Skip to content

T
tun
Commit 9f996970 authored by 神楽坂玲奈's avatar 神楽坂玲奈
Browse files
Options

scripts

parent 401d4692
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 12 deletions
ansible/protocols/wg/postup.sh
View file @ 9f996970
#!/usr/bin/env bash #!/usr/bin/env bash
set -e set -e
ip addr add "$loadlPeerAddress" peer "$remotePeerAddress" dev %i ip addr add "$loadlPeerAddress" peer "$remotePeerAddress" dev "$dev"
if [ "$inbound" != true ] ; then if [ "$inbound" != true ] ; then
ip route add default dev %i table "$remoteMark" ip route add default dev "$dev" table "$remoteMark"
ip rule add fwmark "$remoteMark" table "$remoteMark" pref 300 ip rule add fwmark "$remoteMark" table "$remoteMark" pref 300
fi fi
if [ -z "${mtu}" ]; then if [ -z "${mtu}" ]; then
mtu=$(cat /sys/class/net/%i/mtu) mtu=$(cat /sys/class/net/"$dev"/mtu)
fi fi
mss=$((mtu - 40)) mss=$((mtu - 40))
iptables -t mangle -A FORWARD -i %i -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss iptables -t mangle -A FORWARD -i "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
iptables -t mangle -A FORWARD -o %i -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss iptables -t mangle -A FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
iptables -t mangle -A PREROUTING -i %i -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark" iptables -t mangle -A PREROUTING -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
iptables -t mangle -A PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
ansible/protocols/wg/predown.sh
View file @ 9f996970
...@@ -6,14 +6,14 @@ if [ "$inbound" != true ] ; then ...@@ -6,14 +6,14 @@ if [ "$inbound" != true ] ; then
fi fi
if [ -z "${mtu}" ]; then if [ -z "${mtu}" ]; then
mtu=$(cat /sys/class/net/%i/mtu) mtu=$(cat /sys/class/net/"$dev"/mtu)
fi fi
mss=$((mtu - 40)) mss=$((mtu - 40))
iptables -t mangle -D FORWARD -i %i -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss iptables -t mangle -D FORWARD -i "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
iptables -t mangle -D FORWARD -o %i -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss iptables -t mangle -D FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
iptables -t mangle -D PREROUTING -i %i -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark" iptables -t mangle -D PREROUTING -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
iptables -t mangle -D PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark iptables -t mangle -D PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
iptables -t mangle -D OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark iptables -t mangle -D OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
ansible/protocols/wg/wg.conf.j2
View file @ 9f996970
...@@ -6,8 +6,8 @@ ListenPort = {{conn.localPort}} ...@@ -6,8 +6,8 @@ ListenPort = {{conn.localPort}}
FwMark = {{conn.localGatewayMark}} FwMark = {{conn.localGatewayMark}}
{% endif %} {% endif %}
Table = off Table = off
PostUp = "localPeerAddress='{{conn.localPeerAddress}}' remoteMark='{{conn.remoteMark}}' {% if conn.inbound is defined %}inbound='{{conn.inbound}}'{% endif %} {% if conn.mtu is defined %}mtu='{{conn.mtu}}'{% endif %} /tmp/nextgen/postup.sh" PostUp = "dev='%i' localPeerAddress='{{conn.localPeerAddress}}' remoteMark='{{conn.remoteMark}}' {% if conn.inbound is defined %}inbound='{{conn.inbound}}'{% endif %} {% if conn.mtu is defined %}mtu='{{conn.mtu}}'{% endif %} /tmp/nextgen/postup.sh"
PreDown = "localPeerAddress='{{conn.localPeerAddress}}' remoteMark='{{conn.remoteMark}}' {% if conn.inbound is defined %}inbound='{{conn.inbound}}'{% endif %} {% if conn.mtu is defined %}mtu='{{conn.mtu}}'{% endif %} /tmp/nextgen/predown.sh" PreDown = "dev='%i' localPeerAddress='{{conn.localPeerAddress}}' remoteMark='{{conn.remoteMark}}' {% if conn.inbound is defined %}inbound='{{conn.inbound}}'{% endif %} {% if conn.mtu is defined %}mtu='{{conn.mtu}}'{% endif %} /tmp/nextgen/predown.sh"
[Peer] [Peer]
PublicKey = {{conn.wgPublicKey}} PublicKey = {{conn.wgPublicKey}}
AllowedIPs = 0.0.0.0/0, ::/0 AllowedIPs = 0.0.0.0/0, ::/0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment