EdgeOS-Config-Example.html 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529
  1. <!DOCTYPE html>
  2. <html lang="en">
  3. <head>
  4. <meta charset="UTF-8">
  5. <title>EdgeRouter Lite DN42 config example | dn42 wiki</title>
  6. <meta name="viewport" content="width=device-width, initial-scale=1.0">
  7. <meta name="robots" content="index, follow">
  8. <meta name="keywords" content="dn42,wiki,routing,bgp">
  9. <link rel="canonical" href="https://dn42.obl.ong/howto/EdgeOS-Config-Example.html">
  10. <link rel="icon" type="image/x-icon" href="/favicon.ico">
  11. <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
  12. <link rel="author" type="text/html" href="/docs/people">
  13. <link rel="stylesheet" href="/css/normalize.css">
  14. <link rel="stylesheet" href="/css/simple.min.css">
  15. <link rel="stylesheet" href="/css/style.css">
  16. <link rel="stylesheet" href="/css/menu.css">
  17. </head>
  18. <body>
  19. <header>
  20. <b>dn42 wiki / EdgeRouter Lite DN42 config example</b>
  21. <div id="dn42_header">
  22. <p><a href="/"><img src="/dn42.png" alt="dn42" /></a></p>
  23. </div>
  24. </header>
  25. <main>
  26. <h1 id="edgerouter-lite-dn42-config-example">EdgeRouter Lite DN42 config example</h1>
  27. <p>This is the config I (Felicitus) am running on an Ubiquiti EdgeRouter Lite (AS76197).</p>
  28. <h2 id="features">Features</h2>
  29. <ul>
  30. <li>dn42 DNS</li>
  31. <li>“classic” OpenVPN P2P (including the common “comp-lzo” option)</li>
  32. <li>BGP</li>
  33. <li>Some traffic-shaping rules for my very slow 3mbit DSL uplink</li>
  34. <li>2 internal: One DN42 network (172.22.117.128/25 for me and my servers as well as a NAT 192.168.42.10/24 for my parents, so that they’re save from dn42 - that network is NOT announced to dn42).</li>
  35. <li>Firewall to protect my NAS server and monitoring</li>
  36. </ul>
  37. <h2 id="upcoming">Upcoming</h2>
  38. <ul>
  39. <li>AICCU integration (SIXXS), probably not possible with the config, so <code class="language-plaintext highlighter-rouge">apt-get install aiccu</code> should do the trick</li>
  40. <li>dn42 IPv6 routing (probably)</li>
  41. </ul>
  42. <p>Ask me if you want to know if I have implemented those items already.</p>
  43. <h1 id="configuration">Configuration</h1>
  44. <div class="language-conf highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">firewall</span> {
  45. <span class="n">all</span>-<span class="n">ping</span> <span class="n">enable</span>
  46. <span class="n">broadcast</span>-<span class="n">ping</span> <span class="n">disable</span>
  47. <span class="n">conntrack</span>-<span class="n">expect</span>-<span class="n">table</span>-<span class="n">size</span> <span class="m">4096</span>
  48. <span class="n">conntrack</span>-<span class="n">hash</span>-<span class="n">size</span> <span class="m">4096</span>
  49. <span class="n">conntrack</span>-<span class="n">table</span>-<span class="n">size</span> <span class="m">32768</span>
  50. <span class="n">conntrack</span>-<span class="n">tcp</span>-<span class="n">loose</span> <span class="n">enable</span>
  51. <span class="n">ipv6</span>-<span class="n">name</span> <span class="n">ROUTER_V6</span> {
  52. <span class="n">default</span>-<span class="n">action</span> <span class="n">drop</span>
  53. <span class="n">rule</span> <span class="m">1</span> {
  54. <span class="n">action</span> <span class="n">drop</span>
  55. <span class="n">destination</span> {
  56. <span class="n">port</span> <span class="m">22</span>
  57. }
  58. <span class="n">protocol</span> <span class="n">tcp</span>
  59. }
  60. }
  61. <span class="n">ipv6</span>-<span class="n">name</span> <span class="n">WAN_IN_V6</span> {
  62. <span class="n">default</span>-<span class="n">action</span> <span class="n">drop</span>
  63. <span class="n">enable</span>-<span class="n">default</span>-<span class="n">log</span>
  64. <span class="n">rule</span> <span class="m">3</span> {
  65. <span class="n">action</span> <span class="n">drop</span>
  66. <span class="n">destination</span> {
  67. <span class="n">port</span> <span class="m">22</span>
  68. }
  69. <span class="n">protocol</span> <span class="n">tcp</span>
  70. }
  71. }
  72. <span class="n">ipv6</span>-<span class="n">receive</span>-<span class="n">redirects</span> <span class="n">disable</span>
  73. <span class="n">ipv6</span>-<span class="n">src</span>-<span class="n">route</span> <span class="n">disable</span>
  74. <span class="n">ip</span>-<span class="n">src</span>-<span class="n">route</span> <span class="n">disable</span>
  75. <span class="n">log</span>-<span class="n">martians</span> <span class="n">enable</span>
  76. <span class="n">name</span> <span class="n">DN42</span> {
  77. <span class="n">default</span>-<span class="n">action</span> <span class="n">drop</span>
  78. <span class="n">rule</span> <span class="m">100</span> {
  79. <span class="n">action</span> <span class="n">drop</span>
  80. <span class="n">destination</span> {
  81. <span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">181</span>
  82. }
  83. <span class="n">source</span> {
  84. <span class="n">address</span> !<span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">128</span>/<span class="m">25</span>
  85. }
  86. }
  87. <span class="n">rule</span> <span class="m">101</span> {
  88. <span class="n">action</span> <span class="n">drop</span>
  89. <span class="n">destination</span> {
  90. <span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">182</span>
  91. }
  92. <span class="n">source</span> {
  93. <span class="n">address</span> !<span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">128</span>/<span class="m">25</span>
  94. }
  95. }
  96. <span class="n">rule</span> <span class="m">102</span> {
  97. <span class="n">action</span> <span class="n">drop</span>
  98. <span class="n">destination</span> {
  99. <span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">183</span>
  100. }
  101. <span class="n">source</span> {
  102. <span class="n">address</span> !<span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">128</span>/<span class="m">25</span>
  103. }
  104. }
  105. }
  106. <span class="n">name</span> <span class="n">ROUTER_V4</span> {
  107. <span class="n">default</span>-<span class="n">action</span> <span class="n">accept</span>
  108. <span class="n">rule</span> <span class="m">2</span> {
  109. <span class="n">action</span> <span class="n">accept</span>
  110. <span class="n">protocol</span> <span class="n">icmp</span>
  111. }
  112. <span class="n">rule</span> <span class="m">10</span> {
  113. <span class="n">action</span> <span class="n">drop</span>
  114. <span class="n">destination</span> {
  115. <span class="n">port</span> <span class="m">22</span>
  116. }
  117. <span class="n">protocol</span> <span class="n">tcp</span>
  118. }
  119. }
  120. <span class="n">name</span> <span class="n">WAN_IN_V4</span> {
  121. <span class="n">default</span>-<span class="n">action</span> <span class="n">drop</span>
  122. <span class="n">enable</span>-<span class="n">default</span>-<span class="n">log</span>
  123. <span class="n">rule</span> <span class="m">1</span> {
  124. <span class="n">action</span> <span class="n">accept</span>
  125. <span class="n">description</span> <span class="s2">"allow established connections"</span>
  126. <span class="n">protocol</span> <span class="n">all</span>
  127. <span class="n">state</span> {
  128. <span class="n">established</span> <span class="n">enable</span>
  129. <span class="n">related</span> <span class="n">enable</span>
  130. }
  131. }
  132. <span class="n">rule</span> <span class="m">2</span> {
  133. <span class="n">action</span> <span class="n">drop</span>
  134. <span class="n">state</span> {
