ER3 config openVPN noconnect

1. firewall {
2. all-ping enable
3. broadcast-ping disable
4. ipv6-receive-redirects disable
5. ipv6-src-route disable
6. ip-src-route disable
7. log-martians enable
8. name WAN_IN {
9. default-action drop
10. description "WAN to internal"
11. rule 10 {
12. action accept
13. description "Allow established/related"
14. state {
15. established enable
16. related enable
17. }
18. }
19. rule 20 {
20. action drop
21. description "Drop invalid state"
22. state {
23. invalid enable
24. }
25. }
26. }
27. name WAN_LOCAL {
28. default-action drop
29. description "WAN to router"
30. rule 1 {
31. action accept
32. description OpenVPN
33. destination {
34. port 1194
35. }
36. log disable
37. protocol udp
38. }
39. rule 10 {
40. action accept
41. description "Allow established/related"
42. state {
43. established enable
44. related enable
45. }
46. }
47. rule 20 {
48. action drop
49. description "Drop invalid state"
50. state {
51. invalid enable
52. }
53. }
54. }
55. options {
56. mss-clamp {
57. interface-type all
58. mss 1412
59. }
60. }
61. receive-redirects disable
62. send-redirects enable
63. source-validation disable
64. syn-cookies enable
65. }
66. interfaces {
67. ethernet eth0 {
68. address dhcp
69. description Internet
70. duplex auto
71. firewall {
72. in {
73. name WAN_IN
74. }
75. local {
76. name WAN_LOCAL
77. }
78. }
79. mtu 1452
80. speed auto
81. }
82. ethernet eth1 {
83. address 10.1.1.1/24
84. description LAN
85. duplex auto
86. mtu 1452
87. speed auto
88. }
89. ethernet eth2 {
90. address 10.1.2.1/24
91. description WLAN
92. duplex auto
93. mtu 1452
94. speed auto
95. }
96. loopback lo {
97. }
98. openvpn vtun0 {
99. mode server
100. server {
101. push-route 10.1.1.0/24
102. push-route 10.1.2.0/24
103. subnet 10.1.10.0/24
104. }
105. tls {
106. ca-cert-file /config/auth/cacert.pem
107. cert-file /config/auth/host.pem
108. dh-file /config/auth/dhp.pem
109. key-file /config/auth/host_nopass.key
110. }
111. }
112. }
113. protocols {
114. static {
115. }
116. }
117. service {
118. dhcp-server {
119. disabled false
120. hostfile-update disable
121. shared-network-name LAN1 {
122. authoritative disable
123. subnet 10.1.1.0/24 {
124. default-router 10.1.1.1
125. dns-server 10.1.1.1
126. lease 86400
127. start 10.1.1.100 {
128. stop 10.1.1.199
129. }
130. }
131. }
132. shared-network-name LAN2 {
133. authoritative disable
134. subnet 10.1.2.0/24 {
135. default-router 10.1.2.1
136. dns-server 10.1.2.1
137. lease 86400
138. start 10.1.2.100 {
139. stop 10.1.2.199
140. }
141. }
142. }
143. }
144. dns {
145. dynamic {
146. interface eth0 {
147. service custom-HE {
148. host-name <<REDACTED>>
149. login <<REDACTED>>
150. password <<REDACTED>>
151. protocol dyndns2
152. server dyn.dns.he.net
153. }
154. }
155. }
156. forwarding {
157. cache-size 150
158. listen-on eth1
159. listen-on eth2
160. }
161. }
162. gui {
163. https-port 443
164. }
165. nat {
166. rule 5010 {
167. description "masquerade for WAN"
168. outbound-interface eth0
169. type masquerade
170. }
171. }
172. ssh {
173. port 22
174. protocol-version v2
175. }
176. upnp {
177. listen-on eth1 {
178. outbound-interface eth0
179. }
180. listen-on eth2 {
181. outbound-interface eth0
182. }
183. }
184. }
185. system {
186. host-name spacemanspiff
187. login {
188. user calvin {
189. authentication {
190. encrypted-password <<REDACTED>>
191. plaintext-password ""
192. }
193. full-name nate
194. level admin
195. }
196. }
197. name-server 8.8.8.8
198. name-server 8.8.4.4
199. ntp {
200. server 0.ubnt.pool.ntp.org {
201. }
202. server 1.ubnt.pool.ntp.org {
203. }
204. server 2.ubnt.pool.ntp.org {
205. }
206. server 3.ubnt.pool.ntp.org {
207. }
208. }
209. syslog {
210. global {
211. facility all {
212. level notice
213. }
214. facility protocols {
215. level debug
216. }
217. }
218. }
219. time-zone America/New_York
220. traffic-analysis {
221. dpi disable
222. export disable
223. }
224. }