Edgerouter - X (Routed IPTV | IPv6 | Voip)
- Glasvezel media converter aangesloten via eth4
- Lan aan gesloten op de switch via eth0 (poe 24v)
- vlans voor LAN en Gasten netwerk
- voip configuratie voor een asterisk server
- Routed IPTV
configureer interface eth4
set interfaces ethernet eth4 mtu 1512
set interfaces ethernet eth4 description "WAN"
set interfaces ethernet eth4 duplex auto
Internet verbinding
pppoe
set interfaces ethernet eth4 vif 6
set interfaces ethernet eth4 vif 6 mtu 1508
set interfaces ethernet eth4 vif 6 pppoe 0 default-route auto
set interfaces ethernet eth4 vif 6 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth4 vif 6 pppoe 0 firewall in name WAN_IN
set interfaces ethernet eth4 vif 6 pppoe 0 firewall local ipv6-name WANv6_LOCAL
set interfaces ethernet eth4 vif 6 pppoe 0 firewall local name WAN_LOCAL
set interfaces ethernet eth4 vif 6 pppoe 0 mtu 1500
set interfaces ethernet eth4 vif 6 pppoe 0 name-server auto
set interfaces ethernet eth4 vif 6 pppoe 0 password 1234
set interfaces ethernet eth4 vif 6 pppoe 0 user-id fake@freedom.nl
IPv6
set interfaces ethernet eth4 vif 6 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth4 vif 6 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth4 vif 6 pppoe 0 ipv6 enable
IPv6 Dhcpv6-pd
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd prefix-only
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 prefix-length /48
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 interface switch0.10 host-address ::1
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 interface switch0.10 prefix-id :10
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 interface switch0.10 service slaac
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 interface switch0.20 host-address ::1
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 interface switch0.20 prefix-id :20
set interfaces ethernet eth4 vif 6 pppoe 0 dhcpv6-pd pd 0 interface switch0.20 service slaac
nat regels
set service nat rule 5100 description "Internet"
set service nat rule 5100 log disable
set service nat rule 5100 outbound-interface pppoe0
set service nat rule 5100 protocol all
set service nat rule 5100 type masquerade
IPTV
settings voor IPTV
set interfaces ethernet eth4 vif 4 address dhcp
set interfaces ethernet eth4 vif 4 description "IPTV"
set interfaces ethernet eth4 vif 4 dhcp-options client-option "request subnet-mask, routers, rfc3442-classless-static-routes;"
set interfaces ethernet eth4 vif 4 dhcp-options client-option "send vendor-class-identifier "IPTV_RG";"
set interfaces ethernet eth4 vif 4 dhcp-options default-route no-update
set interfaces ethernet eth4 vif 4 dhcp-options default-route-distance 210
set interfaces ethernet eth4 vif 4 dhcp-options name-server update
IGMP Proxy
configureer igmp proxy voor iptv
set protocols igmp-proxy interface eth4.4 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface eth4.4 role upstream
set protocols igmp-proxy interface eth4.4 threshold 1
set protocols igmp-proxy interface switch0.10 alt-subnet 0.0.0.0/0
set protocols igmp-proxy interface switch0.10 role downstream
set protocols igmp-proxy interface switch0.10 threshold 1
Nat regels voor IPTV
set service nat rule 5010 description "IPTV - 185.24.175.0/24"
set service nat rule 5010 destination address 185.24.175.0/24
set service nat rule 5010 log disable
set service nat rule 5010 outbound-interface eth4.4
set service nat rule 5010 protocol all
set service nat rule 5010 type masquerade
