OnkelDom

Last Updated: 8/30/18

Details

I wanted to run an OpenVPN server on the USG. Since it has a Radius server built in, I figured this would be a much better way to handle OpenVPN authentication. Make sure you have the Radius server enabled on your USG under Settings > Services > Radius > Server in the controller. Add OpenVpn users under Settings > Services > Radius > Server.

Thanks to the following resources in helping to configure this:

• appleguru on Ubnt.com forums
• bartdevos on Ubnt.com forums

OnkelDom

Setup Docker Systemd on Ubuntu 20.04

This is my docker systemd setup. I stored no configs or environment vars in this gist.

Install Docker

# Install Dependencies
$ sudo apt-get update
$ sudo apt-get install -y apt-transport-https ca-certificates curl gnupg lsb-release

OnkelDom

- hosts: all
  vars:
    version: "1.4.2"
    interface: "enp2s0"
    dante_port: "1089"
  tasks:
  - name: install dependencies
    become: yes
    become_user: root
    yum: name={{ item }} state=present

OnkelDom

Squid configuration snippets - Ansible Role: ansible-role-squid

Basics

Path	Description
"/etc/squid/squid.conf"	Default config file with includes
"/etc/squid/conf.d"	Custom config folder
"/etc/squid/acl.d"	Custom acls folder
"/etc/squid/errors.d"	Custom error pages folder

OnkelDom

{
        "firewall": {
                "ipv6-name": {
                        "wan_in-6": {
                                "default-action": "drop",
                                "description": "wan_in",
                                "enable-default-log": "''",
                                "rule": {
                                        "1": {
                                                "action": "accept",

OnkelDom

{
   "service":{
      "nat":{
         "rule":{
            "1":{
               "description":"DNS Redirect",
               "destination":{
                  "port":"53"
               },
               "inbound-interface":"eth1",

OnkelDom

update webproxy blacklists
configure
set service webproxy cache-size 0
set service webproxy default-port 3128
set service webproxy listen-address 192.168.1.1
set service webproxy enable-access-log
set service webproxy administrator proxy@onkeldom.eu
set service webproxy mem-cache-size 5
set service webproxy url-filtering squidguard auto-update update-hour 5
set service webproxy url-filtering squidguard block-category adult

OnkelDom

$ sudo vim /etc/rsyslog.conf

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

#################
#### MODULES ####
#################

OnkelDom

// Exmaple Pac-File
function FindProxyForURL(url, host)
  {
  //set variables
  var client = myIpAddress();
  var direct = "DIRECT";
  var proxy = "PROXY proxy.home.onkeldom.eu:3128";
  var proxy-internal = "PROXY proxy.home.onkeldom.eu:3130";

  // proxy while Split-Brain - special way for onkeldom.eu

OnkelDom

# update the package manager and install some prerequisites (all of these aren't technically required)
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common libssl-dev libffi-dev git wget nano

# create a group named docker and add yourself to it
#   so that we don't have to type sudo docker every time
#   note you will need to logout and login before this takes affect (which we do later)
sudo groupadd docker
sudo usermod -aG docker ${USER}