  135. <span class="n">invalid</span> <span class="n">enable</span>
  136. }
  137. }
  138. <span class="n">rule</span> <span class="m">3</span> {
  139. <span class="n">action</span> <span class="n">drop</span>
  140. <span class="n">destination</span> {
  141. <span class="n">port</span> <span class="m">22</span>
  142. }
  143. <span class="n">protocol</span> <span class="n">tcp</span>
  144. }
  145. }
  146. <span class="n">receive</span>-<span class="n">redirects</span> <span class="n">disable</span>
  147. <span class="n">send</span>-<span class="n">redirects</span> <span class="n">enable</span>
  148. <span class="n">source</span>-<span class="n">validation</span> <span class="n">disable</span>
  149. <span class="n">syn</span>-<span class="n">cookies</span> <span class="n">enable</span>
  150. }
  151. <span class="n">interfaces</span> {
  152. <span class="n">ethernet</span> <span class="n">eth0</span> {
  153. <span class="n">duplex</span> <span class="n">auto</span>
  154. <span class="n">firewall</span> {
  155. <span class="n">in</span> {
  156. <span class="n">name</span> <span class="n">WAN_IN_V4</span>
  157. }
  158. }
  159. <span class="n">pppoe</span> <span class="m">0</span> {
  160. <span class="n">default</span>-<span class="n">route</span> <span class="n">auto</span>
  161. <span class="n">firewall</span> {
  162. <span class="n">local</span> {
  163. <span class="n">ipv6</span>-<span class="n">name</span> <span class="n">ROUTER_V6</span>
  164. <span class="n">name</span> <span class="n">ROUTER_V4</span>
  165. }
  166. }
  167. <span class="n">mtu</span> <span class="m">1492</span>
  168. <span class="n">name</span>-<span class="n">server</span> <span class="n">auto</span>
  169. <span class="n">password</span> <span class="m">12345678</span>
  170. <span class="n">traffic</span>-<span class="n">policy</span> {
  171. }
  172. <span class="n">user</span>-<span class="n">id</span> <span class="n">some</span>-<span class="n">t</span>-<span class="n">online</span>-<span class="n">crap</span>@<span class="n">t</span>-<span class="n">online</span>.<span class="n">de</span>
  173. }
  174. <span class="n">speed</span> <span class="n">auto</span>
  175. }
  176. <span class="n">ethernet</span> <span class="n">eth1</span> {
  177. <span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">254</span>/<span class="m">25</span>
  178. <span class="n">duplex</span> <span class="n">auto</span>
  179. <span class="n">speed</span> <span class="n">auto</span>
  180. <span class="n">traffic</span>-<span class="n">policy</span> {
  181. }
  182. }
  183. <span class="n">ethernet</span> <span class="n">eth2</span> {
  184. <span class="n">address</span> <span class="m">192</span>.<span class="m">168</span>.<span class="m">42</span>.<span class="m">1</span>/<span class="m">24</span>
  185. <span class="n">duplex</span> <span class="n">auto</span>
  186. <span class="n">speed</span> <span class="n">auto</span>
  187. }
  188. <span class="n">loopback</span> <span class="n">lo</span> {
  189. }
  190. <span class="n">openvpn</span> <span class="n">vtun0</span> {
  191. <span class="n">local</span>-<span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">254</span> {
  192. <span class="n">subnet</span>-<span class="n">mask</span> <span class="m">255</span>.<span class="m">255</span>.<span class="m">255</span>.<span class="m">128</span>
  193. }
  194. <span class="n">local</span>-<span class="n">port</span> <span class="m">33121</span>
  195. <span class="n">mode</span> <span class="n">site</span>-<span class="n">to</span>-<span class="n">site</span>
  196. <span class="n">openvpn</span>-<span class="n">option</span> --<span class="n">comp</span>-<span class="n">lzo</span>
  197. <span class="n">protocol</span> <span class="n">udp</span>
  198. <span class="n">remote</span>-<span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">1</span>
  199. <span class="n">remote</span>-<span class="n">host</span> <span class="m">5</span>.<span class="m">9</span>.<span class="m">33</span>.<span class="m">163</span>
  200. <span class="n">remote</span>-<span class="n">port</span> <span class="m">33121</span>
  201. <span class="n">shared</span>-<span class="n">secret</span>-<span class="n">key</span>-<span class="n">file</span> /<span class="n">config</span>/<span class="n">auth</span>/<span class="n">felihome</span>.<span class="n">key</span>
  202. }
  203. }
  204. <span class="n">policy</span> {
  205. <span class="n">prefix</span>-<span class="n">list</span> <span class="n">vpn</span>-<span class="n">in</span> {
  206. <span class="n">rule</span> <span class="m">10</span> {
  207. <span class="n">action</span> <span class="n">permit</span>
  208. <span class="n">ge</span> <span class="m">22</span>
  209. <span class="n">le</span> <span class="m">28</span>
  210. <span class="n">prefix</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">0</span>.<span class="m">0</span>/<span class="m">15</span>
  211. }
  212. }
  213. }
  214. <span class="n">protocols</span> {
  215. <span class="n">bgp</span> <span class="m">76197</span> {
  216. <span class="n">neighbor</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">1</span> {
  217. <span class="n">description</span> <span class="n">feli</span>-<span class="n">server</span>
  218. <span class="n">peer</span>-<span class="n">group</span> <span class="n">dn42</span>
  219. <span class="n">remote</span>-<span class="n">as</span> <span class="m">64717</span>
  220. }
  221. <span class="n">network</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">128</span>/<span class="m">25</span> {
  222. }
  223. <span class="n">peer</span>-<span class="n">group</span> <span class="n">dn42</span> {
  224. <span class="n">soft</span>-<span class="n">reconfiguration</span> {
  225. <span class="n">inbound</span>
  226. }
  227. }
  228. }
  229. }
  230. <span class="n">service</span> {
  231. <span class="n">dhcp</span>-<span class="n">server</span> {
  232. <span class="n">disabled</span> <span class="n">false</span>
  233. <span class="n">dynamic</span>-<span class="n">dns</span>-<span class="n">update</span> {
  234. <span class="n">enable</span> <span class="n">true</span>
  235. }
  236. <span class="n">shared</span>-<span class="n">network</span>-<span class="n">name</span> <span class="n">int</span> {
  237. <span class="n">authoritative</span> <span class="n">disable</span>
  238. <span class="n">subnet</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">128</span>/<span class="m">25</span> {
  239. <span class="n">default</span>-<span class="n">router</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">254</span>
  240. <span class="n">dns</span>-<span class="n">server</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">254</span>
  241. <span class="n">domain</span>-<span class="n">name</span> <span class="n">feli</span>-<span class="n">home</span>.<span class="n">felicitus</span>.<span class="n">org</span>
  242. <span class="n">lease</span> <span class="m">86400</span>
  243. <span class="n">start</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">129</span> {
  244. <span class="n">stop</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">150</span>
  245. }
  246. <span class="n">static</span>-<span class="n">mapping</span> <span class="n">monitoring</span> {
  247. <span class="n">ip</span>-<span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">183</span>
  248. <span class="n">mac</span>-<span class="n">address</span> <span class="m">52</span>:<span class="m">54</span>:<span class="m">00</span>:<span class="m">20</span>:<span class="n">df</span>:<span class="m">46</span>
  249. }
  250. <span class="n">static</span>-<span class="n">mapping</span> <span class="n">nas</span> {
  251. <span class="n">ip</span>-<span class="n">address</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">181</span>
  252. <span class="n">mac</span>-<span class="n">address</span> <span class="n">e8</span>:<span class="m">39</span>:<span class="m">35</span>:<span class="n">ee</span>:<span class="m">22</span>:<span class="m">7</span><span class="n">b</span>
  253. }
  254. }
  255. }
  256. <span class="n">shared</span>-<span class="n">network</span>-<span class="n">name</span> <span class="n">nat</span> {
  257. <span class="n">authoritative</span> <span class="n">disable</span>
  258. <span class="n">subnet</span> <span class="m">192</span>.<span class="m">168</span>.<span class="m">42</span>.<span class="m">0</span>/<span class="m">24</span> {
  259. <span class="n">default</span>-<span class="n">router</span> <span class="m">192</span>.<span class="m">168</span>.<span class="m">42</span>.<span class="m">1</span>
  260. <span class="n">dns</span>-<span class="n">server</span> <span class="m">8</span>.<span class="m">8</span>.<span class="m">8</span>.<span class="m">8</span>
  261. <span class="n">dns</span>-<span class="n">server</span> <span class="m">8</span>.<span class="m">8</span>.<span class="m">4</span>.<span class="m">4</span>
  262. <span class="n">lease</span> <span class="m">86400</span>
  263. <span class="n">start</span> <span class="m">192</span>.<span class="m">168</span>.<span class="m">42</span>.<span class="m">10</span> {
  264. <span class="n">stop</span> <span class="m">192</span>.<span class="m">168</span>.<span class="m">42</span>.<span class="m">100</span>
  265. }
  266. }
  267. }
  268. }
  269. <span class="n">dns</span> {
  270. <span class="n">forwarding</span> {
  271. <span class="n">cache</span>-<span class="n">size</span> <span class="m">150</span>
  272. <span class="n">listen</span>-<span class="n">on</span> <span class="n">eth1</span>
  273. <span class="n">listen</span>-<span class="n">on</span> <span class="n">eth2</span>
  274. <span class="n">name</span>-<span class="n">server</span> <span class="m">8</span>.<span class="m">8</span>.<span class="m">8</span>.<span class="m">8</span>
  275. <span class="n">name</span>-<span class="n">server</span> <span class="m">8</span>.<span class="m">8</span>.<span class="m">4</span>.<span class="m">4</span>
  276. <span class="n">options</span> <span class="n">server</span>=/<span class="n">dn42</span>/<span class="m">172</span>.<span class="m">23</span>.<span class="m">0</span>.<span class="m">53</span>
  277. <span class="n">options</span> <span class="n">server</span>=/<span class="m">22</span>.<span class="m">172</span>.<span class="n">in</span>-<span class="n">addr</span>.<span class="n">arpa</span>/<span class="m">172</span>.<span class="m">23</span>.<span class="m">0</span>.<span class="m">53</span>
  278. <span class="n">options</span> <span class="n">server</span>=/<span class="m">23</span>.<span class="m">172</span>.<span class="n">in</span>-<span class="n">addr</span>.<span class="n">arpa</span>/<span class="m">172</span>.<span class="m">23</span>.<span class="m">0</span>.<span class="m">53</span>
  279. <span class="n">options</span> <span class="n">rebind</span>-<span class="n">domain</span>-<span class="n">ok</span>=/<span class="n">dn42</span>/
  280. }
  281. }
  282. <span class="n">nat</span> {
  283. <span class="n">rule</span> <span class="m">6000</span> {
  284. <span class="n">outbound</span>-<span class="n">interface</span> <span class="n">pppoe0</span>
  285. <span class="n">type</span> <span class="n">masquerade</span>
  286. }
  287. <span class="n">rule</span> <span class="m">7000</span> {
  288. <span class="n">outbound</span>-<span class="n">interface</span> <span class="n">eth2</span>
  289. <span class="n">type</span> <span class="n">masquerade</span>
  290. }
  291. }
  292. <span class="n">ssh</span> {
  293. <span class="n">port</span> <span class="m">22</span>
  294. <span class="n">protocol</span>-<span class="n">version</span> <span class="n">v2</span>
  295. }
  296. <span class="n">upnp</span> {
  297. <span class="n">listen</span>-<span class="n">on</span> <span class="n">eth1</span> {
  298. <span class="n">outbound</span>-<span class="n">interface</span> <span class="n">pppoe0</span>
  299. }
  300. <span class="n">listen</span>-<span class="n">on</span> <span class="n">eth2</span> {
  301. <span class="n">outbound</span>-<span class="n">interface</span> <span class="n">pppoe0</span>
  302. }
  303. }
  304. }
  305. <span class="n">system</span> {
  306. <span class="n">host</span>-<span class="n">name</span> <span class="n">ubnt</span>
  307. <span class="n">login</span> {
  308. <span class="n">user</span> <span class="n">felicitus</span> {
  309. <span class="n">authentication</span> {
  310. <span class="n">encrypted</span>-<span class="n">password</span> <span class="n">errnope</span>
  311. <span class="n">plaintext</span>-<span class="n">password</span> <span class="s2">""</span>
  312. <span class="n">public</span>-<span class="n">keys</span> <span class="n">felicitus</span>@<span class="n">felicitus</span>.<span class="n">org</span> {
  313. <span class="n">key</span> <span class="n">AAAAB3NzaC1yc2EAAAADAQABAAABAQDPTSLjSY</span>/<span class="n">Be1XJ</span>/<span class="n">klAwLiM1pKSvmbdcOgtgDB6nPcHkgX6JZu7g</span>/<span class="n">Kejfuk4qIKL8GYYUQt7DlGY6n2u5rChWE</span>/<span class="m">6</span><span class="n">KZJzXcUwS3pXk4LZ5KydWp7ihfvyRtUOBgKkRa1zQv</span>+<span class="m">6</span><span class="n">KCH9WyR</span>++<span class="n">ArwVTP8KSkrmDe6k7NWAjZqOuIJHG</span>/<span class="n">AbEyTBapTJYjObZ0AM7wlwcB</span>+<span class="n">oRM1BfZCP0Y</span>+<span class="n">PIP2eGJS7Pyb32pITNKk3JuFXgAvbj5OeRrwtpZ9S</span>+/<span class="m">7</span><span class="n">wIpaUVODPzrVmbC7vOXu</span>/<span class="m">2</span><span class="n">KJ9aY2BmxUsxRbrvWMmWNiuE0YPt</span>/<span class="m">7</span><span class="n">lUroK4pH3md3lWRcGUS</span>/<span class="n">uYvhug7yG1yB81nyI15</span>
  314. <span class="n">type</span> <span class="n">ssh</span>-<span class="n">rsa</span>
  315. }
  316. }
  317. <span class="n">level</span> <span class="n">admin</span>
  318. }
  319. }
  320. <span class="n">name</span>-<span class="n">server</span> <span class="m">172</span>.<span class="m">22</span>.<span class="m">117</span>.<span class="m">254</span>
  321. <span class="n">ntp</span> {
  322. <span class="n">server</span> <span class="m">0</span>.<span class="n">ubnt</span>.<span class="n">pool</span>.<span class="n">ntp</span>.<span class="n">org</span> {
  323. }
  324. <span class="n">server</span> <span class="m">1</span>.<span class="n">ubnt</span>.<span class="n">pool</span>.<span class="n">ntp</span>.<span class="n">org</span> {
  325. }
  326. <span class="n">server</span> <span class="m">2</span>.<span class="n">ubnt</span>.<span class="n">pool</span>.<span class="n">ntp</span>.<span class="n">org</span> {
  327. }
  328. <span class="n">server</span> <span class="m">3</span>.<span class="n">ubnt</span>.<span class="n">pool</span>.<span class="n">ntp</span>.<span class="n">org</span> {
  329. }
  330. }
  331. <span class="n">syslog</span> {
  332. <span class="n">global</span> {
  333. <span class="n">facility</span> <span class="n">all</span> {
  334. <span class="n">level</span> <span class="n">notice</span>
  335. }
  336. <span class="n">facility</span> <span class="n">protocols</span> {
  337. <span class="n">level</span> <span class="n">debug</span>
  338. }
  339. }
  340. }
  341. <span class="n">time</span>-<span class="n">zone</span> <span class="n">UTC</span>
  342. }
  343. <span class="n">traffic</span>-<span class="n">policy</span> {
  344. <span class="n">shaper</span> <span class="n">client</span>-<span class="n">up</span>-<span class="n">s</span> {
