Configure bird daemons on VPNs
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
jeltz 2021-02-24 22:11:50 +01:00
parent 259c2afeab
commit 9954c9e7d5
4 changed files with 42 additions and 29 deletions

View file

@ -6,16 +6,20 @@ wireguard_endpoints:
peer: peer:
public_key: "{{ vault_wireguard_secrets.ovh_edc.public }}" public_key: "{{ vault_wireguard_secrets.ovh_edc.public }}"
allowed_addrs: allowed_addrs:
- 192.168.0.3/32 - 0.0.0.0/0
- 10.132.0.0/16 - ::/0
keepalive: 5 keepalive: 5
endpoint: 92.222.211.198:5413 endpoint: 92.222.211.198:5413
nftables_basic_input_rules: bird_router_id: 10.128.0.124
- proto: tcp bird_router_prefsrc: 10.128.0.124
port: 22 bird_ospf_ifaces:
verdict: accept ens18:
- proto: udp stub: true
port: 5412 ovh:
verdict: accept type: pointopoint
cost: 4000
ens19:
type: broadcast
cost: 1000
... ...

View file

@ -6,16 +6,20 @@ wireguard_endpoints:
peer: peer:
public_key: "{{ vault_wireguard_secrets.ovh_gs.public }}" public_key: "{{ vault_wireguard_secrets.ovh_gs.public }}"
allowed_addrs: allowed_addrs:
- 192.168.0.1/32 - 0.0.0.0/0
- 10.132.0.0/16 - ::/0
keepalive: 5 keepalive: 5
endpoint: 92.222.211.198:5412 endpoint: 92.222.211.198:5412
nftables_basic_input_rules: bird_router_id: 10.128.0.224
- proto: tcp bird_router_prefsrc: 10.128.0.224
port: 22 bird_ospf_ifaces:
verdict: accept ens18:
- proto: udp stub: true
port: 5412 ovh:
verdict: accept type: pointopoint
cost: 2000
ens19:
type: broadcast
cost: 1000
... ...

View file

@ -7,8 +7,8 @@ wireguard_endpoints:
peer: peer:
public_key: "{{ vault_wireguard_secrets.gs.public }}" public_key: "{{ vault_wireguard_secrets.gs.public }}"
allowed_addrs: allowed_addrs:
- 192.168.0.0/32 - 0.0.0.0/0
- 10.128.0.0/16 - ::/0
keepalive: 5 keepalive: 5
- name: edc - name: edc
addr: 192.168.0.3/31 addr: 192.168.0.3/31
@ -17,15 +17,19 @@ wireguard_endpoints:
peer: peer:
public_key: "{{ vault_wireguard_secrets.edc.public }}" public_key: "{{ vault_wireguard_secrets.edc.public }}"
allowed_addrs: allowed_addrs:
- 192.168.0.2/32 - 0.0.0.0/0
- 10.128.0.0/16 - ::/0
keepalive: 5 keepalive: 5
nftables_basic_input_rules: bird_router_id: 10.132.0.254
- proto: tcp bird_router_prefsrc: 10.132.0.254
port: 22 bird_ospf_ifaces:
verdict: accept ens19:
- proto: udp stub: true
port: 5412 gs:
verdict: accept type: pointopoint
cost: 2000
edc:
type: pointopoint
cost: 4000
... ...

View file

@ -6,4 +6,5 @@
- vpn-ng-backup.adm.auro.re - vpn-ng-backup.adm.auro.re
roles: roles:
- wireguard-endpoint - wireguard-endpoint
- bird
... ...