From: Tom Hughes <tom@compton.nu>
Date: Tue, 3 May 2016 10:49:55 +0000 (+0100)
Subject: Fix VPN configuration
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/ac41f3960efc31d10565fa3a79665caeffa421ac

Fix VPN configuration
---

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 39611a9df..8355b54c0 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -35,10 +35,8 @@ node[:networking][:interfaces].each do |name, interface|
 
   prefix = node[:networking][:interfaces][name][:prefix]
 
-  # rubocop:disable Style/RedundantParentheses
   node.set[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
   node.set[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
-  # rubocop:enable Style/RedundantParentheses
 end
 
 template "/etc/network/interfaces" do
@@ -209,7 +207,7 @@ firewall_rule "limit-icmp-echo" do
   rate_limit "s:1/sec:5"
 end
 
-%w(ucl ic bm).each do |zone|
+%w(ucl ic bm aws).each do |zone|
   firewall_rule "accept-openvpn-#{zone}" do
     action :accept
     family :inet
diff --git a/roles/fafnir.rb b/roles/fafnir.rb
index 1c5ee364f..b50e2fc3a 100644
--- a/roles/fafnir.rb
+++ b/roles/fafnir.rb
@@ -28,7 +28,8 @@ default_attributes(
         :port => "1194",
         :mode => "client",
         :peer => {
-          :host => "ironbelly.openstreetmap.org"
+          :host => "ironbelly.openstreetmap.org",
+          :port => "1195"
         }
       }
     }