Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Add ERX Routers

Browse Source
This commit is contained in:
Stefan Hoffmann 2023-04-13 17:07:18 +02:00
parent b743a01bf0
commit c301de90a5
Signed by: stefan
GPG Key ID: 8EFC7042BF8D5CDD
7 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
host_vars/edge1/vars.yml
View File

@ -9,5 +9,6 @@ ipv4_address: 10.1.0.1
ipv6_network: 2a03:2260:121:603::/64
ipv6_address: 2a03:2260:121:603::1/64
wireguard_address: 10.255.1.2/24
wireguard_v6_address: fd80:3ea2:e399:203a::3
wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
wiregurad_v4: 10.255.1.1

1
host_vars/edge2/vars.yml
View File

@ -9,5 +9,6 @@ ipv4_address: 10.7.0.1
ipv6_network: 2a03:2260:121:607::/64
ipv6_address: 2a03:2260:121:607::1/64
wireguard_address: 10.255.1.7/24
wireguard_v6_address: fd80:3ea2:e399:203a::7
wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
wiregurad_v4: 10.255.1.1

1
host_vars/edge3/vars.yml
View File

@ -9,5 +9,6 @@ ipv4_address: 10.9.0.1
ipv6_network: 2a03:2260:121:609::/64
ipv6_address: 2a03:2260:121:609::1/64
wireguard_address: 10.255.1.9/24
wireguard_v6_address: fd80:3ea2:e399:203a::9
wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
wiregurad_v4: 10.255.1.1

1
host_vars/edge4/vars.yml
View File

@ -9,5 +9,6 @@ ipv4_address: 10.10.0.1
ipv6_network: 2a03:2260:121:60a::/64
ipv6_address: 2a03:2260:121:60a::1/64
wireguard_address: 10.255.1.10/24
wireguard_v6_address: fd80:3ea2:e399:203a::10
wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s=
wiregurad_v4: 10.255.1.1

2
hosts.yml
View File

@ -27,4 +27,6 @@ all:
hosts:
edge1:
edge2:
edge3:
edge4:

5
roles/01-vpn-router-config/templates/edgerouter.conf.j2
View File

@ -49,7 +49,7 @@ set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces switch switch0 address {{ ipv4_address }}/24
set interfaces switch switch0 address '{{ ipv6_address }}/24'
set interfaces switch switch0 address '{{ ipv6_address }}'
set interfaces switch switch0 description Local
set interfaces switch switch0 firewall in ipv6-modify LAN_to_VPN_V6
set interfaces switch switch0 firewall in modify LAN_to_VPN
@ -73,7 +73,7 @@ set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
set interfaces switch switch0 switch-port vlan-aware disable
set interfaces wireguard wg0 address {{ wireguard_address }}
set interfaces wireguard wg0 address 2a03:2260:121:600::1/64
set interfaces wireguard wg0 address {{ wireguard_v6_address }}
set interfaces wireguard wg0 listen-port 51822
set interfaces wireguard wg0 mtu 1380
set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0
@ -81,6 +81,7 @@ set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips '::0/0'
set interfaces wireguard wg0 peer {{ wireguard_public }} endpoint 'vpn01.fftdf.de:42001'
set interfaces wireguard wg0 private-key /config/auth/wg.key
set interfaces wireguard wg0 route-allowed-ips false
set protocols static interface-route6 ::/0 next-hop-interface wg0
set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface wg0
set protocols static table 2 interface-route6 '::/0' next-hop-interface wg0
delete service dhcp-server

7
update_wg.yml
View File

@ -2,4 +2,9 @@
- name: System preperation
hosts: vpn-offloader-wireguard
roles:
- 21-install-wireguard
- 21-install-wireguard
- name: System preperation
hosts: edge_router
roles:
- 01-vpn-router-config