update viwib configs
This commit is contained in:
parent
e891c7160a
commit
cfcd2d9b19
2 changed files with 30 additions and 56 deletions
|
@ -17,7 +17,7 @@ id=$1; shift
|
||||||
hex_id=$(printf "%0.2x\n" "$id")
|
hex_id=$(printf "%0.2x\n" "$id")
|
||||||
viirb_hostname=viirb${id}
|
viirb_hostname=viirb${id}
|
||||||
|
|
||||||
prefix_base=2a0a:e5c1:3
|
prefix_base=2a0a:e5c1:6
|
||||||
my_prefix=${prefix_base}${hex_id}
|
my_prefix=${prefix_base}${hex_id}
|
||||||
my_network=${my_prefix}::/48
|
my_network=${my_prefix}::/48
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ id=$1; shift
|
||||||
hex_id=$(printf "%0.2x\n" "$id")
|
hex_id=$(printf "%0.2x\n" "$id")
|
||||||
viwib_hostname=viwib${id}
|
viwib_hostname=viwib${id}
|
||||||
|
|
||||||
prefix_base=2a0a:e5c1:3
|
prefix_base=2a0a:e5c1:6
|
||||||
my_prefix=${prefix_base}${hex_id}
|
my_prefix=${prefix_base}${hex_id}
|
||||||
my_network=${my_prefix}::/48
|
my_network=${my_prefix}::/48
|
||||||
|
|
||||||
|
@ -33,8 +33,8 @@ else
|
||||||
fi
|
fi
|
||||||
public_key=$(echo $private_key | wg pubkey)
|
public_key=$(echo $private_key | wg pubkey)
|
||||||
|
|
||||||
vpn_endpoint_host=vpn-2a0ae5c1300.ungleich.ch
|
vpn_endpoint_host=vpn-2a0ae5c1600.ungleich.ch
|
||||||
vpn_endpoint_pubkey=ft68G2RID7gZ6PXjFCSCOdJ9yspRg+tUw0YrNK9cTxE=
|
vpn_endpoint_pubkey=ygZQW3OSiMJl/RpKyaJVE0GSt6bjEDnoxdMJsNiloRE=
|
||||||
|
|
||||||
ping -c3 ${viwib_ip}
|
ping -c3 ${viwib_ip}
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
|
@ -46,36 +46,27 @@ cat <<EOF | ssh -t "root@${viwib_ip}"
|
||||||
set -x
|
set -x
|
||||||
# Setup lan to also retrieve an ip address via dhcp
|
# Setup lan to also retrieve an ip address via dhcp
|
||||||
|
|
||||||
# This stays in the final setup
|
# Adjust LAN to be IPv6 only
|
||||||
uci set network.lan.proto='dhcp'
|
|
||||||
uci delete network.lan.ipaddr
|
uci delete network.lan.ipaddr
|
||||||
uci delete network.lan.netmask
|
uci delete network.lan.netmask
|
||||||
|
uci set network.lan.ip6addr='${my_lan_ip}/64'
|
||||||
# The IPv6 lan configuration
|
|
||||||
uci set network.lanv6=interface
|
|
||||||
uci set network.lanv6.proto='static'
|
|
||||||
uci set network.lanv6.ip6addr='${my_lan_ip}/64'
|
|
||||||
uci set network.lanv6.ifname='br-lan'
|
|
||||||
|
|
||||||
# LAN / Router advertisements / DHCP
|
|
||||||
# DHCP: we are not authoratative
|
|
||||||
uci delete dhcp.@dnsmasq[0].authoritative
|
|
||||||
uci delete dhcp.lan.dhcpv6
|
|
||||||
uci delete dhcp.lan.start
|
|
||||||
uci delete dhcp.lan.limit
|
|
||||||
uci delete dhcp.lan.leasetime
|
|
||||||
|
|
||||||
# Do not announce ULA - we have GUA
|
# Do not announce ULA - we have GUA
|
||||||
uci delete network.globals.ula_prefix
|
uci delete network.globals.ula_prefix
|
||||||
|
|
||||||
# This is configuring the dhcp IPv4 client
|
# Setup Router Advertisements / remove IPv4 dhcp
|
