高専カンファレンス5周年パーティの会場ネットワークのVyatta設定例

投稿日: 投稿者: kawataso

この記事の設定例。

さくらのVPS側。実際には他の設定もあるVyattaからの抜粋なのでイマイチな部分があるのはご容赦を。IPv6はHE.netのトンネルサービスを利用しています。さくらのVPSだと6rdという手もあるのだけど、標準のISOだとできなくてパッチが必要なので僕はHE.netを利用しています。

set interfaces bridge br0 address '10.XXX.YYY.1/24'
set interfaces bridge br0 address '2001:470:AAAA:BBBB:0:0:1:1/112'

set interfaces ethernet eth0 address '59.sss.ttt.244/23'

set interfaces openvpn vtun0 bridge-group bridge 'br0'
set interfaces openvpn vtun0 encryption 'aes256'
set interfaces openvpn vtun0 local-port '1196'
set interfaces openvpn vtun0 mode 'site-to-site'
set interfaces openvpn vtun0 openvpn-option '--comp-lzo'
set interfaces openvpn vtun0 protocol 'tcp-passive'
set interfaces openvpn vtun0 shared-secret-key-file '/config/auth/kosenconf.openvpn.key'

set interfaces tunnel tun0 address '2001:470:AAAA:CCCC::2/64'
set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'
set interfaces tunnel tun0 encapsulation 'sit'
set interfaces tunnel tun0 local-ip '59.sss.ttt.244'
set interfaces tunnel tun0 remote-ip '74.82.OOO.PPP'

set nat source rule 2 outbound-interface 'eth0'
set nat source rule 2 source address '172.26.0.0/16'
set nat source rule 2 translation address 'masquerade'

set protocols ospf area 0 network '10.XXX.YYY.0/24'
set protocols ospf parameters router-id '10.XXX.YYY.1'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'br0'

set protocols ospfv3 area 0.0.0.0 interface 'br0'
set protocols ospfv3 parameters router-id '10.XXX.YYY.1'
set protocols ospfv3 redistribute 'connected'
set protocols ospfv3 redistribute 'static'

set protocols static interface-route6 ::/0 next-hop-interface 'tun0'

set service ssh port '22'

set system conntrack expect-table-size '2048'
set system conntrack hash-size '32768'
set system conntrack table-size '1048576'
set system gateway-address '59.sss.ttt.1'
set system host-name 'ap1'
set system ip arp table-size '8192'
set system ipv6 neighbor table-size '8192'

set system time-zone 'Asia/Tokyo'

会場側のVyatta。リポジトリの追加をしているのは、会場内向けDNSサーバとしてUnboundを入れるため。

set interfaces bridge br0 address '172.26.0.1/16'
set interfaces bridge br0 address '2001:470:AAAA:BBBB:0:0:7:1/112'
set interfaces bridge br0 ipv6 router-advert managed-flag 'true'
set interfaces bridge br0 ipv6 router-advert other-config-flag 'true'
set interfaces bridge br0 ipv6 router-advert prefix 2001:470:AAAA:BBBB::7:0/112 autonomous-flag 'true'
set interfaces bridge br0 ipv6 router-advert prefix 2001:470:AAAA:BBBB::7:0/112 on-link-flag 'true'
set interfaces bridge br0 ipv6 router-advert prefix 2001:470:AAAA:BBBB::7:0/112 valid-lifetime '2592000'
set interfaces bridge br0 ipv6 router-advert send-advert 'true'
set interfaces bridge br0 policy route 'via-sakura'

set interfaces bridge br1 address '10.XXX.YYY.2/24'
set interfaces bridge br1 address '2001:470:AAAA:BBBB:0:0:1:2/112'

set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 vif 3 bridge-group bridge 'br0'

set interfaces openvpn vtun0 bridge-group bridge 'br1'
set interfaces openvpn vtun0 encryption 'aes256'
set interfaces openvpn vtun0 mode 'site-to-site'
set interfaces openvpn vtun0 openvpn-option '--comp-lzo'
set interfaces openvpn vtun0 protocol 'tcp-active'
set interfaces openvpn vtun0 remote-host 'sakuravps'
set interfaces openvpn vtun0 remote-port '1196']
set interfaces openvpn vtun0 shared-secret-key-file '/config/auth/kosenconf.openvpn.key'

set interfaces wireless wlan0 bridge-group bridge 'br0'
set interfaces wireless wlan0 channel '11'
set interfaces wireless wlan0 country 'JP'
set interfaces wireless wlan0 mode 'g'
set interfaces wireless wlan0 physical-device 'phy0'
set interfaces wireless wlan0 security wpa mode 'wpa2'
set interfaces wireless wlan0 security wpa passphrase 'kosenconf'
set interfaces wireless wlan0 ssid 'kosenconf'
set interfaces wireless wlan0 type 'access-point'

set policy route via-sakura rule 10 destination address '0.0.0.0/0'
set policy route via-sakura rule 10 set table '1'
set policy route via-sakura rule 10 source address '172.26.0.0/16'
set policy route via-sakura rule 20 protocol 'tcp'
set policy route via-sakura rule 20 set tcp-mss '1400'
set policy route via-sakura rule 20 tcp flags 'SYN'

set protocols ospf area 0 network '172.26.0.0/16'
set protocols ospf area 0 network '10.XXX.YYY.0/24'
set protocols ospf parameters router-id '10.XXX.YYY.2'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'br1'

set protocols ospfv3 area 0.0.0.0 interface 'br0'
set protocols ospfv3 area 0.0.0.0 interface 'br1'
set protocols ospfv3 parameters router-id '10.XXX.YYY.2'
set protocols ospfv3 redistribute 'connected'

set protocols static table 1 route 0.0.0.0/0 next-hop '10.XXX.YYY.1'

set service dhcp-server shared-network-name KOSENCONF subnet 172.26.0.0/16 default-router '172.26.0.1'
set service dhcp-server shared-network-name KOSENCONF subnet 172.26.0.0/16 dns-server '172.26.0.1'
set service dhcp-server shared-network-name KOSENCONF subnet 172.26.0.0/16 lease '3600'
set service dhcp-server shared-network-name KOSENCONF subnet 172.26.0.0/16 start 172.26.100.0 stop '172.26.120.255'

set service dhcpv6-server shared-network-name KOSENCONFv6 subnet 2001:470:AAAA:BBBB::7:0/112 address-range start 2001:470:AAAA:BBBB::7:10 stop '2001:470:AAAA:BBBB::7:1999'
set service dhcpv6-server shared-network-name KOSENCONFv6 subnet 2001:470:AAAA:BBBB::7:0/112 lease-time default '3600'
set service dhcpv6-server shared-network-name KOSENCONFv6 subnet 2001:470:AAAA:BBBB::7:0/112 lease-time maximum '3600'
set service dhcpv6-server shared-network-name KOSENCONFv6 subnet 2001:470:AAAA:BBBB::7:0/112 lease-time minimum '3600'
set service dhcpv6-server shared-network-name KOSENCONFv6 subnet 2001:470:AAAA:BBBB::7:0/112 name-server '2001:470:AAAA:BBBB::7:1'

set service ssh port '22'

set system conntrack expect-table-size '2048'
set system conntrack hash-size '32768'
set system conntrack table-size '1048576'

set system ip arp table-size '8192'
set system ipv6 neighbor table-size '8192'

set system name-server '127.0.0.1'
set system name-server '::1'

set system package repository squeeze components 'main contrib non-free'
set system package repository squeeze distribution 'squeeze'
set system package repository squeeze url 'http://ftp.jaist.ac.jp/pub/Linux/debian'
set system package repository squeeze-backports components 'main contrib non-free'
set system package repository squeeze-backports distribution 'squeeze-backports'
set system package repository squeeze-backports url 'http://ftp.jaist.ac.jp/pub/Linux/debian-backports'

set system time-zone 'Asia/Tokyo'

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

このサイトはスパムを低減するために Akismet を使っています。コメントデータの処理方法の詳細はこちらをご覧ください