From f8c03f3f585a36ff69121df3058689045983716b Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 2 Mar 2020 20:57:50 +0100
Subject: elevate router: added lte uplink

---
 inventory/group_vars/elevate-festival/main.yml |  8 ++++
 inventory/host_vars/ele-router.yml             | 61 +++++++++++++++++++++++---
 2 files changed, 63 insertions(+), 6 deletions(-)

(limited to 'inventory')

diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml
index 481a2191..7deaf1e9 100644
--- a/inventory/group_vars/elevate-festival/main.yml
+++ b/inventory/group_vars/elevate-festival/main.yml
@@ -195,8 +195,16 @@ network_zones:
       ele-ups-forum1: 7
       ele-ups-uhrturm0: 6
 
+      nhg: 3
       ele-helene: 2
       ele-dione: 1
 
     dns:
       - 10.12.0.10
+
+  datacop_lte:
+    vlan: 512
+    prefix: 100.64.0.0/24
+    gateway: 100.64.0.1
+    offsets:
+      ele-router: 2
diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index 89cebe8d..c58815de 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -94,7 +94,7 @@ openwrt_network_external:
   - name: rule
     options:
       priority: 39001
-      mark: 2
+      mark: 102
       lookup: 102
 
   - name: route 'ffdefault'
@@ -105,6 +105,45 @@ openwrt_network_external:
       gateway: "{{ network_zones.funkfeuer.gateway }}"
 
 
+  - name: switch_vlan
+    options:
+      device: 'switch0'
+      ## for some reason vlan-id 512 does not work. why??
+      #vlan: '{{ network_zones.datacop_lte.vlan }}'
+      vlan: '3'
+      ports: '2 6t'
+
+  - name: interface 'wanlte'
+    options:
+      ## for some reason vlan-id 512 does not work. why??
+      #ifname: 'eth0.{{ network_zones.datacop_lte.vlan }}'
+      ifname: 'eth0.3'
+      proto: static
+      ipaddr: "{{ network_zones.datacop_lte.prefix | ipaddr(network_zones.datacop_lte.offsets[inventory_hostname]) | ipaddr('address') }}"
+      netmask: "{{ network_zones.datacop_lte.prefix | ipaddr('netmask') }}"
+      accept_ra: 0
+
+  - name: rule
+    options:
+      priority: 38000
+      src: "{{ network_zones.datacop_lte.prefix | ipaddr(network_zones.datacop_lte.offsets[inventory_hostname]) | ipaddr('address') }}/32"
+      lookup: 103
+
+  - name: rule
+    options:
+      priority: 38001
+      mark: 103
+      lookup: 103
+
+  - name: route 'ltedefault'
+    options:
+      interface: 'wanlte'
+      table: 103
+      target: '0.0.0.0/0'
+      gateway: "{{ network_zones.datacop_lte.gateway }}"
+
+
+
 openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}"
 openwrt_network_internal_yaml: |
   {% for zone_name in network_internal_zone_names %}
@@ -125,9 +164,9 @@ openwrt_network_internal_yaml: |
 
   - name: rule
     options:
-      priority: 38000
+      priority: 33000
       in: "{{ zone_name }}"
-      lookup: 103
+      lookup: 200
   {%   endif %}
   {% endfor %}
 
@@ -175,6 +214,11 @@ openwrt_dhcp_external:
       interface: 'wanff'
       ignore: '1'
 
+  - name: dhcp 'wanlte'
+    options:
+      interface: 'wanlte'
+      ignore: '1'
+
 openwrt_dhcp_internal: "{{ openwrt_dhcp_internal_yaml | from_yaml }}"
 openwrt_dhcp_internal_yaml: |
   {% for zone_name in network_internal_zone_names %}
@@ -278,7 +322,7 @@ openwrt_mixin:
 
       start() {
         ip link add dev wg-emc type wireguard
-        wg set wg-emc fwmark 2 private-key /etc/wireguard/wg-emc.priv
+        wg set wg-emc fwmark 102 private-key /etc/wireguard/wg-emc.priv
 
       {% for peer in wireguard_gateway_tunnels['wg-emc'].peers %}
         wg set wg-emc peer {{ peer.pub_key }} endpoint {{ peer.endpoint.host }}:{{ peer.endpoint.port }} persistent-keepalive {{ peer.keepalive_interval }} allowed-ips {{ peer.allowed_ips | join(',') }}
@@ -289,12 +333,12 @@ openwrt_mixin:
       {% endfor %}
         ip link set up dev wg-emc
 
-        ip route add default via {{ wireguard_gateway_tunnels['wg-emc'].default_gateway.inner }} table 103 proto static
+        ip route add default via {{ wireguard_gateway_tunnels['wg-emc'].default_gateway.inner }} table 200 proto static
       }
 
       stop() {
         ip link del dev wg-emc
-        ip rule del pref 38000
+        ip rule del pref 33000
       }
 
   /etc/rc.d/S22network-fw:
@@ -314,6 +358,7 @@ openwrt_mixin:
       start() {
         WAN_IF=$(uci get network.wanforum.ifname)
         FF_IF=$(uci get network.wanff.ifname)
+        LTE_IF=$(uci get network.wanlte.ifname)
         MGMT_IF=$(uci get network.mgmt.ifname)
         MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
         MGMT_NETMASK=$(uci get network.mgmt.netmask)
@@ -331,6 +376,10 @@ openwrt_mixin:
         iptables -A INPUT -i "$FF_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT
         iptables -A INPUT -i "$FF_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 
+        iptables -A INPUT -i "$LTE_IF" -p icmp -j ACCEPT
+        iptables -A INPUT -i "$LTE_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT
+        iptables -A INPUT -i "$LTE_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
         iptables -A INPUT -i "wg-emc" -p icmp -j ACCEPT
         iptables -A INPUT -i "wg-emc" -p tcp --dport {{ ansible_port }} -j ACCEPT
         iptables -A INPUT -i "wg-emc" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-- 
cgit v1.2.3