tweak the vpn template to route multiples subnets

This commit is contained in:
histausse 2021-07-12 02:09:39 +02:00
parent b6b7003068
commit 126c1fd438
Signed by: histausse
GPG key ID: 67486F107F62E9E9
11 changed files with 92 additions and 72 deletions

View file

@ -1,71 +1,85 @@
---
intranet:
domaine: "intra"
ipv4: "172.20.0.0"
domaine: intra
ipv4: 172.20.0.0
netmaskv4: 16
comment: "The intranet"
gateway: 172.20.1.1
comment: The intranet
subnets:
physical:
domaine: "phy"
ipv4: "172.20.1.0"
domaine: phy
ipv4: 172.20.1.0
netmaskv4: 24
comment: "Physical machines"
gateway: 172.20.1.1
comment: Physical machines
subnets:
hindley:
domaine: "hindley"
ipv4: "172.20.1.1"
domaine: hindley
ipv4: 172.20.1.1
netmaskv4: 32
comment: "Hindley"
comment: Hindley
azerty:
domaine: "azerty"
ipv4: "172.20.1.2"
domaine: azerty
ipv4: 172.20.1.2
netmaskv4: 32
comment: "Azerty"
comment: Azerty
hellman:
domaine: "hellman"
ipv4: "172.20.1.3"
domaine: hellman
ipv4: 172.20.1.3
netmaskv4: 32
comment: "Hellman"
comment: Hellman
rossum:
domaine: "rossum"
ipv4: "172.20.1.4"
domaine: rossum
ipv4: 172.20.1.4
netmaskv4: 32
comment: "Rossum"
test:
domaine: "test"
ipv4: "172.20.199.0"
comment: Rossum
guest_hellman:
domaine: hllm
ipv4: 172.20.103.0
netmaskv4: 24
comment: "Test VM"
gateway: 172.20.103.1
comment: Lan for the vm hosted on hellman
subnets:
hellman:
domaine: hellman
ipv4: 172.20.103.1
netmaskv4: 32
comment: Hellman
test:
domaine: test
ipv4: 172.20.199.0
netmaskv4: 24
comment: Test VM
subnets:
vm1:
domaine: "vm1"
ipv4: "172.20.199.1"
domaine: vm1
ipv4: 172.20.199.1
netmaskv4: 32
comment: "Test vm 1, on knuth"
comment: Test vm 1, on knuth
vm2:
domaine: "vm2"
ipv4: "172.20.199.2"
domaine: vm2
ipv4: 172.20.199.2
netmaskv4: 32
comment: "Test vm 2, on knuth"
comment: Test vm 2, on knuth
vm3:
domaine: "vm3"
ipv4: "172.20.199.3"
domaine: vm3
ipv4: 172.20.199.3
netmaskv4: 32
comment: "Test vm 3, on knuth"
comment: Test vm 3, on knuth
vm4:
domaine: "knuth"
ipv4: "172.20.199.4"
domaine: vm4
ipv4: 172.20.199.4
netmaskv4: 32
comment: "Test vm 4, on knuth"
comment: Test vm 4, on knuth
guest:
domaine: "guest"
ipv4: "172.20.200.0"
domaine: guest
ipv4: 172.20.200.0
netmaskv4: 24
comment: "Guest machines"
comment: Guest machines
subnets:
knuth:
domaine: "knuth"
ipv4: "172.20.200.1"
domaine: knuth
ipv4: 172.20.200.1
netmaskv4: 32
comment: "Knuth"
comment: Knuth

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -10,6 +10,11 @@ interfaces:
gateway: 10.50.0.254
interfaces:
- enp7s0
br1:
ipv4: "{{ intranet.subnets.guest_hellman.subnets.hellman.ipv4 }}"
netmaskv4: "{{ intranet.subnets.guest_hellman.netmaskv4 }}"
type: static
bridge: true
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.hellman.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -8,43 +8,44 @@ vpn_interfaces:
peers:
- endpoint: ""
public_key: "{{ hostvars['azerty'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['azerty'].vpn_interfaces.wg0.ip }}/32"
comment: "azerty"
- endpoint: ""
public_key: "{{ hostvars['hellman'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['hellman'].vpn_interfaces.wg0.ip }}/32"
- "{{ intranet.subnets.guest_hellman.ipv4 }}/{{ intranet.subnets.guest_hellman.netmaskv4 }}"
comment: "hellman"
- endpoint: ""
public_key: "{{ vpn_guest_keys.knuth }}"
allowed_ip: "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}"
allowed_mask: "{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
allowed_ips:
- "{{ intranet.subnets.guest.subnets.knuth.ipv4 }}/{{ intranet.subnets.guest.subnets.knuth.netmaskv4 }}"
comment: "Client laptop: knuth"
- endpoint: ""
public_key: "{{ hostvars['rossum'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['rossum'].vpn_interfaces.wg0.ip }}/32"
comment: "Raspi at paris, Rossum"
- endpoint: ""
public_key: "{{ hostvars['vm1'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['vm1'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 1, hosted by knuth"
- endpoint: ""
public_key: "{{ hostvars['vm2'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['vm2'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 2, hosted by knuth"
- endpoint: ""
public_key: "{{ hostvars['vm3'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['vm3'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 3, hosted by knuth"
- endpoint: ""
public_key: "{{ hostvars['vm4'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}"
allowed_mask: 32
allowed_ips:
- "{{ hostvars['vm4'].vpn_interfaces.wg0.ip }}/32"
comment: "Test VM 4, hosted by knuth"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -8,6 +8,6 @@ vpn_interfaces:
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ip: "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}"
allowed_mask: "{{ interfaces.wg0.netmaskv4 }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -12,7 +12,7 @@ Publickey = {{ peer.public_key }}
{% if peer.endpoint %}
Endpoint = {{ peer.endpoint }}:{{ vpn_port }}
{% endif %}
AllowedIPs = {{peer.allowed_ip}}/{{ peer.allowed_mask }}
AllowedIPs = {{ peer.allowed_ips | join(", ") }}
{% endfor %}
{% if item.value.keepalive %}