CGHMN-Router-Configuration

From Cursed Silicons Wiki
Revision as of 00:25, 2 April 2025 by Snep (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Example Script to join a Linux box to the network as a router:



#!/bin/bash

# Replace the values below with the ones you got from us when joining

# and/or with values that match your setup

WG_CONFIG_PATH=/etc/wireguard/wg-cghmn.conf

WG_TUNNEL_IP=100.89.128.1

BRIDGED_LAN_INTERFACE=eth1

BRIDGED_LAN_IP=100.96.1.1

BRIDGED_LAN_DHCP_START=100.96.1.100

BRIDGED_LAN_DHCP_END=100.96.1.200

# Bring up Wireguard tunnel

ip link add wg-cghmn type wireguard

wg setconf wg-cghnm "${WG_CONFIG_PATH}"

ip addr add "${WG_TUNNEL_IP}/22" dev wg-cghmn

ip link set wg-cghmn up

# Add necessary routes to Wireguard interface

ip route add 100.89.128.0/22 dev wg-cghmn

ip route add 172.23.0.0/16 dev wg-cghmn

ip route add 100.96.0.0/13 dev wg-cghmn

# Enable IP forwarding

sysctl -w net.ipv4.ip_forward=1

# Create bridge and add "LAN"-side interface

ip link add br-cghmn type bridge

ip link set br-cghmn up

ip addr flush "${BRIDGED_LAN_INTERFACE}"

ip link set "${BRIDGED_LAN_INTERFACE}" master br-cghmn

# Add "LAN"-side IP address to bridge

ip addr add "${BRIDGED_LAN_IP}/24" dev br-cghmn

# Add nftables rules to prevent IP traffic from leaving the bridge

nft add table bridge filter

nft add chain bridge filter forward '{ type filter hook forward priority 0; }'

nft add rule bridge forward 'oifname gretap* meta ibrname meta nfproto ipv4 br-cghmn drop comment "Drop IPv4 from leaving the bridge"'

nft add rule bridge forward 'iifname gretap* meta ibrname meta nfproto ipv4 br-cghmn drop comment "Drop IPv4 from entering the bridge"'

nft add rule bridge forward 'oifname gretap* meta ibrname meta nfproto ipv6 br-cghmn drop comment "Drop IPv6 from leaving the bridge"'

nft add rule bridge forward 'iifname gretap* meta ibrname meta nfproto ipv6 br-cghmn drop comment "Drop IPv6 from entering the bridge"'

# Create GRETAP interface and add to bridge

ip link add gretap-cghmn type gretap remote 172.23.4.103 ignore-df nopmtudisc ttl 255

ip link set gretap-cghmn master br-cghmn mtu 1500

ip link set br-cghmn mtu 1500

ip link set gretap-cghmn up

# Start dnsmasq as DHCP server

dnsmasq -d -R -P 80 \

   -i "${BRIDGED_LAN_INTERFACE}" \

   -S 100.89.128.0 \

   -F "${BRIDGED_LAN_DHCP_START},${BRIDGED_LAN_DHCP_END}"

Retrieved from "https://wiki.cursedsilicon.net/index.php?title=CGHMN-Router-Configuration&oldid=136"