forked from zentralwerk/network
add multiple ipv6 upstream mechanisms (6to4, slac)
This commit is contained in:
parent
420dbea8d1
commit
5c7e8139c0
|
@ -1,5 +1,6 @@
|
|||
upstream:
|
||||
interface: ipredator
|
||||
nat66-interface: ipredator
|
||||
up-bandwidth: 4000
|
||||
flow-keys: nfct-src
|
||||
flows: 4096
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
upstream:
|
||||
interface: up1
|
||||
nat66-interface: 6to4
|
||||
up-bandwidth: 6200
|
||||
flow-keys: nfct-src
|
||||
flows: 2048
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
upstream:
|
||||
interface: up2
|
||||
nat66-interface: 6to4
|
||||
up-bandwidth: 6200
|
||||
flow-keys: nfct-src
|
||||
flows: 2048
|
||||
|
|
|
@ -5,7 +5,7 @@ procps:
|
|||
file.managed:
|
||||
- source: "salt://forwarding/forwarding.conf"
|
||||
|
||||
apply:
|
||||
apply-forwarding:
|
||||
cmd.run:
|
||||
- name: sysctl -p /etc/sysctl.d/80-forwarding.conf
|
||||
require:
|
||||
|
|
|
@ -15,9 +15,15 @@ base:
|
|||
- no-ssh
|
||||
- forwarding
|
||||
- ospf
|
||||
- unbound
|
||||
- upstream.dhcp
|
||||
- upstream.shaping
|
||||
- unbound
|
||||
'upstream1':
|
||||
- upstream.6to4
|
||||
- upstream.nat66
|
||||
'upstream2':
|
||||
- upstream.6slac
|
||||
- upstream.nat66
|
||||
'anon*':
|
||||
- no-ssh
|
||||
- forwarding
|
||||
|
@ -25,3 +31,4 @@ base:
|
|||
- vpn.openvpn
|
||||
- upstream.masquerade
|
||||
- upstream.shaping
|
||||
- upstream.nat66
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
net.ipv6.conf.{{ interface }}.accept_ra=2
|
|
@ -0,0 +1,15 @@
|
|||
{%- set interface = pillar['upstream']['interface'] %}
|
||||
|
||||
/etc/sysctl.d/70-upstream-6slac.conf:
|
||||
file.managed:
|
||||
- source: "salt://upstream/6slac.conf"
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
interface: {{ interface }}
|
||||
|
||||
apply-6slac:
|
||||
cmd.run:
|
||||
- name: sysctl -p /etc/sysctl.d/70-upstream-6slac.conf
|
||||
require:
|
||||
- file: /etc/sysctl.d/70-upstream-6slac.conf
|
||||
- pkg: procps
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
ip tunnel del 6to4
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
INET=$(ip addr show dev {{ interface }} | \
|
||||
egrep -oe '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+' | \
|
||||
head -n 1)
|
||||
PREFIX=$(printf "2002:%02x%02x:%02x%02x:\n" $(echo $INET | tr . ' '))
|
||||
|
||||
ip tunnel add 6to4 mode sit remote 192.88.99.1 local $INET
|
||||
ip addr add "${PREFIX}:1/128" dev 6to4
|
||||
ip link set 6to4 up
|
||||
ip route add 2000::/3 dev 6to4 via ::192.88.99.1
|
|
@ -0,0 +1,17 @@
|
|||
{%- set interface = pillar['upstream']['interface'] %}
|
||||
|
||||
/etc/network/if-up.d/6to4:
|
||||
file.managed:
|
||||
- source: salt://upstream/6to4-up
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
interface: {{ interface }}
|
||||
- mode: 755
|
||||
|
||||
/etc/network/if-down.d/6to4:
|
||||
file.managed:
|
||||
- source: salt://upstream/6to4-down
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
interface: {{ interface }}
|
||||
- mode: 755
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ "$IFACE" = "{{ interface }}" ]; then
|
||||
ip6tables -t nat -A POSTROUTING -o "$IFACE" -j MASQUERADE
|
||||
fi
|
|
@ -0,0 +1,11 @@
|
|||
{%- set interface = pillar['upstream']['nat66-interface'] %}
|
||||
|
||||
/etc/network/if-pre-up.d/nat66:
|
||||
file.managed:
|
||||
- source: salt://upstream/nat66
|
||||
- template: 'jinja'
|
||||
- context:
|
||||
interface: {{ interface }}
|
||||
- mode: 755
|
||||
- require:
|
||||
- pkg: iptables
|
Loading…
Reference in New Issue