1
0

Compare commits

...

3 Commits

Author SHA1 Message Date
Ember 'n0emis' Keske
536630fdd4
radius: open firewall 2022-07-25 09:33:15 +02:00
Ember 'n0emis' Keske
9b9836b518
add wlan/dect-ports on sw-hospital 2022-07-25 09:31:27 +02:00
Ember 'n0emis' Keske
f4befb017a
fix dialin 2022-07-25 09:31:19 +02:00
5 changed files with 30 additions and 7 deletions

View File

@ -30,5 +30,7 @@ with lib;
users.users.radius.group = "radius"; users.users.radius.group = "radius";
users.groups.radius = {}; users.groups.radius = {};
networking.firewall.allowedUDPPorts = [ 1812 ];
system.stateVersion = "22.05"; system.stateVersion = "22.05";
} }

View File

@ -6,7 +6,8 @@
config = { config = {
regfile.yate.password = "yate"; regfile.yate.password = "yate";
regexroute = "[default] regexroute = "[default]
^4933921999799\\(.*\\)$=lateroute/yate;osip_x-called=\\1 ^4933921999799\\(.*\\)$=sip/sip:\\1@10.42.10.6
\${sip_x-dialout-allowed}^1$=goto dialout \${sip_x-dialout-allowed}^1$=goto dialout
[dialout] [dialout]

View File

@ -117,8 +117,8 @@
iif {vlan132, vlan133} accept iif {vlan132, vlan133} accept
udp dport 5060 ip saddr { 10.42.10.9 } accept ip saddr { 10.42.10.9 } accept
udp dport 5060 ip6 saddr { 2a01:4f8:1c0c:8221::9 } accept ip6 saddr { 2a01:4f8:1c0c:8221::9 } accept
} }
chain forward { chain forward {

View File

@ -34,7 +34,7 @@ in {
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
ExecStart = ExecStart =
"${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -vvv -DF -r -l /var/lib/yate/yate.log"; "${pkgs.yate}/bin/yate -d -p /run/yate/yate.pid -c /etc/yate -F -s -q -DF -r -l /var/lib/yate/yate.log";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
User = "yate"; User = "yate";
Group = "yate"; Group = "yate";

View File

@ -1,11 +1,10 @@
version 15.1R7-S10 version 12.3R12.4
system { system {
host-name sw-hospital; host-name sw-hospital;
auto-snapshot; auto-snapshot;
root-authentication { root-authentication {
encrypted-password "$1$DAjLGZX7$sHIjgeZhXhq/IcgRKOWy20"; ## SECRET-DATA encrypted-password "$1$DAjLGZX7$sHIjgeZhXhq/IcgRKOWy20"; ## SECRET-DATA
ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"; ## SECRET-DATA ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"; ## SECRET-DATA
ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"; ## SECRET-DATA
} }
services { services {
ssh; ssh;
@ -21,6 +20,24 @@ interfaces {
} }
} }
} }
ge-0/0/22 {
unit 0 {
family ethernet-switching {
vlan {
members VL_WLAN;
}
}
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching {
vlan {
members VL_DECT;
}
}
}
}
ge-0/1/0 { ge-0/1/0 {
description "zu sw-fuf"; description "zu sw-fuf";
unit 0 { unit 0 {
@ -55,7 +72,7 @@ interfaces {
} }
} }
ge-0/1/3 { ge-0/1/3 {
description: "uplink: sw-zentral-1"; description "uplink: sw-zentral-1";
unit 0 { unit 0 {
family ethernet-switching { family ethernet-switching {
port-mode trunk; port-mode trunk;
@ -158,3 +175,6 @@ vlans {
vlan-id 212; vlan-id 212;
} }
} }
poe {
interface all;
}