add wireguard connection between htz-cloud.wireguard and kunsi-p14s

2023-09-24 18:58:03 +02:00 · 2023-09-24 18:58:03 +02:00 · b9d4204060
commit b9d4204060
parent a09b5b98ca
2 changed files with 28 additions and 0 deletions
--- a/nodes/htz-cloud/wireguard.py
+++ b/nodes/htz-cloud/wireguard.py
@ -34,6 +34,7 @@ nodes['htz-cloud.wireguard'] = {
        'bird': {
            'static_routes': {
                '172.19.137.0/24',
+                '172.19.136.64/31',
            },
        },
        'nftables': {
@ -43,6 +44,9 @@ nodes['htz-cloud.wireguard'] = {
                    'inet filter forward oif eth0 accept',
                    'nat postrouting oif eth0 masquerade',
                ],
+                'wg_special': [
+                    'inet filter input udp dport 51819 accept',
+                ],
            },
        },
        'vm': {
@ -51,6 +55,15 @@ nodes['htz-cloud.wireguard'] = {
        },
        'wireguard': {
            'snat_ip': '172.19.137.2',
+            'peers': {
+                'kunsi-p14s': {
+                    'endpoint': None,
+                    'exclude_from_monitoring': True,
+                    'my_ip': '172.19.136.64',
+                    'my_port': 51819,
+                    'their_ip': '172.19.136.65',
+                },
+            },
        },
    },
 }