set the ipv6 configuration options on the server

some important things to note: We are hard-coding the pushing of the ipv6 route '2000::/3' and configuring the server-ipv6 to be 2001:db8:123::/64. This netblock is a reserved ipv6 prefix that is used for documentation purposes only (http://www.apnic.net/info/faq/ipv6-documentation-prefix-faq.html), and the route being pushed redirects all internet-bound traffic. When LEAP fully supports ipv6, these network values should be turned into variables, but for now, to make sure we are blocking any clients that have functional ipv6, this will work. Change-Id: Icb65f3169264e0178a2e98825b266a779feac6b5
author: Micah Anderson <micah@leap.se> 2014-05-06 16:33:02 -0400
committer: Micah Anderson <micah@leap.se> 2014-05-06 16:33:02 -0400
commit: 0265eb952691ee91405201836e19384ac2087507 (patch)
tree: 954861146c791759b07c3c2fdf9d1e787223940d /puppet/modules
parent: f63f302980d638633f0bdb1146f9d8a75e9eaed2 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 3e0ee1a6..cbc5f68e 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -111,6 +111,9 @@ define site_openvpn::server_config(
       key    => 'dev',
       value  => 'tun',
       server => $openvpn_configname;
+    "tun-ipv6 ${openvpn_configname}":
+      key    => 'tun-ipv6',
+      server => $openvpn_configname;
     "duplicate-cn ${openvpn_configname}":
       key    => 'duplicate-cn',
       server => $openvpn_configname;
@@ -145,6 +148,10 @@ define site_openvpn::server_config(
       key    => 'push',
       value  => '"redirect-gateway def1"',
       server => $openvpn_configname;
+    "push-ipv6 ${openvpn_configname}":
+      key    => 'push',
+      value  => '"route-ipv6 2000::/3"',
+      server => $openvpn_configname;
     "script-security ${openvpn_configname}":
       key    => 'script-security',
       value  => '2',
@@ -153,6 +160,10 @@ define site_openvpn::server_config(
       key    => 'server',
       value  => $server,
       server => $openvpn_configname;
+    "server-ipv6 ${openvpn_configname}":
+      key    => 'server-ipv6',
+      value  => '2001:db8:123::/64',
+      server => $openvpn_configname;
     "status ${openvpn_configname}":
       key    => 'status',
       value  => '/var/run/openvpn-status 10',
author	Micah Anderson <micah@leap.se>	2014-05-06 16:33:02 -0400
committer	Micah Anderson <micah@leap.se>	2014-05-06 16:33:02 -0400
commit	0265eb952691ee91405201836e19384ac2087507 (patch)
tree	954861146c791759b07c3c2fdf9d1e787223940d /puppet/modules
parent	f63f302980d638633f0bdb1146f9d8a75e9eaed2 (diff)