Base on https://www.unixadm.org/needful-things/openvpn-ospf. Point is connect multiple localization over openvpn and use ospf (bird) for detect new network. In scenario only 1 point use public adres IP and it will be openvpn hub. I will try to create openvpn client with bird but only as "endpoint" client without passing traffic. More generic and autodetec configuration then better :)
Use bird to "autodetect" another networks, make it quite secure (Openvpn). Make it easy, repeatable and generic.
- 1 public IP address (VPN-HUB)
- rest of node can be hidden by nat
- create configration for endpoint: only import networks, don't inform rest about endpoint network configuration.
- Check bird configuration, vpn-hub with single publick IP address have a additional rule, all bird client with public IP require this rule.
Openvpn use TAP OSPF have broadcast connection.
To do:
- Change Openvpn to TUN and OSPF into PTMP instead Broadcast connection.
- there is some issue with OSPF and tun. I stay in tap.
- https://gitlab.labs.nic.cz/labs/bird/wikis/FAQ
- Include init.sh script into Vagrant file (one command for pull setup)