Fixes to allow a standalone wireguard server
This commit is contained in:
parent
219fa8f044
commit
642f2d0103
@ -26,4 +26,4 @@ argument_specs:
|
|||||||
required: true
|
required: true
|
||||||
vpn_wireguard_routing_table:
|
vpn_wireguard_routing_table:
|
||||||
type: "int"
|
type: "int"
|
||||||
required: true
|
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||||
|
@ -5,9 +5,6 @@ argument_specs:
|
|||||||
interface:
|
interface:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
vpn_wireguard_routing_table:
|
|
||||||
type: "int"
|
|
||||||
required: true
|
|
||||||
vpn_wireguard_role:
|
vpn_wireguard_role:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
@ -23,9 +20,6 @@ argument_specs:
|
|||||||
vpn_wireguard_interface_private_key:
|
vpn_wireguard_interface_private_key:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: true
|
required: true
|
||||||
vpn_wireguard_preshared_key:
|
|
||||||
type: "str"
|
|
||||||
required: true
|
|
||||||
vpn_wireguard_subnet:
|
vpn_wireguard_subnet:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: false
|
required: false
|
||||||
@ -33,9 +27,15 @@ argument_specs:
|
|||||||
type: "list"
|
type: "list"
|
||||||
elem: "dict"
|
elem: "dict"
|
||||||
required: "{{ vpn_wireguard_role == 'server' }}"
|
required: "{{ vpn_wireguard_role == 'server' }}"
|
||||||
|
vpn_wireguard_routing_table:
|
||||||
|
type: "int"
|
||||||
|
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||||
vpn_wireguard_server_public_key:
|
vpn_wireguard_server_public_key:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||||
|
vpn_wireguard_server_preshared_key:
|
||||||
|
type: "str"
|
||||||
|
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||||
vpn_wireguard_server_address:
|
vpn_wireguard_server_address:
|
||||||
type: "str"
|
type: "str"
|
||||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||||
|
@ -8,18 +8,18 @@ ListenPort = {{ vpn_wireguard_port }}
|
|||||||
{% for client in vpn_wireguard_clients %}
|
{% for client in vpn_wireguard_clients %}
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = {{ client.public_key }}
|
PublicKey = {{ client.public_key }}
|
||||||
PresharedKey = {{ vpn_wireguard_preshared_key }}
|
PresharedKey = {{ client.preshared_key }}
|
||||||
{% if vpn_wireguard_subnet is defined %}
|
{% if 'subnet' in client %}
|
||||||
AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
|
AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
|
||||||
{% else %}
|
{% else %}
|
||||||
AllowedIPs = {{ client.subnet }}
|
AllowedIPs = {{ vpn_wireguard_subnet }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% elif vpn_wireguard_role == "client" %}
|
{% elif vpn_wireguard_role == "client" %}
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = {{ vpn_wireguard_server_public_key }}
|
PublicKey = {{ vpn_wireguard_server_public_key }}
|
||||||
PresharedKey = {{ vpn_wireguard_preshared_key }}
|
PresharedKey = {{ vpn_wireguard_server_preshared_key }}
|
||||||
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
|
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
|
||||||
AllowedIPs = 0.0.0.0/0
|
AllowedIPs = 0.0.0.0/0
|
||||||
PersistentKeepalive = 15
|
PersistentKeepalive = 15
|
||||||
|
@ -6,17 +6,21 @@ iface wg0 inet static
|
|||||||
|
|
||||||
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
||||||
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
||||||
{% if vpn_wireguard_role == "client" %}
|
{% if vpn_wireguard_role == "server" %}
|
||||||
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
|
||||||
{% elif vpn_wireguard_role == "server" %}
|
|
||||||
{% for client in vpn_wireguard_clients %}
|
{% for client in vpn_wireguard_clients %}
|
||||||
|
{% if 'subnet' in client %}
|
||||||
post-up ip route add {{ client.subnet }} dev $IFACE
|
post-up ip route add {{ client.subnet }} dev $IFACE
|
||||||
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% elif vpn_wireguard_role == "client" %}
|
||||||
|
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if vpn_wireguard_role == "server" %}
|
{% if vpn_wireguard_role == "server" %}
|
||||||
{% for client in vpn_wireguard_clients %}
|
{% for client in vpn_wireguard_clients %}
|
||||||
|
{% if 'subnet' in client %}
|
||||||
pre-down ip route del {{ client.subnet }} dev $IFACE
|
pre-down ip route del {{ client.subnet }} dev $IFACE
|
||||||
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% elif vpn_wireguard_role == "client" %}
|
{% elif vpn_wireguard_role == "client" %}
|
||||||
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||||
|
Loading…
Reference in New Issue
Block a user