Last active
June 3, 2025 21:31
Revisions
-
pinkeen revised this gist
Apr 10, 2020 . 1 changed file with 9 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -217,6 +217,8 @@ It may be more flexible and clean to set them up using something like _Note: This is not a complete guide, general container configuration steps, etc. are ommited assuming that they are obvious to the skilled reader._ The whole process is painless and takes ~15min. Based on [this post](https://discuss.linuxcontainers.org/t/working-install-of-docker-ce-in-lxc-unprivileged-container-in-proxmox/3828). ### 1. Create container @@ -241,14 +243,19 @@ systemctl start docker systemctl enable docker ``` ### 3. Set up proxmox container options Set up container options needed for running docker: ```yaml features: keyctl=1,nesting=1 ``` - Add it via `Options` tab in the web GUI - Edit the file ``/etc/pve/lxc/<CTID>.conf` - Use the `pct` CLI tool ### 4. Run UNMS installer in the container Follow the [official installation guide](https://help.ubnt.com/hc/en-us/articles/115012196527-UNMS-Installation-Guide). -
Apr 10, 2020 . 1 changed file with 8 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -214,7 +214,8 @@ It may be more flexible and clean to set them up using something like ## Run Ubiquity UNMS in LXC container on ProxMox _Note: This is not a complete guide, general container configuration steps, etc. are ommited assuming that they are obvious to the skilled reader._ Based on [this post](https://discuss.linuxcontainers.org/t/working-install-of-docker-ce-in-lxc-unprivileged-container-in-proxmox/3828). @@ -250,11 +251,17 @@ features: keyctl=1,nesting=1 ### 4. Run UNMS installer in the container Follow the [official installation guide](https://help.ubnt.com/hc/en-us/articles/115012196527-UNMS-Installation-Guide). ```sh curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh ``` ### 5. Perform initial UNMS setup and register your devices See: [The UNMS Key and the Device Registration Process](https://help.ubnt.com/hc/en-us/articles/115015772548). Or just go to the network address of the running container 🤞 ## TODO -
Apr 10, 2020 . 1 changed file with 7 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -226,7 +226,11 @@ Create an LXC container using an image with one of the officially [supported dis - Ubuntu 18 - Debian 9 ### 2. Set up the system 1. Install docker, if on Ubuntu you can use the [Official Guide](https://docs.docker.com/engine/install/ubuntu/). 2. Install [docker service overrides](https://www.bjonnh.net/article/20181130_lxdocker/): ```sh mkdir -p /etc/systemd/system/containerd.service.d @@ -238,6 +242,8 @@ systemctl enable docker ### 3. Add to proxmox config for container in `/etc/pve/lxc/<CTID>.conf`: You can also add it via `Options` tab in the web GUI. ```yaml features: keyctl=1,nesting=1 ``` -
Apr 10, 2020 . 1 changed file with 25 additions and 25 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,6 +15,31 @@ - [route-aws-region-to-interface.sh](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-route-aws-region-to-interface-sh) - [interactive-shell-setup.sh](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) ## Improve your shell experience  This script will set up: * coloured prompt with: - vyatta configuration edit session info (changed, saved, ...) - different colours for root / normal user * command aliases (which probably mostly I use) * command history with: - completion search (up/down arrow keys) - jump between words (left/right arrow keys + option/alt) Install [`vhk.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) to `/etc/profile.d`: ```sh curl -L https://gist.githubusercontent.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17/raw/vhk.sh -o /etc/profile.d/99-custom.sh ``` For root profile is not sourced automatically so add: ```sh echo '. /etc/profile' >> /root/.bashrc ``` ## Basic configuration hints ### Keep last 10 configuration commit revisions (by default none is kept) @@ -57,31 +82,6 @@ set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-na ``` ## Install tools from Debian repository #### 1. Free up space -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -43,7 +43,7 @@ set system config-management commit-archive location scp://user:pass@host.local/ ``` ### Enable `dnsmasq` for DHCP Based on official [Ubiquity Docs](https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-DHCP-Server-Using-Dnsmasq). -
