wip: begin updating 'router' role for IPv6

pending: update virtual routes
2020-08-01 15:46:41 +02:00 · 2020-08-01 15:46:41 +02:00 · 56808e4e60
parent 194c19fbf3
commit 56808e4e60
3 changed files with 17 additions and 4 deletions
--- a/roles/router/tasks/main.yml
+++ b/roles/router/tasks/main.yml
@ -6,6 +6,12 @@
    value: '1'
    sysctl_set: yes

+- name: Enable IPv6 packet forwarding
+  ansible.posix.sysctl:
+    name: net.ipv6.ip_forward
+    value: '1'
+    sysctl_set: yes
+
 - name: Install aurore-firewall (re2o-service)
  import_role:
    name: re2o-service
--- a/roles/router/templates/firewall_config.py
+++ b/roles/router/templates/firewall_config.py
@ -25,7 +25,7 @@
 ### Give me a role

 # routeur4 = routeur IPv4
-role = ['routeur4']
+role = ['routeur4', 'routeur6']


 ### Specify each interface role
--- a/roles/router/templates/keepalived.conf
+++ b/roles/router/templates/keepalived.conf
@ -26,7 +26,6 @@ vrrp_instance VI_ROUT_{{ apartment_block }} {
  # Timeout in seconds before failover kicks in.
  advert_int 2

-
  # Used to authenticate VRRP communication between master and backup.
  authentication {
    auth_type PASS
@ -38,18 +37,26 @@ vrrp_instance VI_ROUT_{{ apartment_block }} {
  virtual_ipaddress {
        # Routing subnet
        10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global
+        {{ ipv6_base_prefix }}:129:0::{{ apartment_block_id }}:254/64 dev ens19 scope global

-        # Public subnet: wired
+
+        # NATed subnet: wired
        45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global
-        # Public subnet: wifi
+
+        # NATed subnet: wifi
        45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global

        # Wired
        10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global
+        {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:254/64 dev ens20 scope global
+
        # Wifi
        10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global
+        {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:254/64 dev ens21 scope global
   }

+
+  # FIXME: update for IPv6
  virtual_routes {
        # 10.129.0.1 is Yggdrasil
        src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19