  345. <span class="n">bandwidth</span> <span class="m">30</span><span class="n">kbit</span>
  346. <span class="n">class</span> <span class="m">20</span> {
  347. <span class="n">bandwidth</span> <span class="m">100</span>%
  348. <span class="n">burst</span> <span class="m">6</span><span class="n">k</span>
  349. <span class="n">match</span> <span class="n">TCPACK</span> {
  350. <span class="n">ip</span> {
  351. <span class="n">protocol</span> <span class="n">tcp</span>
  352. }
  353. <span class="n">mark</span> <span class="m">225</span>
  354. }
  355. <span class="n">priority</span> <span class="m">5</span>
  356. <span class="n">queue</span>-<span class="n">limit</span> <span class="m">65</span>
  357. <span class="n">queue</span>-<span class="n">type</span> <span class="n">fair</span>-<span class="n">queue</span>
  358. }
  359. <span class="n">class</span> <span class="m">30</span> {
  360. <span class="n">bandwidth</span> <span class="m">5</span>%
  361. <span class="n">burst</span> <span class="m">15</span><span class="n">k</span>
  362. <span class="n">ceiling</span> <span class="m">20</span>%
  363. <span class="n">match</span> <span class="n">ssh</span> {
  364. <span class="n">ip</span> {
  365. <span class="n">destination</span> {
  366. <span class="n">port</span> <span class="m">22</span>
  367. }
  368. <span class="n">dscp</span> <span class="n">lowdelay</span>
  369. <span class="n">protocol</span> <span class="n">tcp</span>
  370. }
  371. }
  372. <span class="n">match</span> <span class="n">ssh</span>-<span class="n">ipv6</span> {
  373. <span class="n">ipv6</span> {
  374. <span class="n">destination</span> {
  375. <span class="n">port</span> <span class="m">22</span>
  376. }
  377. <span class="n">protocol</span> <span class="n">tcp</span>
  378. }
  379. }
  380. <span class="n">priority</span> <span class="m">6</span>
  381. <span class="n">queue</span>-<span class="n">limit</span> <span class="m">10</span>
  382. <span class="n">queue</span>-<span class="n">type</span> <span class="n">fair</span>-<span class="n">queue</span>
  383. }
  384. <span class="n">default</span> {
  385. <span class="n">bandwidth</span> <span class="m">95</span>%
  386. <span class="n">burst</span> <span class="m">15</span><span class="n">k</span>
  387. <span class="n">ceiling</span> <span class="m">100</span>%
  388. <span class="n">priority</span> <span class="m">2</span>
  389. <span class="n">queue</span>-<span class="n">limit</span> <span class="m">13</span>
  390. <span class="n">queue</span>-<span class="n">type</span> <span class="n">fair</span>-<span class="n">queue</span>
  391. }
  392. }
  393. }
  394. /* <span class="n">Warning</span>: <span class="n">Do</span> <span class="n">not</span> <span class="n">remove</span> <span class="n">the</span> <span class="n">following</span> <span class="n">line</span>. */
  395. /* === <span class="n">vyatta</span>-<span class="n">config</span>-<span class="n">version</span>: <span class="s2">"config-management@1:dhcp-relay@1:dhcp-server@4:firewall@4:ipsec@3:nat@3:qos@1:quagga@2:system@4:ubnt-pptp@1:ubnt-util@1:vrrp@1:webgui@1:webproxy@1:zone-policy@1"</span> === */
  396. /* <span class="n">Release</span> <span class="n">version</span>: <span class="n">v1</span>.<span class="m">3</span>.<span class="m">0</span>.<span class="m">4605130</span>.<span class="m">131011</span>.<span class="m">1754</span> */
  397. </code></pre></div></div>
  398. <div id="menu-container" class="menu-container">
  399. <hr>
  400. <div id="menu" class="menu">
  401. <ul>
  402. <li><a href="/Home">Home</a>
  403. <ul>
  404. <li><a href="/howto/Getting-Started">Getting Started</a></li>
  405. <li><a href="/howto/Registry-Authentication">Registry Authentication</a></li>
  406. <li><a href="/howto/Address-Space">Address Space</a></li>
  407. <li><a href="/howto/BGP-communities">BGP communities</a></li>
  408. <li><a href="/FAQ">FAQ</a></li>
