set high-availability vrrp group ge-int address '178.236.29.225/29' set high-availability vrrp group ge-int hello-source-address '178.236.29.226' set high-availability vrrp group ge-int interface 'eth0.51' set high-availability vrrp group ge-int peer-address '178.236.29.227' set high-availability vrrp group ge-int priority '200' set high-availability vrrp group ge-int vrid '51' set high-availability vrrp group ge-loc address '10.8.1.1/24' set high-availability vrrp group ge-loc hello-source-address '10.8.1.2' set high-availability vrrp group ge-loc interface 'eth0.60' set high-availability vrrp group ge-loc peer-address '10.8.1.3' set high-availability vrrp group ge-loc priority '200' set high-availability vrrp group ge-loc vrid '60' set interfaces ethernet eth0 vif 51 address '178.236.29.226/29' set interfaces ethernet eth0 vif 51 description 'Galaxy Empire Internet' set interfaces ethernet eth0 vif 60 address '10.8.1.2/24' set interfaces ethernet eth0 vif 60 description 'Galaxy-Net local' set interfaces ethernet eth0 vif 64 address '10.44.1.1/30' set interfaces ethernet eth0 vif 64 description 'OSPF Healing' set interfaces ethernet eth0 vif 66 address '10.22.11.1/29' set interfaces ethernet eth0 vif 66 description 'DMVPN Hub1' set interfaces ethernet eth0 vif 68 address '10.22.33.1/29' set interfaces ethernet eth0 vif 68 description 'Wireguard 1' set interfaces ethernet eth0 vif 1412 address '10.24.0.98/29' set interfaces ethernet eth0 vif 1412 description 'Uplink to sw.m9.c01.meganet.ru' set interfaces ethernet eth0 vif 1512 address '10.25.0.98/29' set interfaces ethernet eth0 vif 1512 description 'Uplink to sw.m9.c02.meganet.ru' set interfaces tunnel tun66 address '172.16.11.1/24' set interfaces tunnel tun66 encapsulation 'gre' set interfaces tunnel tun66 multicast 'enable' set interfaces tunnel tun66 parameters ip key '1' set interfaces tunnel tun66 source-address '10.22.11.1' set interfaces tunnel tun66 source-interface 'eth0.66' set interfaces wireguard wg01 address '172.16.13.1/24' set interfaces wireguard wg01 peer exdc01r allowed-ips '0.0.0.0/0' set interfaces wireguard wg01 peer exdc01r persistent-keepalive '15' set interfaces wireguard wg01 peer exdc01r public-key '4NjWD+KNCy33WeEvVmxouzn4JO7TPLj+0HAUWC16Iww=' set interfaces wireguard wg01 port '31337' set interfaces wireguard wg01 private-key 'GJE1IZXWydAr+CeSNMlnVtB4rlGdk08pdUsUOt9syXI=' set nat source rule 5 destination address '!10.0.0.0/8' set nat source rule 5 outbound-interface 'any' set nat source rule 5 source address '10.8.1.0/24' set nat source rule 5 translation address '178.236.29.226' set nat source rule 10 destination address '!10.0.0.0/8' set nat source rule 10 outbound-interface 'any' set nat source rule 10 source address '10.8.2.0/24' set nat source rule 10 translation address '178.236.29.226' set nat source rule 15 destination address '!10.0.0.0/8' set nat source rule 15 outbound-interface 'any' set nat source rule 15 source address '10.8.3.0/24' set nat source rule 15 translation address '178.236.29.226' set policy prefix-list DEFAULT-ONLY rule 5 action 'permit' set policy prefix-list DEFAULT-ONLY rule 5 prefix '0.0.0.0/0' set policy prefix-list OUR_ROUTES_OUT rule 5 action 'permit' set policy prefix-list OUR_ROUTES_OUT rule 5 le '30' set policy prefix-list OUR_ROUTES_OUT rule 5 prefix '178.236.29.224/29' set policy prefix-list OUR_ROUTES_OUT rule 