bundles/wireguard: support s2s connection to other services

This commit is contained in:
Franzi 2024-03-22 22:52:12 +01:00
parent ae14265abc
commit 104d1f11bf
Signed by: kunsi
GPG key ID: 12E3D2136B818350
3 changed files with 7 additions and 3 deletions

View file

@ -10,7 +10,9 @@ ListenPort=${port}
[WireGuardPeer] [WireGuardPeer]
PublicKey=${pubkey} PublicKey=${pubkey}
AllowedIPs=0.0.0.0/0 AllowedIPs=0.0.0.0/0
% if psk:
PresharedKey=${psk} PresharedKey=${psk}
% endif
% if endpoint: % if endpoint:
Endpoint=${endpoint} Endpoint=${endpoint}
% endif % endif

View file

@ -25,7 +25,7 @@ for peer, config in sorted(node.metadata.get('wireguard/peers', {}).items()):
'peer': peer, 'peer': peer,
'port': config['my_port'], 'port': config['my_port'],
'privatekey': node.metadata.get('wireguard/privatekey'), 'privatekey': node.metadata.get('wireguard/privatekey'),
'psk': config['psk'], 'psk': config.get('psk'),
'pubkey': config['pubkey'], 'pubkey': config['pubkey'],
'specials': repo.libs.s2s.WG_AUTOGEN_SETTINGS.get(peer, {}), 'specials': repo.libs.s2s.WG_AUTOGEN_SETTINGS.get(peer, {}),
}, },

View file

@ -253,7 +253,7 @@ def interface_ips(metadata):
my_ip = '{}/31'.format(config['my_ip']) my_ip = '{}/31'.format(config['my_ip'])
ips = {my_ip} ips = {my_ip}
if snat_ip: if snat_ip and peer in repo.libs.s2s.WG_AUTOGEN_NODES:
ips.add(snat_ip) ips.add(snat_ip)
their_ip = config['their_ip'] their_ip = config['their_ip']
@ -289,12 +289,14 @@ def snat(metadata):
forward.add(f'iifname wg_{config["iface"]} accept') forward.add(f'iifname wg_{config["iface"]} accept')
forward.add(f'oifname wg_{config["iface"]} accept') forward.add(f'oifname wg_{config["iface"]} accept')
if snat_ip: if snat_ip and peer in repo.libs.s2s.WG_AUTOGEN_NODES:
postrouting.add('ip saddr {} ip daddr != {} snat to {}'.format( postrouting.add('ip saddr {} ip daddr != {} snat to {}'.format(
config['my_ip'], config['my_ip'],
config['their_ip'], config['their_ip'],
snat_ip, snat_ip,
)) ))
elif config.get('masquerade', False):
postrouting.add(f'oifname wg_{peer} masquerade')
return { return {
'nftables': { 'nftables': {