Apr 10, 2020 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,6 +10,11 @@ - [Run Ubiquity UNMS on ProxMox using LXC](#run-ubiquity-unms-in-lxc-container-on-proxmox) - [Auto-route traffic for AWS region to a VPN](#auto-route-traffic-for-aws-region-to-a-vpn) ### Scripts - [route-aws-region-to-interface.sh](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-route-aws-region-to-interface-sh) - [interactive-shell-setup.sh](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) ## Basic configuration hints ### Keep last 10 configuration commit revisions (by default none is kept) -
Apr 10, 2020 . 1 changed file with 26 additions and 68 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,7 +6,6 @@ - [Improve your shell experience](#improve-your-shell-experience) - [Install tools from Debian repository](#install-tools-from-debian-repository) - [Restart Crashed / Hanging Web GUI](#restart-crashed--hanging-web-gui) - [Setup PPTP VPN Client](#setup-pptp-vpn-client) - [Run Ubiquity UNMS on ProxMox using LXC](#run-ubiquity-unms-in-lxc-container-on-proxmox) - [Auto-route traffic for AWS region to a VPN](#auto-route-traffic-for-aws-region-to-a-vpn) @@ -30,6 +29,29 @@ rollback ? # list commits rollback {NUM} ``` ### Back config after commit via SSH/SCP _Note: I was not able to get it work key auth, only password seems possible._ ```sh set system config-management commit-archive location scp://user:pass@host.local/Some/Path/To/Backups ``` ## Enable `dnsmasq` for DHCP Based on official [Ubiquity Docs](https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-DHCP-Server-Using-Dnsmasq). Just enable it: 😎 ```sh set service dhcp-server use-dnsmasq enable ``` ```sh set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name ubnt.local ``` ## Improve your shell experience  @@ -68,6 +90,8 @@ delete system image #### 2. Install apt repo **Warning: This repos (stretch) work only for firmware 2.x** ```sh set system package repository stretch components 'main contrib non-free' set system package repository stretch distribution stretch @@ -108,75 +132,9 @@ commit ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure..._ #### 1. Create PPTP client iface -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # Ubiquity EdgeRouter - Personal Cheat Sheet and Improvements ### Topics -
Apr 10, 2020 . 2 changed files with 6 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -234,7 +234,7 @@ chmod +x /config/scripts/route-aws-region-to-interface.sh ```sh set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 executable path /config/scripts/route-aws-region-to-interface.sh set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 executable arguments 'eu-central-1 pptpc0' set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 interval 7d ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,18 +34,18 @@ bind '"\e[1;5C": forward-word' bind '"\e[1;5D": backward-word' if which ccze >/dev/null 2>&1 ; then ccze() { command ccze -A -o nolookups ; } function ll() { ls -alsh "$@" | ccze } function psa() { ps auxf "$@" | ccze } function h() { history "$@" | ccze } else @@ -54,6 +54,7 @@ else fi alias dmesg='dmesg -t' alias l='ll' # Bash function overloading code via https://stackoverflow.com/a/18839557 vhk_func_cpy() { -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ - [Restart Crashed / Hanging Web GUI](#restart-crashed--hanging-web-gui) - [Enable `dnsmasq` for DHCP](#enable-dnsmasq-for-dhcp) - [Setup PPTP VPN Client](#setup-pptp-vpn-client) - [Run Ubiquity UNMS on ProxMox using LXC](#run-ubiquity-unms-in-lxc-container-on-proxmox) - [Auto-route traffic for AWS region to a VPN](#auto-route-traffic-for-aws-region-to-a-vpn) ## Basic configuration hints -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,7 +8,7 @@ - [Restart Crashed / Hanging Web GUI](#restart-crashed--hanging-web-gui) - [Enable `dnsmasq` for DHCP](#enable-dnsmasq-for-dhcp) - [Setup PPTP VPN Client](#setup-pptp-vpn-client) - [Run Ubiquity UNMS in LXC container on ProxMox](#run-ubiquity-unms-dockers-in-lxc-container-on-proxmox) - [Auto-route traffic for AWS region to a VPN](#auto-route-traffic-for-aws-region-to-a-vpn) ## Basic configuration hints -
