diff options
| author | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-03-15 14:09:20 +0100 |
|---|---|---|
| committer | Niklas Yann Wettengel <niyawe@niyawe.de> | 2018-03-15 14:09:20 +0100 |
| commit | ad992a78dd732e40981bd89ea153a0707560a4ef (patch) | |
| tree | 8189c94c7f408b47d552a91579d2645dffc4a9dd /roles | |
| parent | c216adad03b74dbf954b0b2ed0c615a25f00e1ea (diff) | |
set wireguard backbone mtu to 1280
Diffstat (limited to 'roles')
5 files changed, 7 insertions, 13 deletions
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules index 3b3bd03..c0ec379 100644 --- a/roles/configure_iptables/templates/ip6tables.rules +++ b/roles/configure_iptables/templates/ip6tables.rules @@ -87,12 +87,8 @@ COMMIT {% endfor %} {% endif %} -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT -{% if 'ffrl_uplink' in group_names %} -{% for peer in ffrl_peers %} --A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -{% endfor %} -{% endif %} +-A FORWARD -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat :PREROUTING ACCEPT [0:0] diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules index 5fbe272..a3ee47e 100644 --- a/roles/configure_iptables/templates/iptables.rules +++ b/roles/configure_iptables/templates/iptables.rules @@ -71,12 +71,8 @@ COMMIT {% endfor %} {% endif %} -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -{% if 'ffrl_uplink' in group_names %} -{% for peer in ffrl_peers %} --A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu --A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -{% endfor %} -{% endif %} +-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu +-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT *nat diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2 index 3c5edac..2491f10 100644 --- a/roles/install_wireguard_backbone/templates/up.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up.sh.j2 @@ -3,6 +3,7 @@ ip link add bb{{ hostvars[item]['wireguard_bb_name'] }} type wireguard wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }} +ip link set dev bb{{ hostvars[item]['wireguard_bb_name'] }} mtu 1280 ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 diff --git a/roles/install_wireguard_backbone/templates/up2.sh.j2 b/roles/install_wireguard_backbone/templates/up2.sh.j2 index 415ea94..7fd1fa8 100644 --- a/roles/install_wireguard_backbone/templates/up2.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up2.sh.j2 @@ -3,6 +3,7 @@ ip link add bb{{ item.name }} type wireguard wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ item.name }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }} +ip link set dev bb{{ item.name }} mtu 1280 ip link set up dev bb{{ item.name }} ip -4 rule add from all iif bb{{ item.name }} table ffmyk priority 10 ip -6 rule add from all iif bb{{ item.name }} table ffmyk priority 10 diff --git a/roles/setup_batman/templates/netctl_bat.j2 b/roles/setup_batman/templates/netctl_bat.j2 index 01ebb6d..5e11d74 100644 --- a/roles/setup_batman/templates/netctl_bat.j2 +++ b/roles/setup_batman/templates/netctl_bat.j2 @@ -3,6 +3,6 @@ Interface=bat{{ item.name }} IP=static IP6=static Address6=({{ item.bat_ipv6 }}/64) -Address=({{ item.bat_ipv4 }}/20) +Address=({{ item.bat_ipv4 }}/{{ item.bat_ipv4_cidr }}) ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh |