Split wireguard client and server files
This commit is contained in:
parent
9467013860
commit
9acf33085d
@ -5,7 +5,7 @@
|
|||||||
|
|
||||||
- name: "configure wireguard"
|
- name: "configure wireguard"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./IFACE.conf"
|
src: "./{{ vpn_wireguard_role }}/IFACE.conf"
|
||||||
dest: "/etc/wireguard/{{ vpn_wireguard_iface }}.conf"
|
dest: "/etc/wireguard/{{ vpn_wireguard_iface }}.conf"
|
||||||
mode: 0600
|
mode: 0600
|
||||||
register: vpn_wireguard_conf
|
register: vpn_wireguard_conf
|
||||||
@ -26,7 +26,7 @@
|
|||||||
|
|
||||||
- name: "configure interface"
|
- name: "configure interface"
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
src: "./IFACE"
|
src: "./{{ vpn_wireguard_role }}/IFACE"
|
||||||
dest: "/etc/network/interfaces.d/{{ vpn_wireguard_iface }}"
|
dest: "/etc/network/interfaces.d/{{ vpn_wireguard_iface }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
validate: >
|
validate: >
|
||||||
|
26
vpn/wireguard/templates/client/IFACE
Normal file
26
vpn/wireguard/templates/client/IFACE
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
auto {{ vpn_wireguard_iface }}
|
||||||
|
iface {{ vpn_wireguard_iface }} inet static
|
||||||
|
pre-up /usr/local/sbin/ip-link-add.sh $IFACE type wireguard
|
||||||
|
pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
|
||||||
|
pre-up ip link set mtu {{ vpn_wireguard_mtu }} dev $IFACE
|
||||||
|
|
||||||
|
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
||||||
|
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
||||||
|
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||||
|
|
||||||
|
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||||
|
pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
|
||||||
|
pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft
|
||||||
|
|
||||||
|
address {{ vpn_wireguard_address }}
|
||||||
|
netmask {{ vpn_wireguard_prefixlen }}
|
||||||
|
{% if vpn_wireguard_address_v6 is defined %}
|
||||||
|
|
||||||
|
iface {{ vpn_wireguard_iface }} inet6 static
|
||||||
|
post-up ip -6 route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||||
|
|
||||||
|
pre-down ip -6 route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
||||||
|
|
||||||
|
address {{ vpn_wireguard_address_v6 }}
|
||||||
|
netmask {{ vpn_wireguard_prefixlen_v6 }}
|
||||||
|
{% endif %}
|
9
vpn/wireguard/templates/client/IFACE.conf
Normal file
9
vpn/wireguard/templates/client/IFACE.conf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
[Interface]
|
||||||
|
PrivateKey = {{ vpn_wireguard_interface_private_key }}
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = {{ vpn_wireguard_server_public_key }}
|
||||||
|
PresharedKey = {{ vpn_wireguard_server_preshared_key }}
|
||||||
|
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
|
||||||
|
AllowedIPs = 0.0.0.0/0, ::/0
|
||||||
|
PersistentKeepalive = 15
|
@ -6,7 +6,6 @@ iface {{ vpn_wireguard_iface }} inet static
|
|||||||
|
|
||||||
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
||||||
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
||||||
{% if vpn_wireguard_role == "server" %}
|
|
||||||
{% if vpn_wireguard_routing_table is defined %}
|
{% if vpn_wireguard_routing_table is defined %}
|
||||||
post-up ip rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
post-up ip rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
||||||
post-up ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
post-up ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
||||||
@ -16,11 +15,7 @@ iface {{ vpn_wireguard_iface }} inet static
|
|||||||
post-up ip route add {{ client.subnet }} dev $IFACE
|
post-up ip route add {{ client.subnet }} dev $IFACE
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% elif vpn_wireguard_role == "client" %}
|
|
||||||
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if vpn_wireguard_role == "server" %}
|
|
||||||
{% for client in vpn_wireguard_clients %}
|
{% for client in vpn_wireguard_clients %}
|
||||||
{% if 'subnet' in client %}
|
{% if 'subnet' in client %}
|
||||||
pre-down ip route del {{ client.subnet }} dev $IFACE
|
pre-down ip route del {{ client.subnet }} dev $IFACE
|
||||||
@ -29,9 +24,6 @@ iface {{ vpn_wireguard_iface }} inet static
|
|||||||
{% if vpn_wireguard_routing_table is defined %}
|
{% if vpn_wireguard_routing_table is defined %}
|
||||||
pre-down ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
pre-down ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
||||||
pre-down ip rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
pre-down ip rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
|
||||||
{% endif %}
|
|
||||||
{% elif vpn_wireguard_role == "client" %}
|
|
||||||
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
|
pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
|
||||||
pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft
|
pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft
|
||||||
@ -39,21 +31,5 @@ iface {{ vpn_wireguard_iface }} inet static
|
|||||||
address {{ vpn_wireguard_address }}
|
address {{ vpn_wireguard_address }}
|
||||||
netmask {{ vpn_wireguard_prefixlen }}
|
netmask {{ vpn_wireguard_prefixlen }}
|
||||||
{% if vpn_wireguard_address_v6 is defined %}
|
{% if vpn_wireguard_address_v6 is defined %}
|
||||||
|
|
||||||
iface {{ vpn_wireguard_iface }} inet6 static
|
|
||||||
{% if vpn_wireguard_role == "client" %}
|
|
||||||
post-up ip -6 route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if vpn_wireguard_role == "client" %}
|
|
||||||
pre-down ip -6 route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
address {{ vpn_wireguard_address_v6 }}
|
|
||||||
netmask {{ vpn_wireguard_prefixlen_v6 }}
|
|
||||||
{% endif %}
|
|
||||||
{% if vpn_wireguard_address_v6 is defined %}
|
|
||||||
{% if vpn_wireguard_role == "server" %}
|
|
||||||
{{ __assert__wireguard_server_role_not_supported_for_ipv6 }}
|
{{ __assert__wireguard_server_role_not_supported_for_ipv6 }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
|
@ -1,11 +1,8 @@
|
|||||||
[Interface]
|
[Interface]
|
||||||
PrivateKey = {{ vpn_wireguard_interface_private_key }}
|
PrivateKey = {{ vpn_wireguard_interface_private_key }}
|
||||||
{% if vpn_wireguard_role == "server" %}
|
|
||||||
ListenPort = {{ vpn_wireguard_port }}
|
ListenPort = {{ vpn_wireguard_port }}
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if vpn_wireguard_role == "server" %}
|
|
||||||
{% for client in vpn_wireguard_clients %}
|
{% for client in vpn_wireguard_clients %}
|
||||||
|
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = {{ client.public_key }}
|
PublicKey = {{ client.public_key }}
|
||||||
PresharedKey = {{ client.preshared_key }}
|
PresharedKey = {{ client.preshared_key }}
|
||||||
@ -14,14 +11,4 @@ AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
|
|||||||
{% else %}
|
{% else %}
|
||||||
AllowedIPs = {{ vpn_wireguard_subnet }}
|
AllowedIPs = {{ vpn_wireguard_subnet }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% elif vpn_wireguard_role == "client" %}
|
|
||||||
[Peer]
|
|
||||||
PublicKey = {{ vpn_wireguard_server_public_key }}
|
|
||||||
PresharedKey = {{ vpn_wireguard_server_preshared_key }}
|
|
||||||
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
|
|
||||||
AllowedIPs = 0.0.0.0/0, ::/0
|
|
||||||
PersistentKeepalive = 15
|
|
||||||
|
|
||||||
{% endif %}
|
|
Loading…
Reference in New Issue
Block a user