the-nine-worlds/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for IPv6 wireguard client

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-07-22 12:28:49 +02:00
parent 444308d6a5
commit b6bdbe5d01
3 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
vpn/wireguard/meta/argument_specs.yml
View File

@ -18,9 +18,15 @@ argument_specs:
vpn_wireguard_address: vpn_wireguard_address:
type: "str" type: "str"
required: true required: true
vpn_wireguard_netmask: vpn_wireguard_prefixlen:
type: "str" type: "str"
required: true required: true
vpn_wireguard_address_v6:
type: "str"
required: false
vpn_wireguard_prefixlen_v6:
type: "str"
required: "{{ vpn_wireguard_address_v6 is defined }}"
vpn_wireguard_port: vpn_wireguard_port:
type: "int" type: "int"
required: true required: true

29
vpn/wireguard/templates/IFACE
View File

@ -7,6 +7,10 @@ iface {{ vpn_wireguard_iface }} inet static
post-up /usr/local/sbin/post-up-$IFACE-inet.nft post-up /usr/local/sbin/post-up-$IFACE-inet.nft
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
{% if vpn_wireguard_role == "server" %} {% if vpn_wireguard_role == "server" %}
{% if vpn_wireguard_routing_table is defined %}
post-up ip rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
post-up ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
{% for client in vpn_wireguard_clients %} {% for client in vpn_wireguard_clients %}
{% if 'subnet' in client %} {% if 'subnet' in client %}
post-up ip route add {{ client.subnet }} dev $IFACE post-up ip route add {{ client.subnet }} dev $IFACE
@ -22,6 +26,10 @@ iface {{ vpn_wireguard_iface }} inet static
pre-down ip route del {{ client.subnet }} dev $IFACE pre-down ip route del {{ client.subnet }} dev $IFACE
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if vpn_wireguard_routing_table is defined %}
pre-down ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
pre-down ip rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
{% elif vpn_wireguard_role == "client" %} {% elif vpn_wireguard_role == "client" %}
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }} pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
{% endif %} {% endif %}
@ -29,4 +37,23 @@ iface {{ vpn_wireguard_iface }} inet static
pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft
address {{ vpn_wireguard_address }} address {{ vpn_wireguard_address }}
netmask {{ vpn_wireguard_netmask }} netmask {{ vpn_wireguard_prefixlen }}
{% if vpn_wireguard_address_v6 is defined %}
iface {{ vpn_wireguard_iface }} inet6 static
{% if vpn_wireguard_role == "client" %}
post-up ip -6 route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
{% endif %}
{% if vpn_wireguard_role == "client" %}
pre-down ip -6 route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
{% endif %}
address {{ vpn_wireguard_address_v6 }}
netmask {{ vpn_wireguard_prefixlen_v6 }}
{% endif %}
{% if vpn_wireguard_address_v6 is defined %}
{% if vpn_wireguard_role == "server" %}
{{ __assert__wireguard_server_role_not_supported_for_ipv6 }}
{% endif %}
{% endif %}

2
vpn/wireguard/templates/IFACE.conf
View File

@ -21,7 +21,7 @@ AllowedIPs = {{ vpn_wireguard_subnet }}
PublicKey = {{ vpn_wireguard_server_public_key }} PublicKey = {{ vpn_wireguard_server_public_key }}
PresharedKey = {{ vpn_wireguard_server_preshared_key }} PresharedKey = {{ vpn_wireguard_server_preshared_key }}
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }} Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
AllowedIPs = 0.0.0.0/0 AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 15 PersistentKeepalive = 15
{% endif %} {% endif %}