Dustin C. Hatch
f8641cb912
This commit adjusts the firewall and networking configuration on dc0 to host the Pyrocufflink remote access IPsec VPN locally instead of forwarding it to the internal VPN server.
18 lines
362 B
Django/Jinja
18 lines
362 B
Django/Jinja
table ip nat {
|
|
set vpn_subnets {
|
|
type ipv4_addr
|
|
flags interval
|
|
elements = {
|
|
172.31.0.64/28,
|
|
{% for prefix in firemon_networks %}
|
|
{{ prefix }},
|
|
{% endfor %}
|
|
}
|
|
}
|
|
|
|
chain postrouting {
|
|
ip daddr @vpn_subnets counter accept
|
|
oif {{ ansible_default_ipv4.interface }} masquerade
|
|
}
|
|
}
|