OpenWRT wireguard configuration
- create and configure wireguard interfaces
- create and configure wireguard peers
| Variable | Descritpion | Status | Type | Default/Example |
|---|---|---|---|---|
wireguard_pkgs |
List of wireguard packages to be installed | required |
list |
["wireguard-tools", "luci-proto-wireguard", "luci-app-wireguard", "qrencode"] |
wireguard_interfaces |
List of wireguard network interfaces to be configured | list of dictionaries |
||
id |
Unique wireguard server interface ID | mandatory |
string |
wg0 |
state |
Interface status (present or absent) |
required |
string |
present |
proto |
Interface protocol | mandatory |
string |
wireguard |
private_key |
Wireguard server private key (will be generated automatically when omit) | optional |
string |
null |
addresses |
Wireguard server IP address in CIDR notation | required |
string |
192.168.10.1/32 |
listen_port |
Wireguard server listening port | required |
string |
51820 |
peers |
List of wireguard peers to be generated automatically | required |
list |
["mobile", "desktop"] |
wireguard_peers |
List of wireguard peers | list of dictionaries |
||
id |
Unique peer ID | mandatory |
string |
example_peer |
name |
Unique peer name | mandatory |
string |
Wireguard peer |
state |
Peer status (present or absent) |
required |
string |
present |
public_key |
Peer public key | mandatory |
string |
example_public_key |
preshared_key |
Peer preshared key | required |
list |
example_preshared_key |
endpoint_host |
Wireguard server (endpoint) public IP address | required |
string |
192.168.2.1 |
endpoint_port |
Wireguard server (endpoint) listening port | required |
integer |
51820 |
route_allowed_ips |
Create routes for allowed IPs | optional |
boolean |
0 |
persistent_keepalive |
Set keep alive messages interval in seconds | optional |
integer |
25 |
allowed_ips |
IP addresses and prefixes that are allowed to use inside the tunnel | required |
list |
["0.0.0.0/0"] |
wireguard_interface_name |
Wireguard associated interface name | required |
string |
wg0 |
| Name | Description |
|---|---|
Ansible Role: openwrt |
Ansible role by gekmihesg for managing OpenWRT and derivatives |
- hosts: openwrt
roles:
- role: flyoverhead.openwrt.wireguardwireguard_interfaces:
- name: "wg0"
state: "present"
proto: "wireguard"
addresses: "192.168.2.1/32"
port: "51820"
peers: ["mobile_peer", "desktop_peer"]wireguard_interfaces:
- id: "wg1"
state: "present"
proto: "wireguard"
private_key: "private_key"
addresses: "192.168.2.2/32"
wireguard_peers:
- id: "vps"
name: "Example VPS"
state: "present"
public_key: "public_key"
preshared_key: "preshared_key"
endpoint_host: "192.168.2.1"
endpoint_port: "51820"
route_allowed_ips: "0"
persistent_keepalive: 25""
allowed_ips: ["0.0.0.0/0"]
wireguard_interface_name: "wg1"GNU General Public License v3.0
fly0v3rH34D