Added configurations for main-site linux host and off-site linux host
Added GNS3 example topology image
This commit is contained in:
24
off-site/scripts/create-bridge
Normal file
24
off-site/scripts/create-bridge
Normal file
@@ -0,0 +1,24 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# This script is for creating a bridge interface, assigning an IP address, and adding physical interface ens1 to it.
|
||||
|
||||
# Create bridge
|
||||
ip link add type bridge
|
||||
# name is non deterministic, fix
|
||||
ip address add 200.1.0.4/16 dev bridge0
|
||||
|
||||
# Change bridge0 mac address to not conflict with bridge interface of other wireguard peer
|
||||
ip link set bridge0 address ee:3b:6b:e2:fc:b2
|
||||
|
||||
# Add physical nic to bridge
|
||||
ip link set ens1 master bridge0
|
||||
ip link set ens1 up
|
||||
ip link set bridge0 up
|
||||
|
||||
# Static Routes
|
||||
# default
|
||||
ip route add default via 200.1.0.1
|
||||
# to reach l2tp tunnel interface through wg0
|
||||
ip route add 200.1.0.3/32 via 192.168.1.1
|
||||
# to be able to reach wireguard peer over the internet
|
||||
ip route add 200.1.0.2/32 via 200.4.0.1
|
||||
13
off-site/scripts/create-l2tp
Normal file
13
off-site/scripts/create-l2tp
Normal file
@@ -0,0 +1,13 @@
|
||||
#!/bin/sh
|
||||
# This script creates an L2TP tunnel and session, then adds the L2TP interface to bridge0
|
||||
|
||||
# Create tunnel and session
|
||||
ip l2tp add tunnel tunnel_id 123456 peer_tunnel_id 123456 remote 200.1.0.3 local 200.1.0.4 encap ip
|
||||
ip l2tp add session tunnel_id 123456 session_id 789 peer_session_id 789
|
||||
|
||||
# Change address to not conflict with l2tp interface of other wireguard peer
|
||||
ip link set l2tpeth0 address ea:b1:1b:99:1b:a9
|
||||
|
||||
# Bridge physical interface with L2TP interface
|
||||
ip link set l2tpeth0 master bridge0
|
||||
ip link set l2tpeth0 up
|
||||
1
off-site/wireguard/privatekey
Normal file
1
off-site/wireguard/privatekey
Normal file
@@ -0,0 +1 @@
|
||||
kEMAv9NOhpYbH0JwFbplb0WoaOxOVkC2LkF5IQruF28=
|
||||
1
off-site/wireguard/publickey
Normal file
1
off-site/wireguard/publickey
Normal file
@@ -0,0 +1 @@
|
||||
DxLbQIrfifZP1dUOLwmZXG5n7KtzQdtKl/XO/H82H28=
|
||||
19
off-site/wireguard/wg0.conf
Normal file
19
off-site/wireguard/wg0.conf
Normal file
@@ -0,0 +1,19 @@
|
||||
# /etc/wireguard/wg0.conf
|
||||
|
||||
[Interface]
|
||||
Address = 192.168.1.2/29
|
||||
DNS = 1.1.1.1
|
||||
PrivateKey = kEMAv9NOhpYbH0JwFbplb0WoaOxOVkC2LkF5IQruF28=
|
||||
|
||||
# Disables automatic creation of route that would route AllowedIPs through wg0
|
||||
Table = off
|
||||
|
||||
PostUp = /home/debian/scripts/create-bridge
|
||||
PostUp = /home/debian/scripts/create-l2tp
|
||||
|
||||
[Peer]
|
||||
PublicKey = XZ7QeWZINbYnH+rNVCsMCCaqw/KEJ628kh604NY4qHg=
|
||||
PresharedKey = tU3+y1cEqzF0vOCnfFRPhJ24ejbD2HJWjir1aLhwtOA=
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
Endpoint = 200.1.0.2:52789
|
||||
PersistentKeepalive = 25
|
||||
Reference in New Issue
Block a user