Fixes to allow a standalone wireguard server

This commit is contained in:
Wojciech Kozlowski 2022-12-10 01:03:32 +01:00
parent 219fa8f044
commit 642f2d0103
4 changed files with 18 additions and 14 deletions

View File

@ -26,4 +26,4 @@ argument_specs:
required: true
vpn_wireguard_routing_table:
type: "int"
required: true
required: "{{ vpn_wireguard_role == 'client' }}"

View File

@ -5,9 +5,6 @@ argument_specs:
interface:
type: "str"
required: true
vpn_wireguard_routing_table:
type: "int"
required: true
vpn_wireguard_role:
type: "str"
required: true
@ -23,9 +20,6 @@ argument_specs:
vpn_wireguard_interface_private_key:
type: "str"
required: true
vpn_wireguard_preshared_key:
type: "str"
required: true
vpn_wireguard_subnet:
type: "str"
required: false
@ -33,9 +27,15 @@ argument_specs:
type: "list"
elem: "dict"
required: "{{ vpn_wireguard_role == 'server' }}"
vpn_wireguard_routing_table:
type: "int"
required: "{{ vpn_wireguard_role == 'client' }}"
vpn_wireguard_server_public_key:
type: "str"
required: "{{ vpn_wireguard_role == 'client' }}"
vpn_wireguard_server_preshared_key:
type: "str"
required: "{{ vpn_wireguard_role == 'client' }}"
vpn_wireguard_server_address:
type: "str"
required: "{{ vpn_wireguard_role == 'client' }}"

View File

@ -8,18 +8,18 @@ ListenPort = {{ vpn_wireguard_port }}
{% for client in vpn_wireguard_clients %}
[Peer]
PublicKey = {{ client.public_key }}
PresharedKey = {{ vpn_wireguard_preshared_key }}
{% if vpn_wireguard_subnet is defined %}
PresharedKey = {{ client.preshared_key }}
{% if 'subnet' in client %}
AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
{% else %}
AllowedIPs = {{ client.subnet }}
AllowedIPs = {{ vpn_wireguard_subnet }}
{% endif %}
{% endfor %}
{% elif vpn_wireguard_role == "client" %}
[Peer]
PublicKey = {{ vpn_wireguard_server_public_key }}
PresharedKey = {{ vpn_wireguard_preshared_key }}
PresharedKey = {{ vpn_wireguard_server_preshared_key }}
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

View File

@ -6,17 +6,21 @@ iface wg0 inet static
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
{% if vpn_wireguard_role == "client" %}
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
{% elif vpn_wireguard_role == "server" %}
{% if vpn_wireguard_role == "server" %}
{% for client in vpn_wireguard_clients %}
{% if 'subnet' in client %}
post-up ip route add {{ client.subnet }} dev $IFACE
{% endif %}
{% endfor %}
{% elif vpn_wireguard_role == "client" %}
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
{% endif %}
{% if vpn_wireguard_role == "server" %}
{% for client in vpn_wireguard_clients %}
{% if 'subnet' in client %}
pre-down ip route del {{ client.subnet }} dev $IFACE
{% endif %}
{% endfor %}
{% elif vpn_wireguard_role == "client" %}
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}