tweak the vpn template to route multiples subnets
This commit is contained in:
parent
b6b7003068
commit
126c1fd438
11 changed files with 92 additions and 72 deletions
|
@ -1,71 +1,85 @@
|
||||||
---
|
---
|
||||||
intranet:
|
intranet:
|
||||||
domaine: "intra"
|
domaine: intra
|
||||||
ipv4: "172.20.0.0"
|
ipv4: 172.20.0.0
|
||||||
netmaskv4: 16
|
netmaskv4: 16
|
||||||
comment: "The intranet"
|
gateway: 172.20.1.1
|
||||||
|
comment: The intranet
|
||||||
subnets:
|
subnets:
|
||||||
physical:
|
physical:
|
||||||
domaine: "phy"
|
domaine: phy
|
||||||
ipv4: "172.20.1.0"
|
ipv4: 172.20.1.0
|
||||||
netmaskv4: 24
|
netmaskv4: 24
|
||||||
comment: "Physical machines"
|
gateway: 172.20.1.1
|
||||||
|
comment: Physical machines
|
||||||
subnets:
|
subnets:
|
||||||
hindley:
|
hindley:
|
||||||
domaine: "hindley"
|
domaine: hindley
|
||||||
ipv4: "172.20.1.1"
|
ipv4: 172.20.1.1
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Hindley"
|
comment: Hindley
|
||||||
azerty:
|
azerty:
|
||||||
domaine: "azerty"
|
domaine: azerty
|
||||||
ipv4: "172.20.1.2"
|
ipv4: 172.20.1.2
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Azerty"
|
comment: Azerty
|
||||||
hellman:
|
hellman:
|
||||||
domaine: "hellman"
|
domaine: hellman
|
||||||
ipv4: "172.20.1.3"
|
ipv4: 172.20.1.3
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Hellman"
|
comment: Hellman
|
||||||
rossum:
|
rossum:
|
||||||
domaine: "rossum"
|
domaine: rossum
|
||||||
ipv4: "172.20.1.4"
|
ipv4: 172.20.1.4
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Rossum"
|
comment: Rossum
|
||||||
test:
|
guest_hellman:
|
||||||
domaine: "test"
|
domaine: hllm
|
||||||
ipv4: "172.20.199.0"
|
ipv4: 172.20.103.0
|
||||||
netmaskv4: 24
|
netmaskv4: 24
|
||||||
comment: "Test VM"
|
gateway: 172.20.103.1
|
||||||
|
comment: Lan for the vm hosted on hellman
|
||||||
|
subnets:
|
||||||
|
hellman:
|
||||||
|
domaine: hellman
|
||||||
|
ipv4: 172.20.103.1
|
||||||
|
netmaskv4: 32
|
||||||
|
comment: Hellman
|
||||||
|
test:
|
||||||
|
domaine: test
|
||||||
|
ipv4: 172.20.199.0
|
||||||
|
netmaskv4: 24
|
||||||
|
comment: Test VM
|
||||||
subnets:
|
subnets:
|
||||||
vm1:
|
vm1:
|
||||||
domaine: "vm1"
|
domaine: vm1
|
||||||
ipv4: "172.20.199.1"
|
ipv4: 172.20.199.1
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Test vm 1, on knuth"
|
comment: Test vm 1, on knuth
|
||||||
vm2:
|
vm2:
|
||||||
domaine: "vm2"
|
domaine: vm2
|
||||||
ipv4: "172.20.199.2"
|
ipv4: 172.20.199.2
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Test vm 2, on knuth"
|
comment: Test vm 2, on knuth
|
||||||
vm3:
|
vm3:
|
||||||
domaine: "vm3"
|
domaine: vm3
|
||||||
ipv4: "172.20.199.3"
|
ipv4: 172.20.199.3
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Test vm 3, on knuth"
|
comment: Test vm 3, on knuth
|
||||||
vm4:
|
vm4:
|
||||||
domaine: "knuth"
|
domaine: vm4
|
||||||
ipv4: "172.20.199.4"
|
ipv4: 172.20.199.4
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Test vm 4, on knuth"
|
comment: Test vm 4, on knuth
|
||||||
guest:
|
guest:
|
||||||
domaine: "guest"
|
domaine: guest
|
||||||
ipv4: "172.20.200.0"
|
ipv4: 172.20.200.0
|
||||||
netmaskv4: 24
|
netmaskv4: 24
|
||||||
comment: "Guest machines"
|
comment: Guest machines
|
||||||
subnets:
|
subnets:
|
||||||
knuth:
|
knuth:
|
||||||
domaine: "knuth"
|
domaine: knuth
|
||||||
ipv4: "172.20.200.1"
|
ipv4: 172.20.200.1
|
||||||
netmaskv4: 32
|
netmaskv4: 32
|
||||||
comment: "Knuth"
|
comment: Knuth
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -10,6 +10,11 @@ interfaces:
|
||||||
gateway: 10.50.0.254
|
gateway: 10.50.0.254
|
||||||
interfaces:
