summaryrefslogtreecommitdiff
path: root/roles/install_wireguard_backbone/templates
diff options
context:
space:
mode:
authorNiklas Yann Wettengel <niyawe@niyawe.de>2017-08-12 23:48:02 +0200
committerNiklas Yann Wettengel <niyawe@niyawe.de>2017-08-12 23:48:02 +0200
commit0f8af08cd75bf7cc369b7c4ba87a7d4311f16add (patch)
tree74b93a107f0dbe9d2b126558ac616029f17a3710 /roles/install_wireguard_backbone/templates
parent5fed801449c8210324376d0e31663a8fbb84a0e4 (diff)
fixed backbone routingnetsplit
Diffstat (limited to 'roles/install_wireguard_backbone/templates')
-rw-r--r--roles/install_wireguard_backbone/templates/down.sh.j28
-rw-r--r--roles/install_wireguard_backbone/templates/up.sh.j213
-rw-r--r--roles/install_wireguard_backbone/templates/wg.conf.j214
3 files changed, 15 insertions, 20 deletions
diff --git a/roles/install_wireguard_backbone/templates/down.sh.j2 b/roles/install_wireguard_backbone/templates/down.sh.j2
index 07325bf..fbdd387 100644
--- a/roles/install_wireguard_backbone/templates/down.sh.j2
+++ b/roles/install_wireguard_backbone/templates/down.sh.j2
@@ -1,5 +1,5 @@
#!/bin/bash
-{% for peer in wireguard_bb_peers %}
-ip link set down dev bb{{ peer.name }}
-ip link del bb{{ peer.name }} type ip6gretap
-{% endfor %}
+ip -4 rule del iif bb{{ item.name }} table ffmyk
+ip -6 rule del iif bb{{ item.name }} table ffmyk
+ip link set down dev bb{{ item.name }}
+ip link del bb{{ item.name }}
diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2
index 97985f9..38b3c26 100644
--- a/roles/install_wireguard_backbone/templates/up.sh.j2
+++ b/roles/install_wireguard_backbone/templates/up.sh.j2
@@ -1,7 +1,8 @@
#!/bin/bash
-{% for peer in wireguard_bb_peers %}
-ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone
-ip link set mtu 1280 dev bb{{ peer.name }}
-ip link set up dev bb{{ peer.name }}
-ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }}
-{% endfor %}
+ip link add bb{{ item.name }} type wireguard
+wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
+ip addr add {{ item.address6 }} dev bb{{ item.name }}
+ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.address }}/32 dev bb{{ item.name }}
+ip link set up dev bb{{ item.name }}
+ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10
+ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10
diff --git a/roles/install_wireguard_backbone/templates/wg.conf.j2 b/roles/install_wireguard_backbone/templates/wg.conf.j2
index 8e8841a..de0e1fb 100644
--- a/roles/install_wireguard_backbone/templates/wg.conf.j2
+++ b/roles/install_wireguard_backbone/templates/wg.conf.j2
@@ -1,15 +1,9 @@
[Interface]
-ListenPort = {{ wireguard_bb_port }}
+ListenPort = {{ item.local_port }}
PrivateKey = {{ wireguard_bb_key }}
-Address = {{ wireguard_bb_address }}/48
-MTU = 1423
-PostUp = /etc/wireguard/upbackbone.sh
-PreDown = /etc/wireguard/downbackbone.sh
-{% for peer in wireguard_bb_peers %}
[Peer]
-PublicKey = {{ peer.key }}
-AllowedIPs = {{ peer.address }}/128
-Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }}
+PublicKey = {{ item.key }}
+AllowedIPs = 0.0.0.0/0,::/0
+Endpoint = [{{ item.endpoint }}]:{{ item.remote_port }}
PersistentKeepalive = 30
-{% endfor %}