set service nat rule 5011 description "IPTV - 185.41.48.0/24"
set service nat rule 5011 destination address 185.41.48.0/24
set service nat rule 5011 log disable
set service nat rule 5011 outbound-interface eth4.4
set service nat rule 5011 protocol all
set service nat rule 5011 type masquerade
set service nat rule 5012 description "IPTV - 10.10.0.97/32"
set service nat rule 5012 destination address 10.10.0.97/32
set service nat rule 5012 log disable
set service nat rule 5012 outbound-interface eth4.4
set service nat rule 5012 protocol all
set service nat rule 5012 type masquerade
Firewall
set firewall name WAN_IN rule 30 action accept
set firewall name WAN_IN rule 30 descrition "IPTV multicast"
set firewall name WAN_IN rule 30 destination address 239.0.0.0/8
set firewall name WAN_IN rule 30 log disable
set firewall name WAN_IN rule 30 protocol udp
set firewall name WAN_IN rule 30 source address 10.10.16.0/22
set firewall name WAN_IN rule 40 action accept
set firewall name WAN_IN rule 40 description "IPTV IGMP"
set firewall name WAN_IN rule 40 log disable
set firewall name WAN_IN rule 40 protocol igmp
contrack rtsp module
set system contrack modules rtsp enable
script voor het toevoegen van routes
Het onderstaande script is nodig voor optie 121 (rfc3442-classless-routes)
voeg dit script toe aan /etc/dhcp3/dhclient-exit-hooks.d/rfc3442-classless-routes
# set classless routes based on the format specified in RFC3442
# e.g.:
# new_rfc3442_classless_static_routes='24 192 168 10 192 168 1 1 8 10 10 17 66 41'
# specifies the routes:
# 192.168.10.0/24 via 192.168.1.1
# 10.0.0.0/8 via 10.10.17.66.41
RUN="yes"
if [ "$RUN" = "yes" ]; then
if [ -n "$new_rfc3442_classless_static_routes" ]; then
if [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ]; then
set -- $new_rfc3442_classless_static_routes
while [ $# -gt 0 ]; do
net_length=$1
via_arg=''
case $net_length in
32|31|30|29|28|27|26|25)
net_address="${2}.${3}.${4}.${5}"
gateway="${6}.${7}.${8}.${9}"
shift 9
;;
24|23|22|21|20|19|18|17)
net_address="${2}.${3}.${4}.0"
gateway="${5}.${6}.${7}.${8}"
shift 8
;;
16|15|14|13|12|11|10|9)
net_address="${2}.${3}.0.0"
gateway="${4}.${5}.${6}.${7}"
shift 7
;;
8|7|6|5|4|3|2|1)
net_address="${2}.0.0.0"
gateway="${3}.${4}.${5}.${6}"
shift 6
;;
0) # default route
net_address="0.0.0.0"
gateway="${2}.${3}.${4}.${5}"
shift 5
;;
*) # error
return 1
;;
esac
# take care of link-local routes
if [ "${gateway}" != '0.0.0.0' ]; then
via_arg="via ${gateway}"
fi
# set route (ip detects host routes automatically)
ip -4 route add "${net_address}/${net_length}" \
${via_arg} dev "${interface}" >/dev/null 2>&1
done
fi
fi
fi
LAN
LAN heeft 2 vlans:
10: LAN
20: Gasten
interne switch
set interfaces switch switch0 description "local"
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 switch-port vlan-aware enable
set interfaces switch switch0 switch-port interface eth0 vlan vid 10
set interfaces switch switch0 switch-port interface eth0 vlan vid 20
LAN
set interfaces switch switch0 vif 10 address 192.168.10.1/24
set interfaces switch switch0 vif 10 description "vlan10 - LAN"
set interfaces switch switch0 vif 10 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 vif 10 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 vif 10 ipv6 router-advert default-lifetime 1800
set interfaces switch switch0 vif 10 ipv6 router-advert default-preference medium
set interfaces switch switch0 vif 10 ipv6 router-advert link-mtu 0
set interfaces switch switch0 vif 10 ipv6 router-advert managed-flag false
