#
# {{ ansible_managed }}
#
{% if debug_fastd %}
log level debug;
{% else %}
log level warn;
{% endif %}
hide ip addresses no;
hide mac addresses no;

method "aes128-ctr+umac";

interface "{{ item.0.id }}igvpn-{{ item.1.mtu }}";

bind {{ ansible_default_ipv4.address | ipaddr('public') }}:11{{ item.1.id }}{{ item.0.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:11{{ item.1.id }}{{ item.0.site_number }};

include "secret.conf";
mtu {{ item.1.mtu }};

peer group "servers" {
    include peers from "peers/gates";
    include peers from "peers/services";
}

on up "/bin/systemctl reload networking";

status socket "/var/run/fastd-{{ item.0.id }}igvpn-{{ item.1.mtu }}.status";