Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable source destination check for instances that forward traffic #21

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Disable source destination check for instances that forward traffic #21

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bea75a4
disable source destination check for instances that foward traffic to…
wheller Aug 9, 2020
daf04a9
Add conditional check for disable source dest check
wheller Aug 9, 2020
0a51c8f
Resolve merge conflict from previous network interface PR
wheller Oct 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ Before using this module, you'll need to generate a key pair for your server and
|`wg_server_private_key_param`|`string`|Optional - defaults to `/wireguard/wg-server-private-key`|The Parameter Store key to use for the VPN server Private Key.|
|`ami_id`|`string`|Optional - defaults to the newest Ubuntu 16.04 AMI|AMI to use for the VPN server.|
|`wg_server_interface`|`string`|Optional - defaults to eth0|Server interface to route traffic to for installations forwarding traffic to private networks.|
|`forward_traffic`|`string`|Optional - defaults to false|Will this server be used to forward trafic to a local network.|

## Examples

Expand Down
1 change: 1 addition & 0 deletions main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ data "template_file" "user_data" {
peers = join("\n", data.template_file.wg_client_data_json.*.rendered)
eip_id = var.eip_id
wg_server_interface = var.wg_server_interface
forward_traffic = var.forward_traffic
}
}

Expand Down
9 changes: 7 additions & 2 deletions templates/user-data.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,15 @@ ${peers}
EOF

# we go with the eip if it is provided
if [ "${eip_id}" != "disabled" ]; then
if [ "${eip_id}" != "disabled" ] || [ "${forward_traffic}" == "true" ]; then
export INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
export REGION=$(curl -fsq http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/[a-z]$//')
aws --region $${REGION} ec2 associate-address --allocation-id ${eip_id} --instance-id $${INSTANCE_ID}
if [ "${eip_id}" != "disabled" ]; then
aws --region $${REGION} ec2 associate-address --allocation-id ${eip_id} --instance-id $${INSTANCE_ID}
fi
if [ "${forward_traffic}" == "true" ]; then
aws ec2 modify-instance-attribute --no-source-dest-check --instance-id $${INSTANCE_ID} --region $${REGION}
fi
fi

chown -R root:root /etc/wireguard/
Expand Down
5 changes: 5 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,8 @@ variable "wg_server_interface" {
default = "eth0"
description = "The default interface to forward network traffic to."
}

variable "forward_traffic" {
default = "false"
description = "Will this WireGuard server forward traffic to other hosts on the network?"
}