10 action 'permit' set policy prefix-list OUR_ROUTES_OUT rule 10 le '30' set policy prefix-list OUR_ROUTES_OUT rule 10 prefix '10.8.1.0/24' set policy prefix-list OUR_ROUTES_OUT rule 15 action 'permit' set policy prefix-list OUR_ROUTES_OUT rule 15 le '30' set policy prefix-list OUR_ROUTES_OUT rule 15 prefix '10.8.2.0/24' set policy route-map DEFAULT-ONLY rule 5 action 'permit' set policy route-map DEFAULT-ONLY rule 5 match ip address prefix-list 'DEFAULT-ONLY' set policy route-map DEFAULT-ONLY rule 900 action 'deny' set policy route-map OUR_ROUTES_OUT rule 5 action 'permit' set policy route-map OUR_ROUTES_OUT rule 5 match ip address prefix-list 'OUR_ROUTES_OUT' set protocols bgp address-family ipv4-unicast redistribute connected set protocols bgp local-as '64998' set protocols bgp neighbor 10.24.0.97 address-family ipv4-unicast route-map export 'OUR_ROUTES_OUT' set protocols bgp neighbor 10.24.0.97 address-family ipv4-unicast route-map import 'DEFAULT-ONLY' set protocols bgp neighbor 10.24.0.97 remote-as '42678' set protocols bgp neighbor 10.25.0.97 address-family ipv4-unicast route-map export 'OUR_ROUTES_OUT' set protocols bgp neighbor 10.25.0.97 address-family ipv4-unicast route-map import 'DEFAULT-ONLY' set protocols bgp neighbor 10.25.0.97 remote-as '42678' set protocols bgp parameters router-id '10.24.0.98' set protocols nhrp tunnel tun66 cisco-authentication 'qwerty123' set protocols nhrp tunnel tun66 holding-time '300' set protocols nhrp tunnel tun66 multicast 'dynamic' set protocols nhrp tunnel tun66 redirect set protocols nhrp tunnel tun66 shortcut set protocols ospf area 0 set protocols ospf area 10 area-type nssa no-summary set protocols ospf area 11 area-type nssa no-summary set protocols ospf interface eth0.64 area '0' set protocols ospf interface eth0.64 priority '255' set protocols ospf interface tun66 area '10' set protocols ospf interface wg01 area '11' set protocols ospf neighbor 172.16.13.2 set protocols ospf parameters abr-type 'cisco' set protocols ospf parameters router-id '10.44.1.1' set service ssh set system domain-name 'galaxy-net.ml' set system host-name 'cdc01r' set system time-zone 'Europe/Moscow' set vpn ipsec esp-group esp_h1 compression 'disable' set vpn ipsec esp-group esp_h1 lifetime '1800' set vpn ipsec esp-group esp_h1 mode 'transport' set vpn ipsec esp-group esp_h1 pfs 'dh-group2' set vpn ipsec esp-group esp_h1 proposal 1 encryption 'aes256' set vpn ipsec esp-group esp_h1 proposal 1 hash 'sha1' set vpn ipsec esp-group esp_h1 proposal 2 encryption '3des' set vpn ipsec esp-group esp_h1 proposal 2 hash 'md5' set vpn ipsec ike-group ike_h1 ikev2-reauth 'no' set vpn ipsec ike-group ike_h1 key-exchange 'ikev1' set vpn ipsec ike-group ike_h1 lifetime '3600' set vpn ipsec ike-group ike_h1 proposal 1 dh-group '2' set vpn ipsec ike-group ike_h1 proposal 1 encryption 'aes256' set vpn ipsec ike-group ike_h1 proposal 1 hash 'sha1' set vpn ipsec ike-group ike_h1 proposal 2 dh-group '2' set vpn ipsec ike-group ike_h1 proposal 2 encryption 'aes128' set vpn ipsec ike-group ike_h1 proposal 2 hash 'sha1' set vpn ipsec interface 'eth0.66' set vpn ipsec profile dm66 authentication mode 'pre-shared-secret' set vpn ipsec profile dm66 authentication pre-shared-secret 'qwerty123' set vpn ipsec profile dm66 bind tunnel 'tun66' set vpn ipsec profile dm66 esp-group 'esp_h1' set vpn ipsec profile dm66 ike-group 'ike_h1'