Apr 10, 2020 . 3 changed files with 35 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,12 +2,16 @@ ### Topics - [Basic configuration hints](#basic-configuration) - [Improve your shell experience](#improve-your-shell-experience) - [Install tools from Debian repository](#install-tools-from-debian-repository) - [Restart Crashed / Hanging Web GUI](#restart-crashed--hanging-web-gui) - [Enable `dnsmasq` for DHCP](#enable-dnsmasq-for-dhcp) - [Setup PPTP VPN Client](#setup-pptp-vpn-client) - [Run Ubiquity UNMS in LXC container on ProxMox][#run-ubiquity-unms-dockers-in-lxc-container-on-proxmox] - [Auto-route traffic for AWS region to a VPN](#auto-route-traffic-for-aws-region-to-a-vpn) ## Basic configuration hints ### Keep last 10 configuration commit revisions (by default none is kept) @@ -102,7 +106,7 @@ set service gui commit ``` ## Enable `dnsmasq` for DHCP @@ -168,15 +172,6 @@ commit exit ``` ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure, but it's the only @@ -231,6 +226,7 @@ _My use-case: Our AWS SGs allow SSH access only from company network._ Install the [`route-aws-region-to-interface.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#fileroute-aws-region-to-interface-sh) script and execute it as task every 7 days to update routing. ```sh curl -L https://gist.githubusercontent.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17/raw/route-aws-region-to-interface.sh -o /config/scripts/route-aws-region-to-interface.sh chmod +x /config/scripts/route-aws-region-to-interface.sh @@ -242,7 +238,18 @@ set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 executable argum set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 interval 7d ``` #### TODO: Improve the script The static routes cannot have a description or be grouped in any way. This introduces tonnes of routes and they cannot easily be removed at once and clutter everything. It may be more flexible and clean to set them up using something like [Policy-Based Routing](https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing). ## Run Ubiquity UNMS in LXC container on ProxMox **This is not yet tested, no idea if it works!** @@ -278,11 +285,12 @@ features: keyctl=1,nesting=1 curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh ``` ## TODO Write down: - SSH Key auth - Set up HTTPS certs with LE via ACME.sh Also: Automate all of this with ansible. This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,11 @@ #!/bin/bash ################################################################## # *** VyOS / EdgeRouter Configuration Script *** # # # # Licensed under MIT (c) 2020 Filip Sobalski <pinkeen@gmail.com> # ################################################################## set -e if (( $# != 2 )); then This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,13 @@ ################################################################## # *** VyOS / EdgeRouter Interactive Shell Setup *** # # # # Licensed under MIT (c) 2020 Filip Sobalski <pinkeen@gmail.com> # ################################################################## # Make triple-sure we're in interactive shell not to break anything [[ "$-" != *i* ]] && return [[ ! -z "$PS1" ]] && return export HISTFILE="$HOME/.bash_history" export HIST_STAMPS="yyyy-mm-dd" -
Apr 10, 2020 . 1 changed file with 14 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -226,6 +226,8 @@ exit ## Auto-route traffic for AWS region to a VPN _My use-case: Our AWS SGs allow SSH access only from company network._ Install the [`route-aws-region-to-interface.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#fileroute-aws-region-to-interface-sh) script and execute it as task every 7 days to update routing. @@ -240,17 +242,10 @@ set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 executable argum set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 interval 7d ``` ## Run Ubiquity UNMS Dockers in LXC container on ProxMox **This is not yet tested, no idea if it works!** Based on [this post](https://discuss.linuxcontainers.org/t/working-install-of-docker-ce-in-lxc-unprivileged-container-in-proxmox/3828). ### 1. Create container @@ -281,4 +276,13 @@ features: keyctl=1,nesting=1 ```sh curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh ``` ## TODO Write down: - [Set up dnsmasq - allows creating internal hostnames pointing to MACs.](https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-DHCP-Server-Using-Dnsmasq) - SSH Key auth - Set up HTTPS certs with LE via ACME.sh Automate this crap with ansible. -
