fixed backbone routing

roles/configure_static_routes/files/ffmyk-iproute.sh

@@ -4,5 +4,12 @@ ip -4 rule add from all fwmark 0x1 table ffmyk priority 10
 ip -6 rule add from all fwmark 0x1 table ffmyk priority 10
 
 #Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
-#ip -4 rule add from 10.222.0.0/16 table ffmyk
-ip -6 rule add to 2001:470:cd45:FF00::/56 table ffmyk priority 190
+ip -4 rule add to 10.222.1.0/24 table ffmyk priority 10
+ip -4 rule add to 10.222.2.0/23 table ffmyk priority 10
+ip -4 rule add to 10.222.4.0/22 table ffmyk priority 10
+ip -4 rule add to 10.222.8.0/21 table ffmyk priority 10
+ip -4 rule add to 10.222.16.0/20 table ffmyk priority 10
+ip -4 rule add to 10.222.32.0/19 table ffmyk priority 10
+ip -4 rule add to 10.222.64.0/18 table ffmyk priority 10
+ip -4 rule add to 10.222.128.0/17 table ffmyk priority 10
+ip -6 rule add to 2001:470:cd45:FF00::/56 table ffmyk priority 10

roles/configure_static_routes/templates/ffmyk-iproute-down.j2

@@ -7,5 +7,3 @@ ip -4 rule del iif bat{{ item.name }} table ffmyk
 ip -6 rule del iif bat{{ item.name }} table ffmyk
 ip -4 rule del from {{ item.net4 }} table ffmyk
 ip -6 rule del from {{ item.net6 }} table ffmyk
-ip -4 rule del to {{ item.net4 }} table ffmyk
-ip -6 rule del to {{ item.net6 }} table ffmyk

roles/configure_static_routes/templates/ffmyk-iproute-up.j2

@@ -4,8 +4,6 @@ ip -4 rule add iif bat{{ item.name }} table ffmyk priority 10
 ip -6 rule add iif bat{{ item.name }} table ffmyk priority 10
 ip -4 rule add from {{ item.net4 }} table ffmyk priority 10
 ip -6 rule add from {{ item.net6 }} table ffmyk priority 10
-ip -4 rule add to {{ item.net4 }} table ffmyk priority 10
-ip -6 rule add to {{ item.net6 }} table ffmyk priority 10
 
 ip -4 rule add from all iif bat{{ item.name }} type unreachable priority 200
 ip -6 rule add from all iif bat{{ item.name }} type unreachable priority 200

roles/install_wireguard_backbone/files/wgbackbone@.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=WireGuard Backbone for %I
+After=network-online.target
+Wants=network-online.target
+Documentation=man:wg(8)
+Documentation=https://www.wireguard.io/
+Documentation=https://www.wireguard.io/quickstart/
+Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg-quick.8
+Documentation=https://git.zx2c4.com/WireGuard/about/src/tools/wg.8
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/etc/wireguard/upbb%i.sh
+ExecStop=/etc/wireguard/downbb%i.sh
+
+[Install]
+WantedBy=multi-user.target

roles/install_wireguard_backbone/tasks/main.yml

@@ -1,24 +1,34 @@
 ---
-- name: create wireguard config for sites
+- name: create wireguard config for peers
   template:
       src: wg.conf.j2
-      dest: /etc/wireguard/wgbackbone.conf
+      dest: /etc/wireguard/wgbb{{ item.name }}.conf
       mode: 0400
+  with_items: "{{ wireguard_bb_peers }}"
 
-- name: create wireguard up scripts for sites
+- name: create wireguard up scripts for peers
   template:
       src: up.sh.j2
-      dest: /etc/wireguard/upbackbone.sh
+      dest: /etc/wireguard/upbb{{ item.name }}.sh
       mode: 0744
+  with_items: "{{ wireguard_bb_peers }}"
 
-- name: create wireguard down scripts for sites
+- name: create wireguard down scripts for peers
   template:
       src: down.sh.j2
-      dest: /etc/wireguard/downbackbone.sh
+      dest: /etc/wireguard/downbb{{ item.name }}.sh
       mode: 0744
+  with_items: "{{ wireguard_bb_peers }}"
+
+- name: create wireguard backbone service template
+  copy:
+      src: wgbackbone@.service
+      dest: /etc/systemd/system/wgbackbone@.service
 
 - name: start and enable wireguard mesh
   systemd:
-      name: wg-quick@wgbackbone.service
+      name: wgbackbone@{{ item.name }}.service
       enabled: yes
       state: started
+      daemon_reload: yes
+  with_items: "{{ wireguard_bb_peers }}"

roles/install_wireguard_backbone/templates/down.sh.j2

@@ -1,5 +1,5 @@
 #!/bin/bash
-{% for peer in wireguard_bb_peers %}
-ip link set down dev bb{{ peer.name }}
-ip link del bb{{ peer.name }} type ip6gretap
-{% endfor %}
+ip -4 rule del iif bb{{ item.name }} table ffmyk
+ip -6 rule del iif bb{{ item.name }} table ffmyk
+ip link set down dev bb{{ item.name }}
+ip link del bb{{ item.name }}

roles/install_wireguard_backbone/templates/up.sh.j2

@@ -1,7 +1,8 @@
 #!/bin/bash
-{% for peer in wireguard_bb_peers %}
-ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone
-ip link set mtu 1280 dev bb{{ peer.name }}
-ip link set up dev bb{{ peer.name }}
-ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }}
-{% endfor %}
+ip link add bb{{ item.name }} type wireguard
+wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
+ip addr add {{ item.address6 }} dev bb{{ item.name }}
+ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.address }}/32 dev bb{{ item.name }}
+ip link set up dev bb{{ item.name }}
+ip -4 rule add iif bb{{ item.name }} table ffmyk priority 10
+ip -6 rule add iif bb{{ item.name }} table ffmyk priority 10

roles/install_wireguard_backbone/templates/wg.conf.j2

@@ -1,15 +1,9 @@
 [Interface]
-ListenPort = {{ wireguard_bb_port }}
+ListenPort = {{ item.local_port }}
 PrivateKey = {{ wireguard_bb_key }}
-Address = {{ wireguard_bb_address }}/48
-MTU = 1423
-PostUp = /etc/wireguard/upbackbone.sh
-PreDown = /etc/wireguard/downbackbone.sh
 
-{% for peer in wireguard_bb_peers %}
 [Peer]
-PublicKey = {{ peer.key }}
-AllowedIPs = {{ peer.address }}/128
-Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }}
+PublicKey = {{ item.key }}
+AllowedIPs = 0.0.0.0/0,::/0
+Endpoint = [{{ item.endpoint }}]:{{ item.remote_port }}
 PersistentKeepalive = 30
-{% endfor %}