added mullvad uplink

master
Niklas Yann Wettengel 7 years ago
parent 99dddff862
commit 0e9d895e77

@ -10,13 +10,18 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ffrl_uplink' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% endif %}
{% if 'mullvad_uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'fastd' in group_names %} {% if 'ffrl_uplink' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} ! -s fe80::/64 ! -d fe80::/64 -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
{% endif %} {% endif %}
@ -47,13 +52,18 @@ COMMIT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
# wireguard_backbone # wireguard_backbone
{% if 'ffrl_uplink' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
{% endfor %}
{% endif %}
{% if 'mullvad_uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'fastd' in group_names %} {% if 'ffrl_uplink' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['fastd'] %}
-A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT -A INPUT -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -p udp --dport 6696 -j ACCEPT
{% endfor %} {% endfor %}
{% endif %} {% endif %}

@ -10,13 +10,18 @@
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'ffrl_uplink' in group_names %} {% if 'fastd' in group_names %}
{% for peer in groups['ffrl_uplink'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %}
{% endif %}
{% if 'mullvad_uplink' in group_names %}
{% for peer in groups['fastd'] %} {% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'fastd' in group_names %} {% if 'ffrl_uplink' in group_names %}
{% for peer in groups['ffrl_uplink'] %} {% for peer in groups['fastd'] %}
-A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff -A PREROUTING -i bb{{ hostvars[peer]['wireguard_bb_name'] }} -j MARK --set-xmark 0x1/0xffffffff
{% endfor %} {% endfor %}
{% endif %} {% endif %}
@ -78,4 +83,7 @@ COMMIT
-A POSTROUTING ! -s {{ ffrl_ip4 }} -o {{ peer.name }} -j SNAT --to-source {{ ffrl_ip4 }} -A POSTROUTING ! -s {{ ffrl_ip4 }} -o {{ peer.name }} -j SNAT --to-source {{ ffrl_ip4 }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'mullvad_uplink' in group_names %}
-A POSTROUTING -o mullvad -j MASQUERADE
{% endif %}
COMMIT COMMIT

@ -50,6 +50,9 @@ import-table 42
#in ip 2001:db8:cafe:cafe::/64 allow #in ip 2001:db8:cafe:cafe::/64 allow
#in deny #in deny
{% if 'mullvad_uplink' in group_names %}
redistribute if mullvad metric 128
{% endif %}
{% if 'ffrl_uplink' in group_names %} {% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %} {% for peer in ffrl_peers %}
redistribute if {{ peer.name }} metric 128 redistribute if {{ peer.name }} metric 128

@ -3,6 +3,6 @@
sleep 3 sleep 3
echo Reroute via $route_vpn_gateway echo Reroute via $route_vpn_gateway
ip route replace 0.0.0.0/0 via $route_vpn_gateway proto static table ffmyk ip route replace 0.0.0.0/0 via $route_vpn_gateway proto static table ffmyk
ip -6 route replace default dev $dev proto static table ffmyk #ip -6 route replace default dev $dev proto static table ffmyk
exit 0 exit 0

@ -4,8 +4,12 @@
src: wgbackbone@.service src: wgbackbone@.service
dest: /etc/systemd/system/wgbackbone@.service dest: /etc/systemd/system/wgbackbone@.service
- include_tasks: fastd_tasks.yml
when: "'fastd' in group_names"
- include_tasks: mullvad_uplink_tasks.yml
when: "'mullvad_uplink' in group_names"
- include_tasks: ffrl_uplink_tasks.yml - include_tasks: ffrl_uplink_tasks.yml
when: "'ffrl_uplink' in group_names" when: "'ffrl_uplink' in group_names"
- include_tasks: fastd_tasks.yml
when: "'fastd' in group_names"

@ -0,0 +1,29 @@
---
- name: create wireguard config for peers
template:
src: wg.conf.j2
dest: /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
mode: 0400
with_items: "{{ groups['fastd'] }}"
- name: create wireguard up scripts for peers
template:
src: up.sh.j2
dest: /etc/wireguard/upbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744
with_items: "{{ groups['fastd'] }}"
- name: create wireguard down scripts for peers
template:
src: down.sh.j2
dest: /etc/wireguard/downbb{{ hostvars[item]['wireguard_bb_name'] }}.sh
mode: 0744
with_items: "{{ groups['fastd'] }}"
- name: start and enable wireguard mesh
systemd:
name: wgbackbone@{{ hostvars[item]['wireguard_bb_name'] }}.service
enabled: yes
state: started
daemon_reload: yes
with_items: "{{ groups['fastd'] }}"

@ -26,10 +26,23 @@
#- install_monitoring #- install_monitoring
- install_admin_packages - install_admin_packages
- name: install openvpn uplink - name: install openvpn uplink
hosts: mullvad_fastd hosts: mullvad_uplink
user: root user: root
roles: roles:
- configure_journald
- configure_sysctl
- configure_iptables
- configure_static_routes
- install_cronie
#- install_php
#- install_nginx
- install_ntp
- install_haveged
- install_wireguard
- install_wireguard_backbone
- install_babeld
- install_openvpn - install_openvpn
- install_admin_packages
- name: setup ffrl - name: setup ffrl
hosts: ffrl_uplink hosts: ffrl_uplink
user: root user: root

Loading…
Cancel
Save