||||||
uci set dhcp.lan=dhcp
|
|
||||||
|
|
||||||
# Setup Router Advertisements
|
|
||||||
uci set dhcp.lan.interface='lanv6'
|
|
||||||
uci set dhcp.lan.ra='server'
|
uci set dhcp.lan.ra='server'
|
||||||
uci set dhcp.lan.dynamicdhcp='0'
|
uci set dhcp.lan.dynamicdhcp='0'
|
||||||
|
|
||||||
|
uci delete dhcp.@dnsmasq[0].authoritative
|
||||||
|
|
||||||
|
uci delete dhcp.lan.start
|
||||||
|
uci delete dhcp.lan.limit
|
||||||
|
uci delete dhcp.lan.leasetime
|
||||||
|
|
||||||
|
# We do stateless by default everywhere
|
||||||
|
uci delete dhcp.lan.dhcpv6
|
||||||
|
|
||||||
# Fix DNS: make dnsmasq NOT use a resolv.conf
|
# Fix DNS: make dnsmasq NOT use a resolv.conf
|
||||||
# so that it only reads from our servers with DNS64 enabled
|
# so that it only reads from our servers with DNS64 enabled
|
||||||
uci set dhcp.@dnsmasq[0].noresolv='1'
|
uci set dhcp.@dnsmasq[0].noresolv='1'
|
||||||
|
@ -90,51 +81,34 @@ uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:0:a::a'
|
||||||
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:2:a::a'
|
uci add_list dhcp.@dnsmasq[0].server='2a0a:e5c0:2:a::a'
|
||||||
|
|
||||||
# wifi ip address
|
# wifi ip address
|
||||||
uci set network.wifi=interface
|
# uci set network.wifi=interface
|
||||||
uci set network.wifi.proto='static'
|
# uci set network.wifi.proto='static'
|
||||||
uci set network.wifi.ip6addr='${my_wifi_ip}/64'
|
# uci set network.wifi.ip6addr='${my_wifi_ip}/64'
|
||||||
|
|
||||||
# Wifi configuration
|
# Wifi configuration
|
||||||
uci set wireless.radio0=wifi-device
|
uci set wireless.radio0=wifi-device
|
||||||
uci set wireless.radio0.type='mac80211'
|
|
||||||
uci set wireless.radio0.hwmode='11g'
|
|
||||||
uci set wireless.radio0.path='platform/10300000.wmac'
|
|
||||||
uci set wireless.radio0.htmode='HT40'
|
uci set wireless.radio0.htmode='HT40'
|
||||||
uci set wireless.radio0.country='CH'
|
uci set wireless.radio0.country='CH'
|
||||||
uci set wireless.radio0.channel='6'
|
uci set wireless.radio0.channel='6'
|
||||||
|
|
||||||
uci set wireless.default_radio0=wifi-iface
|
|
||||||
uci set wireless.default_radio0.device='radio0'
|
|
||||||
uci set wireless.default_radio0.mode='ap'
|
|
||||||
uci set wireless.default_radio0.encryption='psk2'
|
uci set wireless.default_radio0.encryption='psk2'
|
||||||
uci set wireless.default_radio0.key='iloveipv6'
|
uci set wireless.default_radio0.key='iloveipv6'
|
||||||
uci set wireless.default_radio0.ssid='IPv6 everywhere ${viwib_hostname}'
|
uci set wireless.default_radio0.ssid='IPv6 everywhere ${viwib_hostname}'
|
||||||
uci set wireless.default_radio0.network='wifi'
|
|
||||||
|
|
||||||
# Wifi / Router advertisements
|
|
||||||
uci set dhcp.wifi=dhcp
|
|
||||||
uci set dhcp.wifi.interface='wifi'
|
|
||||||
uci set dhcp.wifi.ra='server'
|
|
||||||
uci set dhcp.wifi.dynamicdhcp='0'