  409. </ul>
  410. </li>
  411. <li>How-To
  412. <ul>
  413. <li><a href="/howto/wireguard">Wireguard</a></li>
  414. <li><a href="/howto/openvpn">Openvpn</a></li>
  415. <li><a href="/howto/IPsec-with-PublicKeys">IPsec With Public Keys</a></li>
  416. <li><a href="/howto/tinc">Tinc</a></li>
  417. <li><a href="/howto/GRE-on-FreeBSD">GRE on FreeBSD</a></li>
  418. <li><a href="/howto/GRE-on-OpenBSD">GRE on OpenBSD</a></li>
  419. <li><a href="/howto/IPv6-Multicast">IPv6 Multicast (PIM-SM)</a></li>
  420. <li><a href="/howto/multicast">SSM Multicast</a></li>
  421. <li><a href="/howto/mpls">MPLS</a></li>
  422. <li><a href="/howto/Bird2">Bird2</a></li>
  423. <li><a href="/howto/frr">FRRouting</a></li>
  424. <li><a href="/howto/OpenBGPD">OpenBGPD</a></li>
  425. <li><a href="/howto/mikrotik">Mikrotik RouterOS</a></li>
  426. <li><a href="/howto/EdgeOS-Config">EdgeRouter</a></li>
  427. <li><a href="/howto/Static-routes-on-Windows">Static routes on Windows</a></li>
  428. <li><a href="/howto/networksettings">Universal Network Requirements</a></li>
  429. <li><a href="/howto/vyos1.4.x">VyOS</a></li>
  430. <li><a href="/howto/nixos">NixOS</a></li>
  431. </ul>
  432. </li>
  433. <li>Services
  434. <ul>
  435. <li><a href="/services/IRC">IRC</a></li>
  436. <li><a href="/services/Whois">Whois registry</a></li>
  437. <li><a href="/services/DNS">DNS</a></li>
  438. <li><a href="/services/IX-Collection">IX Collection</a></li>
  439. <li><a href="/services/Clearnet-Domains">Public DNS</a></li>
  440. <li><a href="/services/Looking-Glasses">Looking Glasses</a></li>
  441. <li><a href="/services/Automatic-Peering">Automatic Peering</a></li>
  442. <li><a href="/services/Repository-Mirrors">Repository Mirrors</a></li>
  443. <li><a href="/services/Distributed-Wiki">Distributed Wiki</a></li>
  444. <li><a href="/services/Certificate-Authority">Certificate Authority</a></li>
  445. <li><a href="/services/Route-Collector">Route Collector</a></li>
  446. </ul>
  447. </li>
  448. <li>Internal
  449. <ul>
  450. <li><a href="/internal/Internal-Services">Internal services</a></li>
  451. <li><a href="/internal/Interconnections">Interconnections</a></li>
  452. <li><a href="/internal/APIs">APIs</a></li>
  453. <li><a href="/internal/ShowAndTell">Show and Tell</a></li>
  454. <li><a href="/internal/Historical-Services">Historical services</a></li>
  455. </ul>
  456. </li>
  457. <li>Historical
  458. <ul>
  459. <li><a href="/historical/Bird">Bird 1</a></li>
  460. <li><a href="/historical/Quagga">Quagga</a></li>
  461. </ul>
  462. </li>
  463. <li>External Tools
  464. <ul>
  465. <li><a href="https://paste.dn42.us">Paste Board</a></li>
  466. <li><a href="https://git.dn42.dev">Git Repositories</a></li>
  467. </ul>
  468. </li>
  469. </ul>
  470. <hr />
  471. </div>
  472. </div>
  473. </main>
  474. <footer><div class="center">
  475. <div id="dn42_footer">
  476. <table>
  477. <tbody>
  478. <tr>
  479. <td>Hosted by: <a href="mailto:dn42@burble.com">BURBLE-MNT</a>, <a href="mailto:nurtic-vibe@grmml.net">GRMML-MNT</a>, <a href="mailto:xuu@dn42.us">XUU-MNT</a>, <a href="mailto:janeric@ortgies.it">JAN-MNT</a>, <a href="mailto:lare@lare.cc">LARE-MNT</a>, <a href="mailto:danny@saru.moe">SARU-MNT</a>, <a href="mailto:androw95220@gmail.com">ANDROW-MNT</a>, <a href="mailto:dn42@mk16.de">MARK22K-MNT</a></td>
  480. <td>Accessible via: <a href="https://wiki.dn42">dn42</a>, <a href="https://dn42.dev/">dn42.dev</a>, <a href="https://dn42.eu/">dn42.eu</a>, <a href="https://wiki.dn42.us/">wiki.dn42.us</a>, <a href="https://dn42.de/">dn42.de</a> (IPv6-only), <a href="https://dn42.cc/">dn42.cc</a> (wiki-ng), <a href="https://dn42.wiki/">dn42.wiki</a>, <a href="https://dn42.pp.ua/">dn42.pp.ua</a>, <a href="https://dn42.obl.ong/">dn42.obl.ong</a></td>
  481. </tr>
  482. </tbody>
  483. </table>
  484. </div>
  485. </div>
  486. </footer>
  487. </body>
  488. </html>