From 56808e4e60392acbf80c2ae51d29505f06a1c412 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yoha=C3=AF-Eliel=20BERREBY?= Date: Sat, 1 Aug 2020 15:46:41 +0200 Subject: [PATCH] wip: begin updating 'router' role for IPv6 pending: update virtual routes --- roles/router/tasks/main.yml | 6 ++++++ roles/router/templates/firewall_config.py | 2 +- roles/router/templates/keepalived.conf | 13 ++++++++++--- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/roles/router/tasks/main.yml b/roles/router/tasks/main.yml index dd7f865..06595a2 100644 --- a/roles/router/tasks/main.yml +++ b/roles/router/tasks/main.yml @@ -6,6 +6,12 @@ value: '1' sysctl_set: yes +- name: Enable IPv6 packet forwarding + ansible.posix.sysctl: + name: net.ipv6.ip_forward + value: '1' + sysctl_set: yes + - name: Install aurore-firewall (re2o-service) import_role: name: re2o-service diff --git a/roles/router/templates/firewall_config.py b/roles/router/templates/firewall_config.py index bd013d3..1a3579c 100644 --- a/roles/router/templates/firewall_config.py +++ b/roles/router/templates/firewall_config.py @@ -25,7 +25,7 @@ ### Give me a role # routeur4 = routeur IPv4 -role = ['routeur4'] +role = ['routeur4', 'routeur6'] ### Specify each interface role diff --git a/roles/router/templates/keepalived.conf b/roles/router/templates/keepalived.conf index 1bb305e..875c132 100644 --- a/roles/router/templates/keepalived.conf +++ b/roles/router/templates/keepalived.conf @@ -26,7 +26,6 @@ vrrp_instance VI_ROUT_{{ apartment_block }} { # Timeout in seconds before failover kicks in. advert_int 2 - # Used to authenticate VRRP communication between master and backup. authentication { auth_type PASS @@ -38,18 +37,26 @@ vrrp_instance VI_ROUT_{{ apartment_block }} { virtual_ipaddress { # Routing subnet 10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global + {{ ipv6_base_prefix }}:129:0::{{ apartment_block_id }}:254/64 dev ens19 scope global - # Public subnet: wired + + # NATed subnet: wired 45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global - # Public subnet: wifi + + # NATed subnet: wifi 45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global # Wired 10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global + {{ ipv6_base_prefix }}:{{ subnet_ids.users_wired }}::0:254/64 dev ens20 scope global + # Wifi 10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global + {{ ipv6_base_prefix }}:{{ subnet_ids.users_wifi }}::0:254/64 dev ens21 scope global } + + # FIXME: update for IPv6 virtual_routes { # 10.129.0.1 is Yggdrasil src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19