Configure bird daemons on VPNs
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
259c2afeab
commit
9954c9e7d5
4 changed files with 42 additions and 29 deletions
|
@ -6,16 +6,20 @@ wireguard_endpoints:
|
||||||
peer:
|
peer:
|
||||||
public_key: "{{ vault_wireguard_secrets.ovh_edc.public }}"
|
public_key: "{{ vault_wireguard_secrets.ovh_edc.public }}"
|
||||||
allowed_addrs:
|
allowed_addrs:
|
||||||
- 192.168.0.3/32
|
- 0.0.0.0/0
|
||||||
- 10.132.0.0/16
|
- ::/0
|
||||||
keepalive: 5
|
keepalive: 5
|
||||||
endpoint: 92.222.211.198:5413
|
endpoint: 92.222.211.198:5413
|
||||||
|
|
||||||
nftables_basic_input_rules:
|
bird_router_id: 10.128.0.124
|
||||||
- proto: tcp
|
bird_router_prefsrc: 10.128.0.124
|
||||||
port: 22
|
bird_ospf_ifaces:
|
||||||
verdict: accept
|
ens18:
|
||||||
- proto: udp
|
stub: true
|
||||||
port: 5412
|
ovh:
|
||||||
verdict: accept
|
type: pointopoint
|
||||||
|
cost: 4000
|
||||||
|
ens19:
|
||||||
|
type: broadcast
|
||||||
|
cost: 1000
|
||||||
...
|
...
|
||||||
|
|
|
@ -6,16 +6,20 @@ wireguard_endpoints:
|
||||||
peer:
|
peer:
|
||||||
public_key: "{{ vault_wireguard_secrets.ovh_gs.public }}"
|
public_key: "{{ vault_wireguard_secrets.ovh_gs.public }}"
|
||||||
allowed_addrs:
|
allowed_addrs:
|
||||||
- 192.168.0.1/32
|
- 0.0.0.0/0
|
||||||
- 10.132.0.0/16
|
- ::/0
|
||||||
keepalive: 5
|
keepalive: 5
|
||||||
endpoint: 92.222.211.198:5412
|
endpoint: 92.222.211.198:5412
|
||||||
|
|
||||||
nftables_basic_input_rules:
|
bird_router_id: 10.128.0.224
|
||||||
- proto: tcp
|
bird_router_prefsrc: 10.128.0.224
|
||||||
port: 22
|
bird_ospf_ifaces:
|
||||||
verdict: accept
|
ens18:
|
||||||
- proto: udp
|
stub: true
|
||||||
port: 5412
|
ovh:
|
||||||
verdict: accept
|
type: pointopoint
|
||||||
|
cost: 2000
|
||||||
|
ens19:
|
||||||
|
type: broadcast
|
||||||
|
cost: 1000
|
||||||
...
|
...
|
||||||
|
|
|
@ -7,8 +7,8 @@ wireguard_endpoints:
|
||||||
peer:
|
peer:
|
||||||
public_key: "{{ vault_wireguard_secrets.gs.public }}"
|
public_key: "{{ vault_wireguard_secrets.gs.public }}"
|
||||||
allowed_addrs:
|
allowed_addrs:
|
||||||
- 192.168.0.0/32
|
- 0.0.0.0/0
|
||||||
- 10.128.0.0/16
|
- ::/0
|
||||||
keepalive: 5
|
keepalive: 5
|
||||||
- name: edc
|
- name: edc
|
||||||
addr: 192.168.0.3/31
|
addr: 192.168.0.3/31
|
||||||
|
@ -17,15 +17,19 @@ wireguard_endpoints:
|
||||||
peer:
|
peer:
|
||||||
public_key: "{{ vault_wireguard_secrets.edc.public }}"
|
public_key: "{{ vault_wireguard_secrets.edc.public }}"
|
||||||
allowed_addrs:
|
allowed_addrs:
|
||||||
- 192.168.0.2/32
|
- 0.0.0.0/0
|
||||||
- 10.128.0.0/16
|
- ::/0
|
||||||
keepalive: 5
|
keepalive: 5
|
||||||
|
|
||||||
nftables_basic_input_rules:
|
bird_router_id: 10.132.0.254
|
||||||
- proto: tcp
|
bird_router_prefsrc: 10.132.0.254
|
||||||
port: 22
|
bird_ospf_ifaces:
|
||||||
verdict: accept
|
ens19:
|
||||||
- proto: udp
|
stub: true
|
||||||
port: 5412
|
gs:
|
||||||
verdict: accept
|
type: pointopoint
|
||||||
|
cost: 2000
|
||||||
|
edc:
|
||||||
|
type: pointopoint
|
||||||
|
cost: 4000
|
||||||
...
|
...
|
||||||
|
|
1
vpn.yml
1
vpn.yml
|
@ -6,4 +6,5 @@
|
||||||
- vpn-ng-backup.adm.auro.re
|
- vpn-ng-backup.adm.auro.re
|
||||||
roles:
|
roles:
|
||||||
- wireguard-endpoint
|
- wireguard-endpoint
|
||||||
|
- bird
|
||||||
...
|
...
|
||||||
|
|
Loading…
Reference in a new issue