Fixes to allow a standalone wireguard server
This commit is contained in:
parent
219fa8f044
commit
642f2d0103
@ -26,4 +26,4 @@ argument_specs:
|
||||
required: true
|
||||
vpn_wireguard_routing_table:
|
||||
type: "int"
|
||||
required: true
|
||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||
|
@ -5,9 +5,6 @@ argument_specs:
|
||||
interface:
|
||||
type: "str"
|
||||
required: true
|
||||
vpn_wireguard_routing_table:
|
||||
type: "int"
|
||||
required: true
|
||||
vpn_wireguard_role:
|
||||
type: "str"
|
||||
required: true
|
||||
@ -23,9 +20,6 @@ argument_specs:
|
||||
vpn_wireguard_interface_private_key:
|
||||
type: "str"
|
||||
required: true
|
||||
vpn_wireguard_preshared_key:
|
||||
type: "str"
|
||||
required: true
|
||||
vpn_wireguard_subnet:
|
||||
type: "str"
|
||||
required: false
|
||||
@ -33,9 +27,15 @@ argument_specs:
|
||||
type: "list"
|
||||
elem: "dict"
|
||||
required: "{{ vpn_wireguard_role == 'server' }}"
|
||||
vpn_wireguard_routing_table:
|
||||
type: "int"
|
||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||
vpn_wireguard_server_public_key:
|
||||
type: "str"
|
||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||
vpn_wireguard_server_preshared_key:
|
||||
type: "str"
|
||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||
vpn_wireguard_server_address:
|
||||
type: "str"
|
||||
required: "{{ vpn_wireguard_role == 'client' }}"
|
||||
|
@ -8,18 +8,18 @@ ListenPort = {{ vpn_wireguard_port }}
|
||||
{% for client in vpn_wireguard_clients %}
|
||||
[Peer]
|
||||
PublicKey = {{ client.public_key }}
|
||||
PresharedKey = {{ vpn_wireguard_preshared_key }}
|
||||
{% if vpn_wireguard_subnet is defined %}
|
||||
PresharedKey = {{ client.preshared_key }}
|
||||
{% if 'subnet' in client %}
|
||||
AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
|
||||
{% else %}
|
||||
AllowedIPs = {{ client.subnet }}
|
||||
AllowedIPs = {{ vpn_wireguard_subnet }}
|
||||
{% endif %}
|
||||
|
||||
{% endfor %}
|
||||
{% elif vpn_wireguard_role == "client" %}
|
||||
[Peer]
|
||||
PublicKey = {{ vpn_wireguard_server_public_key }}
|
||||
PresharedKey = {{ vpn_wireguard_preshared_key }}
|
||||
PresharedKey = {{ vpn_wireguard_server_preshared_key }}
|
||||
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
PersistentKeepalive = 15
|
||||
|
@ -6,17 +6,21 @@ iface wg0 inet static
|
||||
|
||||
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
||||
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
||||
{% if vpn_wireguard_role == "client" %}
|
||||
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||
{% elif vpn_wireguard_role == "server" %}
|
||||
{% if vpn_wireguard_role == "server" %}
|
||||
{% for client in vpn_wireguard_clients %}
|
||||
{% if 'subnet' in client %}
|
||||
post-up ip route add {{ client.subnet }} dev $IFACE
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% elif vpn_wireguard_role == "client" %}
|
||||
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||
{% endif %}
|
||||
|
||||
{% if vpn_wireguard_role == "server" %}
|
||||
{% for client in vpn_wireguard_clients %}
|
||||
{% if 'subnet' in client %}
|
||||
pre-down ip route del {{ client.subnet }} dev $IFACE
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% elif vpn_wireguard_role == "client" %}
|
||||
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||
|
Loading…
Reference in New Issue
Block a user