Fully migrate wireguard to IPv6

2023-07-28 22:32:05 +02:00 · 2023-07-28 22:32:05 +02:00 · ff70d6c439
commit ff70d6c439
parent 1fbc99b8ba
7 changed files with 42 additions and 23 deletions
--- a/inventory/group_vars/all/vars.yml
+++ b/inventory/group_vars/all/vars.yml
@ -18,3 +18,8 @@ system_mail_domain: "{{ vault_system_mail_domain }}"
 system_mail_smtp_server: "{{ vault_system_mail_smtp_server }}"
 system_mail_smtp_port: 465
 system_mail_smtp_user: "{{ vault_system_mail_smtp_user }}"
+
+# --------------------------------------------------------------------------------------------------
+# vpn
+# --------------------------------------------------------------------------------------------------
+vpn_global_inet6_prefix: "fd6f:1af7:ce35"
--- a/inventory/group_vars/asgard/vars.yml
+++ b/inventory/group_vars/asgard/vars.yml
@ -8,18 +8,20 @@ system_var_home_directory: "{{ system_var_root_directory }}/home"
 system_var_data_directory: "{{ system_var_root_directory }}/data"
 system_var_containers_directory: "{{ system_var_root_directory }}/containers"

-# --------------------------------------------------------------------------------------------------
-# vpn
-# --------------------------------------------------------------------------------------------------
-vpn_global_inet6_prefix: "fd6f:1af7:ce35"
-
 # --------------------------------------------------------------------------------------------------
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
 vpn_wireguard_port: 51820
-vpn_wireguard_address: "10.66.0.{{ vpn_subnet_id }}"
-vpn_wireguard_prefixlen: 30
-vpn_wireguard_subnet: "10.66.0.0/30"
+
+vpn_wireguard_inet_prefix: "10.66.0"
+vpn_wireguard_inet_address: "{{ vpn_wireguard_inet_prefix }}.{{ vpn_subnet_id }}"
+vpn_wireguard_inet_prefixlen: 30
+vpn_wireguard_inet_subnet: "{{ vpn_wireguard_inet_prefix }}.0/{{ vpn_wireguard_inet_prefixlen }}"
+
+vpn_wireguard_inet6_prefix: "{{ vpn_global_inet6_prefix }}:6600"
+vpn_wireguard_inet6_address: "{{ vpn_wireguard_inet6_prefix }}::{{ vpn_subnet_id }}"
+vpn_wireguard_inet6_prefixlen: 64
+vpn_wireguard_inet6_subnet: "{{ vpn_wireguard_inet6_prefix }}::/{{ vpn_wireguard_inet6_prefixlen }}"

 # --------------------------------------------------------------------------------------------------
 # vpn:bridge
--- a/inventory/group_vars/bifrost/vars.yml
+++ b/inventory/group_vars/bifrost/vars.yml
@ -3,5 +3,11 @@
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
 vpn_wireguard_port: 53768
-vpn_wireguard_prefixlen: 30
-vpn_wireguard_subnet: "10.68.0.0/30"
+
+vpn_wireguard_inet_prefix: "10.68.0"
+vpn_wireguard_inet_prefixlen: 30
+vpn_wireguard_inet_subnet: "{{ vpn_wireguard_inet_prefix }}.0/{{ vpn_wireguard_inet_prefixlen }}"
+
+vpn_wireguard_inet6_prefix: "{{ vpn_global_inet6_prefix }}:6800"
+vpn_wireguard_inet6_prefixlen: 64
+vpn_wireguard_inet6_subnet: "{{ vpn_wireguard_inet6_prefix }}::/{{ vpn_wireguard_inet6_prefixlen }}"
--- a/inventory/host_vars/heimdall/vars.yml
+++ b/inventory/host_vars/heimdall/vars.yml
@ -15,7 +15,8 @@ system_base_udp_ports:
 # vpn:wireguard
 # --------------------------------------------------------------------------------------------------
 vpn_wireguard_role: "server"
-vpn_wireguard_address: "10.68.0.1"
+vpn_wireguard_inet_address: "{{ vpn_wireguard_inet_prefix }}.1"
+vpn_wireguard_inet6_address: "{{ vpn_wireguard_inet6_prefix }}::1"
 vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
 vpn_wireguard_routing_table: "{{ vpn_airvpn_routing_table }}"
 vpn_wireguard_clients:
@ -23,18 +24,18 @@ vpn_wireguard_clients:
    preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"

