exit: add routes for VPN IPv4 addresses to outside and default VRFs

Like commit 7b5980f but for VPN addresses.

roles/exit/templates/frr.conf.j2

@@ -295,11 +295,13 @@ route-map default-import permit 21
   match ipv6 address prefix-list office
 route-map default-import permit 30
   match ip address prefix-list nat
-route-map default-import permit 31
-  match ipv6 address prefix-list vpn
 route-map default-import permit 40
-  match ip address prefix-list outside
+  match ip address prefix-list vpn
 route-map default-import permit 41
+  match ipv6 address prefix-list vpn
+route-map default-import permit 50
+  match ip address prefix-list outside
+route-map default-import permit 51
   match ipv6 address prefix-list outside
 
 route-map outside-import permit 10
@@ -380,7 +382,9 @@ route-map firewall->outside permit 21
   match ipv6 address prefix-list office
 route-map firewall->outside permit 30
   match ip address prefix-list nat
-route-map firewall->outside permit 31
+route-map firewall->outside permit 40
+  match ip address prefix-list vpn
+route-map firewall->outside permit 41
   match ipv6 address prefix-list vpn
 
 # Tag routes from each firewall. Set weight for primary to 200 and secondary to 100.

roles/firewall/templates/frr.conf.j2

@@ -139,11 +139,13 @@ route-map outside->default permit 11
 # Send inside and NAT addresses to outside peers so inbound packets go through the firewall.
 route-map default->outside permit 1
   match interface lo
-route-map default->outside permit 10
-  match ip address prefix-list office
-route-map default->outside permit 11
-  match ipv6 address prefix-list office
 route-map default->outside permit 20
+  match ip address prefix-list office
+route-map default->outside permit 21
+  match ipv6 address prefix-list office
+route-map default->outside permit 30
   match ip address prefix-list nat
-route-map default->outside permit 31
+route-map default->outside permit 40
+  match ip address prefix-list vpn
+route-map default->outside permit 41
   match ipv6 address prefix-list vpn