wiki/wiki
1
0
Fork 0
mirror of https://git.dn42.dev/wiki/wiki synced 2025-03-15 03:43:33 +00:00
Code Issues Releases Wiki Activity

Updated Edgeos Config Example number 2 (markdown)

Browse Source
This commit is contained in:
dn42 wiki 2016-11-13 00:05:48 +00:00
parent 861da88435
commit 04459944da
1 changed files with 32 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

139
howto/Edgeos-Config-Example-number-2.md
View File

@ -1,8 +1,6 @@
# EdgeRouterPro-8 config example with v1.9.0 ## EdgeRouterPro-8 DN42 config example with v1.9.0
After a lot of searching and trying I [Phil/ALS7] finnaly got a working config After a lot of searching and trying I [Phil/ALS7] finnaly got a working config
Also thanx to drathir for his patience and support
##Features ##Features
@ -13,141 +11,46 @@ Also thanx to drathir for his patience and support
--> still work in Progress --> still work in Progress
* Basic EdgeOS knowledge is required 1) you need to create all required fields in the registry --> look at [[Getting started]] page.
1) you need to create all required fields in the registry --> look at howto/Getting startet page The data i used are the following:
2) get a peer --> ask nice @irc Own ASN: AS4242422684
Own IPv4: 172.20.4.64/27
Own IPv6: fd33:ac1d:d1ce::/48
3) You need following data from the peer 2) get a peer --> ask nice @ [[IRC]]
3) You need following data
--tunnel options, secret key --tunnel options, secret key
--ASN from the peer --ASN from the peer (in this example i use remote-as XXXXX)
--ip's --ip's
... ...
The data i used are the following:
Own ASN: AS111111 start a ssh session to your router
Own IPv4: 172.AA.AA.64/27
Own IPv6: fdBB:BBBB:CCCC::/48
Peer OpenVPN Remote Address: X.X.X.X copy vpn key to /config/auth/giveITaName -- Create folder if needed
Peer OpenVPN Remote Host: X.X.X.Y
Peer OpenVPN IP for you: fdAA::BBB/64
Peer OpenVPN IP: fdAA::CC
Peer OpenVPN Port: 1194
Peer OpenVPN encryption: aes256
Peer ASN: AS222222
Peer BGP Neighbour IPv4: Z.Z.Z.Z
Peer BGP Neighbour IPv6: fdAA::CC
### Copy OpenVPN key to the ErPro
copy vpn key to /config/auth/giveITaName
sudo su
cd /config
mkdir auth
cd auth
cat > giveITaName
now paste the key in the terminal window, hit return once and kill cat with CTRL+C
last thing to do is type exit
### Create IPv4 OpenVPN Interface
Set up Interface vtunX -- i used vtun0
configure configure
set interface openssh vtun0 set interface openssh vtun0
set interfaces openvpn vtun0 mode site-to-site set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194 set interfaces openvpn vtun0 local-port 1194 //you get the port from your peer
set interfaces openvpn vtun0 remote-port 1194 set interfaces openvpn vtun0 remote-port 1194 //you get the port from your peer
set interfaces openvpn vtun0 local-address 172.AA.AA.64 set interfaces openvpn vtun0 local-address 172.20.4.64 //your sife dn42 ip address
set interfaces openvpn vtun0 remote-address X.X.X.X set interfaces openvpn vtun0 remote-address X.X.X.X //dn42 link address from your peer
set interfaces openvpn vtun0 remote-host X.X.X.Y set interfaces openvpn vtun0 remote-host X.X.X.Y //clearnet ip address from your peer
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName // your keyfile
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression
commit commit
save save
exit
Now the ipv4 tunnel should be up&running Now the ipv4 tunnel should be up&running
Check it with:
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
### Create IPv4 BGP Session
#### Open Firewall
* You need to open the firewall to local for the tunnel Interface on port 179/tcp
#### Configure the BGP Neighbor
* You must not use AS before the as numbers !!
With this step you create the basic bgp session
configure
set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222
set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound
set protocols bgp 111111 neighbor update-source 172.AA.AA.64
commit
save
When commit this configuration you should be able to see a BGP neighbor session start and come up. You can check this with:
show ip bgp summary
#### Set route to blackhole
so bgp can announce the route
set protocols static route 172.AA.AA.64/27 blackhole
commit
save
#### Announce prefix to BGP
set protocols bgp 111111 network 172.A.A.64/27
commit
save
exit
You should now be able to see networks being advertised via
show ip bgp neighbors Z.Z.Z.Z advertised-routes
### Define Nameservers
Now ping to 172.23.0.53 ... thats the nameserver we are using
If everything is allright it should work
#### NS Config
Enter the configure mode
configure
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding options rebind-domain-ok=/dn42/
set service dns forwarding options server=/23.172.in-addr.arpa/172.23.0.53
set service dns forwarding options server=/22.172.in-addr.arpa/172.23.0.53
set service dns forwarding options server=/dn42/172.23.0.53
commit
save
exit
Now try to access any .dn42 tld