Merge branch 'v6fixesii' into 'main'

V6fixesii

See merge request leap/container-platform/lilypad!33

config/roles/openvpn/tasks/openvpn.yml

@@ -19,7 +19,7 @@
 
 # Set ip forwarding necessary for openvpn ipv6
 - sysctl:
-    name: net.ipv6.ip_forward
+    name: net.ipv6.conf.all.forwarding
     value: '1'
     sysctl_set: yes
 

config/roles/openvpn/templates/tcp.conf.j2

@@ -13,19 +13,19 @@ keepalive 10 30
 mute-replay-warnings
 mute 5
 push "redirect-gateway def1 ipv6"
-push "dhcp-option DNS {{ openvpn_network | ipaddr('1') | ipaddr('address') }}"
+push "dhcp-option DNS {{ openvpn_network | ipv4('1') | ipv4('address') }}"
 {% if openvpn_network6 is defined and openvpn_network6|length %}
 proto tcp6
 server-ipv6 {{ openvpn_network6 }}
 push "route-ipv6 2000::/3"
-push "dhcp-option DNS {{ openvpn_network6 }}"
+push "dhcp-option DNS {{ openvpn_network6 | ipv6('1') | ipv6('address') }}"
 {% else %}
 proto tcp
 push "ifconfig-ipv6 fd15:53b6:dead::2/64 fd15:53b6:dead::1"
 block-ipv6
 {% endif %}
 push "block-outside-dns"
-server {{ openvpn_network | ipaddr('network') }} {{ openvpn_network | ipaddr('netmask') }}
+server {{ openvpn_network | ipv4('network') }} {{ openvpn_network | ipv4('netmask') }}
 status /tmp/openvpn-status-tcp 10
 status-version 3
 tcp-nodelay

group_vars/all/openvpn_config.yml

@@ -14,6 +14,13 @@ openvpn_config:
   'key-direction': '1'
   'verb': '3'
 
+# You can leave this rfc1918 ip block as it is
 openvpn_network: "10.41.0.0/21"
-openvpn_network6: "2001:db8:123::/64"
+
+# If you have ipv6, then uncomment the following and change the value to a valid
+# ipv6 netblock. ipv6 NAT is *not* supported because NAT is a work-around for
+# not having enough IPs to be used in a LAN, in ipv6 this is not needed. It is
+# also much more simple, less trouble and less things to take care of including
+# not having to waste resources/performance on NAT
+# openvpn_network6: "2001:db8:123::/64"