misc: WIP: vpn
parent
061b6f1049
commit
02910a8fc0
@ -0,0 +1,58 @@
|
||||
---
|
||||
bird__kernel:
|
||||
kernel:
|
||||
learn: true
|
||||
import: accept
|
||||
export: accept
|
||||
vrf:
|
||||
import: reject
|
||||
export: accept
|
||||
table: wg
|
||||
kernel: "{{ iproute2__custom_protos.wireguard }}"
|
||||
|
||||
bird__ospf:
|
||||
limits:
|
||||
import: 4000
|
||||
export: 4000
|
||||
table: wg
|
||||
import: accept
|
||||
export:
|
||||
protos:
|
||||
- kernel
|
||||
- wireguard
|
||||
areas:
|
||||
1:
|
||||
broadcast:
|
||||
- vpn0
|
||||
|
||||
bird__tables:
|
||||
- wg
|
||||
|
||||
bird__bgp:
|
||||
infra1:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.vpn }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:213::1:1
|
||||
- 10.213.1.1
|
||||
as: "{{ bird__as.aurore }}"
|
||||
table: wg
|
||||
import: accept
|
||||
export: reject
|
||||
next_hop_self: true
|
||||
infra2:
|
||||
local:
|
||||
address: "{{ bird__bgp_addr.vpn }}"
|
||||
as: "{{ bird__as.aurore }}"
|
||||
neighbor:
|
||||
address:
|
||||
- 2a09:6840:213::1:2
|
||||
- 10.213.1.2
|
||||
as: "{{ bird__as.aurore }}"
|
||||
table: wg
|
||||
import: accept
|
||||
export: reject
|
||||
next_hop_self: true
|
||||
...
|
@ -1,24 +1,15 @@
|
||||
---
|
||||
ifupdown2__vrf:
|
||||
wg-vrf:
|
||||
table: "{{ iproute2__custom_tables.wireguard }}"
|
||||
|
||||
ifupdown2__wireguard:
|
||||
wg0:
|
||||
private_key: "{{ vault_wireguard_wg0_private }}"
|
||||
listen_port: 5121
|
||||
goto_table: bird
|
||||
vrf: wg-vrf
|
||||
peer_allowed_addresses:
|
||||
- 2a09:6840:212::1:1/128
|
||||
- 10.212.1.1/32
|
||||
peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
|
||||
|
||||
ifupdown2__interfaces:
|
||||
adm0:
|
||||
addresses:
|
||||
- 2a09:6840:128::10:11/64
|
||||
- 10.128.10.11/16
|
||||
ext0:
|
||||
addresses:
|
||||
- 45.66.111.200/30
|
||||
vpn0:
|
||||
addresses:
|
||||
- 2a09:6840:213::1:3/64
|
||||
- 10.213.1.3/16
|
||||
...
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
iproute2__custom_tables:
|
||||
wireguard: 2000
|
||||
|
||||
iproute2__custom_protos:
|
||||
wireguard: 2000
|
||||
...
|
@ -0,0 +1,24 @@
|
||||
---
|
||||
systemd_link__links:
|
||||
vpn0: 02:00:00:b5:ca:c7
|
||||
ext0: 02:00:00:e3:65:49
|
||||
|
||||
ifupdown2__interfaces:
|
||||
ext0:
|
||||
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||
addresses:
|
||||
- 2a09:6840:211::1:1/64
|
||||
- 10.211.1.1/16
|
||||
- 45.66.111.200/30
|
||||
vpn0:
|
||||
addresses:
|
||||
- 2a09:6840:213::1:3/64
|
||||
- 10.213.1.3/16
|
||||
|
||||
bird__router_id: 10.213.1.3
|
||||
|
||||
bird__bgp_addr:
|
||||
vpn:
|
||||
- 2a09:6840:213::1:3
|
||||
- 10.213.1.3
|
||||
...
|
@ -1,17 +1,10 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
- hosts:
|
||||
- edge-1.back.infra.auro.re
|
||||
- edge-2.back.infra.auro.re
|
||||
- isp-1.back.infra.auro.re
|
||||
- isp-2.back.infra.auro.re
|
||||
- infra-1.back.infra.auro.re
|
||||
- infra-2.back.infra.auro.re
|
||||
- vpn-1.back.infra.auro.re
|
||||
- vpn-2.back.infra.auro.re
|
||||
vars:
|
||||
iproute2__custom_tables:
|
||||
bird: 100
|
||||
- edge
|
||||
- isp
|
||||
- infra
|
||||
- vpn
|
||||
roles:
|
||||
- iproute2
|
||||
...
|
||||
|
@ -1,8 +1,4 @@
|
||||
---
|
||||
iproute2__default_tables:
|
||||
local: 255
|
||||
main: 254
|
||||
default: 253
|
||||
unspec: 0
|
||||
iproute2__custom_tables: {}
|
||||
iproute2__custom_protos: {}
|
||||
...
|
||||
|
@ -1,17 +1,12 @@
|
||||
---
|
||||
- name: Ensure that default and custom tables names don't overlap
|
||||
assert:
|
||||
that: "not (iproute2__default_tables.keys()
|
||||
| intersect(iproute2__custom_tables.keys()))"
|
||||
|
||||
- name: Configure rt_tables
|
||||
- name: Configure custom tables and protos
|
||||
template:
|
||||
src: rt_tables.j2
|
||||
dest: /etc/iproute2/rt_tables
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/etc/iproute2/{{ item }}.d/custom.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=r
|
||||
vars:
|
||||
iproute2__tables: "{{ iproute2__default_tables
|
||||
| combine(iproute2__custom_tables) }}"
|
||||
loop:
|
||||
- rt_tables
|
||||
- rt_protos
|
||||
...
|
||||
|
@ -0,0 +1,5 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for name, id in iproute2__custom_protos.items() %}
|
||||
{{ id }} {{ name }}
|
||||
{% endfor %}
|
@ -1,5 +1,5 @@
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for name, id in iproute2__tables.items() %}
|
||||
{% for name, id in iproute2__custom_tables.items() %}
|
||||
{{ id }} {{ name }}
|
||||
{% endfor %}
|
||||
|
Loading…
Reference in New Issue