tweak the vpn template to route multiples subnets

This commit is contained in:
histausse 2021-07-12 02:09:39 +02:00
parent b6b7003068
commit 126c1fd438
Signed by: histausse
GPG key ID: 67486F107F62E9E9
11 changed files with 92 additions and 72 deletions

View file

@ -1,71 +1,85 @@
--- ---
intranet: intranet:
domaine: "intra" domaine: intra
ipv4: "172.20.0.0" ipv4: 172.20.0.0
netmaskv4: 16 netmaskv4: 16
comment: "The intranet" gateway: 172.20.1.1
comment: The intranet
subnets: subnets:
physical: physical:
domaine: "phy" domaine: phy
ipv4: "172.20.1.0" ipv4: 172.20.1.0
netmaskv4: 24 netmaskv4: 24
comment: "Physical machines" gateway: 172.20.1.1
comment: Physical machines
subnets: subnets:
hindley: hindley:
domaine: "hindley" domaine: hindley
ipv4: "172.20.1.1" ipv4: 172.20.1.1
netmaskv4: 32 netmaskv4: 32
comment: "Hindley" comment: Hindley
azerty: azerty:
domaine: "azerty" domaine: azerty
ipv4: "172.20.1.2" ipv4: 172.20.1.2
netmaskv4: 32 netmaskv4: 32
comment: "Azerty" comment: Azerty
hellman: hellman:
domaine: "hellman" domaine: hellman
ipv4: "172.20.1.3" ipv4: 172.20.1.3
netmaskv4: 32 netmaskv4: 32
comment: "Hellman" comment: Hellman
rossum: rossum:
domaine: "rossum" domaine: rossum
ipv4: "172.20.1.4" ipv4: 172.20.1.4
netmaskv4: 32 netmaskv4: 32
comment: "Rossum" comment: Rossum
test: guest_hellman:
domaine: "test" domaine: hllm
ipv4: "172.20.199.0" ipv4: 172.20.103.0
netmaskv4: 24 netmaskv4: 24
comment: "Test VM" gateway: 172.20.103.1
comment: Lan for the vm hosted on hellman
subnets:
hellman:
domaine: hellman
ipv4: 172.20.103.1
netmaskv4: 32
comment: Hellman
test:
domaine: test
ipv4: 172.20.199.0
netmaskv4: 24
comment: Test VM
subnets: subnets:
vm1: vm1:
domaine: "vm1" domaine: vm1
ipv4: "172.20.199.1" ipv4: 172.20.199.1
netmaskv4: 32 netmaskv4: 32
comment: "Test vm 1, on knuth" comment: Test vm 1, on knuth
vm2: vm2:
domaine: "vm2" domaine: vm2
ipv4: "172.20.199.2" ipv4: 172.20.199.2
netmaskv4: 32 netmaskv4: 32
comment: "Test vm 2, on knuth" comment: Test vm 2, on knuth
vm3: vm3:
domaine: "vm3" domaine: vm3
ipv4: "172.20.199.3" ipv4: 172.20.199.3
netmaskv4: 32 netmaskv4: 32
comment: "Test vm 3, on knuth" comment: Test vm 3, on knuth
vm4: vm4:
domaine: "knuth" domaine: vm4
ipv4: "172.20.199.4" ipv4: 172.20.199.4
netmaskv4: 32 netmaskv4: 32
comment: "Test vm 4, on knuth" comment: Test vm 4, on knuth
guest: guest:
domaine: "guest" domaine: guest
ipv4: "172.20.200.0" ipv4: 172.20.200.0
netmaskv4: 24 netmaskv4: 24
comment: "Guest machines" comment: Guest machines
subnets: subnets:
knuth: knuth:
domaine: "knuth" domaine: knuth
ipv4: "172.20.200.1" ipv4: 172.20.200.1
netmaskv4: 32 netmaskv4: 32
comment: "Knuth" comment: Knuth

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -10,6 +10,11 @@ interfaces:
gateway: 10.50.0.254 gateway: 10.50.0.254
interfaces: interfaces:
- enp7s0 - enp7s0
br1:
ipv4: "{{ intranet.subnets.guest_hellman.subnets.hellman.ipv4 }}"
netmaskv4: "{{ intranet.subnets.guest_hellman.netmaskv4 }}"
type: static
bridge: true
wg0: wg0:
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}" ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}" netmaskv4: "{{ intranet.netmaskv4 }}"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -8,43 +8,44 @@ vpn_interfaces:
peers: peers:
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['azerty'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['azerty'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}/32"
comment: "azerty" comment: "azerty"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['hellman'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hellman'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}/32"
- "{{ intranet.subnets.guest_hellman.ipv4 }}/{{ intranet.subnets.guest_hellman.netmaskv4 }}"
comment: "hellman" comment: "hellman"
- endpoint: "" - endpoint: ""
public_key: "{{ vpn_guest_keys.knuth }}" public_key: "{{ vpn_guest_keys.knuth }}"
allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}" allowed_ips:
allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}" - "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}/{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
comment: "Client laptop: knuth" comment: "Client laptop: knuth"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}/32"
comment: "Raspi at paris, Rossum" comment: "Raspi at paris, Rossum"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['vm1'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['vm1'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 1, hosted by knuth" comment: "Test VM 1, hosted by knuth"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['vm2'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['vm2'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 2, hosted by knuth" comment: "Test VM 2, hosted by knuth"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['vm3'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['vm3'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 3, hosted by knuth" comment: "Test VM 3, hosted by knuth"
- endpoint: "" - endpoint: ""
public_key: "{{ hostvars['vm4'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['vm4'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: 32 - "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 4, hosted by knuth" comment: "Test VM 4, hosted by knuth"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers: peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}" allowed_ips:
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}" - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley" comment: "hindley"

View file

@ -12,7 +12,7 @@ Publickey = {{ peer.public_key }}
{% if peer.endpoint %} {% if peer.endpoint %}
Endpoint = {{ peer.endpoint }}:{{ vpn_port }} Endpoint = {{ peer.endpoint }}:{{ vpn_port }}
{% endif %} {% endif %}
AllowedIPs = {{peer.allowed_ip}}/{{ peer.allowed_mask }} AllowedIPs = {{ peer.allowed_ips | join(", ") }}
{% endfor %} {% endfor %}
{% if item.value.keepalive %} {% if item.value.keepalive %}