CGHMN-Router-Configuration: Difference between revisions

From Cursed Silicons Wiki
Jump to navigation Jump to search
Newer edit →
VisualWikitext
Created page with "Example Script to join a Linux box to the network as a router: <code>#!/bin/bash # Replace the values below with the ones you got from us when joining # and/or with values that match your setup WG_CONFIG_PATH=/etc/wireguard/wg-cghmn.conf WG_TUNNEL_IP=100.89.128.1 BRIDGED_LAN_INTERFACE=eth1 BRIDGED_LAN_IP=100.96.1.1 BRIDGED_LAN_DHCP_START=100.96.1.100 BRIDGED_LAN_DHCP_END=100.96.1.200 # Bring up Wireguard tunnel ip link add wg-cghmn type wireguard wg setconf wg-cghnm..."
(No difference)

Revision as of 00:24, 2 April 2025

Example Script to join a Linux box to the network as a router:


#!/bin/bash

  1. Replace the values below with the ones you got from us when joining
  2. and/or with values that match your setup

WG_CONFIG_PATH=/etc/wireguard/wg-cghmn.conf WG_TUNNEL_IP=100.89.128.1 BRIDGED_LAN_INTERFACE=eth1 BRIDGED_LAN_IP=100.96.1.1 BRIDGED_LAN_DHCP_START=100.96.1.100 BRIDGED_LAN_DHCP_END=100.96.1.200

  1. Bring up Wireguard tunnel

ip link add wg-cghmn type wireguard wg setconf wg-cghnm "${WG_CONFIG_PATH}" ip addr add "${WG_TUNNEL_IP}/22" dev wg-cghmn ip link set wg-cghmn up

  1. Add necessary routes to Wireguard interface

ip route add 100.89.128.0/22 dev wg-cghmn ip route add 172.23.0.0/16 dev wg-cghmn ip route add 100.96.0.0/13 dev wg-cghmn

  1. Enable IP forwarding

sysctl -w net.ipv4.ip_forward=1

  1. Create bridge and add "LAN"-side interface

ip link add br-cghmn type bridge ip link set br-cghmn up ip addr flush "${BRIDGED_LAN_INTERFACE}" ip link set "${BRIDGED_LAN_INTERFACE}" master br-cghmn

  1. Add "LAN"-side IP address to bridge

ip addr add "${BRIDGED_LAN_IP}/24" dev br-cghmn

  1. Add nftables rules to prevent IP traffic from leaving the bridge

nft add table bridge filter nft add chain bridge filter forward '{ type filter hook forward priority 0; }' nft add rule bridge forward 'oifname gretap* meta ibrname meta nfproto ipv4 br-cghmn drop comment "Drop IPv4 from leaving the bridge"' nft add rule bridge forward 'iifname gretap* meta ibrname meta nfproto ipv4 br-cghmn drop comment "Drop IPv4 from entering the bridge"' nft add rule bridge forward 'oifname gretap* meta ibrname meta nfproto ipv6 br-cghmn drop comment "Drop IPv6 from leaving the bridge"' nft add rule bridge forward 'iifname gretap* meta ibrname meta nfproto ipv6 br-cghmn drop comment "Drop IPv6 from entering the bridge"'

  1. Create GRETAP interface and add to bridge

ip link add gretap-cghmn type gretap remote 172.23.4.103 ignore-df nopmtudisc ttl 255 ip link set gretap-cghmn master br-cghmn mtu 1500 ip link set br-cghmn mtu 1500 ip link set gretap-cghmn up

  1. Start dnsmasq as DHCP server

dnsmasq -d -R -P 80 \ 

   -i "${BRIDGED_LAN_INTERFACE}" \
   -S 100.89.128.0 \
   -F "${BRIDGED_LAN_DHCP_START},${BRIDGED_LAN_DHCP_END}"
Retrieved from "https://wiki.cursedsilicon.net/index.php?title=CGHMN-Router-Configuration&oldid=135"