Apr 10, 2020 . 1 changed file with 7 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,6 +8,8 @@ cat<<EOF *** VyOS / EdgeRouter Configuration Script ***" # Licensed under MIT (c) 2020 Filip Sobalski <pinkeen@gmail.com> Job: Route traffic for AWS region subnets to an interface Usage: $0 <aws-region> <target-interface> [mode] Args: @@ -32,7 +34,8 @@ aws_region_subnets() { vrun() { echo "[CFG CMD] $@"; /opt/vyatta/bin/vyatta-op-cmd-wrapper "$@"; } vcfg() { echo "[OP CMD] $@"; /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper "$@"; } # Ask for confirmation when interactive shell if [[ ! "$-" != *i* ]] || [[ -z "$PS1" ]] ; then read -p "Will route traffic for AWS subnets in region $AWS_REGION to interface $TARGET_IFACE, ar you sure? [Y\N] " CONTINUE if [[ ! $CONTINUE =~ ^[Yy] ]] ; then @@ -45,10 +48,11 @@ AWS_SUBNETS="$(aws_region_subnets "$AWS_REGION")" vcfg begin # Disable error exit as the python script returns duplicates and some commands will fai # there's no `unique` command in bash and I'm too lazy to fix the script 😅 set +e for AWS_SUBNET in $AWS_SUBNETS ; do vcfg $MODE protocols static interface-route $AWS_SUBNET next-hop-interface $TARGET_IFACE done set -e -
Apr 10, 2020 . 3 changed files with 342 additions and 132 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,132 +0,0 @@ This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,284 @@ # Ubiquity EdgeRouter - Hacks and Cheat Sheet ### Topics - [Improve your shell experience](#improve-your-shell-experience) - [Install tools from Debian repository](#install-tools-from-debian-repository) - [Restart Crashed / Hanging Web GUI](#restart-crashed--hanging-web-gui) - [Setup PPTP VPN Client](#setup-pptp-vpn-client) ## Basic configuration ### Keep last 10 configuration commit revisions (by default none is kept) [See the official docs for verbose info.](https://help.ubnt.com/hc/en-us/articles/204960084-EdgeRouter-Archiving-and-Managing-the-Configuration-Files) ```sh set system config-management commit-revisions 10 ``` This allows you later list commits and roll them back. ### After fuckup rollback to specficic revision ```sh rollback ? # list commits rollback {NUM} ``` ## Improve your shell experience  This script will set up: * coloured prompt with: - vyatta configuration edit session info (changed, saved, ...) - different colours for root / normal user * command aliases (which probably mostly I use) * command history with: - completion search (up/down arrow keys) - jump between words (left/right arrow keys + option/alt) Install [`vhk.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) to `/etc/profile.d`: ```sh curl -L https://gist.githubusercontent.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17/raw/vhk.sh -o /etc/profile.d/99-custom.sh ``` For root profile is not sourced automatically so add: ```sh echo '. /etc/profile' >> /root/.bashrc ``` ## Install tools from Debian repository #### 1. Free up space *Remove the old system image left from previous update.* As root, but *NOT* in configuration mode: ```sh delete system image ``` #### 2. Install apt repo ```sh set system package repository stretch components 'main contrib non-free' set system package repository stretch distribution stretch set system package repository stretch url http://http.us.debian.org/debian ``` #### 2. Install the packages you want ```sh apt -y install nano ccze htop dnsutils ``` #### 3. ... and free-up space taken by apt _This will remove package index and the downloaded package files._ ```sh rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ``` ## Restart Crashed / Hanging Web GUI #### 1. Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh pkill -9 -f lighttpd ``` #### 2. Delete and re-add the GUI service ```sh configure delete service gui commit set service gui commit ``` ## Some basic lan setup ## Enable `dnsmasq` for DHCP Based on official [Ubiquity Docs](https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-DHCP-Server-Using-Dnsmasq). Just enable it: 😎 ```sh set service dhcp-server use-dnsmasq enable ``` ```sh set service dhcp-server shared-network-name LAN1 subnet 192.168.1.0/24 domain-name ubnt.local ``` ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure, but it's the only VPN client on ER-X with **hardware offloading**. And I can't use OpenVPN and wasn't able to get L2TP over IPSEC to work, maybe someday..._ #### 1. Create PPTP client iface ```sh set interfaces pptp-client pptpc0 set interfaces pptp-client pptpc0 default-route auto set interfaces pptp-client pptpc0 server-ip {remote-host} set interfaces