set interfaces switch switch0 vif 10 ipv6 router-advert max-interval 600
set interfaces switch switch0 vif 10 ipv6 router-advert min-interval 198
set interfaces switch switch0 vif 10 ipv6 router-advert other-config-flag false
set interfaces switch switch0 vif 10 ipv6 router-advert reachable-time 0
set interfaces switch switch0 vif 10 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 vif 10 ipv6 router-advert send-advert true
set interfaces switch switch0 vif 10 ipv6 router-advert prefix <jouw prefix>:10::/64 autonomous-flag true
set interfaces switch switch0 vif 10 ipv6 router-advert prefix <jouw prefix>:10::/64 on-link-flag true
set interfaces switch switch0 vif 10 ipv6 router-advert prefix <jouw prefix>:10::/64 valid-lifetime 2592000
Gasten
set interfaces switch switch0 vif 20 firewall in name GASTEN_IN
set interfaces switch switch0 vif 20 firewall local name GASTEN_LOCAL
set interfaces switch switch0 vif 20 address 192.168.20.1/24
set interfaces switch switch0 vif 20 description "vlan20 - Gasten"
set interfaces switch switch0 vif 20 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 vif 20 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 vif 20 ipv6 router-advert default-lifetime 1800
set interfaces switch switch0 vif 20 ipv6 router-advert default-preference medium
set interfaces switch switch0 vif 20 ipv6 router-advert link-mtu 0
set interfaces switch switch0 vif 20 ipv6 router-advert managed-flag false
set interfaces switch switch0 vif 20 ipv6 router-advert max-interval 600
set interfaces switch switch0 vif 20 ipv6 router-advert min-interval 198
set interfaces switch switch0 vif 20 ipv6 router-advert other-config-flag false
set interfaces switch switch0 vif 20 ipv6 router-advert reachable-time 0
set interfaces switch switch0 vif 20 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 vif 20 ipv6 router-advert send-advert true
set interfaces switch switch0 vif 20 ipv6 router-advert prefix <jouw prefix>:20::/64 autonomous-flag true
set interfaces switch switch0 vif 20 ipv6 router-advert prefix <jouw prefix>:20::/64 on-link-flag true
set interfaces switch switch0 vif 20 ipv6 router-advert prefix <jouw prefix>:20::/64 valid-lifetime 2592000
Firewall
set firewall group network-group PRIVATE_NET network 192.168.10.0/24
set firewall name GASTEN_IN default-action accept
set firewall name GASTEN_IN rule 10 action drop
set firewall name GASTEN_IN rule 10 description "private netwerk"
set firewall name GASTEN_IN rule 10 destination group network-group PRIVATE_NET
set firewall name GASTEN_IN rule 10 log disable
set firewall name GASTEN_IN rule 10 protocol all
set firewall name GASTEN_LOCAL default-action drop
DHCP Server
set service dhcp-server shared-network-name Lan authoritative enable
set service dhcp-server shared-network-name Lan description "vlan10 - Lan"
set service dhcp-server shared-network-name Lan subnet 192.168.10.0/24 default-router 192.168.10.1
set service dhcp-server shared-network-name Lan subnet 192.168.10.0/24 dns-server 192.168.10.1
set service dhcp-server shared-network-name Lan subnet 192.168.10.0/24 domain-name home.local
set service dhcp-server shared-network-name Lan subnet 192.168.10.0/24 lease 86400
set service dhcp-server shared-network-name Lan subnet 192.168.10.0/24 start 192.168.10.100 stop 192.168.10.254
set service dhcp-server shared-network-name Gasten authoritative enable
set service dhcp-server shared-network-name Gasten description "vlan20 - Gasten"
set service dhcp-server shared-network-name Gasten subnet 192.168.20.0/24 default-router 192.168.20.1
