ansible-roles/vpn/wireguard/templates/ifupdown.d/20-routes-server

#!/usr/bin/env bash

if [ ${MODE} == "start" ]
then
    set -ue
elif [ ${MODE} == "stop" ]
then
    set -u
else
    echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2
    exit 1
fi

case ${PHASE} in
    "pre-up")
{% if vpn_wireguard_routing_table is defined %}
        /usr/sbin/ip -4 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
        /usr/sbin/ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
        ;;
    "post-up")
{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
        /usr/sbin/ip -4 route add {{ client.inet_subnet }} dev ${IFACE}
{% endif %}
{% if 'inet6_subnet' in client %}
        /usr/sbin/ip -6 route add {{ client.inet6_subnet }} dev ${IFACE}
{% endif %}
{% endfor %}
        ;;
    "pre-down")
{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
        /usr/sbin/ip -6 route del {{ client.inet6_subnet }} dev ${IFACE}
{% endif %}
{% if 'inet_subnet' in client %}
        /usr/sbin/ip -4 route del {{ client.inet_subnet }} dev ${IFACE}
{% endif %}
{% endfor %}
        ;;
    "post-down")
{% if vpn_wireguard_routing_table is defined %}
        /usr/sbin/ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
        /usr/sbin/ip -4 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
        ;;
esac
Move wireguard to new config system 2023-08-13 23:47:03 +02:00			`#!/usr/bin/env bash`

			`if [ ${MODE} == "start" ]`
			`then`
			`set -ue`
			`elif [ ${MODE} == "stop" ]`
			`then`
			`set -u`
			`else`
			`echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2`
			`exit 1`
			`fi`

			`case ${PHASE} in`
			`"pre-up")`
			`{% if vpn_wireguard_routing_table is defined %}`
			`/usr/sbin/ip -4 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`/usr/sbin/ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`{% endif %}`
			`;;`
			`"post-up")`
			`{% for client in vpn_wireguard_clients %}`
			`{% if 'inet_subnet' in client %}`
			`/usr/sbin/ip -4 route add {{ client.inet_subnet }} dev ${IFACE}`
			`{% endif %}`
			`{% if 'inet6_subnet' in client %}`
			`/usr/sbin/ip -6 route add {{ client.inet6_subnet }} dev ${IFACE}`
			`{% endif %}`
			`{% endfor %}`
			`;;`
			`"pre-down")`
			`{% for client in vpn_wireguard_clients %}`
			`{% if 'inet6_subnet' in client %}`
			`/usr/sbin/ip -6 route del {{ client.inet6_subnet }} dev ${IFACE}`
			`{% endif %}`
			`{% if 'inet_subnet' in client %}`
			`/usr/sbin/ip -4 route del {{ client.inet_subnet }} dev ${IFACE}`
			`{% endif %}`
			`{% endfor %}`
			`;;`
			`"post-down")`
			`{% if vpn_wireguard_routing_table is defined %}`
			`/usr/sbin/ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`/usr/sbin/ip -4 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`{% endif %}`
			`;;`
			`esac`