rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

exit: add routes for VPN IPv4 addresses to outside and default VRFs

Browse source 
Like commit 7b5980f but for VPN addresses. Also renumber some route
maps to improve consistency.
This commit is contained in:
Timotej Lazar 2024-09-16 17:19:25 +02:00
parent 6c8309f1c9
commit 6322d5ec97
2 changed files with 15 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
roles/exit/templates/frr.conf.j2
View file

@ -295,11 +295,13 @@ route-map default-import permit 21
match ipv6 address prefix-list office match ipv6 address prefix-list office
route-map default-import permit 30 route-map default-import permit 30
match ip address prefix-list nat match ip address prefix-list nat
route-map default-import permit 31
match ipv6 address prefix-list vpn
route-map default-import permit 40 route-map default-import permit 40
match ip address prefix-list outside match ip address prefix-list vpn
route-map default-import permit 41 route-map default-import permit 41
match ipv6 address prefix-list vpn
route-map default-import permit 50
match ip address prefix-list outside
route-map default-import permit 51
match ipv6 address prefix-list outside match ipv6 address prefix-list outside
route-map outside-import permit 10 route-map outside-import permit 10
@ -380,7 +382,9 @@ route-map firewall->outside permit 21
match ipv6 address prefix-list office match ipv6 address prefix-list office
route-map firewall->outside permit 30 route-map firewall->outside permit 30
match ip address prefix-list nat match ip address prefix-list nat
route-map firewall->outside permit 31 route-map firewall->outside permit 40
match ip address prefix-list vpn
route-map firewall->outside permit 41
match ipv6 address prefix-list vpn match ipv6 address prefix-list vpn
# Tag routes from each firewall. Set weight for primary to 200 and secondary to 100. # Tag routes from each firewall. Set weight for primary to 200 and secondary to 100.

12
roles/firewall/templates/frr.conf.j2
View file

@ -139,11 +139,13 @@ route-map outside->default permit 11
# Send inside and NAT addresses to outside peers so inbound packets go through the firewall. # Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
route-map default->outside permit 1 route-map default->outside permit 1
match interface lo match interface lo
route-map default->outside permit 10
match ip address prefix-list office
route-map default->outside permit 11
match ipv6 address prefix-list office
route-map default->outside permit 20 route-map default->outside permit 20
match ip address prefix-list office
route-map default->outside permit 21
match ipv6 address prefix-list office
route-map default->outside permit 30
match ip address prefix-list nat match ip address prefix-list nat
route-map default->outside permit 31 route-map default->outside permit 40
match ip address prefix-list vpn
route-map default->outside permit 41
match ipv6 address prefix-list vpn match ipv6 address prefix-list vpn