2017-03-26 21:33:16 +02:00
|
|
|
# {{ ansible_managed }}
|
|
|
|
|
2018-07-26 17:59:49 +02:00
|
|
|
user "fastd";
|
|
|
|
group "fastd";
|
|
|
|
|
2017-03-26 21:33:16 +02:00
|
|
|
log to syslog level warn;
|
|
|
|
hide ip addresses yes;
|
2018-07-26 17:59:49 +02:00
|
|
|
status socket "/run/fastd/{{ site_code }}{{ item }}.sock";
|
2017-03-26 21:33:16 +02:00
|
|
|
|
2018-01-21 20:46:21 +01:00
|
|
|
interface "vpn-{{ site_code }}{{ item }}";
|
2017-03-26 21:33:16 +02:00
|
|
|
|
2018-01-14 23:13:34 +01:00
|
|
|
method "null";
|
2017-03-26 21:33:16 +02:00
|
|
|
method "salsa2012+umac";
|
|
|
|
|
|
|
|
secure handshakes yes;
|
|
|
|
|
2018-01-21 20:46:21 +01:00
|
|
|
bind {{ fastd_bind }}:{{ fastd_port + item|int }};
|
2017-03-26 21:33:16 +02:00
|
|
|
|
|
|
|
include "secret.conf";
|
|
|
|
|
2018-01-23 23:56:25 +01:00
|
|
|
mtu {{ mtu }};
|
2017-03-26 21:33:16 +02:00
|
|
|
|
|
|
|
{% if fastd_peers_limit > -1 %}
|
2019-05-09 23:01:16 +02:00
|
|
|
{% if item|int == 0 %}
|
|
|
|
peer limit {{ fastd_peers_limit-10 }};
|
|
|
|
{% elif item|int == (fastd_instances-1) %}
|
|
|
|
peer limit {{ fastd_peers_limit+10 }};
|
|
|
|
{% else %}
|
2017-03-26 21:33:16 +02:00
|
|
|
peer limit {{ fastd_peers_limit }};
|
2019-05-09 23:01:16 +02:00
|
|
|
{% endif %}
|
2017-03-26 21:33:16 +02:00
|
|
|
{% endif %}
|
|
|
|
|
2017-03-30 17:17:19 +02:00
|
|
|
on up "
|
|
|
|
ifconfig $INTERFACE down
|
2018-01-21 20:46:21 +01:00
|
|
|
ip link set address f2:00:90:00:{{ gateway_id }}:{{ 10 + item|int }} dev $INTERFACE
|
2017-03-30 17:17:19 +02:00
|
|
|
ifconfig $INTERFACE up
|
|
|
|
|
|
|
|
batctl -m {{ batman_interface }} if add $INTERFACE
|
|
|
|
";
|
|
|
|
|
|
|
|
on down "
|
|
|
|
batctl -m {{ batman_interface }} if del $INTERFACE
|
|
|
|
";
|
2017-03-26 21:33:16 +02:00
|
|
|
|
|
|
|
{% if fastd_anonymous %}
|
2019-04-27 15:09:14 +02:00
|
|
|
on verify "/etc/fastd/{{ site_code }}/blacklist.sh $PEER_KEY $PEER_ADDRESS /etc/fastd/{{ site_code }}/vpn-blacklist/blacklist.json";
|
2017-03-26 21:33:16 +02:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
include peers from "peers";
|