From 0f8af08cd75bf7cc369b7c4ba87a7d4311f16add Mon Sep 17 00:00:00 2001 From: Niklas Yann Wettengel Date: Sat, 12 Aug 2017 23:48:02 +0200 Subject: fixed backbone routing --- .../configure_static_routes/files/ffmyk-iproute.sh | 11 ++++++++-- .../templates/ffmyk-iproute-down.j2 | 2 -- .../templates/ffmyk-iproute-up.j2 | 2 -- .../files/wgbackbone@.service | 18 ++++++++++++++++ roles/install_wireguard_backbone/tasks/main.yml | 24 +++++++++++++++------- .../templates/down.sh.j2 | 8 ++++---- .../install_wireguard_backbone/templates/up.sh.j2 | 13 ++++++------ .../templates/wg.conf.j2 | 14 ++++--------- 8 files changed, 59 insertions(+), 33 deletions(-) create mode 100644 roles/install_wireguard_backbone/files/wgbackbone@.service diff --git a/roles/configure_static_routes/files/ffmyk-iproute.sh b/roles/configure_static_routes/files/ffmyk-iproute.sh index bb8c528..eb2f2fc 100755 --- a/roles/configure_static_routes/files/ffmyk-iproute.sh +++ b/roles/configure_static_routes/files/ffmyk-iproute.sh @@ -4,5 +4,12 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk -#ip -4 rule add from 10.222.0.0/16 table ffmyk -ip -6 rule add to 2001:470:cd45:FF00::/56 table ffmyk priority 190 +ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10 +ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10 +ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10 +ip -4 rule add to 10.222.8.0/21 table ffmyk priority 10 +ip -4 rule add to 10.222.16.0/20 table ffmyk priority 10 +ip -4 rule add to 10.222.32.0/19 table ffmyk priority 10 +ip -4 rule add to 10.222.64.0/18 table ffmyk priority 10 +ip -4 rule add to 10.222.128.0/17 table ffmyk priority 10 +ip -6 rule add to 2001:470:cd45:FF00::/56 table ffmyk priority 10 diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 index 51a0a17..ae50297 100644 --- a/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 +++ b/roles/configure_static_routes/templates/ffmyk-iproute-down.j2 @@ -7,5 +7,3 @@ ip -4 rule del iif bat{{ item.name }} table ffmyk ip -6 rule del iif bat{{ item.name }} table ffmyk ip -4 rule del from {{ item.net4 }} table ffmyk ip -6 rule del from {{ item.net6 }} table ffmyk -ip -4 rule del to {{ item.net4 }} table ffmyk -ip -6 rule del to {{ item.net6 }} table ffmyk diff --git a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 index e97f8bc..47af244 100644 --- a/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 +++ b/roles/configure_static_routes/templates/ffmyk-iproute-up.j2 @@ -4,8 +4,6 @@ ip -4 rule add iif bat{{ item.name }} table ffmyk priority 10 ip -6 rule add iif bat{{ item.name }} table ffmyk priority 10 ip -4 rule add from {{ item.net4 }} table ffmyk priority 10 ip -6 rule add from {{ item.net6 }} table ffmyk priority 10 -ip -4 rule add to {{ item.net4 }} table ffmyk priority 10 -ip -6 rule add to {{ item.net6 }} table ffmyk priority 10 ip -4 rule add from all iif bat{{ item.name }} type unreachable priority 200 ip -6 rule add from all iif bat{{ item.name }} type unreachable priority 200 diff --git a/roles/install_wireguard_backbone/files/wgbackbone@.service b/roles/install_wireguard_backbone/files/wgbackbone@.service new file mode 100644 index 0000000..7dfc5bd --- /dev/null +++ b/roles/install_wireguard_backbone/files/wgbackbone@.service @@ -0,0 +1,18 @@ +[Unit] +Description=WireGuard Backbone for %I +After=network-online.target +Wants=network-online.target +Documentation=man:wg(8) +Documentation=https://www.wireguard.io/ +Documentation=https://www.wireguard.io/quickstart/ +Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8 +Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg.8 + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/etc/wireguard/upbb%i.sh +ExecStop=/etc/wireguard/downbb%i.sh + +[Install] +WantedBy=multi-user.target diff --git a/roles/install_wireguard_backbone/tasks/main.yml b/roles/install_wireguard_backbone/tasks/main.yml index d0b725d..09edb03 100644 --- a/roles/install_wireguard_backbone/tasks/main.yml +++ b/roles/install_wireguard_backbone/tasks/main.yml @@ -1,24 +1,34 @@ --- -- name: create wireguard config for sites +- name: create wireguard config for peers template: src: wg.conf.j2 - dest: /etc/wireguard/wgbackbone.conf + dest: /etc/wireguard/wgbb{{ item.name }}.conf mode: 0400 + with_items: "{{ wireguard_bb_peers }}" -- name: create wireguard up scripts for sites +- name: create wireguard up scripts for peers template: src: up.sh.j2 - dest: /etc/wireguard/upbackbone.sh + dest: /etc/wireguard/upbb{{ item.name }}.sh mode: 0744 + with_items: "{{ wireguard_bb_peers }}" -- name: create wireguard down scripts for sites +- name: create wireguard down scripts for peers template: src: down.sh.j2 - dest: /etc/wireguard/downbackbone.sh + dest: /etc/wireguard/downbb{{ item.name }}.sh mode: 0744 + with_items: "{{ wireguard_bb_peers }}" + +- name: create wireguard backbone service template + copy: + src: wgbackbone@.service + dest: /etc/systemd/system/wgbackbone@.service - name: start and enable wireguard mesh systemd: - name: wg-quick@wgbackbone.service + name: wgbackbone@{{ item.name }}.service enabled: yes state: started + daemon_reload: yes + with_items: "{{ wireguard_bb_peers }}" diff --git a/roles/install_wireguard_backbone/templates/down.sh.j2 b/roles/install_wireguard_backbone/templates/down.sh.j2 index 07325bf..fbdd387 100644 --- a/roles/install_wireguard_backbone/templates/down.sh.j2 +++ b/roles/install_wireguard_backbone/templates/down.sh.j2 @@ -1,5 +1,5 @@ #!/bin/bash -{% for peer in wireguard_bb_peers %} -ip link set down dev bb{{ peer.name }} -ip link del bb{{ peer.name }} type ip6gretap -{% endfor %} +ip -4 rule del iif bb{{ item.name }} table ffmyk +ip -6 rule del iif bb{{ item.name }} table ffmyk +ip link set down dev bb{{ item.name }} +ip link del bb{{ item.name }} diff --git a/roles/install_wireguard_backbone/templates/up.sh.j2 b/roles/install_wireguard_backbone/templates/up.sh.j2 index 97985f9..38b3c26 100644 --- a/roles/install_wireguard_backbone/templates/up.sh.j2 +++ b/roles/install_wireguard_backbone/templates/up.sh.j2 @@ -1,7 +1,8 @@ #!/bin/bash -{% for peer in wireguard_bb_peers %} -ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone -ip link set mtu 1280 dev bb{{ peer.name }} -ip link set up dev bb{{ peer.name }} -ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }} -{% endfor %} +ip link add bb{{ item.name }} type wireguard +wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf +ip addr add {{ item.address6 }} dev bb{{ item.name }} +ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.address }}/32 dev bb{{ item.name }} +ip link set up dev bb{{ item.name }} +ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10 +ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10 diff --git a/roles/install_wireguard_backbone/templates/wg.conf.j2 b/roles/install_wireguard_backbone/templates/wg.conf.j2 index 8e8841a..de0e1fb 100644 --- a/roles/install_wireguard_backbone/templates/wg.conf.j2 +++ b/roles/install_wireguard_backbone/templates/wg.conf.j2 @@ -1,15 +1,9 @@ [Interface] -ListenPort = {{ wireguard_bb_port }} +ListenPort = {{ item.local_port }} PrivateKey = {{ wireguard_bb_key }} -Address = {{ wireguard_bb_address }}/48 -MTU = 1423 -PostUp = /etc/wireguard/upbackbone.sh -PreDown = /etc/wireguard/downbackbone.sh -{% for peer in wireguard_bb_peers %} [Peer] -PublicKey = {{ peer.key }} -AllowedIPs = {{ peer.address }}/128 -Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }} +PublicKey = {{ item.key }} +AllowedIPs = 0.0.0.0/0,::/0 +Endpoint = [{{ item.endpoint }}]:{{ item.remote_port }} PersistentKeepalive = 30 -{% endfor %} -- cgit v1.2.3-54-g00ecf