|
|
||||||
|
|
||||||
# Ensure it is not disabled
|
# Ensure it is not disabled
|
||||||
uci delete wireless.radio0.disabled
|
uci delete wireless.radio0.disabled
|
||||||
|
|
||||||
# This is temporary - keeping it until the config process is through
|
# Create temporary IPV4 CLIENT on LAN
|
||||||
# Probably not needet - we can connect to the final IPv6 address!
|
# This way we get Internet/upstream from the LAN port
|
||||||
# This code commented out == The address vanishes due to above reconfiguration
|
# Can we do this via IPv6 instead?
|
||||||
# uci set network.lanv4temp=interface
|
# this breaks if multiple viwib are setup, as we have fake / wrong
|
||||||
# uci set network.lanv4temp.proto='static'
|
# dhcp server configurations.
|
||||||
# uci set network.lanv4temp.ifname='br-lan'
|
# easy solution: using two different networks...
|
||||||
# uci set network.lanv4temp.ipaddr='192.168.61.1'
|
|
||||||
# uci set network.lanv4temp.netmask='255.255.255.0'
|
|
||||||
|
|
||||||
uci commit
|
uci commit
|
||||||
|
|
||||||
# Need to reboot to restore /etc/resolv.conf
|
# Need to reboot to restore /etc/resolv.conf
|
||||||
reboot
|
reboot
|
||||||
|
|
||||||
#/etc/init.d/network restart
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# ensure viwib is back
|
# ensure viwib is back
|
||||||
|
@ -142,6 +116,7 @@ EOF
|
||||||
# ensure viwib gives out ipv6 address
|
# ensure viwib gives out ipv6 address
|
||||||
# Found: 30s is not enough for full reconfiguration
|
# Found: 30s is not enough for full reconfiguration
|
||||||
echo "Public VPN key: ${id} ${public_key}"
|
echo "Public VPN key: ${id} ${public_key}"
|
||||||
|
|
||||||
sleep 60
|
sleep 60
|
||||||
|
|
||||||
# change to ipv6
|
# change to ipv6
|
||||||
|
@ -172,10 +147,10 @@ fi
|
||||||
|
|
||||||
uci set network.@wireguard_wg0[0]=wireguard_wg0
|
uci set network.@wireguard_wg0[0]=wireguard_wg0
|
||||||
uci set network.@wireguard_wg0[0].persistent_keepalive='25'
|
uci set network.@wireguard_wg0[0].persistent_keepalive='25'
|
||||||
uci set network.@wireguard_wg0[0].public_key='${vpn_endpoint_pubkey}'
|
uci set network.@wireguard_wg0[0].public_key="${vpn_endpoint_pubkey}"
|
||||||
uci set network.@wireguard_wg0[0].description='IPv6VPN.ch by ungleich'
|
uci set network.@wireguard_wg0[0].description="IPv6VPN.ch by ungleich"
|
||||||
uci set network.@wireguard_wg0[0].allowed_ips='::/0'
|
uci set network.@wireguard_wg0[0].allowed_ips='::/0'
|
||||||
uci set network.@wireguard_wg0[0].endpoint_host='${vpn_endpoint_host}'
|
uci set network.@wireguard_wg0[0].endpoint_host="${vpn_endpoint_host}"
|
||||||
uci set network.@wireguard_wg0[0].endpoint_port='51820'
|
uci set network.@wireguard_wg0[0].endpoint_port='51820'
|
||||||
uci set network.@wireguard_wg0[0].route_allowed_ips='1'
|
uci set network.@wireguard_wg0[0].route_allowed_ips='1'
|
||||||
|
|
||||||
|
@ -213,8 +188,7 @@ uci set firewall.@rule[-1].target='ACCEPT'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Add interfaces to the right network zone
|
# Add interfaces to the right network zone
|
||||||
uci set firewall.@zone[0].network='lan lanv6 wifi'
|
uci set firewall.@zone[1].network='wan wan6 wg0'
|
||||||
uci set firewall.@zone[1].network='wg0'
|
|
||||||
|
|
||||||
uci commit
|
uci commit
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue