From 31e32251b09c7cfec4f0ab29b3ed08526ba72470 Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Mar 25 2024 20:29:19 +0000
Subject: Merge branch 'crameleon/odin-push-public' into 'production'


Push os-public through OpenVPN

See merge request infra/salt!1609
---

diff --git a/salt/profile/vpn/openvpn/files/odin/etc/openvpn/includes/heroes_common_push.conf.jinja b/salt/profile/vpn/openvpn/files/odin/etc/openvpn/includes/heroes_common_push.conf.jinja
index 6e3822d..f403a4f 100644
--- a/salt/profile/vpn/openvpn/files/odin/etc/openvpn/includes/heroes_common_push.conf.jinja
+++ b/salt/profile/vpn/openvpn/files/odin/etc/openvpn/includes/heroes_common_push.conf.jinja
@@ -6,6 +6,8 @@ push "dhcp-option DOMAIN infra.opensuse.org"
 
 push "route-ipv6 2a07:de40:b27e:1100::/64"  # os-thor
 push "route-ipv6 2a07:de40:b27e:1203::/64"  # os-internal
+push "route-ipv6 2a07:de40:b27e:1204::/64"  # os-public
 push "route-ipv6 2a07:de40:b27e:1205::/64"  # os-mirror
-# os-public, os-salt, os-code are firewall blocked and not pushed on purpose
+# os-public is firewalled to only facilitate the same IP connectivity as over the internet, but we push it to allow for access to restricted services
+# os-salt, os-code, and others are firewall blocked and not pushed on purpose
 push "route-ipv6 2a07:de40:b27e:64::/96"    # NAT64