diff --git a/roles/natgw/templates/natgw.service.j2 b/roles/natgw/templates/natgw.service.j2 new file mode 100644 index 0000000..ea2f3eb --- /dev/null +++ b/roles/natgw/templates/natgw.service.j2 @@ -0,0 +1,29 @@ +[Unit] +Description=natgw service +After=network.target + +[Service] +Type=notify +WorkingDirectory=/opt/tsg/wannat/natgw +ExecStart=/opt/tsg/wannat/natgw/wannat_natgw + +ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=0" +ExecStartPost=/bin/sh -c "ifconfig tun_natgw 192.168.1.254/24 up" +ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gro off" +ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gso off" +ExecStartPost=/bin/sh -c "ethtool -K tun_natgw tso off" +ExecStartPost=/bin/sh -c "ip rule add from {{wannat_global.common.vpn_client_ip_cidr}} table 1001" +ExecStartPost=/bin/sh -c "ip route add default via 192.168.1.253 table 1001" +#ExecStartPost=/bin/sh -c "iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP" + +TimeoutSec=300s +RestartSec=10s +Restart=always +LimitNOFILE=524288 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/roles/toroad/tasks/main.yml b/roles/toroad/tasks/main.yml index 2b04882..32417a0 100644 --- a/roles/toroad/tasks/main.yml +++ b/roles/toroad/tasks/main.yml @@ -25,9 +25,17 @@ - name: "Template the toroad.conf" template: src: "{{ role_path }}/templates/toroad.conf.j2" - dest: /opt/wannat/toroad/etc/toroad.conf + dest: /opt/tsg/wannat/toroad/etc/toroad.conf tags: template +- name: "Template the toroad.service" + template: + src: "{{ role_path }}/templates/toroad.service.j2" + dest: /usr/lib/systemd/system/toroad.service + tags: template - - +- name: "enable toroad service" + systemd: + name: toroad + enabled: yes + daemon_reload: yes diff --git a/roles/toroad/templates/toroad.service.j2 b/roles/toroad/templates/toroad.service.j2 new file mode 100644 index 0000000..5e77fdd --- /dev/null +++ b/roles/toroad/templates/toroad.service.j2 @@ -0,0 +1,12 @@ +[Unit] +Description=toroad service +After=network.target + +[Service] +WorkingDirectory=/opt/tsg/wannat/toroad +ExecStart=/opt/tsg/wannat/toroad/toroad +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target