wireguard

This role creates a VPN using wireguard. It's designed to allow direct connection between nodes, not to tunnel whole internet access from one machine through other gateway.

Features:

A python script gen_wireguard.py is used to generate config for all hosts from a single-file network description. See: rather complete example.
Nodes are connected P2P (with pre-shared key) or connection is routed through another node.
At least one of the nodes must have a public endpoint IP. PersistentKeepalive is added for peers without public endpoint IP.
Multiple interconnected subnets.
IPv4 and IPv6 private addresses (useful IPv6 private address range generator: [https://simpledns.plus/private-ipv6]).
Adds hostnames to /etc/hosts.

Requirements

Use gen_wireguard.py to create config files.
It expects wg-quick@ systemd service on nodes.

Role Variables

wireguard_hostname: (default: "{{ inventory_hostname }}")
wireguard_interface: (default: wg0)
wireguard_enable: (default: yes)

Dependencies

None

Example Playbook

Before running the playbook, run:

./roles/wireguard/gen_wireguard/gen_wireguard.py -n wireguard_network.yml

Playbook:

- hosts: wireguard
  roles: [wireguard]

License

GPL-3.0-or-later

Author Information

Adam "etam" Mizerski adam@mizerski.pl https://etam-software.eu

About

Build a VPN, that allows for direct connection between multiple hosts, even if some of them are firewalls and routers.

role wireguard

Install

ansible-galaxy install etam/ansible-role-wireguard

GitHub repository

0 stars

1 forks

0 open issues

License

gpl-3.0

Downloads

Owner

Adam Mizerski

Doing a bit of programming, a bit of Linux sysadmin, a bit of openSUSE packaging, and most importantly enjoying free weekends.