gfwleak/tsg-wannat-ansible-deploy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新配置文件, 更新natgw.service

Browse Source
This commit is contained in:
lijia
2021-08-11 18:32:51 +08:00
parent 9d1ee89d6c
commit 0860100f1f
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy_env/group_vars/all.yml
View File

@@ -21,7 +21,7 @@ wannat_global:
run_type: 0 run_type: 0
config_type: 1 config_type: 1
wannat_ip: "192.168.40.161" wannat_ip: "192.168.40.161"
wannat_port: 3544 wannat_port: 3545
natgw_bind_port: 3544 natgw_bind_port: 3544
device: "eth0" device: "eth0"
vpn_client_ip_cidr: "10.10.120.0/24" vpn_client_ip_cidr: "10.10.120.0/24"

13
roles/natgw/templates/natgw.service.j2
View File

@@ -7,13 +7,20 @@ Type=notify
WorkingDirectory=/opt/tsg/wannat/natgw WorkingDirectory=/opt/tsg/wannat/natgw
ExecStart=/opt/tsg/wannat/natgw/wannat_natgw ExecStart=/opt/tsg/wannat/natgw/wannat_natgw
ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=0" #ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=0"
ExecStartPost=/bin/sh -c "ifconfig tun_natgw 192.168.1.254/24 up" #pptp vpn mode must set ipv4.ip_forward=1
ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=1"
ExecStartPost=/bin/sh -c "ifconfig tun_natgw 100.64.1.254/24 up"
ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gro off" ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gro off"
ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gso off" ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gso off"
ExecStartPost=/bin/sh -c "ethtool -K tun_natgw tso off" ExecStartPost=/bin/sh -c "ethtool -K tun_natgw tso off"
ExecStartPost=/bin/sh -c "ethtool -K {{wannat_global.natgw.device}} gro off"
ExecStartPost=/bin/sh -c "ethtool -K {{wannat_global.natgw.device}} gso off"
ExecStartPost=/bin/sh -c "ethtool -K {{wannat_global.natgw.device}} tso off"
ExecStartPost=/bin/sh -c "ip rule add from {{wannat_global.common.vpn_client_ip_cidr}} table 1001" ExecStartPost=/bin/sh -c "ip rule add from {{wannat_global.common.vpn_client_ip_cidr}} table 1001"
ExecStartPost=/bin/sh -c "ip route add default via 192.168.1.253 table 1001" ExecStartPost=/bin/sh -c "ip route add default via 100.64.1.253 table 1001"
#ExecStartPost=/bin/sh -c "iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP" #ExecStartPost=/bin/sh -c "iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP"
TimeoutSec=300s TimeoutSec=300s