tweak the vpn template to route multiples subnets
This commit is contained in:
parent
b6b7003068
commit
126c1fd438
11 changed files with 92 additions and 72 deletions
|
@ -1,71 +1,85 @@
|
|||
---
|
||||
intranet:
|
||||
domaine: "intra"
|
||||
ipv4: "172.20.0.0"
|
||||
domaine: intra
|
||||
ipv4: 172.20.0.0
|
||||
netmaskv4: 16
|
||||
comment: "The intranet"
|
||||
gateway: 172.20.1.1
|
||||
comment: The intranet
|
||||
subnets:
|
||||
physical:
|
||||
domaine: "phy"
|
||||
ipv4: "172.20.1.0"
|
||||
domaine: phy
|
||||
ipv4: 172.20.1.0
|
||||
netmaskv4: 24
|
||||
comment: "Physical machines"
|
||||
gateway: 172.20.1.1
|
||||
comment: Physical machines
|
||||
subnets:
|
||||
hindley:
|
||||
domaine: "hindley"
|
||||
ipv4: "172.20.1.1"
|
||||
domaine: hindley
|
||||
ipv4: 172.20.1.1
|
||||
netmaskv4: 32
|
||||
comment: "Hindley"
|
||||
comment: Hindley
|
||||
azerty:
|
||||
domaine: "azerty"
|
||||
ipv4: "172.20.1.2"
|
||||
domaine: azerty
|
||||
ipv4: 172.20.1.2
|
||||
netmaskv4: 32
|
||||
comment: "Azerty"
|
||||
comment: Azerty
|
||||
hellman:
|
||||
domaine: "hellman"
|
||||
ipv4: "172.20.1.3"
|
||||
domaine: hellman
|
||||
ipv4: 172.20.1.3
|
||||
netmaskv4: 32
|
||||
comment: "Hellman"
|
||||
comment: Hellman
|
||||
rossum:
|
||||
domaine: "rossum"
|
||||
ipv4: "172.20.1.4"
|
||||
domaine: rossum
|
||||
ipv4: 172.20.1.4
|
||||
netmaskv4: 32
|
||||
comment: "Rossum"
|
||||
test:
|
||||
domaine: "test"
|
||||
ipv4: "172.20.199.0"
|
||||
comment: Rossum
|
||||
guest_hellman:
|
||||
domaine: hllm
|
||||
ipv4: 172.20.103.0
|
||||
netmaskv4: 24
|
||||
comment: "Test VM"
|
||||
gateway: 172.20.103.1
|
||||
comment: Lan for the vm hosted on hellman
|
||||
subnets:
|
||||
hellman:
|
||||
domaine: hellman
|
||||
ipv4: 172.20.103.1
|
||||
netmaskv4: 32
|
||||
comment: Hellman
|
||||
test:
|
||||
domaine: test
|
||||
ipv4: 172.20.199.0
|
||||
netmaskv4: 24
|
||||
comment: Test VM
|
||||
subnets:
|
||||
vm1:
|
||||
domaine: "vm1"
|
||||
ipv4: "172.20.199.1"
|
||||
domaine: vm1
|
||||
ipv4: 172.20.199.1
|
||||
netmaskv4: 32
|
||||
comment: "Test vm 1, on knuth"
|
||||
comment: Test vm 1, on knuth
|
||||
vm2:
|
||||
domaine: "vm2"
|
||||
ipv4: "172.20.199.2"
|
||||
domaine: vm2
|
||||
ipv4: 172.20.199.2
|
||||
netmaskv4: 32
|
||||
comment: "Test vm 2, on knuth"
|
||||
comment: Test vm 2, on knuth
|
||||
vm3:
|
||||
domaine: "vm3"
|
||||
ipv4: "172.20.199.3"
|
||||
domaine: vm3
|
||||
ipv4: 172.20.199.3
|
||||
netmaskv4: 32
|
||||
comment: "Test vm 3, on knuth"
|
||||
comment: Test vm 3, on knuth
|
||||
vm4:
|
||||
domaine: "knuth"
|
||||
ipv4: "172.20.199.4"
|
||||
domaine: vm4
|
||||
ipv4: 172.20.199.4
|
||||
netmaskv4: 32
|
||||
comment: "Test vm 4, on knuth"
|
||||
comment: Test vm 4, on knuth
|
||||
guest:
|
||||
domaine: "guest"
|
||||
ipv4: "172.20.200.0"
|
||||
domaine: guest
|
||||
ipv4: 172.20.200.0
|
||||
netmaskv4: 24
|
||||
comment: "Guest machines"
|
||||
comment: Guest machines
|
||||
subnets:
|
||||
knuth:
|
||||
domaine: "knuth"
|
||||
ipv4: "172.20.200.1"
|
||||
domaine: knuth
|
||||
ipv4: 172.20.200.1
|
||||
netmaskv4: 32
|
||||
comment: "Knuth"
|
||||
comment: Knuth
|
||||
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -10,6 +10,11 @@ interfaces:
|
|||
gateway: 10.50.0.254
|
||||
interfaces:
|
||||
- enp7s0
|
||||
br1:
|
||||
ipv4: "{{ intranet.subnets.guest_hellman.subnets.hellman.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.subnets.guest_hellman.netmaskv4 }}"
|
||||
type: static
|
||||
bridge: true
|
||||
wg0:
|
||||
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
|
||||
netmaskv4: "{{ intranet.netmaskv4 }}"
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -8,43 +8,44 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['azerty'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}/32"
|
||||
comment: "azerty"
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['hellman'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}/32"
|
||||
- "{{ intranet.subnets.guest_hellman.ipv4 }}/{{ intranet.subnets.guest_hellman.netmaskv4 }}"
|
||||
comment: "hellman"
|
||||
- endpoint: ""
|
||||
public_key: "{{ vpn_guest_keys.knuth }}"
|
||||
allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
|
||||
allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}/{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
|
||||
comment: "Client laptop: knuth"
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}/32"
|
||||
comment: "Raspi at paris, Rossum"
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['vm1'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}/32"
|
||||
comment: "Test VM 1, hosted by knuth"
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['vm2'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}/32"
|
||||
comment: "Test VM 2, hosted by knuth"
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['vm3'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}/32"
|
||||
comment: "Test VM 3, hosted by knuth"
|
||||
- endpoint: ""
|
||||
public_key: "{{ hostvars['vm4'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: 32
|
||||
allowed_ips:
|
||||
- "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}/32"
|
||||
comment: "Test VM 4, hosted by knuth"
|
||||
|
||||
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -8,6 +8,6 @@ vpn_interfaces:
|
|||
peers:
|
||||
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
|
||||
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
|
||||
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
|
||||
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
|
||||
allowed_ips:
|
||||
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
|
||||
comment: "hindley"
|
||||
|
|
|
@ -12,7 +12,7 @@ Publickey = {{ peer.public_key }}
|
|||
{% if peer.endpoint %}
|
||||
Endpoint = {{ peer.endpoint }}:{{ vpn_port }}
|
||||
{% endif %}
|
||||
AllowedIPs = {{peer.allowed_ip}}/{{ peer.allowed_mask }}
|
||||
AllowedIPs = {{ peer.allowed_ips | join(", ") }}
|
||||
|
||||
{% endfor %}
|
||||
{% if item.value.keepalive %}
|
||||
|
|
Loading…
Reference in a new issue