Skip to content

Instantly share code, notes, and snippets.

@adrianmihalko
Created November 25, 2021 19:40
Show Gist options
  • Save adrianmihalko/2790fa482d18349845e6ad0a0cc720f1 to your computer and use it in GitHub Desktop.
Save adrianmihalko/2790fa482d18349845e6ad0a0cc720f1 to your computer and use it in GitHub Desktop.
Destination based routing on Unifi USG and Edgerouter
@UniFiSecurityGateway3P:/config$ configure
@UniFiSecurityGateway3P# set protocols static table 5 interface-route 0.0.0.0/0 next-hop-interface wg0
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 action modify
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 modify table 5
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 destination group address-group 6029c3e9e4f9411eca96870f
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 protocol all
@UniFiSecurityGateway3P# set interfaces ethernet eth1 firewall in modify VPN_Gateway
@UniFiSecurityGateway3P# commit
@UniFiSecurityGateway3P# set service nat rule 5004 description "masq to vpn wg0"
@UniFiSecurityGateway3P# set service nat rule 5004 outbound-interface wg0
@UniFiSecurityGateway3P# set service nat rule 5004 type masquerade
@adrianmihalko
Copy link
Author

@UniFiSecurityGateway3P:/config$ configure
@UniFiSecurityGateway3P# set protocols static table 5 interface-route 0.0.0.0/0 next-hop-interface wg0
@UniFiSecurityGateway3P# set protocols static table 5 route 0.0.0.0/0 blackhole distance 255
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 action modify
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 modify table 5
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 destination group address-group 6029c3e9e4f9411eca96870f
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 protocol all
@UniFiSecurityGateway3P# set interfaces ethernet eth1 firewall in modify VPN_Gateway
@UniFiSecurityGateway3P# commit
@UniFiSecurityGateway3P# curl ipinfo.io

@UniFiSecurityGateway3P# set service nat rule 5004 description "masq to vpn wg0"
@UniFiSecurityGateway3P# set service nat rule 5004 outbound-interface wg0
@UniFiSecurityGateway3P# set service nat rule 5004 type masquerade

@adrianmihalko
Copy link
Author

@UniFiSecurityGateway3P:/config$ configure
@UniFiSecurityGateway3P# set protocols static table 5 interface-route 0.0.0.0/0 next-hop-interface wg0
@UniFiSecurityGateway3P# set protocols static table 5 route 0.0.0.0/0 blackhole distance 255
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 action modify
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 modify table 5
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 destination group address-group 6029c3e9e4f9411eca96870f
@UniFiSecurityGateway3P# set firewall modify VPN_Gateway rule 2502 protocol all
@UniFiSecurityGateway3P# set interfaces ethernet eth1 firewall in modify VPN_Gateway
@UniFiSecurityGateway3P# commit

@UniFiSecurityGateway3P# set service nat rule 5004 description "masq to vpn wg0"
@UniFiSecurityGateway3P# set service nat rule 5004 outbound-interface wg0
@UniFiSecurityGateway3P# set service nat rule 5004 type masquerade

@UniFiSecurityGateway3P# set service dns forwarding options ipset=/ifconfig.me/6029c3e9e4f9411eca96870f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment