From 0b9417cb4dbff3a9fa58ed63ba37fe57fe0f1895 Mon Sep 17 00:00:00 2001
From: Yuri Tatishchev <itatishch@gmail.com>
Date: Wed, 4 Jun 2025 21:59:12 -0700
Subject: [PATCH] router: firewall: add port forwards for vpn endpoints on
 opnsense

---
 hosts/router/firewall.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hosts/router/firewall.nix b/hosts/router/firewall.nix
index a3db09b..32a7ab8 100644
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@@ -47,7 +47,15 @@ in
       map port_forward {
           type inet_proto . inet_service : ipv4_addr . inet_service
           elements = {
-              tcp . 8006 : ${ifs.lan50.p4}.10 . 8006
+              tcp . 8006 : ${ifs.lan50.p4}.10 . 8006,
+              # opnsense vpn endpoints
+              # the plan is to maybe eventually move these to nixos
+              udp . 18596 : ${vars.extra.opnsense.addr4} . 18596,
+              udp . 48512 : ${vars.extra.opnsense.addr4} . 48512,
+              udp . 40993 : ${vars.extra.opnsense.addr4} . 40993,
+              udp . 45608 : ${vars.extra.opnsense.addr4} . 45608,
+              udp . 35848 : ${vars.extra.opnsense.addr4} . 35848,
+              udp . 48425 : ${vars.extra.opnsense.addr4} . 48425,
           }
       }