From 7512a75ccb7d9e6ce6a8d14667267be15478918f Mon Sep 17 00:00:00 2001
From: jack <e601809@gmail.com>
Date: Wed, 3 Aug 2016 09:10:56 +0300
Subject: [PATCH] MASQUERADE #6

---
 security.yml | 6 ++++--
 vpn.yml      | 5 +++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/security.yml b/security.yml
index 63b3c24..b80f3a2 100644
--- a/security.yml
+++ b/security.yml
@@ -116,10 +116,12 @@
     
   - name: Enable packet forwarding for IPv4
     sysctl: name=net.ipv4.ip_forward value=1
+    
+  - name: Enable packet forwarding for IPv6
+    sysctl: name=net.ipv6.conf.all.forwarding value=1    
 
   - name: Do not send ICMP redirects (we are not a router)
-    sysctl: name=net.ipv4.conf.all.send_redirects value=0    
-
+    sysctl: name=net.ipv4.conf.all.send_redirects value=0
       
   handlers:
     - name: restart auditd
diff --git a/vpn.yml b/vpn.yml
index 34867c8..be6ffd4 100644
--- a/vpn.yml
+++ b/vpn.yml
@@ -32,6 +32,11 @@
     notify:
     - save iptables
     
+  - name: Configure ip6tables so IPSec traffic can traverse the tunnel
+    iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
+    notify:
+    - save iptables    
+    
   - name: Setup the ipsec.conf file from our template
     template: src=ipsec.conf.j2 dest=/etc/ipsec.conf owner=root group=root mode=644
     notify: