# Avoiding an issue with the DHCP server not starting if it can't touch /config/dhcp.leases sudo mkdir /config configure # Setup Users set system login user a full-name a set system login user a authentication public-keys a@host type ssh-rsa set system login user a authentication public-keys a@host key "RSA_KEY_HERE" # Setup Interfaces ## Uplink set interfaces ethernet eth0 address dhcp set interfaces ethernet eth0 description 'UPLINK' ## BGP Interfaces set interfaces ethernet eth1 address 192.168.100.1 set interfaces ethernet eth1 description 'BGP' ## Client Interfaces set interfaces ethernet eth2 address 192.168.150.1/24 set interfaces ethernet eth2 description 'CLIENTS' ## DNS set system name-server 8.8.8.8 set system name-server 8.8.4.4 # Network Services ## SSH set service ssh port 22 set service ssh disable-password-authentication ## Client DNS set service dns forwarding system set service dns forwarding name-server 8.8.8.8 set service dns forwarding name-server 8.8.4.4 set service dns forwarding listen-address 192.168.150.1 set service dns forwarding allow-from 0.0.0.0/0 ## DHCP set service dhcp-server shared-network-name NET-lan authoritative set service dhcp-server shared-network-name NET-lan subnet 192.168.150.0/24 default-router 192.168.150.1 set service dhcp-server shared-network-name NET-lan subnet 192.168.150.0/24 dns-server 192.168.150.1 set service dhcp-server shared-network-name NET-lan subnet 192.168.150.0/24 lease 86400 set service dhcp-server shared-network-name NET-lan subnet 192.168.150.0/24 range 0 start 192.168.150.100 set service dhcp-server shared-network-name NET-lan subnet 192.168.150.0/24 range 0 stop 192.168.150.200 ## BGP set protocols bgp local-as 64512 set protocols bgp neighbor 192.168.100.2 ebgp-multihop '2' set protocols bgp neighbor 192.168.100.2 remote-as '64513' set protocols bgp neighbor 192.168.100.2 update-source '192.168.100.1' set protocols bgp address-family ipv4-unicast network '192.168.150.0/24' set protocols bgp parameters router-id '192.168.100.1' ## RPKI set protocols rpki cache 192.168.150.100 port '3323' set protocols rpki cache 192.168.150.100 preference '1' set protocols rpki polling-period 10 set policy route-map ROUTES-IN rule 10 action 'permit' set policy route-map ROUTES-IN rule 10 match rpki 'valid' set policy route-map ROUTES-IN rule 10 set local-preference '300' set policy route-map ROUTES-IN rule 20 action 'deny' set policy route-map ROUTES-IN rule 20 match rpki 'notfound' set policy route-map ROUTES-IN rule 30 action 'deny' set policy route-map ROUTES-IN rule 30 match rpki 'invalid' set protocols bgp neighbor 192.168.100.2 address-family ipv4-unicast route-map import 'ROUTES-IN' set protocols bgp neighbor 192.168.100.2 address-family ipv4-unicast route-map export 'ROUTES-IN' commit save