diff --git a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 index adebce6e..a42eaccf 100644 --- a/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 +++ b/roles/cfg_openwrt/templates/corerouter/config/tunspace.j2 @@ -5,13 +5,22 @@ {% set ifname = uplink['ifname'] if mode == 'direct' else 'br-'+name %} config tunspace "tunspace" + # Namespace where the uplink will live. option uplink_netns "{{ name }}" + # Existing interface that we'll use as the uplink. option uplink_ifname "{{ ifname }}" + # How the uplink in the namespace is constructed. + # - bridge: creates a macvlan child in bridge mode, useful for creating multiple uplinks from the same original uplink interface. + # - direct: moves the original uplink interface into the namespace directly, useful for wonky cheap USB sticks with broken drivers. option uplink_mode "{{ mode }}" + # Our own static uplink IPv4 address in CIDR format. Leave empty to use DHCP. option uplink_ipv4 "{{ uplink['uplink_ipv4']|default('') }}" + # IPv4 address of the gateway. Required in combination with uplink_ipv4, ignored when using DHCP. option uplink_gateway "{{ uplink['uplink_gateway']|default('') }}" + # Maintenance consists of checking the uplink, refreshing the DHCP lease, checking the tunnel endpoints, and switching endpoints if neccessary. option maintenance_interval 60 - option debug 0 + # Enables detailed output of Tunspace's operations. If disabled, only tunnel endpoint changes are reported. + option debug "0" {% endfor %} {% for tunnel in networks | selectattr('role', 'equalto', 'tunnel') %} @@ -19,9 +28,9 @@ config wg-interface option ifname "{{ tunnel['ifname'] }}" option ipv6 "fe80::2/64" option ipv4 "{{ tunnel['prefix'] }}" - option mtu {{ tunnel['mtu'] }} - option port {{ tunnel['wireguard_port'] }} - option disabled 0 + option mtu "{{ tunnel['mtu'] }}" + option port "{{ tunnel['wireguard_port'] }}" + option disabled "0" {% endfor %} @@ -29,7 +38,7 @@ config wg-interface config wg-server option name "{{ gateway }}" option url "https://{{ hostvars[gateway]['uplink']['ipv4'] | ansible.utils.ipaddr('address') }}/ubus" - option insecure_cert 1 - option disabled 0 + option insecure_cert "1" + option disabled "0" {% endfor %}