From 0909f69f8794739c7f98ddb187a9c449170802b6 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sat, 22 Jul 2023 12:33:52 +0200 Subject: [PATCH] Add airvpn tunnel for accessing heimdall --- inventory/group_vars/asgard/vars.yml | 2 +- inventory/group_vars/bifrost/vars.yml | 4 ++-- inventory/host_vars/heimdall/vars.yml | 20 ++++++++++++++++++++ playbooks/vpn.yml | 20 ++++++++++++++++++++ roles | 2 +- 5 files changed, 44 insertions(+), 4 deletions(-) diff --git a/inventory/group_vars/asgard/vars.yml b/inventory/group_vars/asgard/vars.yml index 47a8c99..d29c6b2 100644 --- a/inventory/group_vars/asgard/vars.yml +++ b/inventory/group_vars/asgard/vars.yml @@ -12,7 +12,7 @@ system_var_containers_directory: "{{ system_var_root_directory }}/containers" # -------------------------------------------------------------------------------------------------- vpn_wireguard_port: 51820 vpn_wireguard_address: "10.66.0.{{ vpn_subnet_id }}" -vpn_wireguard_netmask: "255.255.255.252" +vpn_wireguard_prefixlen: 30 vpn_wireguard_subnet: "10.66.0.0/30" # -------------------------------------------------------------------------------------------------- diff --git a/inventory/group_vars/bifrost/vars.yml b/inventory/group_vars/bifrost/vars.yml index a3cea1d..9518d9d 100644 --- a/inventory/group_vars/bifrost/vars.yml +++ b/inventory/group_vars/bifrost/vars.yml @@ -2,6 +2,6 @@ # -------------------------------------------------------------------------------------------------- # vpn:wireguard # -------------------------------------------------------------------------------------------------- -vpn_wireguard_port: 12768 -vpn_wireguard_netmask: "255.255.255.252" +vpn_wireguard_port: 53768 +vpn_wireguard_prefixlen: 30 vpn_wireguard_subnet: "10.68.0.0/30" diff --git a/inventory/host_vars/heimdall/vars.yml b/inventory/host_vars/heimdall/vars.yml index bd0bd5f..786041a 100644 --- a/inventory/host_vars/heimdall/vars.yml +++ b/inventory/host_vars/heimdall/vars.yml @@ -16,6 +16,26 @@ system_base_udp_ports: vpn_wireguard_role: "server" vpn_wireguard_address: "10.68.0.1" vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}" +vpn_wireguard_routing_table: "{{ vpn_airvpn_routing_table }}" vpn_wireguard_clients: - public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}" preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}" + +# The AirVPN MTU is 1320 so the combined MTU is 1320 - 80 = 1240. +vpn_wireguard_mtu: 1240 + +# -------------------------------------------------------------------------------------------------- +# vpn:airvpn +# -------------------------------------------------------------------------------------------------- +vpn_airvpn_role: "client" +vpn_airvpn_port: 1637 +vpn_airvpn_address: "{{ vault_vpn_airvpn_address }}" +vpn_airvpn_prefixlen: "{{ vault_vpn_airvpn_prefixlen }}" +vpn_airvpn_address_v6: "{{ vault_vpn_airvpn_address_v6 }}" +vpn_airvpn_prefixlen_v6: "{{ vault_vpn_airvpn_prefixlen_v6 }}" +vpn_airvpn_mtu: 1320 +vpn_airvpn_interface_private_key: "{{ vault_vpn_airvpn_interface_private_key }}" +vpn_airvpn_server_public_key: "{{ vault_vpn_airvpn_server_public_key }}" +vpn_airvpn_server_preshared_key: "{{ vault_vpn_airvpn_server_preshared_key }}" +vpn_airvpn_server_address: "{{ vault_vpn_airvpn_server_address }}" +vpn_airvpn_routing_table: 768 diff --git a/playbooks/vpn.yml b/playbooks/vpn.yml index 48372e2..4aa501b 100644 --- a/playbooks/vpn.yml +++ b/playbooks/vpn.yml @@ -12,3 +12,23 @@ roles: - role: "vpn/bridge" tags: "vpn:bridge" + +- name: "vpn : heimdall" + hosts: "heimdall" + roles: + - role: "vpn/wireguard" + tags: "vpn:airvpn" + vars: + vpn_wireguard_iface: "wg-airvpn" + vpn_wireguard_role: "{{ vpn_airvpn_role }}" + vpn_wireguard_port: "{{ vpn_airvpn_port }}" + vpn_wireguard_address: "{{ vpn_airvpn_address }}" + vpn_wireguard_prefixlen: "{{ vpn_airvpn_prefixlen }}" + vpn_wireguard_address_v6: "{{ vpn_airvpn_address_v6 }}" + vpn_wireguard_prefixlen_v6: "{{ vpn_airvpn_prefixlen_v6 }}" + vpn_wireguard_mtu: "{{ vpn_airvpn_mtu }}" + vpn_wireguard_interface_private_key: "{{ vpn_airvpn_interface_private_key }}" + vpn_wireguard_server_public_key: "{{ vpn_airvpn_server_public_key }}" + vpn_wireguard_server_preshared_key: "{{ vpn_airvpn_server_preshared_key }}" + vpn_wireguard_server_address: "{{ vpn_airvpn_server_address }}" + vpn_wireguard_routing_table: "{{ vpn_airvpn_routing_table }}" diff --git a/roles b/roles index 444308d..b6bdbe5 160000 --- a/roles +++ b/roles @@ -1 +1 @@ -Subproject commit 444308d6a5e3cefe1804cddeafae387899a81eae +Subproject commit b6bdbe5d0104059d2bf8308afd0d00875a516322