remove nat64

author: Niklas Yann Wettengel <niyawe@niyawe.de> 2020-08-23 13:38:55 +0200
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2020-08-23 13:38:55 +0200
commit: 7e89a60f8c92037f55792bdf37707cc068f8cf27 (patch)
tree: a9dc9a4b1429c3cb7b6c4e6d940dbb7161dce6ba /roles
parent: def14f0993b863bba310488a26e981e8587bbe22 (diff)
5 files changed, 5 insertions, 53 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index c1e5b4c..0f8c50f 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -10,7 +10,7 @@
 {% endfor %}
 {% endif %}
 
-{% if 'fastd' in group_names or 'nat64' in group_names %}
+{% if 'fastd' in group_names %}
 {% for peer in groups['uplink'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
@@ -19,9 +19,6 @@
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
-{% for peer in groups['nat64'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
 {% for peer in groups['uplink'] | difference([inventory_hostname]) %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
@@ -63,7 +60,7 @@ COMMIT
 {% endfor %}
 {% endif %}
 # wireguard_backbone
-{% if 'fastd' in group_names or 'nat64' in group_names %}
+{% if 'fastd' in group_names %}
 {% for peer in groups['uplink'] %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
@@ -74,10 +71,6 @@ COMMIT
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
 {% endfor %}
-{% for peer in groups['nat64'] %}
--A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
--A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
-{% endfor %}
 {% for peer in groups['uplink'] | difference([inventory_hostname]) %}
 -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
 -A INPUT -p udp --dport {{ hostvars[peer]['wireguard_bb_port'] }} -j ACCEPT
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index bd2fcf2..6f40af8 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -19,9 +19,6 @@
 {% for peer in groups['fastd'] %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
-{% for peer in groups['nat64'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
 {% for peer in groups['uplink'] | difference([inventory_hostname]) %}
 -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
@@ -29,11 +26,6 @@
 -A PREROUTING -i bb{{ peer.name }} -j MARK --set-xmark 0x1/0xffffffff
 {% endfor %}
 {% endif %}
-{% if 'nat64' in group_names %}
-{% for peer in groups['uplink'] %}
--A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
-{% endfor %}
-{% endif %}
 COMMIT
 *filter
 :INPUT DROP [0:0]
diff --git a/roles/install_babeld/templates/babeld.conf.j2 b/roles/install_babeld/templates/babeld.conf.j2
index 88ba346..d714158 100644
--- a/roles/install_babeld/templates/babeld.conf.j2
+++ b/roles/install_babeld/templates/babeld.conf.j2
@@ -5,7 +5,7 @@
 ipv6-subtrees true
 
 # You must provide at least one interface for babeld to operate on.
-{% if ('fastd' in group_names) or ('nat64' in group_names) %}
+{% if ('fastd' in group_names) %}
 {% for peer in groups['uplink'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
@@ -14,9 +14,6 @@ interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% for peer in groups['fastd'] %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
-{% for peer in groups['nat64'] %}
-interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
-{% endfor %}
 {% for peer in groups['uplink'] | difference([inventory_hostname]) %}
 interface bb{{ hostvars[peer]['wireguard_bb_name'] }}
 {% endfor %}
@@ -45,7 +42,6 @@ in ip 10.30.0.0/18 allow
 in ip 10.222.0.0/16 allow
 in ip 2a03:2260:1016::/48 allow
 in ip 2003:46:e028::/48 allow # finzelberg
-in ip 64:ff9b::/96 allow # nat64
 in ip fd62:44e1:da::/48 allow
 in deny # ignore default routes on uplinks
 {% endif %}
@@ -67,7 +63,7 @@ redistribute ip 64:ff9b::/96 allow
 redistribute ip fd62:44e1:da::/48 allow
 redistribute local deny
 
-{% if ('fastd' in group_names or 'nat64' in group_names) and preferred_uplink is defined %}
+{% if ('fastd' in group_names) and preferred_uplink is defined %}
 {% for peer in groups['uplink'] %}
 {% if not hostvars[peer]['wireguard_bb_name'] == preferred_uplink %}
 in if bb{{ hostvars[peer]['wireguard_bb_name'] }} metric 64
diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml
index 24facda..630e82c 100644
--- a/roles/install_wireguard_backbone/tasks/main.yml
+++ b/roles/install_wireguard_backbone/tasks/main.yml
@@ -5,7 +5,7 @@
       dest: /etc/systemd/system/wgbackbone@.service
 
 - include_tasks: fastd_tasks.yml
-  when: "('fastd' in group_names) or ('nat64' in group_names)"
+  when: "('fastd' in group_names)"
 
 - include_tasks: uplink_tasks.yml
   when: "'uplink' in group_names"
diff --git a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
index 357fa0b..ea906e5 100644
--- a/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
+++ b/roles/install_wireguard_backbone/tasks/uplink_tasks.yml
@@ -6,13 +6,6 @@
       mode: 0400
   with_items: "{{ groups['fastd'] }}"
 
-- name: create wireguard config for nat64
-  template:
-      src: wg.conf.j2
-      dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
-      mode: 0400
-  with_items: "{{ groups['nat64'] }}"
-
 - name: create wireguard config for uplinks
   template:
       src: wg.conf.j2
@@ -34,13 +27,6 @@
       mode: 0744
   with_items: "{{ groups['fastd'] }}"
 
-- name: create wireguard up scripts for nat64
-  template:
-      src: up.sh.j2
-      dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
-      mode: 0744
-  with_items: "{{ groups['nat64'] }}"
-
 - name: create wireguard up scripts for uplinks
   template:
       src: up.sh.j2
@@ -62,13 +48,6 @@
       mode: 0744
   with_items: "{{ groups['fastd'] }}"
 
-- name: create wireguard down scripts for nat64
-  template:
-      src: down.sh.j2
-      dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
-      mode: 0744
-  with_items: "{{ groups['nat64'] }}"
-
 - name: create wireguard down scripts for uplinks
   template:
       src: down.sh.j2
@@ -91,14 +70,6 @@
       daemon_reload: yes
   with_items: "{{ groups['fastd'] }}"
 
-- name: start and enable wireguard mesh for nat64
-  systemd:
-      name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
-      enabled: yes
-      state: started
-      daemon_reload: yes
-  with_items: "{{ groups['nat64'] }}"
-
 - name: start and enable wireguard mesh for uplinks
   systemd:
       name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2020-08-23 13:38:55 +0200
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2020-08-23 13:38:55 +0200
commit	7e89a60f8c92037f55792bdf37707cc068f8cf27 (patch)
tree	a9dc9a4b1429c3cb7b6c4e6d940dbb7161dce6ba /roles
parent	def14f0993b863bba310488a26e981e8587bbe22 (diff)