local.m4: New address range for untrusted VPN hosts.

author Mark Wooding <mdw@distorted.org.uk>

Thu, 1 Oct 2015 07:14:21 +0000 (08:14 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Thu, 1 Oct 2015 07:14:21 +0000 (08:14 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Thu, 1 Oct 2015 07:14:21 +0000 (08:14 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Thu, 1 Oct 2015 07:14:21 +0000 (08:14 +0100)
diff --git a/local.m4 b/local.m4

index aeda6591c730979c1d842503be45b12f21cbb432..e456e77dbda8a3dd2fab9dfd295663a211c088bc 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -54,6 +54,7 @@ m4_divert(-1)
  ## 172.29.198.0/24  Untrusted networks.
  ##     .0/25           house wireless net
  ##     .128/28         iodine (IP-over-DNS) network
+##     .160/27         untrusted virtual network
  ##
  ## 172.29.199.0/24  Trusted networks.
  ##     .0/25           house wired network
@@ -89,6 +90,7 @@ m4_divert(-1)
  ## The /48s are split into /64s by appending a 16-bit network number.  The
  ## top nibble of the network number classifies the network, as follows.
  ##
+## axxx                Virtual, untrusted
  ## 8xxx                Untrusted
  ## 6xxx                Virtual, safe
  ## 4xxx                Safe
@@ -257,12 +259,14 @@ defnet default scary
         addr 212.13.198.64/28 2001:ba8:0:1d9::/64
         addr 2001:ba8:1d9::/48 #temporary
         via dmz unsafe untrusted jump colo
+defnet upn untrusted
+       addr 172.29.198.160/27 2001:ba8:1d9:a000::/64
+       via colohub
  
  ## Satellite networks.
  defnet binswood noloop
         addr 10.165.27.0/24
         via colohub
-
  defhost mango
         hosttype router
         iface eth0 binswood default
author	Mark Wooding <mdw@distorted.org.uk>
	Thu, 1 Oct 2015 07:14:21 +0000 (08:14 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Thu, 1 Oct 2015 07:14:21 +0000 (08:14 +0100)