 # The AirVPN MTU is 1320 so the combined MTU is 1320 - 80 = 1240.
-vpn_wireguard_mtu: 1240
+vpn_wireguard_mtu: "{{ vpn_airvpn_mtu - 80 | int }}"

 # --------------------------------------------------------------------------------------------------
 # vpn:airvpn
 # --------------------------------------------------------------------------------------------------
 vpn_airvpn_role: "client"
 vpn_airvpn_port: 1637
-vpn_airvpn_address: "{{ vault_vpn_airvpn_address }}"
-vpn_airvpn_prefixlen: "{{ vault_vpn_airvpn_prefixlen }}"
-vpn_airvpn_address_v6: "{{ vault_vpn_airvpn_address_v6 }}"
-vpn_airvpn_prefixlen_v6: "{{ vault_vpn_airvpn_prefixlen_v6 }}"
-vpn_airvpn_mtu: 1320
+vpn_airvpn_inet_address: "{{ vault_vpn_airvpn_inet_address }}"
+vpn_airvpn_inet_prefixlen: "{{ vault_vpn_airvpn_inet_prefixlen }}"
+vpn_airvpn_inet6_address: "{{ vault_vpn_airvpn_inet6_address }}"
+vpn_airvpn_inet6_prefixlen: "{{ vault_vpn_airvpn_inet6_prefixlen }}"
+vpn_airvpn_mtu: 1420
 vpn_airvpn_interface_private_key: "{{ vault_vpn_airvpn_interface_private_key }}"
 vpn_airvpn_server_public_key: "{{ vault_vpn_airvpn_server_public_key }}"
 vpn_airvpn_server_preshared_key: "{{ vault_vpn_airvpn_server_preshared_key }}"
--- a/inventory/host_vars/valkyrie/vars.yml
+++ b/inventory/host_vars/valkyrie/vars.yml
@ -28,7 +28,12 @@ vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_k
 vpn_wireguard_clients:
  - public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
    preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
-    subnet: "{{ hostvars.yggdrasil.vpn_bridge_inet_prefix }}.0/24"
+    inet_subnet: "\
+      {{ hostvars.yggdrasil.vpn_bridge_inet_prefix }}.0/\
+      {{ hostvars.yggdrasil.vpn_bridge_inet_prefixlen }}"
+    inet6_subnet: "\
+      {{ hostvars.yggdrasil.vpn_bridge_inet6_prefix }}::/\
+      {{ hostvars.yggdrasil.vpn_bridge_inet6_prefixlen }}"

 # --------------------------------------------------------------------------------------------------
 # services
--- a/playbooks/vpn.yml
+++ b/playbooks/vpn.yml
@ -22,10 +22,10 @@
        vpn_wireguard_iface: "wg-airvpn"
        vpn_wireguard_role: "{{ vpn_airvpn_role }}"
        vpn_wireguard_port: "{{ vpn_airvpn_port }}"
-        vpn_wireguard_address: "{{ vpn_airvpn_address }}"
-        vpn_wireguard_prefixlen: "{{ vpn_airvpn_prefixlen }}"
-        vpn_wireguard_address_v6: "{{ vpn_airvpn_address_v6 }}"
-        vpn_wireguard_prefixlen_v6: "{{ vpn_airvpn_prefixlen_v6 }}"
+        vpn_wireguard_inet_address: "{{ vpn_airvpn_inet_address }}"
+        vpn_wireguard_inet_prefixlen: "{{ vpn_airvpn_inet_prefixlen }}"
+        vpn_wireguard_inet6_address: "{{ vpn_airvpn_inet6_address }}"
+        vpn_wireguard_inet6_prefixlen: "{{ vpn_airvpn_inet6_prefixlen }}"
        vpn_wireguard_mtu: "{{ vpn_airvpn_mtu }}"
        vpn_wireguard_interface_private_key: "{{ vpn_airvpn_interface_private_key }}"
        vpn_wireguard_server_public_key: "{{ vpn_airvpn_server_public_key }}"
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit bd66dc341e3d3e64111f724651f35b026dc21dd7
+Subproject commit b1218945b64311fa6095a569a6a8cfbc09c7e5cf