set service dhcp-server shared-network-name Gasten subnet 192.168.20.0/24 dns-server 192.168.20.1
set service dhcp-server shared-network-name Gasten subnet 192.168.20.0/24 domain-name home.local
set service dhcp-server shared-network-name Gasten subnet 192.168.20.0/24 lease 86400
set service dhcp-server shared-network-name Gasten subnet 192.168.20.0/24 start 192.168.20.100 stop 192.168.20.254
DNS
set service dns forwarding cache-size 1000
set service dns forwarding listen-on switch0.10
set service dns forwarding listen-on switch0.20
set system name-server 185.232.98.76
set system name-server 185.93.175.43
set system name-server 2a10:3780:2:52:185:93:175:43
set system name-server 2a10:3780:2:53:185:232:98:76
VOIP
ik gebruik hier een asterisk voor
vervang accountID voor jou accountID
vervang password voor jou password
sip.conf
[freedom]
type=friend
context=inbound-freedom
host=sip.freedom.nl
fromuser=accountID
fromdomain=voipgrid.nl
username=accountID
authuser=accountID
qualify=no
secret=password
canreinvite=no
dtmfmode=auto
directmedia=no
insecure=invite
disallow=all
allow=ulaw
allow=alaw
allow=h263
allow=h263p
keepalive=yes
relaxdtmf=yes
nat=force_rport
extensions.conf
[globals]
TRUNK=sip/freedom
[users]
include => local
include => inbound-freedom
include => outbound-freedom
[outbound-freedom]
exten => _X.,1,Dial(SIP/freedom/${CALLERID(dnid)})
exten => _X.,n,Hangup
[inbound-freedom]
exten => accountID,1,Log(NOTICE,"Call from (${CALLERID(num)})")
; goto unknown caller id
same => n,GotoIf($["${CALLERID(num)}" = "anonymous"]?unknown-cid,s,1)
same => n,Goto(call-all-phones,s,1)
[unknown-cid]
exten => s,1,Playback(queue-callswaiting)
same => n,Playback(queue-holdtime)
same => n,SayNumber(2)
same => n,Playback(queue-minutes)
same => n,StartMusicOnHold(live-radio)
same => n,Wait(120)
same => n,StopMusicOnHold()
same => n,Goto(call-all-phones,s,1)
[call-all-phones]
exten => s,1,Dial(SIP/woonkamer,25,tT)
same => n,Answer
same => n,Voicemail((accountID)
same => n,Hangup
[local]
exten => 300,1,Dial(SIP/woonkamer)
same => n,Voicemail(woonkamer@default)
same => n,Hangup
exten => 1233,1,VoicemailMain(accountID,s)
exten => 1,1,VoicemailMain(${CALLERID(num)},s)
[default]
;include => users
include => inbound-freedom
[public]
;include => users
voicemail.conf
[default]
; Note: The rest of the system must reference mailboxes defined here as mailbox@default.
accountID => 0000,Voice Mailbox,
users.conf
[woonkamer]
fullname = naam van de telefoon
secret = verylongrandompassword
hassip = yes
host = dynamic
context = users
musiconhold.conf
[live-radio]
mode=custom
application=/usr/bin/mpg123.bin -q -r 8000 -f 8192 --mono -s (jou favorite radio stream)
rtp.conf
[general]
;
; RTP start and RTP end configure start and end addresses
;
; Defaults are rtpstart=5000 and rtpend=31000
;
rtpstart=17000
rtpend=18000
firewall
set firewall name WAN_IN rule 50 action accept
set firewall name WAN_IN rule 50 descrition "Voip"
set firewall name WAN_IN rule 50 destination address ip voip server
set firewall name WAN_IN rule 50 destination port 5060
set firewall name WAN_IN rule 50 protocol udp
set firewall name WAN_IN rule 50 log disable
set firewall name WAN_IN rule 51 action accept
set firewall name WAN_IN rule 51 descrition "Voip"
set firewall name WAN_IN rule 51 destination address ip voip server
set firewall name WAN_IN rule 51 destination port 17000-18000
set firewall name WAN_IN rule 51 protocol udp
set firewall name WAN_IN rule 51 log disable