From c301de90a5fe12be0e9f5a1804911dd41eab1992 Mon Sep 17 00:00:00 2001 From: Stefan Date: Thu, 13 Apr 2023 17:07:18 +0200 Subject: [PATCH] Add ERX Routers --- host_vars/edge1/vars.yml | 1 + host_vars/edge2/vars.yml | 1 + host_vars/edge3/vars.yml | 1 + host_vars/edge4/vars.yml | 1 + hosts.yml | 2 ++ roles/01-vpn-router-config/templates/edgerouter.conf.j2 | 5 +++-- update_wg.yml | 7 ++++++- 7 files changed, 15 insertions(+), 3 deletions(-) diff --git a/host_vars/edge1/vars.yml b/host_vars/edge1/vars.yml index 9eb54c2..43af925 100644 --- a/host_vars/edge1/vars.yml +++ b/host_vars/edge1/vars.yml @@ -9,5 +9,6 @@ ipv4_address: 10.1.0.1 ipv6_network: 2a03:2260:121:603::/64 ipv6_address: 2a03:2260:121:603::1/64 wireguard_address: 10.255.1.2/24 +wireguard_v6_address: fd80:3ea2:e399:203a::3 wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= wiregurad_v4: 10.255.1.1 \ No newline at end of file diff --git a/host_vars/edge2/vars.yml b/host_vars/edge2/vars.yml index 6e464ee..c240c40 100644 --- a/host_vars/edge2/vars.yml +++ b/host_vars/edge2/vars.yml @@ -9,5 +9,6 @@ ipv4_address: 10.7.0.1 ipv6_network: 2a03:2260:121:607::/64 ipv6_address: 2a03:2260:121:607::1/64 wireguard_address: 10.255.1.7/24 +wireguard_v6_address: fd80:3ea2:e399:203a::7 wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= wiregurad_v4: 10.255.1.1 \ No newline at end of file diff --git a/host_vars/edge3/vars.yml b/host_vars/edge3/vars.yml index 5fe4c25..1b23063 100644 --- a/host_vars/edge3/vars.yml +++ b/host_vars/edge3/vars.yml @@ -9,5 +9,6 @@ ipv4_address: 10.9.0.1 ipv6_network: 2a03:2260:121:609::/64 ipv6_address: 2a03:2260:121:609::1/64 wireguard_address: 10.255.1.9/24 +wireguard_v6_address: fd80:3ea2:e399:203a::9 wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= wiregurad_v4: 10.255.1.1 \ No newline at end of file diff --git a/host_vars/edge4/vars.yml b/host_vars/edge4/vars.yml index d208683..a473157 100644 --- a/host_vars/edge4/vars.yml +++ b/host_vars/edge4/vars.yml @@ -9,5 +9,6 @@ ipv4_address: 10.10.0.1 ipv6_network: 2a03:2260:121:60a::/64 ipv6_address: 2a03:2260:121:60a::1/64 wireguard_address: 10.255.1.10/24 +wireguard_v6_address: fd80:3ea2:e399:203a::10 wireguard_public: 5B/YTaDPVWVApUyHshJp899iXXlBy8rBqJUpYvKo+1s= wiregurad_v4: 10.255.1.1 \ No newline at end of file diff --git a/hosts.yml b/hosts.yml index 0f83f4a..13f3053 100644 --- a/hosts.yml +++ b/hosts.yml @@ -27,4 +27,6 @@ all: hosts: edge1: edge2: + edge3: + edge4: \ No newline at end of file diff --git a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 b/roles/01-vpn-router-config/templates/edgerouter.conf.j2 index 904ee04..ae90dba 100644 --- a/roles/01-vpn-router-config/templates/edgerouter.conf.j2 +++ b/roles/01-vpn-router-config/templates/edgerouter.conf.j2 @@ -49,7 +49,7 @@ set firewall send-redirects enable set firewall source-validation disable set firewall syn-cookies enable set interfaces switch switch0 address {{ ipv4_address }}/24 -set interfaces switch switch0 address '{{ ipv6_address }}/24' +set interfaces switch switch0 address '{{ ipv6_address }}' set interfaces switch switch0 description Local set interfaces switch switch0 firewall in ipv6-modify LAN_to_VPN_V6 set interfaces switch switch0 firewall in modify LAN_to_VPN @@ -73,7 +73,7 @@ set interfaces switch switch0 switch-port interface eth3 set interfaces switch switch0 switch-port interface eth4 set interfaces switch switch0 switch-port vlan-aware disable set interfaces wireguard wg0 address {{ wireguard_address }} -set interfaces wireguard wg0 address 2a03:2260:121:600::1/64 +set interfaces wireguard wg0 address {{ wireguard_v6_address }} set interfaces wireguard wg0 listen-port 51822 set interfaces wireguard wg0 mtu 1380 set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips 0.0.0.0/0 @@ -81,6 +81,7 @@ set interfaces wireguard wg0 peer {{ wireguard_public }} allowed-ips '::0/0' set interfaces wireguard wg0 peer {{ wireguard_public }} endpoint 'vpn01.fftdf.de:42001' set interfaces wireguard wg0 private-key /config/auth/wg.key set interfaces wireguard wg0 route-allowed-ips false +set protocols static interface-route6 ::/0 next-hop-interface wg0 set protocols static table 2 interface-route 0.0.0.0/0 next-hop-interface wg0 set protocols static table 2 interface-route6 '::/0' next-hop-interface wg0 delete service dhcp-server diff --git a/update_wg.yml b/update_wg.yml index b50329f..3bc88a6 100644 --- a/update_wg.yml +++ b/update_wg.yml @@ -2,4 +2,9 @@ - name: System preperation hosts: vpn-offloader-wireguard roles: - - 21-install-wireguard \ No newline at end of file + - 21-install-wireguard + +- name: System preperation + hosts: edge_router + roles: + - 01-vpn-router-config \ No newline at end of file