Changed Wireguard Routing setup; Default= Freifunk

This commit is contained in:
Stefan Hoffmann 2023-04-17 18:21:37 +02:00
parent 68d49c65b0
commit 534525e4cb
Signed by: stefan
GPG Key ID: 8EFC7042BF8D5CDD
7 changed files with 40 additions and 25 deletions

View File

@ -1,4 +1,9 @@
ansible_host: 5.9.220.115 ansible_host: 5.9.220.115
ansible_host_net: /29
ansible_host_ipv6: 2a01:4f8:262:5112::102
ansible_host_ipv6_net: /64
ipv4_gateway: 5.9.220.112
ipv6_gateway: 2a01:4f8:262:5112::3
ansible_port: 22 ansible_port: 22
ansible_ssh_user: root ansible_ssh_user: root
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3

View File

@ -14,7 +14,7 @@ all:
children: children:
vpn_offloader_wireguard: vpn_offloader_wireguard:
hosts: hosts:
vpn01: #vpn01:
vpn02: vpn02:
freifunk_supernodes: freifunk_supernodes:
hosts: hosts:

View File

@ -48,10 +48,24 @@
state: latest state: latest
update_cache: yes update_cache: yes
- name: Find all Netplan Files without of the freifunk file
find:
paths: /etc/netplan/
file_type: file
excludes:
- "01-freifunk.yaml"
register: found_files
- name: Delete files
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ found_files['files'] }}"
- name: Copy Netplan Template for Internal Network - name: Copy Netplan Template for Internal Network
ansible.builtin.template: ansible.builtin.template:
src: netplan.j2 src: netplan.j2
dest: /etc/netplan/01-freifunk-internal.yaml dest: /etc/netplan/01-freifunk.yaml
owner: root owner: root
group: root group: root
mode: 755 mode: 755

View File

@ -1,5 +1,24 @@
network: network:
ethernets: ethernets:
ens18:
addresses:
- {{ ansible_host }}{{ ansible_host_net }}
- {{ ansible_host_ipv6 }}{{ ansible_host_ipv6_net }}
nameservers:
addresses:
- 1.1.1.1
routes:
- to: default
via: {{ ipv4_gateway }}
table: 88
- to: default
via: {{ ipv6_gateway }}
table: 88
routing-policy:
- from: {{ ansible_host }}
table: 88
- from: {{ ansible_host_ipv6 }}
table: 88
ens19: ens19:
dhcp4: false dhcp4: false
addresses: addresses:
@ -10,5 +29,4 @@ network:
routes: routes:
- to: default - to: default
via: {{ core_router }} via: {{ core_router }}
table: 42
version: 2 version: 2

View File

@ -1,9 +0,0 @@
#!/bin/sh
ip rule add fwmark 0x4 table 42
iptables -t mangle -A PREROUTING -s 10.255.0.0/16 ! -d 10.0.0.0/8 -j MARK --set-mark 4
routeExists=$(ip route show table 42 | grep '172.16.7.1')
if [ -z "$routeExists" ]; then
ip route add default via 172.16.7.1 table 42
fi

View File

@ -84,16 +84,6 @@
notify: notify:
- reconfigure wireguard - reconfigure wireguard
- name: Copy PostUp Script
ansible.builtin.copy:
src: postup.sh
dest: /etc/wireguard/postup.sh
mode: 755
tags:
- wg-config
notify:
- reconfigure wireguard
- name: Start and enable WireGuard service - name: Start and enable WireGuard service
ansible.builtin.service: ansible.builtin.service:
name: "wg-quick@vpn01" name: "wg-quick@vpn01"

View File

@ -9,9 +9,6 @@ PrivateKey = {{ wireguard_private_key }}
ListenPort = {{ wireguard_port }} ListenPort = {{ wireguard_port }}
MTU = 1380 MTU = 1380
PostUp = /etc/wireguard/postup.sh
PostDown = ip route del default via 172.16.7.1 table 42
{% if wireguard_unmanaged_peers is defined %} {% if wireguard_unmanaged_peers is defined %}
# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable # Peers not managed by Ansible from "wireguard_unmanaged_peers" variable