Add preshared key for wg connection

Naman1997 · Sep 10, 2024 · c4e2c0e · c4e2c0e
1 parent e2b6b83
commit c4e2c0e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/ansible/3-wireguard.yml b/ansible/3-wireguard.yml
@@ -19,6 +19,10 @@
       shell: "wg genkey | tee privatekey_proxy | wg pubkey > publickey_proxy"
       args:
         chdir: "/etc/wireguard"
+    - name: Generate Wireguard pre-shared key
+      shell: "wg genpsk > preshared_key"
+      args:
+        chdir: "/etc/wireguard"
     - name: Get public key of proxy
       slurp:
         src: /etc/wireguard/publickey_proxy
@@ -27,6 +31,10 @@
       slurp:
         src: /etc/wireguard/privatekey_proxy
       register: private_key_proxy
+    - name: Get the preshared key to be used for the connection
+      slurp:
+        src: /etc/wireguard/preshared_key
+      register: preshared_key_content
 
 - hosts: gateway
   become: true
@@ -76,6 +84,7 @@
       vars:
         public_key: "{{ hostvars.gateway.public_key_gateway['content'] | b64decode }}"
         private_key: "{{ private_key_proxy['content'] | b64decode }}"
+        preshared_key: "{{ preshared_key_content['content'] | b64decode }}"
     - name: Startup connection
       shell: "wg-quick up wg0"
     - name: Enable wg service
@@ -94,6 +103,7 @@
       vars:
         public_key: "{{ hostvars.proxy.public_key_proxy['content'] | b64decode }}"
         private_key: "{{ private_key_gateway['content'] | b64decode }}"
+        preshared_key: "{{ hostvars.proxy.preshared_key_content['content'] | b64decode }}"
         interface: "{{ gateway_internet_interface.stdout }}"
     - name: Startup connection
       shell: "wg-quick up wg0"

diff --git a/templates/wireguard/wg0_gateway.conf.template b/templates/wireguard/wg0_gateway.conf.template
@@ -8,4 +8,5 @@ PrivateKey = {{ private_key | trim }}
 
 [Peer]
 PublicKey = {{ public_key | trim }}
-AllowedIPs = 10.20.0.2/32
+AllowedIPs = 10.20.0.2/32
+PresharedKey = {{ preshared_key | trim }}
diff --git a/templates/wireguard/wg0_proxy.conf.template b/templates/wireguard/wg0_proxy.conf.template
@@ -6,4 +6,5 @@ Address = 10.20.0.2/24
 PublicKey = {{ public_key | trim }}
 AllowedIPs = 10.20.0.1/32
 Endpoint = {{ duckdns_domain }}:{{ wireguard_port }}
-PersistentKeepalive = 25
+PersistentKeepalive = 10
+PresharedKey = {{ preshared_key | trim }}