ansible-roles/vpn/wireguard/templates/server/IFACE

auto {{ vpn_wireguard_iface }}
iface {{ vpn_wireguard_iface }} inet6 static
    pre-up /usr/local/sbin/ip-link-add.sh $IFACE type wireguard
    pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf

    post-up /usr/local/sbin/post-up-$IFACE-inet.nft
{% if vpn_wireguard_routing_table is defined %}
    post-up ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
    post-up ip route add {{ client.inet6_subnet }} dev $IFACE
{% endif %}
{% endfor %}

{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
    pre-down ip route del {{ client.inet6_subnet }} dev $IFACE
{% endif %}
{% endfor %}
{% if vpn_wireguard_routing_table is defined %}
    pre-down ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
    pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft

    mtu {{ vpn_wireguard_mtu }}

    address {{ vpn_wireguard_inet6_address }}/{{ vpn_wireguard_inet6_prefixlen }}

iface {{ vpn_wireguard_iface }} inet static
{% if vpn_wireguard_routing_table is defined %}
    post-up ip rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
    post-up ip route add {{ client.inet_subnet }} dev $IFACE
{% endif %}
{% endfor %}

{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
    pre-down ip route del {{ client.inet_subnet }} dev $IFACE
{% endif %}
{% endfor %}
{% if vpn_wireguard_routing_table is defined %}
    pre-down ip rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}

    address {{ vpn_wireguard_inet_address }}/{{ vpn_wireguard_inet_prefixlen }}
Variable wireguard interface name 2023-07-20 20:27:37 +02:00			`auto {{ vpn_wireguard_iface }}`
Fully migrate wireguard to IPv6 2023-07-28 22:30:55 +02:00			`iface {{ vpn_wireguard_iface }} inet6 static`
Initial commit 2022-12-20 19:47:11 +01:00			`pre-up /usr/local/sbin/ip-link-add.sh $IFACE type wireguard`
			`pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf`

			`post-up /usr/local/sbin/post-up-$IFACE-inet.nft`
Add support for IPv6 wireguard client 2023-07-22 12:28:49 +02:00			`{% if vpn_wireguard_routing_table is defined %}`
			`post-up ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`{% endif %}`
Initial commit 2022-12-20 19:47:11 +01:00			`{% for client in vpn_wireguard_clients %}`
Fully migrate wireguard to IPv6 2023-07-28 22:30:55 +02:00			`{% if 'inet6_subnet' in client %}`
			`post-up ip route add {{ client.inet6_subnet }} dev $IFACE`
Initial commit 2022-12-20 19:47:11 +01:00			`{% endif %}`
			`{% endfor %}`

			`{% for client in vpn_wireguard_clients %}`
Fully migrate wireguard to IPv6 2023-07-28 22:30:55 +02:00			`{% if 'inet6_subnet' in client %}`
			`pre-down ip route del {{ client.inet6_subnet }} dev $IFACE`
Initial commit 2022-12-20 19:47:11 +01:00			`{% endif %}`
			`{% endfor %}`
Add support for IPv6 wireguard client 2023-07-22 12:28:49 +02:00			`{% if vpn_wireguard_routing_table is defined %}`
			`pre-down ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
Initial commit 2022-12-20 19:47:11 +01:00			`{% endif %}`
			`pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft`

Use the interface file method to set mtu 2023-07-28 22:51:24 +02:00			`mtu {{ vpn_wireguard_mtu }}`

Fully migrate wireguard to IPv6 2023-07-28 22:30:55 +02:00			`address {{ vpn_wireguard_inet6_address }}/{{ vpn_wireguard_inet6_prefixlen }}`

			`iface {{ vpn_wireguard_iface }} inet static`
			`{% if vpn_wireguard_routing_table is defined %}`
			`post-up ip rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`{% endif %}`
			`{% for client in vpn_wireguard_clients %}`
			`{% if 'inet_subnet' in client %}`
			`post-up ip route add {{ client.inet_subnet }} dev $IFACE`
			`{% endif %}`
			`{% endfor %}`

			`{% for client in vpn_wireguard_clients %}`
			`{% if 'inet_subnet' in client %}`
			`pre-down ip route del {{ client.inet_subnet }} dev $IFACE`
Add support for IPv6 wireguard client 2023-07-22 12:28:49 +02:00			`{% endif %}`
Fully migrate wireguard to IPv6 2023-07-28 22:30:55 +02:00			`{% endfor %}`
			`{% if vpn_wireguard_routing_table is defined %}`
			`pre-down ip rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}`
			`{% endif %}`

			`address {{ vpn_wireguard_inet_address }}/{{ vpn_wireguard_inet_prefixlen }}`