option private_key "{{ lookup('passwordstore', 'wg/wg4/sax-rgs-gw-core01') }}"
|
|
list addresses 'fe80:2131:27:189::2/64'
|
|
option disabled '0'
|
|
|
|
# routes 2a0e:8f02:f000:2e61::1/64 to the link-local of wg4
|
|
config wireguard_wg4 'core_mowoe_com'
|
|
option public_key "{{ lookup('passwordstore', 'wg/wg4/core.mowoe.com.pub') }}"
|
|
option endpoint_host 'core.mowoe.com'
|
|
option endpoint_port '51821'
|
|
option route_allowed_ips '0'
|
|
option persistent_keepalive 15
|
|
list allowed_ips '::/0'
|
|
|
|
config interface 'wg5'
|
|
option ip4table 'launder'
|
|
option proto 'wireguard'
|
|
option private_key "{{ lookup('passwordstore', 'wg/wg5/sax-rgs-gw-core01') }}"
|
|
list addresses '10.67.171.28'
|
|
option disabled '0'
|
|
|
|
config wireguard_wg5 'mullvad'
|
|
option public_key "{{ lookup('passwordstore', 'wg/wg5/mullvad.pub') }}"
|
|
option endpoint_host '146.70.117.162'
|
|
option endpoint_port '51820'
|
|
option route_allowed_ips '1'
|
|
option persistent_keepalive 15
|
|
list allowed_ips '0.0.0.0/0'
|
|
|
|
config rule
|
|
option in 'clients'
|
|
option lookup 'launder'
|
|
option priority 50
|
|
|
|
config rule
|
|
option in 'clients'
|
|
option action prohibit
|
|
option priority 51
|