Last active
April 16, 2023 05:07
-
-
Save ilude/0d36e5be900fc699e263ac64bc723d2f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # edgerouter setup notes on OpenVPN, cloudflare ddns and letsencrypt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| set interfaces openvpn vtun0 | |
| set interfaces openvpn vtun0 mode site-to-site | |
| # set interfaces openvpn vtun0 protocol tcp-active | |
| set interfaces openvpn vtun0 remote-port <remote-host-port> | |
| set interfaces openvpn vtun0 local-address 192.168.52.10 | |
| set interfaces openvpn vtun0 remote-address 192.168.52.9 | |
| set interfaces openvpn vtun0 remote-host <remote-host> | |
| set interfaces openvpn vtun0 encryption aes256 | |
| set interfaces openvpn vtun0 hash sha256 | |
| set interfaces openvpn vtun0 shared-secret-key-file '/config/auth/npi-openvpn.key' | |
| set protocols static interface-route <remote-lan-address/with-subnet> next-hop-interface vtun0 | |
| set service dhcp-server global-parameters 'option option-242 code 242 = string;' | |
| set service dhcp-server shared-network-name LAN subnet <local-lan-address/with-subnet> subnet-parameters 'option option-242 "HTTPSRVR=<remote-avaya-server>,MCIPADD=<remote-avaya-server>";' | |
| set service dns forwarding options server=/domain.com/<remote-dns-server> | |
| set service dns forwarding options server=/domain2.com/<remote-dns-server> | |
| commit | |
| save | |
| exit | |
| # write shared key to edgerouter | |
| cat > /config/auth/npi-openvpn.key | |
| Paste the key from your clipboard. | |
| Hit CTRL-D to save the file. | |
| chmod 600 /config/auth/npi-openvpn.key | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| configure | |
| set service dns dynamic interface eth0 service custom-cloudflare host-name host.example.com | |
| set service dns dynamic interface eth0 service custom-cloudflare login [email protected] | |
| set service dns dynamic interface eth0 service custom-cloudflare password <CLOUDFLARE API KEY> | |
| set service dns dynamic interface eth0 service custom-cloudflare protocol cloudflare | |
| set service dns dynamic interface eth0 service custom-cloudflare options zone=example.com | |
| commit | |
| save | |
| exit | |
| # Check if its setup | |
| show dns dynamic status | |
| # force an update | |
| update dns dynamic interface eth0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl https://raw.githubusercontent.com/j-c-m/ubnt-letsencrypt/master/install.sh | sudo bash | |
| sudo /config/scripts/renew.acme.sh -d host.example.com | |
| configure | |
| set system static-host-mapping host-name host.example.com inet <LAN INTERFACE IP ADDRESS> | |
| set service gui cert-file /config/ssl/server.pem | |
| set service gui ca-file /config/ssl/ca.pem | |
| set system task-scheduler task renew.acme executable path /config/scripts/renew.acme.sh | |
| set system task-scheduler task renew.acme interval 1d | |
| set system task-scheduler task renew.acme executable arguments '-d host.example.com' | |
| commit | |
| save | |
| exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment