updates

ansible/roles/vpn_mgt/templates/bird.conf.j2

@@ -31,14 +31,13 @@ protocol ospf {
 
         area 0 {
                 networks {
-                        {{ BIRD_NETWORKS }};
+                        {% for bird_net in BIRD_NETWORKS.split(';') %}
+                        {{ bird_net }};
+                        {% endfor %}
                 };
                 interface "eth0" {
-                        cost 1;
-                        type ptmp;
-                        neighbors {
-                                {{ BIRD_NEIGHBORS }};
-                        };
+                        cost 10;
+                        type broadcast;
                 };
                 interface "dummy0" {
                         cost 1;
@@ -48,8 +47,8 @@ protocol ospf {
                 {% if wg_config.NEIGHBORS is defined %}
 
                 interface "wg{{ wg_config.NAME }}" {
-                        cost 15;
-                        tx length 1344;
+                        cost {{ wg_config.COST | default(100) }};
+                        tx length {{ wg_config.TX_LENGTH | default(1344) }};
                         type ptmp;
                         neighbors {
                                 {{ wg_config.NEIGHBORS }} ;

ansible/roles/vpn_mgt/templates/interfaces.j2

@@ -4,6 +4,7 @@ iface lo inet loopback
 auto eth0
 iface eth0 inet static
         address {{ BIRD_ROUTER_ID }}/{{ INTERNAL_HOST_IDENTIFIER }}
+        gateway {{ DEFAULT_GATEWAY }}
 
 auto dummy0
 iface dummy0 inet manual
@@ -12,11 +13,4 @@ iface dummy0 inet manual
         up ip addr add {{ WG_PUBLIC_IP }}/32 dev $IFACE
         down ip link del $IFACE
 
-auto dummy1
-iface dummy1 inet manual
-        pre-up ip link add $IFACE type dummy
-        pre-up ip link set up dev $IFACE
-        up ip addr add {{ WG_PRIVATE_RANGE }} dev $IFACE
-        down ip link del $IFACE
-
 source /etc/network/interfaces.d/*

ansible/roles/vpn_mgt/templates/netfilter.j2

@@ -6,6 +6,8 @@
 -A INPUT -s 10.70.90.53/32 -d {{ BIRD_ROUTER_ID }}/{{ INTERNAL_HOST_IDENTIFIER }} -j ACCEPT
 -A INPUT -s 10.70.73.66/32 -d {{ BIRD_ROUTER_ID }}/{{ INTERNAL_HOST_IDENTIFIER }} -j ACCEPT
 
+# Fix
+-A INPUT -s 10.0.0.0/8 -d {{ BIRD_ROUTER_ID }}/{{ INTERNAL_HOST_IDENTIFIER }} -j ACCEPT
 
 -A INPUT -i lo -j ACCEPT
 -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

ansible/wireguard.yaml

@@ -16,6 +16,8 @@ wireguard_configs:
     INTERFACE_ADDRESS: "10.70.250.2/30"
     INTERFACE_NETMASK: "255.255.255.252"
     NEIGHBORS: "10.70.250.2"
+    TX_LENGTH: 1343
+    COST: 99
 
   - NAME: jameso
     PORT_NUMBER: 51821

terraform/ansible.tf

@@ -15,6 +15,7 @@ resource "ansible_host" "vpn_host" {
     INTERNAL_HOST_IDENTIFIER = var.internal_host_identifier
     BIRD_NETWORKS            = var.bird_networks
     BIRD_NEIGHBORS           = var.bird_neighbors
+    DEFAULT_GATEWAY          = var.vm_mgt_default_gateway
     WG_PUBLIC_IP             = var.wg_public_ip
     WG_PRIVATE_RANGE         = var.wg_private_range
     PRIVATE_KEY              = var.wg_private_key

terraform/dev3.tfvars

@@ -3,7 +3,7 @@ proxmox_storage_location = "local-lvm"
 hostname                 = "nycmesh-vpn-0"
 vm_mgt_ip                = "10.70.90.180"
 vm_mgt_default_gateway   = "10.70.90.1"
-bird_networks            = "10.0.0.0/8"
+bird_networks            = "10.70.90.0/24;10.69.0.0/16"
 bird_neighbors           = "10.69.7.13"
 wg_public_ip             = "199.170.132.43"
 wg_private_range         = "10.70.250.0/24"

terraform/vars.tf

@@ -56,7 +56,7 @@ variable "vm_mgt_ip" {
 variable "internal_host_identifier" {
   type        = string
   description = "Host identifier for the internal network interface eth0"
-  default     = "32"
+  default     = "24"
 }
 
 variable "vm_mgt_default_gateway" {