summaryrefslogtreecommitdiff
path: root/roles/install_wireguard_backbone
diff options
context:
space:
mode:
authorNiklas Yann Wettengel <niyawe@niyawe.de>2017-08-12 23:48:02 +0200
committerNiklas Yann Wettengel <niyawe@niyawe.de>2017-08-12 23:48:02 +0200
commit0f8af08cd75bf7cc369b7c4ba87a7d4311f16add (patch)
tree74b93a107f0dbe9d2b126558ac616029f17a3710 /roles/install_wireguard_backbone
parent5fed801449c8210324376d0e31663a8fbb84a0e4 (diff)
fixed backbone routingnetsplit
Diffstat (limited to 'roles/install_wireguard_backbone')
-rw-r--r--roles/install_wireguard_backbone/files/wgbackbone@.service18
-rw-r--r--roles/install_wireguard_backbone/tasks/main.yml24
-rw-r--r--roles/install_wireguard_backbone/templates/down.sh.j28
-rw-r--r--roles/install_wireguard_backbone/templates/up.sh.j213
-rw-r--r--roles/install_wireguard_backbone/templates/wg.conf.j214
5 files changed, 50 insertions, 27 deletions
diff --git a/roles/install_wireguard_backbone/files/wgbackbone@.service b/roles/install_wireguard_backbone/files/wgbackbone@.service
new file mode 100644
index 0000000..7dfc5bd
--- /dev/null
+++ b/roles/install_wireguard_backbone/files/wgbackbone@.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=WireGuard Backbone for %I
+After=network-online.target
+Wants=network-online.target
+Documentation=man:wg(8)
+Documentation=https://www.wireguard.io/
+Documentation=https://www.wireguard.io/quickstart/
+Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8
+Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/etc/wireguard/upbb%i.sh
+ExecStop=/etc/wireguard/downbb%i.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml
index d0b725d..09edb03 100644
--- a/roles/install_wireguard_backbone/tasks/main.yml
+++ b/roles/install_wireguard_backbone/tasks/main.yml
@@ -1,24 +1,34 @@
---
-- name: create wireguard config for sites
+- name: create wireguard config for peers
template:
src: wg.conf.j2
- dest: /etc/wireguard/wgbackbone.conf
+ dest: /etc/wireguard/wgbb{{ item.name }}.conf
mode: 0400
+ with_items: "{{ wireguard_bb_peers }}"
-- name: create wireguard up scripts for sites
+- name: create wireguard up scripts for peers
template:
src: up.sh.j2
- dest: /etc/wireguard/upbackbone.sh
+ dest: /etc/wireguard/upbb{{ item.name }}.sh
mode: 0744
+ with_items: "{{ wireguard_bb_peers }}"
-- name: create wireguard down scripts for sites
+- name: create wireguard down scripts for peers
template:
src: down.sh.j2
- dest: /etc/wireguard/downbackbone.sh
+ dest: /etc/wireguard/downbb{{ item.name }}.sh
mode: 0744
+ with_items: "{{ wireguard_bb_peers }}"
+
+- name: create wireguard backbone service template
+ copy:
+ src: wgbackbone@.service
+ dest: /etc/systemd/system/wgbackbone@.service
- name: start and enable wireguard mesh
systemd:
- name: wg-quick@wgbackbone.service
+ name: wgbackbone@{{ item.name }}.service
enabled: yes
state: started
+ daemon_reload: yes
+ with_items: "{{ wireguard_bb_peers }}"
diff --git a/roles/install_wireguard_backbone/templates/down.sh.j2 b/roles/install_wireguard_backbone/templates/down.sh.j2
index 07325bf..fbdd387 100644
--- a/roles/install_wireguard_backbone/templates/down.sh.j2
+++ b/roles/install_wireguard_backbone/templates/down.sh.j2
@@ -1,5 +1,5 @@
#!/bin/bash
-{% for peer in wireguard_bb_peers %}
-ip link set down dev bb{{ peer.name }}
-ip link del bb{{ peer.name }} type ip6gretap
-{% endfor %}
+ip -4 rule del iif bb{{ item.name }} table ffmyk
+ip -6 rule del iif bb{{ item.name }} table ffmyk
+ip link set down dev bb{{ item.name }}
+ip link del bb{{ item.name }}
diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2
index 97985f9..38b3c26 100644
--- a/roles/install_wireguard_backbone/templates/up.sh.j2
+++ b/roles/install_wireguard_backbone/templates/up.sh.j2
@@ -1,7 +1,8 @@
#!/bin/bash
-{% for peer in wireguard_bb_peers %}
-ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone
-ip link set mtu 1280 dev bb{{ peer.name }}
-ip link set up dev bb{{ peer.name }}
-ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }}
-{% endfor %}
+ip link add bb{{ item.name }} type wireguard
+wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
+ip addr add {{ item.address6 }} dev bb{{ item.name }}
+ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.address }}/32 dev bb{{ item.name }}
+ip link set up dev bb{{ item.name }}
+ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10
+ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10
diff --git a/roles/install_wireguard_backbone/templates/wg.conf.j2 b/roles/install_wireguard_backbone/templates/wg.conf.j2
index 8e8841a..de0e1fb 100644
--- a/roles/install_wireguard_backbone/templates/wg.conf.j2
+++ b/roles/install_wireguard_backbone/templates/wg.conf.j2
@@ -1,15 +1,9 @@
[Interface]
-ListenPort = {{ wireguard_bb_port }}
+ListenPort = {{ item.local_port }}
PrivateKey = {{ wireguard_bb_key }}
-Address = {{ wireguard_bb_address }}/48
-MTU = 1423
-PostUp = /etc/wireguard/upbackbone.sh
-PreDown = /etc/wireguard/downbackbone.sh
-{% for peer in wireguard_bb_peers %}
[Peer]
-PublicKey = {{ peer.key }}
-AllowedIPs = {{ peer.address }}/128
-Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }}
+PublicKey = {{ item.key }}
+AllowedIPs = 0.0.0.0/0,::/0
+Endpoint = [{{ item.endpoint }}]:{{ item.remote_port }}
PersistentKeepalive = 30
-{% endfor %}