set wireguard backbone mtu to 1280

master
Niklas Yann Wettengel 7 years ago
parent c216adad03
commit ad992a78dd

@ -11,6 +11,7 @@ sites:
fastd_port2: <zweiter port> fastd_port2: <zweiter port>
bat_ipv6: '<ipv6>' bat_ipv6: '<ipv6>'
bat_ipv4: <ipv4> bat_ipv4: <ipv4>
bat_ipv4_cidr: 21
dhcp_subnet: '<ipv4 netz ohne netzmaske>' dhcp_subnet: '<ipv4 netz ohne netzmaske>'
dhcp_netmask: '<netzmaske>' dhcp_netmask: '<netzmaske>'
dhcp_start: <ipv4> dhcp_start: <ipv4>

@ -87,12 +87,8 @@ COMMIT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
-A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT -A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %} -A FORWARD -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% for peer in ffrl_peers %} -A FORWARD -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT COMMIT
*nat *nat
:PREROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0]

@ -71,12 +71,8 @@ COMMIT
{% endfor %} {% endfor %}
{% endif %} {% endif %}
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT -A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %} -A FORWARD -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% for peer in ffrl_peers %} -A FORWARD -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT COMMIT
*nat *nat

@ -3,6 +3,7 @@ ip link add bb{{ hostvars[item]['wireguard_bb_name'] }} type wireguard
wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf wg setconf bb{{ hostvars[item]['wireguard_bb_name'] }} /etc/wireguard/wgbb{{ hostvars[item]['wireguard_bb_name'] }}.conf
ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ hostvars[item]['wireguard_bb_name'] }}
ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ hostvars[item]['wireguard_bb_ipv4'] }}/32 dev bb{{ hostvars[item]['wireguard_bb_name'] }}
ip link set dev bb{{ hostvars[item]['wireguard_bb_name'] }} mtu 1280
ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }} ip link set up dev bb{{ hostvars[item]['wireguard_bb_name'] }}
ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 ip -4 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10
ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10 ip -6 rule add from all iif bb{{ hostvars[item]['wireguard_bb_name'] }} table ffmyk priority 10

@ -3,6 +3,7 @@ ip link add bb{{ item.name }} type wireguard
wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf wg setconf bb{{ item.name }} /etc/wireguard/wgbb{{ item.name }}.conf
ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ item.name }} ip addr add {{ wireguard_bb_ipv6 }}/64 dev bb{{ item.name }}
ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }} ip addr add {{ wireguard_bb_ipv4 }}/32 peer {{ item.ipv4 }}/32 dev bb{{ item.name }}
ip link set dev bb{{ item.name }} mtu 1280
ip link set up dev bb{{ item.name }} ip link set up dev bb{{ item.name }}
ip -4 rule add from all iif bb{{ item.name }} table ffmyk priority 10 ip -4 rule add from all iif bb{{ item.name }} table ffmyk priority 10
ip -6 rule add from all iif bb{{ item.name }} table ffmyk priority 10 ip -6 rule add from all iif bb{{ item.name }} table ffmyk priority 10

@ -3,6 +3,6 @@ Interface=bat{{ item.name }}
IP=static IP=static
IP6=static IP6=static
Address6=({{ item.bat_ipv6 }}/64) Address6=({{ item.bat_ipv6 }}/64)
Address=({{ item.bat_ipv4 }}/20) Address=({{ item.bat_ipv4 }}/{{ item.bat_ipv4_cidr }})
ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh ExecUpPost=/usr/local/bin/ffmyk-iproute{{ item.name }}-up.sh
ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh ExecDownPre=/usr/local/bin/ffmyk-iproute{{ item.name }}-down.sh

Loading…
Cancel
Save