diff options
author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-01-25 18:10:43 +0100 |
---|---|---|
committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-01-25 18:10:43 +0100 |
commit | 0e9d895e778b592bc9e823ee2a06e5b15dd638eb (patch) | |
tree | c7eddf992b12ae5fdf01003bd75b90fe244ff35e /roles | |
parent | 99dddff8625388641b9dd84b0e87a55f5c13bc82 (diff) |
added mullvad uplink
Diffstat (limited to 'roles')
-rw-r--r-- | roles/configure_iptables/templates/ip6tables.rules | 22 | ||||
-rw-r--r-- | roles/configure_iptables/templates/iptables.rules | 14 | ||||
-rw-r--r-- | roles/install_babeld/templates/babeld.conf.j2 | 3 | ||||
-rwxr-xr-x | roles/install_openvpn/files/mullvad-up.sh | 2 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/tasks/main.yml | 8 | ||||
-rw-r--r-- | roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml | 29 |
6 files changed, 66 insertions, 12 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 0f31387..913ac7c 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -10,13 +10,18 @@ {% endfor %} {% endif %} -{% if 'ffrl_uplink' in group_names %} +{% if 'fastd' in group_names %} +{% for peer in groups['ffrl_uplink'] %} +-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff +{% endfor %} +{% endif %} +{% if 'mullvad_uplink' in group_names %} {% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} -{% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} +{% if 'ffrl_uplink' in group_names %} +{% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} @@ -47,13 +52,18 @@ COMMIT {% endfor %} {% endif %} # wireguard_backbone -{% if 'ffrl_uplink' in group_names %} +{% if 'fastd' in group_names %} +{% for peer in groups['ffrl_uplink'] %} +-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT +{% endfor %} +{% endif %} +{% if 'mullvad_uplink' in group_names %} {% for peer in groups['fastd'] %} -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT {% endfor %} {% endif %} -{% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} +{% if 'ffrl_uplink' in group_names %} +{% for peer in groups['fastd'] %} -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT {% endfor %} {% endif %} diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index d395a42..5b5410d 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -10,13 +10,18 @@ {% endfor %} {% endif %} -{% if 'ffrl_uplink' in group_names %} +{% if 'fastd' in group_names %} +{% for peer in groups['ffrl_uplink'] %} +-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff +{% endfor %} +{% endif %} +{% if 'mullvad_uplink' in group_names %} {% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} -{% if 'fastd' in group_names %} -{% for peer in groups['ffrl_uplink'] %} +{% if 'ffrl_uplink' in group_names %} +{% for peer in groups['fastd'] %} -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff {% endfor %} {% endif %} @@ -78,4 +83,7 @@ COMMIT -A POSTROUTING ! -s {{ ffrl_ip4 }} -o {{ peer.name }} -j SNAT --to-source {{ ffrl_ip4 }} {% endfor %} {% endif %} +{% if 'mullvad_uplink' in group_names %} +-A POSTROUTING -o mullvad -j MASQUERADE +{% endif %} COMMIT diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2 index a675fd6..4a471dc 100644 --- a/roles/install_babeld/templates/babeld.conf.j2 +++ b/roles/install_babeld/templates/babeld.conf.j2 @@ -50,6 +50,9 @@ import-table 42 #in ip 2001:db8:cafe:cafe::/64 allow #in deny +{% if 'mullvad_uplink' in group_names %} +redistribute if mullvad metric 128 +{% endif %} {% if 'ffrl_uplink' in group_names %} {% for peer in ffrl_peers %} redistribute if {{ peer.name }} metric 128 diff --git a/roles/install_openvpn/files/mullvad-up.sh b/roles/install_openvpn/files/mullvad-up.sh index 9a339f0..4d5795f 100755 --- a/roles/install_openvpn/files/mullvad-up.sh +++ b/roles/install_openvpn/files/mullvad-up.sh @@ -3,6 +3,6 @@ sleep 3 echo Reroute via $route_vpn_gateway ip route replace 0.0.0.0/0 via $route_vpn_gateway proto static table ffmyk -ip -6 route replace default dev $dev proto static table ffmyk +#ip -6 route replace default dev $dev proto static table ffmyk exit 0 diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml index eafd889..8f9ca5a 100644 --- a/roles/install_wireguard_backbone/tasks/main.yml +++ b/roles/install_wireguard_backbone/tasks/main.yml @@ -4,8 +4,12 @@ src: wgbackbone@.service dest: /etc/systemd/system/wgbackbone@.service +- include_tasks: fastd_tasks.yml + when: "'fastd' in group_names" + +- include_tasks: mullvad_uplink_tasks.yml + when: "'mullvad_uplink' in group_names" + - include_tasks: ffrl_uplink_tasks.yml when: "'ffrl_uplink' in group_names" -- include_tasks: fastd_tasks.yml - when: "'fastd' in group_names" diff --git a/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml new file mode 100644 index 0000000..d894758 --- /dev/null +++ b/roles/install_wireguard_backbone/tasks/mullvad_uplink_tasks.yml @@ -0,0 +1,29 @@ +--- +- name: create wireguard config for peers + template: + src: wg.conf.j2 + dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf + mode: 0400 + with_items: "{{ groups['fastd'] }}" + +- name: create wireguard up scripts for peers + template: + src: up.sh.j2 + dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh + mode: 0744 + with_items: "{{ groups['fastd'] }}" + +- name: create wireguard down scripts for peers + template: + src: down.sh.j2 + dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh + mode: 0744 + with_items: "{{ groups['fastd'] }}" + +- name: start and enable wireguard mesh + systemd: + name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service + enabled: yes + state: started + daemon_reload: yes + with_items: "{{ groups['fastd'] }}" |