the-nine-worlds/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5905fffd82
ansible-roles/vpn/wireguard/templates/ifupdown.d/20-routes-server

48 lines
1.5 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
if [ ${MODE} == "start" ]
then
set -ue
elif [ ${MODE} == "stop" ]
then
set -u
else
echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2
exit 1
fi
case ${PHASE} in
"pre-up")
{% if vpn_wireguard_routing_table is defined %}
/usr/sbin/ip -4 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
/usr/sbin/ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
;;
"post-up")
{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
/usr/sbin/ip -4 route add {{ client.inet_subnet }} dev ${IFACE}
{% endif %}
{% if 'inet6_subnet' in client %}
/usr/sbin/ip -6 route add {{ client.inet6_subnet }} dev ${IFACE}
{% endif %}
{% endfor %}
;;
"pre-down")
{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
/usr/sbin/ip -6 route del {{ client.inet6_subnet }} dev ${IFACE}
{% endif %}
{% if 'inet_subnet' in client %}
/usr/sbin/ip -4 route del {{ client.inet_subnet }} dev ${IFACE}
{% endif %}
{% endfor %}
;;
"post-down")
{% if vpn_wireguard_routing_table is defined %}
/usr/sbin/ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
/usr/sbin/ip -4 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
;;
esac
Reference in New Issue View Git Blame Copy Permalink