Create 3 different Wireguard tunnels

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

host_vars/boeing.adm.crans.org.yml

@@ -7,7 +7,7 @@ loc_wireguard:
   tunnels:
     - name: "sputnik"
       listen_port: 51820
-      private_key: "{{ vault.wireguard.boeing.privkey }}"
+      private_key: "{{ vault.wireguard.boeing.sputnik.privkey }}"
       table: "off"
       peers:
         - public_key: "{{ vault.wireguard.sputnik.pubkey }}"
@@ -15,23 +15,49 @@ loc_wireguard:
             - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}/32"
             - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }}/128"
           endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820"
+      post_up:
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
+        - "python3 /var/local/services/proxy/proxy.py --alter"
+      pre_down:
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
+        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
+    - name: "viarezo"
+      listen_port: 51821
+      private_key: "{{ vault.wireguard.boeing.viarezo.privkey }}"
+      table: "off"
+      peers:
         - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}"
           allowed_ips:
             - "{{ query('ldap', 'network', 'adm') }}"
             - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
           persistent_keepalive: 25
+      post_up:
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
+        - "python3 /var/local/services/proxy/proxy.py --alter"
+      pre_down:
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
+        - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
+    - name: "aurore"
+      listen_port: 51822
+      private_key: "{{ vault.wireguard.boeing.aurore.privkey }}"
+      table: "off"
+      peers:
         - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}"
           allowed_ips:
             - "{{ query('ldap', 'network', 'adm') }}"
             - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
           persistent_keepalive: 25
       post_up:
-        - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1"
-        - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1"
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
         - "python3 /var/local/services/proxy/proxy.py --alter"
       pre_down:
-        - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0"
-        - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0"
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
         - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
 
 loc_service_proxy:
@@ -42,6 +68,6 @@ loc_service_proxy:
     filter: "adm.crans.org"
     proxy:
       default: "ens18"
-      viarezo: "sputnik"
-      aurore: "sputnik"
+      viarezo: "viarezo"
+      aurore: "aurore"
       ovh: "sputnik"

host_vars/routeur-ft.adm.crans.org.yml

@@ -5,25 +5,25 @@ interfaces:
 
 loc_wireguard:
   tunnels:
-    - name: "wg0"
+    - name: "boeing"
       listen_port: 51820
       private_key: "{{ vault.wireguard.routeur_ft.privkey }}"
       table: "off"
       peers:
-        - public_key: "{{ vault.wireguard.boeing.pubkey }}"
+        - public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}"
           allowed_ips:
             - "{{ query('ldap', 'network', 'adm') }}"
             - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
-          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820"
+          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51821"
           persistent_keepalive: 25
       post_up:
-        - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1"
-        - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1"
-        - "ip route add 172.16.10.1 dev wg0 proto proxy"
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
+        - "ip route add 172.16.10.1 dev %i proto proxy"
         - "python3 /var/local/services/proxy/proxy.py --alter"
       pre_down:
-        - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0"
-        - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0"
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
         - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
 
 loc_service_proxy:
@@ -33,5 +33,5 @@ loc_service_proxy:
     protocol: "proxy"
     filter: "adm.crans.org"
     proxy:
-      default: "wg0"
+      default: "boeing"
       viarezo: "ens18"

host_vars/routeur-thot.adm.crans.org.yml

@@ -5,27 +5,28 @@ interfaces:
 
 loc_wireguard:
   tunnels:
-    - name: "wg0"
+    - name: "boeing"
       listen_port: 51820
       private_key: "{{ vault.wireguard.routeur_thot.privkey }}"
       table: "off"
       peers:
-        - public_key: "{{ vault.wireguard.boeing.pubkey }}"
+        - public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}"
           allowed_ips:
             - "{{ query('ldap', 'network', 'adm') }}"
             - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"
-          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51820"
+          endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ipv4 | first }}:51822"
           persistent_keepalive: 25
       post_up:
-        - "sysctl -w net.ipv4.conf.all.forwarding=1; sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.wg0.proxy_arp=1"
-        - "sysctl -w net.ipv6.conf.all.forwarding=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.wg0.proxy_ndp=1"
-        - "ip route add 172.16.10.1 dev wg0 proto proxy"
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=1"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1"
+        - "ip route add 172.16.10.1 dev %i proto proxy"
         - "python3 /var/local/services/proxy/proxy.py --alter"
       pre_down:
-        - "sysctl -w net.ipv4.conf.all.forwarding=0; sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.wg0.proxy_arp=0"
-        - "sysctl -w net.ipv6.conf.all.forwarding=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.wg0.proxy_ndp=0"
+        - "sysctl -w net.ipv4.conf.%i.proxy_arp=0"
+        - "sysctl -w net.ipv6.conf.%i.proxy_ndp=0"
         - "ip route flush proto proxy; ip -6 route flush proto proxy; ip neigh flush proxy proto proxy"
 
+
 loc_service_proxy:
   config:
     ldap:
@@ -33,5 +34,5 @@ loc_service_proxy:
     protocol: "proxy"
     filter: "adm.crans.org"
     proxy:
-      default: "wg0"
+      default: "boeing"
       aurore: "ens18"

host_vars/sputnik.adm.crans.org.yml

@@ -17,7 +17,7 @@ loc_wireguard:
       listen_port: 51820
       private_key: "{{ vault.wireguard.sputnik.privkey }}"
       peers:
-        - public_key: "{{ vault.wireguard.boeing.pubkey }}"
+        - public_key: "{{ vault.wireguard.boeing.sputnik.pubkey }}"
           allowed_ips:
             - "{{ query('ldap', 'network', 'adm') }}"
             - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64"