From dc8cd3ead3db601b093e65e8c2d668f9ce2498f4 Mon Sep 17 00:00:00 2001
From: Julien Dessaux
Date: Wed, 18 Apr 2018 14:47:53 +0200
Subject: Added openvpn ipv6 support

---
 cmdb/hosts/collab-jde.yaml          | 4 ++++
 cmdb/hosts/hurricane.yaml           | 4 ++++
 cmdb/hosts/legend.yaml              | 4 ++++
 services/applications/openvpn.cf    | 1 +
 templates/openvpn/tunnel.conf.cftpl | 3 +++
 5 files changed, 16 insertions(+)

diff --git a/cmdb/hosts/collab-jde.yaml b/cmdb/hosts/collab-jde.yaml
index 5b850b7..f5eea5c 100644
--- a/cmdb/hosts/collab-jde.yaml
+++ b/cmdb/hosts/collab-jde.yaml
@@ -11,10 +11,14 @@ tunnels:
         port: 1194
         ip: "10.1.0.5"
         peer: "10.1.0.4"
+        ip6: "fd00:0:0:2::"
+        peer6: "fd00:0:0:2::1"
     legend:
         port: 1195
         ip: "10.1.0.7"
         peer: "10.1.0.6"
+        ip6: "fd00:0:0:1::1"
+        peer6: "fd00:0:0:1::"
         remote_host: legend.adyxax.org
         remote_port: 1196
     myth:
diff --git a/cmdb/hosts/hurricane.yaml b/cmdb/hosts/hurricane.yaml
index 740bd9d..b8cbd26 100644
--- a/cmdb/hosts/hurricane.yaml
+++ b/cmdb/hosts/hurricane.yaml
@@ -7,11 +7,15 @@ tunnels:
         port: 1195
         ip: "10.1.0.4"
         peer: "10.1.0.5"
+        ip6: "fd00:0:0:2::1"
+        peer6: "fd00:0:0:2::"
         remote_host: collab-jde.nexen.net
         remote_port: 1194
     legend:
         port: 1194
         ip: "10.1.0.1"
         peer: "10.1.0.0"
+        ip6: "fd00::1"
+        peer6: "fd00::"
         remote_host: legend.adyxax.org
         remote_port: 1194
diff --git a/cmdb/hosts/legend.yaml b/cmdb/hosts/legend.yaml
index 9f1e853..1f0c339 100644
--- a/cmdb/hosts/legend.yaml
+++ b/cmdb/hosts/legend.yaml
@@ -17,10 +17,14 @@ tunnels:
         port: 1196
         ip: "10.1.0.6"
         peer: "10.1.0.7"
+        ip6: "fd00:0:0:1::"
+        peer6: "fd00:0:0:1::1"
     hurricane:
         port: 1194
         ip: "10.1.0.0"
         peer: "10.1.0.1"
+        ip6: "fd00::"
+        peer6: "fd00::1"
     myth:
         port: 1199
         ip: "10.1.0.28"
diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf
index c76c18d..437e00b 100644
--- a/services/applications/openvpn.cf
+++ b/services/applications/openvpn.cf
@@ -34,6 +34,7 @@ bundle agent openvpn_tunnel(tunnel)
     classes:
         any::
             "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") };
+            "has_ipv6" and => { isvariable("g.host_data[tunnels][$(tunnel)][ip6]"), isvariable("g.host_data[tunnels][$(tunnel)][peer6]") };
     files:
         any::
             "/etc/openvpn/$(tunnel).conf"
diff --git a/templates/openvpn/tunnel.conf.cftpl b/templates/openvpn/tunnel.conf.cftpl
index 8c718f1..9d7607f 100644
--- a/templates/openvpn/tunnel.conf.cftpl
+++ b/templates/openvpn/tunnel.conf.cftpl
@@ -16,7 +16,10 @@ cipher AES-128-CBC
 
 secret /etc/openvpn/common.key
 ifconfig $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer])
+[%CFEngine has_ipv6:: %]
+ifconfig-ipv6 $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][ip6]) $(g.host_data[tunnels][$(openvpn_tunnel.tunnel)][peer6])
 
+[%CFEngine all:: %]
 user nobody
 [%CFEngine centos:: %]
 group nobody
-- 
cgit v1.2.3