„wireguard.yml“ ändern

wireguard.yml

@@ -35,7 +35,7 @@
         block: |
           wireguard
 
-    - name: ufw firewall rules for routing to the Internet
+    - name: ufw firewall rules for ipv6 routing to the Internet
       blockinfile:
         path: /etc/ufw/before.rules
         create: yes
@@ -44,6 +44,24 @@
         group: root
         marker: "# {mark} ANSIBLE MANAGED BLOCK for wireguard"
         insertbefore: BOF
+        block: |
+          *nat
+          :POSTROUTING ACCEPT - [0:0]
+          # Route network a192:b168:cd44::/32 (wg0)
+          -A POSTROUTING -s a192:b168:cd44::/32 -j MASQUERADE
+          COMMIT
+      notify:
+      - Restart ufw
+
+    - name: ufw firewall rules for ipv4 routing to the Internet
+      blockinfile:
+        path: /etc/ufw/before6.rules
+        create: yes
+        mode: "0440"
+        owner: root
+        group: root
+        marker: "# {mark} ANSIBLE MANAGED BLOCK for wireguard"
+        insertbefore: BOF
         block: |
           *nat
           :POSTROUTING ACCEPT - [0:0]
@@ -53,6 +71,7 @@
       notify:
       - Restart ufw
 
+
     - name: Allow Routing
       community.general.ufw:
         rule: allow
@@ -133,11 +152,11 @@
                 - WGUI_USERNAME=wgadmin
                 - WGUI_MANAGE_START=true
                 - WGUI_MANAGE_RESTART=true
-                - WGUI_DNS=46.182.19.48
+                - WGUI_DNS=2a02:2970:1002::18,46.182.19.48
                 - WGUI_MTU=1450
                 - WGUI_CONFIG_FILE_PATH=/etc/wireguard/wg0.conf
                 - WGUI_LOG_LEVEL=INFO
-                - WGUI_SERVER_INTERFACE_ADDRESSES=192.168.44.1/24
+                - WGUI_SERVER_INTERFACE_ADDRESSES=a192:b168:cd44::1/32,192.168.44.1/24
                 - WGUI_SERVER_LISTEN_PORT=59666
                 - WGUI_SERVER_POST_UP_SCRIPT
                 - WGUI_SERVER_POST_DOWN_SCRIPT