exit: receive VPN IPv6 addresses from firewalls

And share them with peer over backup link.
This commit is contained in:
Timotej Lazar 2023-12-14 21:41:39 +01:00
parent c2d0e88996
commit 2b275c2ab4

View file

@ -229,7 +229,12 @@ ipv6 prefix-list office permit {{ prefix.prefix }} ge 64
{% endfor %}
{% endfor %}
{% if wg_net is defined %}
ip prefix-list vpn permit {{ wg_net | ipaddr('subnet') }}
{% endif %}
{% if wg_net6 is defined %}
ipv6 prefix-list vpn permit {{ wg_net6 | ipaddr('subnet') }}
{% endif %}
ip prefix-list nat permit {{ wg_ip | ipaddr('host') }}
{% for network in nat %}
@ -261,6 +266,8 @@ route-map default-import permit 21
match ipv6 address prefix-list office
route-map default-import permit 30
match ip address prefix-list nat
route-map default-import permit 31
match ipv6 address prefix-list vpn
route-map outside-import permit 10
match ip address prefix-list dc
@ -324,6 +331,8 @@ route-map firewall->outside permit 21
match ipv6 address prefix-list office
route-map firewall->outside permit 30
match ip address prefix-list nat
route-map firewall->outside permit 31
match ipv6 address prefix-list vpn
# Tag routes from each firewall. Set weight for primary to 200 and secondary to 100.
{% for firewall in ifaces_firewall %}
@ -387,6 +396,8 @@ route-map me->peer.4 permit 111
match ipv6 address prefix-list default
route-map me->peer.4 permit 120
match ip address prefix-list nat
route-map me->peer.4 permit 121
match ipv6 address prefix-list vpn
route-map me->peer.4 permit 131
match ipv6 address prefix-list office
@ -397,5 +408,7 @@ route-map peer.4->me permit 111
match ipv6 address prefix-list default
route-map peer.4->me permit 120
match ip address prefix-list nat
route-map peer.4->me permit 121
match ipv6 address prefix-list vpn
route-map peer.4->me permit 131
match ipv6 address prefix-list office