Skip to content

Commit

Permalink
Merge pull request #12 from bastelfreak/keepalive
Browse files Browse the repository at this point in the history
Implement PersistentKeepalive parameter
  • Loading branch information
bastelfreak authored Jul 29, 2021
2 parents 7a58b0c + 67fadb3 commit 597d9f6
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
12 changes: 12 additions & 0 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ Default value: `'/etc/wireguard'`

manages a wireguard setup

* **See also**
* https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BWireGuardPeer%5D%20Section%20Options

#### Examples

#####
Expand Down Expand Up @@ -108,6 +111,7 @@ The following parameters are available in the `wireguard::interface` defined typ
* [`public_key`](#public_key)
* [`endpoint`](#endpoint)
* [`addresses`](#addresses)
* [`persistent_keepalive`](#persistent_keepalive)

##### <a name="interface"></a>`interface`

Expand Down Expand Up @@ -179,3 +183,11 @@ different addresses for the systemd-networkd configuration

Default value: `[]`

##### <a name="persistent_keepalive"></a>`persistent_keepalive`

Data type: `Integer[0, 65535]`

is set to 1 or greater, that's the interval in seconds wireguard sends a keepalive to the other peer(s). Useful if the sender is behind a NAT gateway or has a dynamic ip address

Default value: `0`

5 changes: 5 additions & 0 deletions manifests/interface.pp
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,12 @@
# @param public_key base64 encoded pubkey from the remote peer
# @param endpoint fqdn:port or ip:port where we connect to
# @param addresses different addresses for the systemd-networkd configuration
# @param persistent_keepalive is set to 1 or greater, that's the interval in seconds wireguard sends a keepalive to the other peer(s). Useful if the sender is behind a NAT gateway or has a dynamic ip address
#
# @author Tim Meusel <[email protected]>
#
# @see https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BWireGuardPeer%5D%20Section%20Options
#
# @example
# Peer with one node and setup dualstack firewall rules
# wireguard::interface {'as2273':
Expand Down Expand Up @@ -40,6 +43,7 @@
define wireguard::interface (
String[1] $public_key,
Optional[String[1]] $endpoint = undef,
Integer[0, 65535] $persistent_keepalive = 0,
Array[Stdlib::IP::Address] $destination_addresses = [$facts['networking']['ip'], $facts['networking']['ip6'],],
String[1] $interface = $title,
Integer[1024, 65000] $dport = Integer(regsubst($title, '^\D+(\d+)$', '\1')),
Expand Down Expand Up @@ -100,6 +104,7 @@
<% if $endpoint { -%>
Endpoint=<%= $endpoint %>
<%} -%>
PersistentKeepalive=<%= $persistent_keepalive %>
AllowedIPs=fe80::/64
AllowedIPs=fd00::/8
AllowedIPs=0.0.0.0/0
Expand Down

0 comments on commit 597d9f6

Please sign in to comment.