added routing between servers

host_vars/fastd

@@ -23,7 +23,16 @@ sites:
         address: '< peer wg mesh ipv6 ula>'
         endpoint: '< peer public ipv6 >'
         mac: '< own mac for mesh interface with peer >'
-    wireguard_bb_key: '< priv key >'
+wireguard_bb_key: '< priv key >'
+wireguard_bb_port: < port >
+wireguard_bb_address: '< ipv6 wireguard backbone netz >'
+wireguard_bb_gre_ipv4: '< ipv4 an gre tunneln >'
+wireguard_bb_peers:
+  - name: '< name des interfaces >'
+    key: '< wireguard public key >'
+    address: '< ipv6 wireguard backbone netz >'
+    endpoint: '< peer public ipv6 >'
+    gre_ipv4: '< peer ipv4 an gre interface >'
 mullvad_country: nl
 mullvad_crt: |
     -----BEGIN CERTIFICATE-----

roles/configure_static_routes/files/ffmyk-iproute.sh

@@ -7,6 +7,6 @@ ip -6 route add unreachable default table ffmyk
 ip -4 rule add from all fwmark 0x1 table ffmyk
 ip -6 rule add from all fwmark 0x1 table ffmyk
  
-#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
-ip -4 rule add from 10.222.0.0/16 table ffmyk
-ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk
+#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
+#ip -4 rule add from 10.222.0.0/16 table ffmyk
+#ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk

roles/install_babeld/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart babeld
+  systemd:
+      name: babeld.service
+      state: restarted

roles/install_babeld/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: install fastd
+  become: yes
+  become_user: '{{ aur_user }}'
+  aur:
+      name: babeld
+      tool: yaourt
+
+- name: babeld.conf
+  template:
+      src: babeld.conf.j2
+      dest: /etc/babeld.conf
+      mode: 0640
+  notify: restart babeld
+
+- name: start and enable babeld service
+  systemd:
+      name: babeld.service
+      enabled: yes
+      state: started

roles/install_babeld/templates/babeld.conf.j2

@@ -0,0 +1,59 @@
+# Configuration for babeld. See the man page babeld(8) for
+# details on the configuration format.
+
+# Works on Linux > 3.11
+ipv6-subtrees true
+
+# You must provide at least one interface for babeld to operate on.
+{% for peer in wireguard_bb_peers %}
+interface bb{{ peer.name }}
+{% endfor %}
+#interface wlan0
+
+# Global options you might want to set. There are many more, see the man page.
+#debug 1
+local-port 33123
+#diversity true
+#random-id true
+
+# Per-interface configuration. Note that each interface referenced here
+# will be used by babeld.
+#interface eth1 rxcost 10
+#interface tun0 faraway true
+#interface wlan0 hello-interval 1
+
+# Since 1.4.2, you can also specify defaults for interface parameters, which
+# will be used for all interfaces except specified otherwise (see above).
+#default rxcost 42
+#default hello-interval 5
+
+# Since 1.5.0, you can use the RTT-based metric, most useful for a network
+# with tunnels (overlay network).
+#default enable-timestamps true
+#interface tun0 max-rtt-penalty 150
+#interface tun0 rtt-max 100
+default type wired max-rtt-penalty 128
+export-table 42
+import-table 42
+
+
+# Filtering rules.
+
+# Only accept routes included in a specific prefix.
+#in ip 192.168.42.0/24 allow
+#in ip 2001:db8:cafe:cafe::/64 allow
+#in deny
+
+redistribute metric 128
+# Only redistribute addresses from a given prefix, to avoid redistributing
+# all local addresses
+redistribute ip 10.222.0.0/16 local allow
+redistribute ip 2001:470:cd45:FF00::/56 local allow
+redistribute local deny
+
+# Redistribute a default route obtained otherwise (here, through DHCP or
+# configured statically).
+# Note that babeld ignores kernel routes with proto 3 (boot) by default.
+#redistribute proto 3 ip 0.0.0.0/0 eq 0 metric 50
+#redistribute proto 3 ip ::/0 eq 0 metric 50
+

roles/install_wireguard_backbone/tasks/main.yml

@@ -0,0 +1,24 @@
+---
+- name: create wireguard config for sites
+  template:
+      src: wg.conf.j2
+      dest: /etc/wireguard/wgbackbone.conf
+      mode: 0400
+
+- name: create wireguard up scripts for sites
+  template:
+      src: up.sh.j2
+      dest: /etc/wireguard/upbackbone.sh
+      mode: 0744
+
+- name: create wireguard down scripts for sites
+  template:
+      src: down.sh.j2
+      dest: /etc/wireguard/downbackbone.sh
+      mode: 0744
+
+- name: start and enable wireguard mesh
+  systemd:
+      name: wg-quick@wgbackbone.service
+      enabled: yes
+      state: started

roles/install_wireguard_backbone/templates/down.sh.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+{% for peer in wireguard_bb_peers %}
+ip link set down dev bb{{ peer.name }}
+ip link del bb{{ peer.name }} type ip6gretap
+{% endfor %}

roles/install_wireguard_backbone/templates/up.sh.j2

@@ -0,0 +1,7 @@
+#!/bin/bash
+{% for peer in wireguard_bb_peers %}
+ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone
+ip link set mtu 1280 dev bb{{ peer.name }}
+ip link set up dev bb{{ peer.name }}
+ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }}
+{% endfor %}

roles/install_wireguard_backbone/templates/wg.conf.j2

@@ -0,0 +1,15 @@
+[Interface]
+ListenPort = {{ wireguard_bb_port }}
+PrivateKey = {{ wireguard_bb_key }}
+Address = {{ wireguard_bb_address }}/48
+MTU = 1423
+PostUp = /etc/wireguard/upbackbone.sh
+PreDown = /etc/wireguard/downbackbone.sh
+
+{% for peer in wireguard_bb_peers %}
+[Peer]
+PublicKey = {{ peer.key }}
+AllowedIPs = {{ peer.address }}/128
+Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }}
+PersistentKeepalive = 30
+{% endfor %}

setup_fastd.yml

@@ -20,6 +20,8 @@
       - install_bind
       - install_wireguard
       - install_wireguard_mesh
+      - install_wireguard_backbone
+      - install_babeld
       - install_fastd
       #- install_openvpn
       #- install_monitoring