|
interfaces:
|
||||||
- enp7s0
|
- enp7s0
|
||||||
|
br1:
|
||||||
|
ipv4: "{{ intranet.subnets.guest_hellman.subnets.hellman.ipv4 }}"
|
||||||
|
netmaskv4: "{{ intranet.subnets.guest_hellman.netmaskv4 }}"
|
||||||
|
type: static
|
||||||
|
bridge: true
|
||||||
wg0:
|
wg0:
|
||||||
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
|
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
|
||||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -8,43 +8,44 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['azerty'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['azerty'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}/32"
|
||||||
comment: "azerty"
|
comment: "azerty"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['hellman'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hellman'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}/32"
|
||||||
|
- "{{ intranet.subnets.guest_hellman.ipv4 }}/{{ intranet.subnets.guest_hellman.netmaskv4 }}"
|
||||||
comment: "hellman"
|
comment: "hellman"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ vpn_guest_keys.knuth }}"
|
public_key: "{{ vpn_guest_keys.knuth }}"
|
||||||
allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
|
- "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}/{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
|
||||||
comment: "Client laptop: knuth"
|
comment: "Client laptop: knuth"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}/32"
|
||||||
comment: "Raspi at paris, Rossum"
|
comment: "Raspi at paris, Rossum"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['vm1'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['vm1'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}/32"
|
||||||
comment: "Test VM 1, hosted by knuth"
|
comment: "Test VM 1, hosted by knuth"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['vm2'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['vm2'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}/32"
|
||||||
comment: "Test VM 2, hosted by knuth"
|
comment: "Test VM 2, hosted by knuth"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['vm3'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['vm3'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}/32"
|
||||||
comment: "Test VM 3, hosted by knuth"
|
comment: "Test VM 3, hosted by knuth"
|
||||||
- endpoint: ""
|
- endpoint: ""
|
||||||
public_key: "{{ hostvars['vm4'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['vm4'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: 32
|
- "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}/32"
|
||||||
comment: "Test VM 4, hosted by knuth"
|
comment: "Test VM 4, hosted by knuth"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
||||||
peers:
|
peers:
|
||||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
allowed_ips:
|
||||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||||
comment: "hindley"
|
comment: "hindley"
|
||||||
|
|
|
@ -10,9 +10,9 @@ ListenPort = {{ vpn_port }}
|
||||||
{{ peer.comment | comment }}
|
{{ peer.comment | comment }}
|
||||||
Publickey = {{ peer.public_key }}
|
Publickey = {{ peer.public_key }}
|
||||||
{% if peer.endpoint %}
|
{% if peer.endpoint %}
|
||||||
Endpoint = {{peer.endpoint}}:{{ vpn_port }}
|
Endpoint = {{ peer.endpoint }}:{{ vpn_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
AllowedIPs = {{peer.allowed_ip}}/{{ peer.allowed_mask }}
|
AllowedIPs = {{ peer.allowed_ips | join(", ") }}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if item.value.keepalive %}
|
{% if item.value.keepalive %}
|
||||||
|
|
Loading…
Reference in a new issue