Skip to content

Instantly share code, notes, and snippets.

@adrianmihalko

adrianmihalko/networkmap1.png

Last active April 30, 2022 15:07
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save adrianmihalko/aa3e09bad4025f0f35b39f07a45d9250 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save adrianmihalko/aa3e09bad4025f0f35b39f07a45d9250 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. adrianmihalko revised this gist Mar 29, 2020. 2 changed files with 0 additions and 0 deletions.
    Binary file added networkmap1.png
    View file
    Loading
    Sorry, something went wrong. Reload?
    Sorry, we cannot display this file.
    Sorry, this file is invalid so it cannot be displayed.
    Binary file added networkmap2.png
    View file
    Loading
    Sorry, something went wrong. Reload?
    Sorry, we cannot display this file.
    Sorry, this file is invalid so it cannot be displayed.
  2. adrianmihalko created this gist Mar 29, 2020.
    58 changes: 58 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,58 @@
    !!!NOT WORKING!!!

    configure

    set interfaces wireguard wg0 address 10.xx.xxx.253/32
    set interfaces wireguard wg0 listen-port 51820
    set interfaces wireguard wg0 route-allowed-ips false

    set interfaces wireguard wg0 peer JuE+ endpoint mullvadserverip:51820
    set interfaces wireguard wg0 peer JuE+ allowed-ips 0.0.0.0/0

    set interfaces wireguard wg0 private-key /config/auth/wg.key

    set firewall name WAN_LOCAL rule 20 action accept
    set firewall name WAN_LOCAL rule 20 protocol udp
    set firewall name WAN_LOCAL rule 20 description 'WireGuard'
    set firewall name WAN_LOCAL rule 20 destination port 51820

    commit
    save
    exit

    configure
    set service nat rule 5010 outbound-interface wg0
    set service nat rule 5010 outside-address address 10.xx.xxx.253
    set service nat rule 5010 type source
    commit
    save
    exit

    configure
    set protocols static table 1 description 'table to force wg0:mullvad'
    set protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface wg0
    set protocols static table 1 route 0.0.0.0/0 blackhole distance 255
    commit
    save
    exit

    configure
    set firewall group address-group HOME_MULLVAD description 'hosts in HOME that route out via Mullvad'
    set firewall group address-group HOME_MULLVAD address 192.168.1.188
    commit
    save
    exit

    configure
    set firewall modify PBR_MODIFY description 'set routing tables selectively based on source address'
    set firewall modify PBR_MODIFY rule 10 action accept
    set firewall modify PBR_MODIFY rule 10 description 'exclude LAN to LAN traffic from PBR'
    set firewall modify PBR_MODIFY rule 10 destination address 192.168.1.0/24
    set firewall modify PBR_MODIFY rule 200 action modify
    set firewall modify PBR_MODIFY rule 200 description 'modify selective hosts within haven'
    set firewall modify PBR_MODIFY rule 200 modify table 1
    set firewall modify PBR_MODIFY rule 200 source group address-group HOME_MULLVAD
    set interfaces ethernet eth4 firewall in modify PBR_MODIFY
    commit
    save
    exit