later notes

content/blog/2022-06-08-bell-ipv6.md

@@ -110,3 +110,47 @@ At this point, everything on the local network side is ready for a [SIT tunnel](
 Even though the HH4K is bypassed, Bell will still not allow pings through to the UDM-PRO, so Tunnel Broker will not quite work yet.
 
 ## Router setup
+
+SELinux: OFF
+Firewall: OFF
+
+/etc/sysctl.d/wireguard.conf 
+```text
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
+net.ipv6.conf.default.forwarding=1
+net.ipv6.conf.he-ipv6.proxy_ndp=1
+```
+
+badger wg config:
+```text
+[Interface]
+Address = 2001:dead:beef:2::1/64
+PrivateKey = <private-key>
+ListenPort = 51820
+PostUp = ip6tables -A FORWARD -i he-ipv6 -o %i -j ACCEPT; ip6tables -A FORWARD -i %i -o he-ipv6 -j ACCEPT;
+PostDown = ip6tables -D FORWARD -i he-ipv6 -o %i -j ACCEPT; ip6tables -D FORWARD -i %i -o he-ipv6 -j ACCEPT;
+
+[Peer]
+PublicKey = <public-key>
+AllowedIPs = 2001:dead:beef:2::0/64
+Endpoint = <udm-pro-wan-address>:51821
+PersistentKeepalive = 25
+```
+
+udm-pro wg config:
+```text
+[Interface]
+Address = 2001:dead:beef:2::1/64 #2001:470:1d:329::1/64 
+PrivateKey = <private-key>
+ListenPort = 51821
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE; ip route del 2001:dead:beef:2::/64 dev %i; ip route add 2001:dead:beef:2::/64 dev %i metric 512
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o bro -j MASQUERADE
+
+
+[Peer]
+Endpoint = <badger-ip-address>:51820
+PublicKey = <public-key>
+AllowedIps = 2000::/3
+PersistentKeepalive = 25
+```