MASQUERADE #6

8 years ago · 7512a75ccb
parent 8a31062249
commit 7512a75ccb
2 changed files with 9 additions and 2 deletions
--- a/security.yml
+++ b/security.yml
@ -116,10 +116,12 @@
    
  - name: Enable packet forwarding for IPv4
    sysctl: name=net.ipv4.ip_forward value=1
+    
+  - name: Enable packet forwarding for IPv6
+    sysctl: name=net.ipv6.conf.all.forwarding value=1    

  - name: Do not send ICMP redirects (we are not a router)
-    sysctl: name=net.ipv4.conf.all.send_redirects value=0    
-
+    sysctl: name=net.ipv4.conf.all.send_redirects value=0
      
  handlers:
    - name: restart auditd
--- a/vpn.yml
+++ b/vpn.yml
@ -32,6 +32,11 @@
    notify:
    - save iptables
    
+  - name: Configure ip6tables so IPSec traffic can traverse the tunnel
+    iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
+    notify:
+    - save iptables    
+    
  - name: Setup the ipsec.conf file from our template
    template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644
    notify: