From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 15 Dec 2012 18:52:57 +0000 (+0000)
Subject: jazz.m4, local.m4: Make jazz be a TrIPE endpoint.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/560ae309bf5ae7526a21b6a5ff07b0c0d0aa51c7

jazz.m4, local.m4: Make jazz be a TrIPE endpoint.

It's running the IP-over-DNS endpoint, and life becomes very tricky if
it's not also the VPN endpoint.  There's knock-on stuff: jazz becomes
a router, and VPN traffic can flow over the colo and jump nets.
---

diff --git a/jazz.m4 b/jazz.m4
index 96289b1..d3aa750 100644
--- a/jazz.m4
+++ b/jazz.m4
@@ -32,6 +32,7 @@ allowservices inbound tcp \
 	http https \
 	tor_public tor_directory i2p
 allowservices inbound udp \
+	tripe \
 	i2p
 
 ## Other interesting things.
diff --git a/local.m4 b/local.m4
index 23e6f6d..128d645 100644
--- a/local.m4
+++ b/local.m4
@@ -206,8 +206,8 @@ defhost fender
 	iface br-colo jump colo
 defhost precision
 	hosttype router
-	iface eth0 jump colo sgo
-	iface eth1 jump colo sgo
+	iface eth0 jump colo vpn sgo
+	iface eth1 jump colo vpn sgo
 	iface vpn-radius housebdry vpn sgo
 	iface vpn-chiark sgo
 	iface vpn-+ vpn
@@ -218,9 +218,11 @@ defhost stratocaster
 	iface eth0 jump colo
 	iface eth1 jump colo
 defhost jazz
-	iface eth0 jump colo
-	iface eth1 jump colo
+	hosttype router
+	iface eth0 jump colo vpn
+	iface eth1 jump colo vpn
 	iface dns0 iodine
+	iface vpn-+ vpn
 
 ## Other networks.
 defnet hub virtual