Comments (6)
o-sole-meo
commented on August 16, 2024
1
Change line in ipsec-tools.conf to look like:
{% for ipv in ( 'ansible_default_ipv4' ) %}
instead of:
{% for ipv in ( 'ansible_default_ipv4', 'ansible_default_ipv6' ) %}
The ipv6 part is poorly handled and fails.
This should be fixed by #4
from ansible-ipsec.
kravietz
commented on August 16, 2024
@piotron IPv6 parts should be only enabled if there's a routable IPv6 address on the host , as determined by ansible_default_ipv6 structure, and only then ansible_default_ipv6.address is accessed. Do you have fact caching enabled? Are you using ipsec_forward: yes?
from ansible-ipsec.
piotron
commented on August 16, 2024
@kravietz I'm not using fact caching, I'm using setup on beginning of each playbook.
- hosts: all
pre_tasks:
- setup:
tasks:
- import_role:
name: kravietz.ipsec
vars:
ipsec_secret: "{{ IPSEC_SECRET | mandatory }}"
ipsec_policy: use
ipsec_open_icmp: yes
ipsec_open_ssh: yes
ipsec_forward: yes
become: true
become_user: root
from ansible-ipsec.
krmeljalen
commented on August 16, 2024
Change line in ipsec-tools.conf to look like:
{% for ipv in ( 'ansible_default_ipv4' ) %}
instead of:
{% for ipv in ( 'ansible_default_ipv4', 'ansible_default_ipv6' ) %}
The ipv6 part is poorly handled and fails.
from ansible-ipsec.
kravietz
commented on August 16, 2024
Sorry for the delay everyone. I'm in the process in rewriting these templates to make sure they are triggered only when needed.
from ansible-ipsec.
kravietz
commented on August 16, 2024
Unfortunately ipsec_forward is a hell of complexity to implement. I have added it for the use with Docker primarily, but getting traffic into IPSec tunnel mode from virtual interfaces may require slightly different approach, so please use with caution.
from ansible-ipsec.
Related Issues (7)
- Support for NAT-ed environments? HOT 1
- ipsec-tools depreciation
- IPSec VS tinc VPN HOT 4
- Request for detailed docs on how to configure iptables HOT 1
- Feature request - specify ports for which ipsec should ALWAYS be used irrespective of source IP HOT 10
- Possible bug - ipsec_inet setting is not being respected
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-ipsec.