pptp-client pptpc0 description {label} set interfaces pptp-client pptpc0 user-id {username} set interfaces pptp-client pptpc0 password {password} ``` #### 2. Add static PPTP route ```sh set protocols static interface-route {target-subnet} next-hop-interface pptpc0 ``` #### 3. Set up a masquerade NAT Rule ```sh set service nat rule 5005 outbound-interface pptpc0 set service nat rule 5005 type masquerade set service nat rule 5005 description {rule-name} ``` #### [Maintenace] Restart the PPTP connections If you need to restart a misbehaving PPTP connection without changing configuration you might use this trick. ```sh configure save delete interfaces pptp-client commit load compare commit exit ``` ## TODO Write down: - [Set up dnsmasq - allows creating internal hostnames pointing to MACs.](https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-DHCP-Server-Using-Dnsmasq) - SSH Key auth - Set up HTTPS certs with LE via ACME.sh Automate this crap with ansible. ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure, but it's the only VPN client on ER-X with **hardware offloading**. And I can't use OpenVPN and wasn't able to get L2TP over IPSEC to work, maybe someday..._ #### 1. Create PPTP client iface ```sh set interfaces pptp-client pptpc0 set interfaces pptp-client pptpc0 default-route auto set interfaces pptp-client pptpc0 server-ip {remote-host} set interfaces pptp-client pptpc0 description {label} set interfaces pptp-client pptpc0 user-id {username} set interfaces pptp-client pptpc0 password {password} ``` #### 2. Add static PPTP route ```sh set protocols static interface-route {target-subnet} next-hop-interface pptpc0 ``` #### 3. Set up a masquerade NAT Rule ```sh set service nat rule 5005 outbound-interface pptpc0 set service nat rule 5005 type masquerade set service nat rule 5005 description {rule-name} ``` #### [Maintenace] Restart the PPTP connections If you need to restart a misbehaving PPTP connection without changing configuration you might use this trick. ```sh configure save delete interfaces pptp-client commit load compare commit exit ``` ## Auto-route traffic for AWS region to a VPN Install the [`route-aws-region-to-interface.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#fileroute-aws-region-to-interface-sh) script and execute it as task every 7 days to update routing. ```sh curl -L https://gist.githubusercontent.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17/raw/route-aws-region-to-interface.sh -o /config/scripts/route-aws-region-to-interface.sh chmod +x /config/scripts/route-aws-region-to-interface.sh ``` ```sh set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 executable path /config/scripts/route-aws-region-to-interface.sh set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 executable arguments eu-central-1 pptpc0 set system task-scheduler task RouteAWSREgionEUCentral1ToPPTPC0 interval 7d ``` ## TODO Write down: - [Set up dnsmasq - allows creating internal hostnames pointing to MACs.](https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-DHCP-Server-Using-Dnsmasq) - SSH Key auth - Set up HTTPS certs with LE via ACME.sh Automate this crap with ansible. ## Run Ubiquity UNMS Dockers in LXC container on ProxMox Based on [this post](https://discuss.linuxcontainers.org/t/working-install-of-docker-ce-in-lxc-unprivileged-container-in-proxmox/3828). ### 1. Create container Create an LXC container using an image with one of the officially [supported distros](https://help.ubnt.com/hc/en-us/articles/115012196527-UNMS-Installation-Guide): - Ubuntu 16 - Ubuntu 18 - Debian 9 ### 2. Inside the container setup [docker service overrides](https://www.bjonnh.net/article/20181130_lxdocker/): ```sh mkdir -p /etc/systemd/system/containerd.service.d echo -e "[Service]\nExecStartPre=\n" > /etc/systemd/system/containerd.service.d/override.conf systemctl daemon-reload systemctl start docker systemctl enable docker ``` ### 3. Add to proxmox config for container in `/etc/pve/lxc/<CTID>.conf`: ```yaml features: keyctl=1,nesting=1 ``` ### 4. Run UNMS installer in the container ```sh curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,58 @@ #!/bin/bash set -e if (( $# != 2 )); then cat<<EOF *** VyOS / EdgeRouter Configuration Script ***" Job: Route traffic for AWS region subnets to an interface Usage: $0 <aws-region> <target-interface> [mode] Args: aws-region name of target AWS region target-interface name of interface to route traffic to mode (default: set) set or delete the routes EOF exit 1 fi MODE="${3:-set}" TARGET_IFACE="$2" AWS_REGION="$1" aws_region_subnets() { local AWS_REGION="$1" curl -sL https://ip-ranges.amazonaws.com/ip-ranges.json | python -c 'import sys, json; region = sys.argv[1]; sys.stdout.write(str.join("\n", sorted([prefix["ip_prefix"] for prefix in (json.loads(sys.stdin.read()))["prefixes"] if "ip_prefix" in prefix and prefix["region"] == region])) + "\n");' "$AWS_REGION" } vrun() { echo "[CFG CMD] $@"; /opt/vyatta/bin/vyatta-op-cmd-wrapper "$@"; } vcfg() { echo "[OP CMD] $@"; /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper "$@"; } if [[ "$-" != *i* ]] ; then read -p "Will route traffic for AWS subnets in region $AWS_REGION to interface $TARGET_IFACE, ar you sure? [Y\N] " CONTINUE if [[ ! $CONTINUE =~ ^[Yy] ]] ; then echo "Aborted" >&2 exit 9 fi fi AWS_SUBNETS="$(aws_region_subnets "$AWS_REGION")" vcfg begin set +e for AWS_SUBNET in $AWS_SUBNETS ; do vcfg $MODE protocols static interface-route $AWS_SUBNET next-hop-interface $TARGET_IFACE vcfg $CMD done set -e echo -e "\n---\n" vcfg commit vcfg end -
Apr 10, 2020 . No changes.There are no files selected for viewing
-
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -87,7 +87,7 @@ commit ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure, but it's the only VPN client on ER-X with **hardware offloading**. And I can't use OpenVPN and wasn't able to get L2TP over IPSEC to work, maybe someday..._ #### 1. Create PPTP client iface -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # Ubiquity EdgeRouter - Hacks and Cheat Sheet ### Topics - [Improve your shell experience](#improve-your-shell-experience) - [Install tools from Debian repository](#install-tools-from-debian-repository) -
Apr 10, 2020 . 1 changed file with 9 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,14 @@ # Ubiquity EdgeRouter - Hacks and Cheat Sheet **Topics**: - [Improve your shell experience](#improve-your-shell-experience) - [Install tools from Debian repository](#install-tools-from-debian-repository) - [Restart Crashed / Hanging Web GUI](#restart-crashed--hanging-web-gui) - [Setup PPTP VPN Client](#setup-pptp-vpn-client) ## Improve your shell experience  -
Apr 10, 2020 . 1 changed file with 18 additions and 122 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,124 +1,18 @@ # Ubiquity EdgeRouter - Hacks and Cheat Sheet # Improve your shell experience  This script will set up: * coloured prompt with: - vyatta configuration edit session info (changed, saved, ...) - different colours for root / normal user * command aliases (which probably mostly I use) * command history with: - completion search (up/down arrow keys) - jump between words (left/right arrow keys + option/alt) Install [`vhk.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) to `/etc/profile.d`: @@ -131,9 +25,9 @@ For root profile is not sourced automatically so add: echo '. /etc/profile' >> /root/.bashrc ``` ## Install tools from Debian repository #### 1. Free up space *Remove the old system image left from previous update.* @@ -142,35 +36,37 @@ As root, but *NOT* in configuration mode: delete system image ``` #### 2. Install apt repo ```sh set system package repository stretch components 'main contrib non-free' set system package repository stretch distribution stretch set system package repository stretch url http://http.us.debian.org/debian ``` #### 2. Install the packages you want ```sh apt -y install nano ccze htop dnsutils ``` #### 3. ... and free-up space taken by apt _This will remove package index and the downloaded package files._ ```sh rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ``` ## Restart Crashed / Hanging Web GUI #### 1. Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh pkill -9 -f lighttpd ``` #### 2. Delete and re-add the GUI service ```sh configure @@ -210,7 +106,7 @@ set service nat rule 5005 type masquerade set service nat rule 5005 description {rule-name} ``` #### [Maintenace] Restart the PPTP connections If you need to restart a misbehaving PPTP connection without changing configuration you might use this trick. -
