github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 10:18:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #45 from CloudFire-LLC/reorg-files

Browse Source 
re-org playbook files
This commit is contained in:
Jamil
2020-11-03 21:50:00 -06:00
committed by GitHub
parent 647858303a bf612b6ac2
commit 189150076e
3 changed files with 1 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/playbook.yml
View File

@@ -22,9 +22,6 @@
hosts: all
become: yes
tasks:
- name: copy files
shell: |
cp /vagrant/ansible/sample_conf/wg-server.conf /etc/wireguard/wg0.conf
- name: ensure ipv4 forward
lineinfile:
path: /etc/sysctl.conf
@@ -42,3 +39,4 @@
- name: Install FireGuard deb
shell: |
wget https://github.com/CloudFire-LLC/fireguard/releases/download/0.1.0/fireguard_0.1.0-1_amd64.deb
dpkg -i fireguard_0.1.0-1_amd64.deb

21
ansible/sample_conf/wg-client.conf
View File

@@ -1,21 +0,0 @@
# CLIENT, place this in the client's config
[Interface]
# Generate with "wg genkey"
PrivateKey = UBwwUjHGJzFM6dt4d20ADvTNHlIcZgFfiBgSxtTpmnI=
# Same network as server above
Address = 192.168.10.2/32
# Set this to a reachable DNS server through the tunnel
# Important: Set this properly to avoid leaking
DNS = 1.1.1.1
[Peer]
# Server's public key
PublicKey = MW7uvigH6bTAZf6UuuJ5wttYGU4R04RP5K/sLCJN2F8=
# The IPs you want to route through the tunnel
AllowedIPs = 0.0.0.0/0, ::/0
# IP address and port of the server
Endpoint = 172.16.1.2:51820

21
ansible/sample_conf/wg-server.conf
View File

@@ -1,21 +0,0 @@
# SERVER -- place this in /etc/wireguard/wg0.conf or similar
[Interface]
# Generate with "wg genkey"
PrivateKey = 8N/cWwL0awtz/fhjexGKFXMvweAdQohTG6rWCJfh9Ek=
# This should be an unused address / network
Address = 192.168.10.1/24
# UDP port to listen on
ListenPort = 51820
# These are for NAT'ing the traffic in and out of the server properly
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
# PubKey of client you want to allow to connect
PublicKey = oflqThjCEPOP/mpkfn+T+hLpKmMdmcMF2PkJmD9ILxk=
# Private IP the client has configured (same network as the Address above)
AllowedIPs = 192.168.10.2/32