Neil Bartley neilbartley

## aa_l2tp_openwrt.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                neilbartley
                / aa_l2tp_openwrt.md
            
            
              Last active
              March 21, 2021 23:25
            
              
                Configure Andrews & Arnold L2TP on OpenWRT 19.07
              
          
    Configure Andrews & Arnold L2TP on OpenWRT 19.07

Andrews & Arnold offer a L2TP Service for people like me, who are trapped behind a CGNAT system.
The following was sourced from here, here and a bit of experimentation.
/etc/config/network

Add following:

  
## gist:a866655086b0bae957cc9dfe8bcf899b
docker run -it --rm redis:5.0.6 bash
apt update; apt install stunnel procps

cat > /etc/stunnel/redis-cli.conf
setuid = root
setgid = root
pid = /var/run/stunnel.pid
debug = 7
options = NO_SSLv2
options = NO_SSLv3

## docker-compose.yml
version: '3.7'

x-reflector: &reflector
  image: neilbartley/ysfreflector:latest
  container_name: reflector1
  ports:
    - "42000:42000/udp"
  environment:
    REFLECTOR_NAME: "YOUR_NAME_HERE"
    REFLECTOR_DESCRIPTION: "YOUR_DESCRIPTION_HERE"

## D2FFB949.asc
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBF4TqVABEADEJTbOKj3zU0orDbuUcWstQ2Cr9e7ZAq1nAIWmTiknEuCZNeAX
WKdR05e/QO8sBZTrKuCJb/P4r/EkZrl3JBQe6TVrJ6H0mduSvVkql7B2XQY07/ac
nEAxHSbq6mLHngn67zsGphm+0n2i0iShTW2reNjSe/ybq3i/zxQaPrC/jzp1cSiI
WDtXb4eOw/HwffXMQviFTKG0xakaUiaZRNd3LFIurCdXg7nP+ISqzw95L1gqFsIT
fb1YWbi81yMUGofQX6yvZaSLNrylbPjYXqTdBSTn0mGLbcKRBvv9+HR26UrvyeMK
6hj8nGzq50sh8gTAzV55DZ+AGipFOt7+542VUGP6BMVVy903jleP7roC7FHFxHk3
KkBcbfWINvXdG8LWxdyd0KxGbOcQK62ShjedJw3Us8yEgeCaU3aEc/C5aK4JWm9h
iCnHYaMxCjHo+U7Tlol6fadt49CQHUxBmt9//WnuVN9p0ygzKxGoG/rTePGFPxty

## commands.txt
# Created a server on DigitalOcean (anywhere will do). Just ensured it had docker installed.
# Setup DNS entries for proto[1234].neil.bar pointing at the server.
# Connected to the server.

# Server has ports locked down. Open up the ones we need.
ufw allow 80/tcp
ufw allow 443/tcp

# Wouldn't normally open this one up but its handy for this demo.
ufw allow 8080/tcp

## proto1-stack.yml
version: '3.4'

services:
  proto1:
    image: 123456789012.dkr.ecr.eu-west-1.amazonaws.com/prototoype:deploy-20181019-1050-a127c89
    command: bundle exec puma -p 9292

    # This links to the network created in the proxy (traefik) stack
    networks:
      - traefik_traefik

## hsb-stack.yml
version: '3.4'

services:
  hsb:
    image: 123456789012.dkr.ecr.eu-west-1.amazonaws.com/hairy-slackbot:deploy-20181015-0935-e583d12
    command: bundle exec puma -p 3000

    # This links to the network created in the proxy (træfik) stack
    networks:
      - traefik_traefik

## traefik.toml
debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https", "http"]

# https://docs.traefik.io/configuration/entrypoints/
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]           # https://docs.traefik.io/configuration/entrypoints/#redirect-http-to-https

## reverse-proxy-stack.yml
version: '3.4'

services:
  traefik:
    # Use the apline image, its lovely and small - 22MB!
    image: traefik:1.7.3-alpine

