diff options
author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2022-01-22 19:59:11 +0100 |
---|---|---|
committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2022-01-22 19:59:11 +0100 |
commit | fb0dbf28a0e7979050858256d2040d734b282afe (patch) | |
tree | 153ac6d83de80fd39a6724e72a3beb6a56992300 /roles/install_wireguard_vpn | |
parent | b53a8cf2283b2d6debb94cd399a72d25da0d7c82 (diff) |
new net with nat64
Diffstat (limited to 'roles/install_wireguard_vpn')
-rw-r--r-- | roles/install_wireguard_vpn/tasks/main.yml | 24 | ||||
-rw-r--r-- | roles/install_wireguard_vpn/templates/down.sh.j2 | 6 | ||||
-rw-r--r-- | roles/install_wireguard_vpn/templates/up.sh.j2 | 9 | ||||
-rw-r--r-- | roles/install_wireguard_vpn/templates/wg.conf.j2 | 7 |
4 files changed, 46 insertions, 0 deletions
diff --git a/roles/install_wireguard_vpn/tasks/main.yml b/roles/install_wireguard_vpn/tasks/main.yml new file mode 100644 index 0000000..3ca9dcc --- /dev/null +++ b/roles/install_wireguard_vpn/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: create wireguard config for wgmyk + template: + src: wg.conf.j2 + dest: /etc/wireguard/wgmyk.conf + mode: 0400 + +- name: create wireguard up scripts for wgmyk + template: + src: up.sh.j2 + dest: /etc/wireguard/upmyk.sh + mode: 0744 + +- name: create wireguard down scripts for wgmyk + template: + src: down.sh.j2 + dest: /etc/wireguard/downmyk.sh + mode: 0744 + +- name: start and enable wireguard mesh + systemd: + name: wg-quick@wgmyk.service + enabled: yes + state: started diff --git a/roles/install_wireguard_vpn/templates/down.sh.j2 b/roles/install_wireguard_vpn/templates/down.sh.j2 new file mode 100644 index 0000000..d33011f --- /dev/null +++ b/roles/install_wireguard_vpn/templates/down.sh.j2 @@ -0,0 +1,6 @@ +#!/bin/bash + +ip -6 route del {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk + +ip -6 rule del iif wgmyk +ip -6 rule del from {{ wireguard_vpn_client_range }} diff --git a/roles/install_wireguard_vpn/templates/up.sh.j2 b/roles/install_wireguard_vpn/templates/up.sh.j2 new file mode 100644 index 0000000..c57d16f --- /dev/null +++ b/roles/install_wireguard_vpn/templates/up.sh.j2 @@ -0,0 +1,9 @@ +#!/bin/bash + +ip -6 rule add iif wgmyk table ffmyk priority 10 +ip -6 rule add from {{ wireguard_vpn_client_range }} table ffmyk priority 10 + +ip -6 rule add from all iif wgmyk type unreachable priority 200 + +ip -6 route add {{ wireguard_vpn_client_range }} table ffmyk dev wgmyk +systemctl restart named.service diff --git a/roles/install_wireguard_vpn/templates/wg.conf.j2 b/roles/install_wireguard_vpn/templates/wg.conf.j2 new file mode 100644 index 0000000..3e25549 --- /dev/null +++ b/roles/install_wireguard_vpn/templates/wg.conf.j2 @@ -0,0 +1,7 @@ +[Interface] +ListenPort = {{ wireguard_vpn_port }} +PrivateKey = {{ wireguard_vpn_priv_key }} +Address = {{ wireguard_vpn_address }}/128 +MTU = 1400 +PostUp = /etc/wireguard/upmyk.sh +PreDown = /etc/wireguard/downmyk.sh |