added routing between servers

netsplit
Niklas Yann Wettengel 7 years ago
parent 6ef6aa8d62
commit 8bad801b15

@ -24,6 +24,15 @@ sites:
endpoint: '< peer public ipv6 >'
mac: '< own mac for mesh interface with peer >'
wireguard_bb_key: '< priv key >'
wireguard_bb_port: < port >
wireguard_bb_address: '< ipv6 wireguard backbone netz >'
wireguard_bb_gre_ipv4: '< ipv4 an gre tunneln >'
wireguard_bb_peers:
- name: '< name des interfaces >'
key: '< wireguard public key >'
address: '< ipv6 wireguard backbone netz >'
endpoint: '< peer public ipv6 >'
gre_ipv4: '< peer ipv4 an gre interface >'
mullvad_country: nl
mullvad_crt: |
-----BEGIN CERTIFICATE-----

@ -7,6 +7,6 @@ ip -6 route add unreachable default table ffmyk
ip -4 rule add from all fwmark 0x1 table ffmyk
ip -6 rule add from all fwmark 0x1 table ffmyk
#Alles mit Freifunk-IP - woher auch immer - gehlrt zu Tabelle ffmyk
ip -4 rule add from 10.222.0.0/16 table ffmyk
ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk
#Alles mit Freifunk-IP - woher auch immer - gehört zu Tabelle ffmyk
#ip -4 rule add from 10.222.0.0/16 table ffmyk
#ip -6 rule add from 2001:470:cd45:FF00::/56 table ffmyk

@ -0,0 +1,5 @@
---
- name: restart babeld
systemd:
name: babeld.service
state: restarted

@ -0,0 +1,20 @@
---
- name: install fastd
become: yes
become_user: '{{ aur_user }}'
aur:
name: babeld
tool: yaourt
- name: babeld.conf
template:
src: babeld.conf.j2
dest: /etc/babeld.conf
mode: 0640
notify: restart babeld
- name: start and enable babeld service
systemd:
name: babeld.service
enabled: yes
state: started

@ -0,0 +1,59 @@
# Configuration for babeld. See the man page babeld(8) for
# details on the configuration format.
# Works on Linux > 3.11
ipv6-subtrees true
# You must provide at least one interface for babeld to operate on.
{% for peer in wireguard_bb_peers %}
interface bb{{ peer.name }}
{% endfor %}
#interface wlan0
# Global options you might want to set. There are many more, see the man page.
#debug 1
local-port 33123
#diversity true
#random-id true
# Per-interface configuration. Note that each interface referenced here
# will be used by babeld.
#interface eth1 rxcost 10
#interface tun0 faraway true
#interface wlan0 hello-interval 1
# Since 1.4.2, you can also specify defaults for interface parameters, which
# will be used for all interfaces except specified otherwise (see above).
#default rxcost 42
#default hello-interval 5
# Since 1.5.0, you can use the RTT-based metric, most useful for a network
# with tunnels (overlay network).
#default enable-timestamps true
#interface tun0 max-rtt-penalty 150
#interface tun0 rtt-max 100
default type wired max-rtt-penalty 128
export-table 42
import-table 42
# Filtering rules.
# Only accept routes included in a specific prefix.
#in ip 192.168.42.0/24 allow
#in ip 2001:db8:cafe:cafe::/64 allow
#in deny
redistribute metric 128
# Only redistribute addresses from a given prefix, to avoid redistributing
# all local addresses
redistribute ip 10.222.0.0/16 local allow
redistribute ip 2001:470:cd45:FF00::/56 local allow
redistribute local deny
# Redistribute a default route obtained otherwise (here, through DHCP or
# configured statically).
# Note that babeld ignores kernel routes with proto 3 (boot) by default.
#redistribute proto 3 ip 0.0.0.0/0 eq 0 metric 50
#redistribute proto 3 ip ::/0 eq 0 metric 50

@ -0,0 +1,24 @@
---
- name: create wireguard config for sites
template:
src: wg.conf.j2
dest: /etc/wireguard/wgbackbone.conf
mode: 0400
- name: create wireguard up scripts for sites
template:
src: up.sh.j2
dest: /etc/wireguard/upbackbone.sh
mode: 0744
- name: create wireguard down scripts for sites
template:
src: down.sh.j2
dest: /etc/wireguard/downbackbone.sh
mode: 0744
- name: start and enable wireguard mesh
systemd:
name: wg-quick@wgbackbone.service
enabled: yes
state: started

@ -0,0 +1,5 @@
#!/bin/bash
{% for peer in wireguard_bb_peers %}
ip link set down dev bb{{ peer.name }}
ip link del bb{{ peer.name }} type ip6gretap
{% endfor %}

@ -0,0 +1,7 @@
#!/bin/bash
{% for peer in wireguard_bb_peers %}
ip link add bb{{ peer.name }} type ip6gretap remote {{ peer.address }} local {{ wireguard_bb_address }} ttl 255 dev wgbackbone
ip link set mtu 1280 dev bb{{ peer.name }}
ip link set up dev bb{{ peer.name }}
ip address add {{ wireguard_bb_gre_ipv4 }} peer {{ peer.gre_ipv4 }} dev bb{{ peer.name }}
{% endfor %}

@ -0,0 +1,15 @@
[Interface]
ListenPort = {{ wireguard_bb_port }}
PrivateKey = {{ wireguard_bb_key }}
Address = {{ wireguard_bb_address }}/48
MTU = 1423
PostUp = /etc/wireguard/upbackbone.sh
PreDown = /etc/wireguard/downbackbone.sh
{% for peer in wireguard_bb_peers %}
[Peer]
PublicKey = {{ peer.key }}
AllowedIPs = {{ peer.address }}/128
Endpoint = [{{ peer.endpoint }}]:{{ wireguard_bb_port }}
PersistentKeepalive = 30
{% endfor %}

@ -20,6 +20,8 @@
- install_bind
- install_wireguard
- install_wireguard_mesh
- install_wireguard_backbone
- install_babeld
- install_fastd
#- install_openvpn
#- install_monitoring

Loading…
Cancel
Save