From dc8cd3ead3db601b093e65e8c2d668f9ce2498f4 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Wed, 18 Apr 2018 14:47:53 +0200 Subject: Added openvpn ipv6 support --- cmdb/hosts/collab-jde.yaml | 4 ++++ cmdb/hosts/hurricane.yaml | 4 ++++ cmdb/hosts/legend.yaml | 4 ++++ services/applications/openvpn.cf | 1 + templates/openvpn/tunnel.conf.cftpl | 3 +++ 5 files changed, 16 insertions(+) diff --git a/cmdb/hosts/collab-jde.yaml b/cmdb/hosts/collab-jde.yaml index 5b850b7..f5eea5c 100644 --- a/cmdb/hosts/collab-jde.yaml +++ b/cmdb/hosts/collab-jde.yaml @@ -11,10 +11,14 @@ tunnels: port: 1194 ip: "10.1.0.5" peer: "10.1.0.4" + ip6: "fd00:0:0:2::" + peer6: "fd00:0:0:2::1" legend: port: 1195 ip: "10.1.0.7" peer: "10.1.0.6" + ip6: "fd00:0:0:1::1" + peer6: "fd00:0:0:1::" remote_host: legend.adyxax.org remote_port: 1196 myth: diff --git a/cmdb/hosts/hurricane.yaml b/cmdb/hosts/hurricane.yaml index 740bd9d..b8cbd26 100644 --- a/cmdb/hosts/hurricane.yaml +++ b/cmdb/hosts/hurricane.yaml @@ -7,11 +7,15 @@ tunnels: port: 1195 ip: "10.1.0.4" peer: "10.1.0.5" + ip6: "fd00:0:0:2::1" + peer6: "fd00:0:0:2::" remote_host: collab-jde.nexen.net remote_port: 1194 legend: port: 1194 ip: "10.1.0.1" peer: "10.1.0.0" + ip6: "fd00::1" + peer6: "fd00::" remote_host: legend.adyxax.org remote_port: 1194 diff --git a/cmdb/hosts/legend.yaml b/cmdb/hosts/legend.yaml index 9f1e853..1f0c339 100644 --- a/cmdb/hosts/legend.yaml +++ b/cmdb/hosts/legend.yaml @@ -17,10 +17,14 @@ tunnels: port: 1196 ip: "10.1.0.6" peer: "10.1.0.7" + ip6: "fd00:0:0:1::" + peer6: "fd00:0:0:1::1" hurricane: port: 1194 ip: "10.1.0.0" peer: "10.1.0.1" + ip6: "fd00::" + peer6: "fd00::1" myth: port: 1199 ip: "10.1.0.28" diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf index c76c18d..437e00b 100644 --- a/services/applications/openvpn.cf +++ b/services/applications/openvpn.cf @@ -34,6 +34,7 @@ bundle agent openvpn_tunnel(tunnel) classes: any:: "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") }; + "has_ipv6" and => { isvariable("g.host_data[tunnels][$(tunnel)][ip6]"), isvariable("g.host_data[tunnels][$(tunnel)][peer6]") }; files: any:: "/etc/openvpn/$(tunnel).conf" diff --git a/templates/openvpn/tunnel.conf.cftpl b/templates/openvpn/tunnel.conf.cftpl index 8c718f1..9d7607f 100644 --- a/templates/openvpn/tunnel.conf.cftpl +++ b/templates/openvpn/tunnel.conf.cftpl @@ -16,7 +16,10 @@ cipher AES-128-CBC secret /etc/openvpn/common.key ifconfig $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer]) +[%CFEngine has_ipv6:: %] +ifconfig-ipv6 $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip6]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer6]) +[%CFEngine all:: %] user nobody [%CFEngine centos:: %] group nobody -- cgit v1.2.3