router: add static routes to opnsense to fix vpn issues

2025-04-15 10:35:18 -07:00 · 2025-04-15 10:35:18 -07:00 · 9487d5bdea
commit 9487d5bdea
parent 9bbd0cfbdd
3 changed files with 27 additions and 1 deletions
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@ -20,8 +20,9 @@ in
          ${ifs.lan40.name},
          ${ifs.lan50.name},
      }
-      define OPNSENSE_NET6 = ${pdFromWan}d::/64
+      define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
      define ZONE_LAN_EXTRA_NET6 = {
+          # TODO: reevaluate this statement
          ${ifs.lan20.net6},  # needed since packets can come in from wan on these addrs
          $OPNSENSE_NET6,
      }
--- a/hosts/router/ifconfig.nix
+++ b/hosts/router/ifconfig.nix
@ -150,6 +150,7 @@ in
          ifs.lan40.name
          ifs.lan50.name
        ];
+        routes = vars.extra.opnsense.routes;
      };
      "30-vlan10" = mkLanConfig ifs.lan10;
      "30-vlan20" = mkLanConfig ifs.lan20;
--- a/hosts/router/vars.nix
+++ b/hosts/router/vars.nix
@ -95,4 +95,28 @@ rec {
      ulaPrefix_ = "${ulaPrefix}:0050";  # ::/64
    };
  };
+
+  extra = {
+    opnsense = rec {
+      addr4 = "${ifs.lan.p4}.250";
+      ulaAddr = "${ifs.lan.ulaPrefix}::250";
+      p6 = "${pdFromWan}d";
+      net6 = "${p6}::/64";
+      # VPN routes on opnsense
+      routes = [
+        {
+          Destination = "10.6.0.0/24";
+          Gateway = addr4;
+        }
+        {
+          Destination = "10.18.0.0/20";
+          Gateway = addr4;
+        }
+        {
+          Destination = net6;
+          Gateway = ulaAddr;
+        }
+      ];
+    };
+  };
 }