Implementation of IPv6 support #151
Conversation
|
Missing \ n to run molecule correctly here |
|
@tricovictor Do you need sth from me to fix the PR? |
|
Hi @nkakouros. I not is acquainted with Molecule but the task "Set IPv6 forwarding in the sysctl file and reload if necessary" in /task/system/fordwarding.yml is reporting:
I suppose it is solved as the task but from IPV4 by placing: |
tasks/system/forwarding.yml
Outdated
| sysctl_set: true | ||
| state: present | ||
| reload: true | ||
| when: not lookup('env', 'IN_MOLECULE') | d(true, true) | bool and openvpn_ipv6_server is defined |
There was a problem hiding this comment.
Could you break this when into a list?
| @@ -8,3 +8,12 @@ | |||
| state: present | |||
| reload: true | |||
| when: not lookup('env', 'IN_MOLECULE') | d(true, true) | bool | |||
|
|
|||
| - name: Set IPv6 forwarding in the sysctl file and reload if necessary | |||
There was a problem hiding this comment.
Could you also rename the previous task to say IPv4?
templates/server.conf.j2
Outdated
| @@ -14,6 +15,10 @@ port {{ openvpn_port }} | |||
| # TCP or UDP server? | |||
| proto {{ openvpn_proto }} | |||
|
|
|||
| {% if openvpn_ipv6_enabled %} | |||
There was a problem hiding this comment.
Add | bool for consistency.
templates/server.conf.j2
Outdated
| @@ -31,6 +36,9 @@ cipher {{ openvpn_cipher }} | |||
| # most systems, the VPN will not function unless you partially or fully disable | |||
| # the firewall for the TUN/TAP interface. | |||
| dev {{ openvpn_dev }} | |||
| {% if openvpn_ipv6_enabled %} | |||
There was a problem hiding this comment.
Add | bool for consistency.
| @@ -31,6 +36,9 @@ cipher {{ openvpn_cipher }} | |||
| # most systems, the VPN will not function unless you partially or fully disable | |||
| # the firewall for the TUN/TAP interface. | |||
| dev {{ openvpn_dev }} | |||
There was a problem hiding this comment.
Why do you leave the non-ipv6 options outside of a conditional? Does this work?
templates/server.conf.j2
Outdated
| @@ -73,6 +81,11 @@ topology {{ openvpn_topology }} | |||
| # 10.8.0.1. Comment this line out if you are ethernet bridging. See the man | |||
| # page for more info. | |||
| server {{ openvpn_server }} | |||
| {% if openvpn_ipv6_enabled and openvpn_ipv6_server is defined %} | |||
templates/server.conf.j2
Outdated
| {% if openvpn_ipv6_enabled and openvpn_ipv6_server is defined %} | ||
| server-ipv6 {{ openvpn_ipv6_server }} | ||
| ifconfig-ipv6 {{ openvpn_ipv6_ifconfig }} | ||
| push "route-ipv6-default {{ openvpn_ipv6_route_default }}" |
There was a problem hiding this comment.
I couldn't find an option named route-ipv6-default. Where is this documented?
Also, why do you need lines 86-87 unconditionally when ipv6 is used?
There was a problem hiding this comment.
openvpn_ipv6_server is defined will always be true. This variable is defined in defaults/main.yml as an empty string, what will matter in this template is if it's still empty or not.
According to the OpenVPN wiki
There are 2 ways to add IPv6 addressing and pool options to the server, similar to what OpenVPN supports for IPv4: using a helper-directive, and by expanding the helper-directive. The expansion is required if you do not wish to use the automatic values the helper-directive supplies.
- therefore
ifconfig-ipv6will be a complementary and optional configuration route-ipv6-defaultdoesn't exist, it's optional, and can be pushed with the variableopenvpn_ipv6_route_rangeswhich is defined as an empty list by default.
|
I added to this PR the fix to the IP forwarding discussed here, since it's necessary for both IPv4 (#159) and IPv6. Do you think that something else is missing to merge this PR? Please note that we (@UdelaRInterior) are an organization. @tricovictor, @ulvida, and I (@santiagomr) are working together on this fork. |
openvpn_ipv6_enabled is defined for ipv6 support.
Also openvpm_ipv6_route_ranges, where we define an array of network ranges to use.
For example:
openvpn_ipv6_route_ranges: