-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implementation of IPv6 support #151
Open
tricovictor
wants to merge
10
commits into
Stouts:develop
Choose a base branch
from
UdelaRInterior:implementation-IPv6
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 8 commits
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
c31a28c
implementation of IPv6 support
734f8eb
Fix Travis errors
80b722a
Manual merge
88e7bb1
Fix Molecule failures
30bf129
Fix \n in server.conf
tricovictor 1fc9a77
Fix \n in server.conf
tricovictor 0e51e63
Fix error for compile Molecule
tricovictor c1cbc8c
Requested changes - Ansible linter improvements
santiagomr 9ec969d
Fix #159 IP forwarding when deploying
santiagomr 9995f24
IPv6 forwarding only if the VPN server manages an IPv6 subnet
santiagomr File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,21 @@ | ||
--- | ||
|
||
- name: Set ip forwarding in the sysctl file and reload if necessary | ||
- name: Set IPv4 forwarding in the sysctl file and reload if necessary | ||
sysctl: | ||
name: net.ipv4.ip_forward | ||
value: '1' | ||
sysctl_set: true | ||
state: present | ||
reload: true | ||
when: not lookup('env', 'IN_MOLECULE') | d(true, true) | bool | ||
|
||
- name: Set IPv6 forwarding in the sysctl file and reload if necessary | ||
sysctl: | ||
name: net.ipv6.conf.all.forwarding | ||
value: '1' | ||
sysctl_set: true | ||
state: present | ||
reload: true | ||
when: | ||
not lookup('env', 'IN_MOLECULE') | d(true, true) | bool | ||
and openvpn_ipv6_server is defined |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,8 @@ | |
{% if openvpn_local is defined -%} | ||
local {{ openvpn_local }} | ||
{% else -%} | ||
;local a.b.c.d {% endif %} | ||
;local a.b.c.d | ||
{% endif %} | ||
|
||
# Which TCP/UDP port should OpenVPN listen on? If you want to run multiple | ||
# OpenVPN instances on the same machine, use a different port number for each | ||
|
@@ -14,6 +15,10 @@ port {{ openvpn_port }} | |
# TCP or UDP server? | ||
proto {{ openvpn_proto }} | ||
|
||
{% if openvpn_ipv6_enabled | bool %} | ||
proto {{ openvpn_proto }}6 | ||
{% endif %} | ||
|
||
{% if openvpn_portshare is defined %} | ||
# Port sharing | ||
port-share 127.0.0.1 {{ openvpn_portshare }} | ||
|
@@ -31,6 +36,9 @@ cipher {{ openvpn_cipher }} | |
# most systems, the VPN will not function unless you partially or fully disable | ||
# the firewall for the TUN/TAP interface. | ||
dev {{ openvpn_dev }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why do you leave the non-ipv6 options outside of a conditional? Does this work? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes, this works |
||
{% if openvpn_ipv6_enabled | bool %} | ||
dev {{ openvpn_dev }}-ipv6 | ||
{% endif %} | ||
|
||
# SSL/TLS root certificate (ca), certificate (cert), and private key (key). | ||
# Each client and the server must have their own cert and key file. The server | ||
|
@@ -73,7 +81,12 @@ topology {{ openvpn_topology }} | |
# 10.8.0.1. Comment this line out if you are ethernet bridging. See the man | ||
# page for more info. | ||
server {{ openvpn_server }} | ||
{% if openvpn_ipv6_enabled | bool and openvpn_ipv6_server | length > 0 %} | ||
server-ipv6 {{ openvpn_ipv6_server }} | ||
{% if openvpn_ipv6_ifconfig | length > 0 %}ifconfig-ipv6 {{ openvpn_ipv6_ifconfig }}{% endif %} | ||
{% endif %} | ||
{% endif %} | ||
|
||
{% if openvpn_bridge %} | ||
# Configure server mode for ethernet bridging. | ||
# You must first use your OS's bridging capability | ||
|
@@ -104,7 +117,7 @@ ifconfig-pool-persist {{ openvpn_ifconfig_pool_persist }} | |
# over the link so that each side knows when the other side has gone down. Ping | ||
# every 10 seconds, assume that remote peer is down if no ping received during | ||
# a 120 second time period. | ||
{%- if openvpn_keepalive != '' %} | ||
{%- if openvpn_keepalive | length > 0 %} | ||
keepalive {{ openvpn_keepalive }} | ||
{% endif %} | ||
|
||
|
@@ -123,36 +136,36 @@ persist-tun | |
|
||
# Output a short status file showing current connections, truncated and | ||
# rewritten every minute. | ||
status {{openvpn_status}} | ||
status {{ openvpn_status }} | ||
|
||
# By default, log messages will go to the syslog (or on Windows, if running as | ||
# a service, they will go to the "\Program Files\OpenVPN\log" directory). Use | ||
# log or log-append to override this default. "log" will truncate the log file | ||
# on OpenVPN startup, while "log-append" will append to it. Use one or the | ||
# other (but not both). | ||
;log openvpn.log | ||
log-append {{openvpn_log}} | ||
log-append {{ openvpn_log }} | ||
|
||
# Set the appropriate level of log file verbosity. | ||
# | ||
# 0 is silent, except for fatal errors 4 is reasonable for general usage 5 and | ||
# 6 can help to debug connection problems 9 is extremely verbose | ||
verb {{openvpn_verb}} | ||
verb {{ openvpn_verb }} | ||
|
||
# The maximum number of concurrently connected clients we want to allow. | ||
max-clients {{openvpn_max_clients}} | ||
max-clients {{ openvpn_max_clients }} | ||
|
||
# It's a good idea to reduce the OpenVPN daemon's privileges after | ||
# initialization. | ||
# | ||
# You can uncomment this out on non-Windows systems. | ||
{% if openvpn_user -%} | ||
user {{openvpn_user}} | ||
user {{ openvpn_user }} | ||
{% else -%} | ||
;user nobody | ||
{% endif %} | ||
{% if openvpn_group -%} | ||
group {{openvpn_group}} | ||
group {{ openvpn_group }} | ||
{% else -%} | ||
group nogroup | ||
{% endif %} | ||
|
@@ -163,7 +176,7 @@ client-to-client | |
|
||
{% if openvpn_use_pam %} | ||
client-cert-not-required | ||
plugin {{openvpn_use_pam_plugin|default(openvpn_use_pam_plugin_distribution)}} openvpn | ||
plugin {{ openvpn_use_pam_plugin | default(openvpn_use_pam_plugin_distribution) }} openvpn | ||
{% endif %} | ||
|
||
{% if openvpn_use_ldap %} | ||
|
@@ -176,7 +189,7 @@ script-security 3 execve | |
{% endif %} | ||
|
||
{% for option in openvpn_server_options %} | ||
{{option}} | ||
{{ option }} | ||
{% endfor %} | ||
|
||
{% if crl_pem_file.stat.exists %} | ||
|
@@ -190,3 +203,7 @@ push "dhcp-option DNS {{ dns }}" | |
{% for push_route in openvpn_route_ranges %} | ||
push "route {{ push_route }}" | ||
{% endfor %} | ||
|
||
{% for push_route_ipv6 in openvpn_ipv6_route_ranges %} | ||
push "route-ipv6 {{ push_route_ipv6 }}" | ||
{% endfor %} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you also rename the previous task to say
IPv4
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in c1cbc8c