mesh_announce: add missing wireguard interfaces

freifunkh / ansible

Here we store all Ansible roles and configs used for Freifunk Hannover.

MIT License

7 stars 3 forks source link

mesh_announce: add missing wireguard interfaces #197

Closed AiyionPrime closed 3 years ago

AiyionPrime commented 3 years ago

This adds the wireguard-setup related interfaces to mesh-announce.

AiyionPrime commented 3 years ago

Though this must be a part of the solution, mesh-announce does not encounter the multicats message on vx-14, though it's sent on a regualr basis and received, as wireshark confirms.

AiyionPrime commented 3 years ago

https://github.com/freifunkh/ansible/blob/b418009ce1f4468a8bf5e7ec1ab0879402f4e294/roles/ffh.mesh_announce/templates/ferm.conf.j2

AiyionPrime commented 3 years ago

Tested on sn09

AiyionPrime commented 3 years ago

Thanks @1977er and @lemoer .

AiyionPrime commented 3 years ago

wait for it... wait for it...

AiyionPrime commented 3 years ago

The added line saddr fe80::/64 sport 1001 dport 32768:61000 mod comment comment "mesh_respondd_reply" ACCEPT; translates to -A MESH_INPUT -s fe80::/64 -p udp -m udp --sport 1001 --dport 32768:61000 -m comment --comment mesh_respondd_reply -j ACCEPT

Which corresponds to the routers firewall rule:

-A zone_mesh_input -s fe80::/64 -p udp -m udp --sport 1001 --dport 32768:61000 -m comment --comment "!fw3: mesh_respondd_reply" -j ACCEPT Originally posted by @AiyionPrime in https://github.com/freifunkh/ansible/issues/195#issuecomment-801873126

AiyionPrime commented 3 years ago

Ah yeah, still tested on sn09.