Apr 10, 2020 . 2 changed files with 14 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -114,6 +114,12 @@ exit  This script will set up: * coloured prompt with configuration edit session information * command aliases * history with completion search Install [`vhk.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) to `/etc/profile.d`: ```sh This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,23 +6,27 @@ export HISTFILE="$HOME/.bash_history" export HIST_STAMPS="yyyy-mm-dd" export HISTSIZE=200 export HISTFILESIZE=10000 export HISTCONTROL="erasedups:ignoreboth" export HISTTIMEFORMAT='%F %T ' # Enable history niceties completion search shopt -s cmdhist shopt -s lithist shopt -s histappend shopt -s histreedit shopt -s histverify # History search with arrow up/down bind '"\e[A": history-search-backward' bind '"\e[B": history-search-forward' # Jump to next/prev words with option(alt)+left/right bind '"\e[C": forward-char' bind '"\e[D": backward-char' bind '"\e[1;5C": forward-word' bind '"\e[1;5D": backward-word' if which ccze >/dev/null 2>&1 ; then alias ccz='ccze -A -o nolookups' -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # Ubiquity EdgeRouter - Hacks and Cheat Sheet ## Improve your shell experience -
Apr 10, 2020 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,6 @@ # Ubiquity EdgeRouter - Hacks, Improvements and Cheat Sheet ## Improve your shell experience  -
Apr 10, 2020 . 1 changed file with 120 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,7 +15,7 @@ echo '. /etc/profile' >> /root/.bashrc ## Setup Debian APT Repo to install more pkgs #### First free up space Remote the old system image (update leftover). _As root, but *NOT* in configuration mode._ @@ -24,7 +24,7 @@ _As root, but *NOT* in configuration mode._ delete system image ``` #### Install apt repo ```sh @@ -33,27 +33,27 @@ set system package repository stretch distribution stretch set system package repository stretch url http://http.us.debian.org/debian ``` #### Install the package you want ```sh apt -y install nano ccze ``` #### ... and free-up space after you've installed your packages ```sh rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ``` ## Restart Crashed / Hanging Web GUI #### Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh pkill -9 -f 'lighttpd' ``` #### Delete and re-add the GUI service ```sh configure @@ -69,7 +69,7 @@ _Note: PPTP has been cracked and is considered insecure, but it's the only VPN client on ER-X with *hardware offloading. And I can't use OpenVPN and wasn't able to get L2TP over IPSEC to work, maybe someday..._ #### 1. Create PPTP client iface ```sh set interfaces pptp-client pptpc0 @@ -79,22 +79,22 @@ set interfaces pptp-client pptpc0 user-id {username} set interfaces pptp-client pptpc0 password {password} ``` #### 2. Add static PPTP route ```sh set interfaces pptp-client pptpc0 default-route none set protocols static interface-route {target-subnet} next-hop-interface pptpc0 ``` #### 3. Set up a masquerade NAT Rule ```sh set service nat rule 5005 outbound-interface pptpc0 set service nat rule 5005 type masquerade set service nat rule 5005 description {NAT_RULE_NAME} ``` #### Restart the PPTP connections ```sh configure @@ -108,3 +108,113 @@ commit exit ``` # Improve your shell experience  Install [`vhk.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) to `/etc/profile.d`: ```sh curl -L https://gist.githubusercontent.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17/raw/vhk.sh -o /etc/profile.d/99-custom.sh ``` For root profile is not sourced automatically so add: ```sh echo '. /etc/profile' >> /root/.bashrc ``` ## Setup Debian APT Repo to install more pkgs #### First free up space *Remove the old system image left from previous update.* As root, but *NOT* in configuration mode: ```sh delete system image ``` #### Install apt repo ```sh set system package repository stretch components 'main contrib non-free' set system package repository stretch distribution stretch set system package repository stretch url http://http.us.debian.org/debian ``` #### Install the package you want ```sh apt -y install nano ccze ``` #### ... and free-up space after you've installed your packages ```sh rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ``` ## Restart Crashed / Hanging Web GUI #### Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh pkill -9 -f lighttpd ``` #### Delete and re-add the GUI service ```sh configure delete service gui commit set service gui commit ``` ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure, but it's the only VPN client on ER-X with *hardware offloading. And I can't use OpenVPN and wasn't able to get L2TP over IPSEC to work, maybe someday..._ #### 1. Create PPTP client iface ```sh set interfaces pptp-client pptpc0 set interfaces pptp-client pptpc0 server-ip {remote-host} set interfaces pptp-client pptpc0 description {label} set interfaces pptp-client pptpc0 user-id {username} set interfaces pptp-client pptpc0 password {password} ``` #### 2. Add static PPTP route ```sh set protocols static interface-route {target-subnet} next-hop-interface pptpc0 ``` #### 3. Set up a masquerade NAT Rule ```sh set service nat rule 5005 outbound-interface pptpc0 set service nat rule 5005 type masquerade set service nat rule 5005 description {rule-name} ``` #### Restart the PPTP connections If you need to restart a misbehaving PPTP connection without changing configuration you might use this trick. ```sh configure save delete interfaces pptp-client commit load compare commit exit ``` -
Apr 10, 2020 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -47,8 +47,6 @@ rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ## Restart Crashed / Hanging Web GUI ### Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh @@ -67,6 +65,10 @@ commit ## Setup PPTP VPN Client _Note: PPTP has been cracked and is considered insecure, but it's the only VPN client on ER-X with *hardware offloading. And I can't use OpenVPN and wasn't able to get L2TP over IPSEC to work, maybe someday..._ ### 1. Create PPTP client iface ```sh -
Apr 10, 2020 . 1 changed file with 17 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,6 +48,23 @@ rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ## Restart Crashed / Hanging Web GUI ### Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh pkill -9 -f 'lighttpd' ``` ### Delete and re-add the GUI service ```sh configure delete service gui commit set service gui commit ``` ## Setup PPTP VPN Client ### 1. Create PPTP client iface @@ -89,19 +106,3 @@ commit exit ``` -
Apr 10, 2020 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Apr 10, 2020 . 1 changed file with 47 additions and 46 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,42 +1,16 @@ # Improve your shell experience  Install [`vhk.sh`](https://gist.github.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17#file-vhk-sh) to `/etc/profile.d`: ```sh curl -L https://gist.githubusercontent.com/pinkeen/3076cd6f5cc5b08d3faacfa2db149a17/raw/vhk.sh -o /etc/profile.d/99-custom.sh ``` For root profile is not sourced automatically so add: ```sh echo '. /etc/profile' >> /root/.bashrc ``` ## Setup Debian APT Repo to install more pkgs @@ -73,34 +47,61 @@ rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ## Restart Crashed / Hanging Web GUI ## Setup PPTP VPN Client ### 1. Create PPTP client iface ```sh set interfaces pptp-client pptpc0 set interfaces pptp-client pptpc0 server-ip {remote-host} set interfaces pptp-client pptpc0 description {label} set interfaces pptp-client pptpc0 user-id {username} set interfaces pptp-client pptpc0 password {password} ``` ### 2. Add static PPTP route ```sh set interfaces pptp-client pptpc0 default-route none set protocols static interface-route {target-subnet} next-hop-interface pptpc0 ``` ### 3. Set up a masquerade NAT Rule ```sh set service nat rule 5005 outbound-interface pptpc0 set service nat rule 5005 type masquerade set service nat rule 5005 description {NAT_RULE_NAME} ``` ### Restart the PPTP connections ```sh configure save delete interfaces pptp-client commit load compare commit exit ``` ### Kill lighttpd process manually beforehand, because otherwise the delete cmd hangs ```sh pkill -9 -f 'lighttpd' ``` ### Delete and re-add the GUI service ```sh configure delete service gui commit set service gui commit ``` -
Apr 10, 2020 . 1 changed file with 12 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,6 +12,18 @@ export HISTFILESIZE=10000 export HISTCONTROL="erasedups:ignoreboth" export HISTTIMEFORMAT='%F %T ' # Enable history niceties with arrow search shopt -s histappend shopt -s cmdhist shopt -s histreedit shopt -s histverify shopt -s lithist bind '"\e[A": history-search-backward' bind '"\e[B": history-search-forward' bind '"\e[C": forward-char' bind '"\e[D": backward-char' if which ccze >/dev/null 2>&1 ; then alias ccz='ccze -A -o nolookups' -
Apr 10, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -77,7 +77,7 @@ rm -rvf /var/lib/apt/lists/ /var/cache/apt/archives/ ```sh pkill -9 -f 'lighttpd' ``` ### Delete and re-add the GUI service
NewerOlder