    # This just exposes the ports to the host, the host firewall is configured separately
    ports:
      - "443:443"    # Expose HTTPS port (and available externally)

## gist:e5dcda09076ae444e677bb3fc26ea296
Verifying that "neilbartley.id" is my Blockstack ID. https://onename.com/neilbartley
	docker run -it --rm redis:5.0.6 bash
	apt update; apt install stunnel procps

	cat > /etc/stunnel/redis-cli.conf
	setuid = root
	setgid = root
	pid = /var/run/stunnel.pid
	debug = 7
	options = NO_SSLv2
	options = NO_SSLv3
	version: '3.7'

	x-reflector: &reflector
	image: neilbartley/ysfreflector:latest
	container_name: reflector1
	ports:
	- "42000:42000/udp"
	environment:
	REFLECTOR_NAME: "YOUR_NAME_HERE"
	REFLECTOR_DESCRIPTION: "YOUR_DESCRIPTION_HERE"
	-----BEGIN PGP PUBLIC KEY BLOCK-----

	mQINBF4TqVABEADEJTbOKj3zU0orDbuUcWstQ2Cr9e7ZAq1nAIWmTiknEuCZNeAX
	WKdR05e/QO8sBZTrKuCJb/P4r/EkZrl3JBQe6TVrJ6H0mduSvVkql7B2XQY07/ac
	nEAxHSbq6mLHngn67zsGphm+0n2i0iShTW2reNjSe/ybq3i/zxQaPrC/jzp1cSiI
	WDtXb4eOw/HwffXMQviFTKG0xakaUiaZRNd3LFIurCdXg7nP+ISqzw95L1gqFsIT
	fb1YWbi81yMUGofQX6yvZaSLNrylbPjYXqTdBSTn0mGLbcKRBvv9+HR26UrvyeMK
	6hj8nGzq50sh8gTAzV55DZ+AGipFOt7+542VUGP6BMVVy903jleP7roC7FHFxHk3
	KkBcbfWINvXdG8LWxdyd0KxGbOcQK62ShjedJw3Us8yEgeCaU3aEc/C5aK4JWm9h
	iCnHYaMxCjHo+U7Tlol6fadt49CQHUxBmt9//WnuVN9p0ygzKxGoG/rTePGFPxty
	# Created a server on DigitalOcean (anywhere will do). Just ensured it had docker installed.
	# Setup DNS entries for proto[1234].neil.bar pointing at the server.
	# Connected to the server.

	# Server has ports locked down. Open up the ones we need.
	ufw allow 80/tcp
	ufw allow 443/tcp

	# Wouldn't normally open this one up but its handy for this demo.
	ufw allow 8080/tcp
	version: '3.4'

	services:
	proto1:
	image: 123456789012.dkr.ecr.eu-west-1.amazonaws.com/prototoype:deploy-20181019-1050-a127c89
	command: bundle exec puma -p 9292

	# This links to the network created in the proxy (traefik) stack
	networks:
	- traefik_traefik
	version: '3.4'

	services:
	hsb:
	image: 123456789012.dkr.ecr.eu-west-1.amazonaws.com/hairy-slackbot:deploy-20181015-0935-e583d12
	command: bundle exec puma -p 3000

	# This links to the network created in the proxy (træfik) stack
	networks:
	- traefik_traefik
	debug = false

	logLevel = "ERROR"
	defaultEntryPoints = ["https", "http"]

	# https://docs.traefik.io/configuration/entrypoints/
	[entryPoints]
	[entryPoints.http]
	address = ":80"
	[entryPoints.http.redirect] # https://docs.traefik.io/configuration/entrypoints/#redirect-http-to-https
	version: '3.4'

	services:
	traefik:
	# Use the apline image, its lovely and small - 22MB!
	image: traefik:1.7.3-alpine

	# This just exposes the ports to the host, the host firewall is configured separately
	ports:
	- "443:443" # Expose HTTPS port (and available externally)