6 files changed, 8 insertions, 13 deletions

diff --git a/host_vars/fastd b/host_vars/fastd
index 5f60540..1029b1c 100644
--- a/host_vars/fastd
+++ b/host_vars/fastd
@@ -11,6 +11,7 @@ sites:
     fastd_port2: <zweiter port>
     bat_ipv6: '<ipv6>'
     bat_ipv4: <ipv4>
+    bat_ipv4_cidr: 21
     dhcp_subnet: '<ipv4 netz ohne netzmaske>'
     dhcp_netmask: '<netzmaske>'
     dhcp_start: <ipv4>
diff --git a/roles/configure_iptables/templates/ip6tables.rules b/roles/configure_iptables/templates/ip6tables.rules
index 3b3bd03..c0ec379 100644
--- a/roles/configure_iptables/templates/ip6tables.rules
+++ b/roles/configure_iptables/templates/ip6tables.rules
@@ -87,12 +87,8 @@ COMMIT
 {% endfor %}
 {% endif %}
 -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT
-{% if 'ffrl_uplink' in group_names %}
-{% for peer in ffrl_peers %}
--A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-{% endfor %}
-{% endif %}
+-A FORWARD -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+-A FORWARD -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 COMMIT
 *nat
 :PREROUTING ACCEPT [0:0]
diff --git a/roles/configure_iptables/templates/iptables.rules b/roles/configure_iptables/templates/iptables.rules
index 5fbe272..a3ee47e 100644
--- a/roles/configure_iptables/templates/iptables.rules
+++ b/roles/configure_iptables/templates/iptables.rules
@@ -71,12 +71,8 @@ COMMIT
 {% endfor %}
 {% endif %}
 -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
-{% if 'ffrl_uplink' in group_names %}
-{% for peer in ffrl_peers %}
--A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
--A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-{% endfor %}
-{% endif %}
+-A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+-A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
 COMMIT
 *nat
diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2
index 3c5edac..2491f10 100644
--- a/roles/install_wireguard_backbone/templates/up.sh.j2
+++ b/roles/install_wireguard_backbone/templates/up.sh.j2
@@ -3,6 +3,7 @@ ip link add bb{{ hostvars[item]['wireguard_bb_name'] }} type wireguard
 wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
 ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ hostvars[item]['wireguard_bb_name'] }}
 ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }}
+ip link set dev bb{{ hostvars[item]['wireguard_bb_name'] }} mtu 1280
 ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }}
 ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10
 ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10
diff --git a/roles/install_wireguard_backbone/templates/up2.sh.j2 b/roles/install_wireguard_backbone/templates/up2.sh.j2
index 415ea94..7fd1fa8 100644
--- a/roles/install_wireguard_backbone/templates/up2.sh.j2
+++ b/roles/install_wireguard_backbone/templates/up2.sh.j2
@@ -3,6 +3,7 @@ ip link add bb{{ item.name }} type wireguard
 wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
 ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ item.name }}
 ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }}
+ip link set dev bb{{ item.name }} mtu 1280
 ip link set up dev bb{{ item.name }}
 ip -4 rule add from all iif bb{{ item.name }} table ffmyk priority 10
 ip -6 rule add from all iif bb{{ item.name }} table ffmyk priority 10
diff --git a/roles/setup_batman/templates/netctl_bat.j2 b/roles/setup_batman/templates/netctl_bat.j2
index 01ebb6d..5e11d74 100644
--- a/roles/setup_batman/templates/netctl_bat.j2
+++ b/roles/setup_batman/templates/netctl_bat.j2
@@ -3,6 +3,6 @@ Interface=bat{{ item.name }}
 IP=static
 IP6=static
 Address6=({{ item.bat_ipv6 }}/64)
-Address=({{ item.bat_ipv4 }}/20)
+Address=({{ item.bat_ipv4 }}/{{ item.bat_ipv4_cidr }})
 ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
 ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh