From 9487d5bdea4c87b79783a46ec556a6da2c39c2bc Mon Sep 17 00:00:00 2001 From: Yuri Tatishchev Date: Tue, 15 Apr 2025 10:35:18 -0700 Subject: [PATCH] router: add static routes to opnsense to fix vpn issues --- hosts/router/firewall.nix | 3 ++- hosts/router/ifconfig.nix | 1 + hosts/router/vars.nix | 24 ++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/hosts/router/firewall.nix b/hosts/router/firewall.nix index 3086531..cef6ffa 100644 --- a/hosts/router/firewall.nix +++ b/hosts/router/firewall.nix @@ -20,8 +20,9 @@ in ${ifs.lan40.name}, ${ifs.lan50.name}, } - define OPNSENSE_NET6 = ${pdFromWan}d::/64 + define OPNSENSE_NET6 = ${vars.extra.opnsense.net6} define ZONE_LAN_EXTRA_NET6 = { + # TODO: reevaluate this statement ${ifs.lan20.net6}, # needed since packets can come in from wan on these addrs $OPNSENSE_NET6, } diff --git a/hosts/router/ifconfig.nix b/hosts/router/ifconfig.nix index 63f3198..d479a7d 100644 --- a/hosts/router/ifconfig.nix +++ b/hosts/router/ifconfig.nix @@ -150,6 +150,7 @@ in ifs.lan40.name ifs.lan50.name ]; + routes = vars.extra.opnsense.routes; }; "30-vlan10" = mkLanConfig ifs.lan10; "30-vlan20" = mkLanConfig ifs.lan20; diff --git a/hosts/router/vars.nix b/hosts/router/vars.nix index 10abd5f..3961ab9 100644 --- a/hosts/router/vars.nix +++ b/hosts/router/vars.nix @@ -95,4 +95,28 @@ rec { ulaPrefix_ = "${ulaPrefix}:0050"; # ::/64 }; }; + + extra = { + opnsense = rec { + addr4 = "${ifs.lan.p4}.250"; + ulaAddr = "${ifs.lan.ulaPrefix}::250"; + p6 = "${pdFromWan}d"; + net6 = "${p6}::/64"; + # VPN routes on opnsense + routes = [ + { + Destination = "10.6.0.0/24"; + Gateway = addr4; + } + { + Destination = "10.18.0.0/20"; + Gateway = addr4; + } + { + Destination = net6; + Gateway = ulaAddr; + } + ]; + }; + }; }