nmcli: honor IP options for VPNs #5228

yan12125 · 2022-09-04T12:26:10Z

SUMMARY

This can be used for split tunneling - I extended a test as an example.

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

nmcli

ADDITIONAL INFORMATION

Here is a complete example. gw4_ignore_auto is used as VPNs often come with a default route for 0.0.0.0/0.

- name: >-
    Create a VPN L2TP connection for ansible_user to connect on vpn.example.com
    authenticating with user 'brittany' and pre-shared key as 'Brittany123'. Split tunneling
    is configured and only traffic to 192.168.200.0/24 goes throught the VPN.
  community.general.nmcli:
    type: vpn
    conn_name: my-vpn-connection
    vpn:
        permissions: "{{ ansible_user }}"
        service-type: org.freedesktop.NetworkManager.l2tp
        gateway: vpn.example.com
        password-flags: 2
        user: brittany
        ipsec-enabled: true
        ipsec-psk: "0s{{ 'Brittany123' | ansible.builtin.b64encode }}"
        gw4_ignore_auto: true
        routes4: '192.168.200.0/24'
    autoconnect: false
    state: present

This example is based on an existing example. I'm not sure if it's a good idea to include such a complex usage in examples.

community.general/plugins/modules/net_tools/nmcli.py

Lines 1344 to 1359 in 2a449eb

    
           - name: >- 
        
               Create a VPN L2TP connection for ansible_user to connect on vpn.example.com 
        
               authenticating with user 'brittany' and pre-shared key as 'Brittany123' 
        
             community.general.nmcli: 
        
               type: vpn 
        
               conn_name: my-vpn-connection 
        
               vpn: 
        
                   permissions: "{{ ansible_user }}" 
        
                   service-type: org.freedesktop.NetworkManager.l2tp 
        
                   gateway: vpn.example.com 
        
                   password-flags: 2 
        
                   user: brittany 
        
                   ipsec-enabled: true 
        
                   ipsec-psk: "0s{{ 'Brittany123' | ansible.builtin.b64encode }}" 
        
               autoconnect: false 
        
               state: present

This can be used for split tunneling - I extended a test as an example.

ansibullbot · 2022-09-04T12:29:45Z

cc @alcamie101
click here for bot help

felixfontein

Looks good to me. Will keep this open for some more days so others can comment on this as well.

patchback · 2022-09-08T05:44:59Z

Backport to stable-5: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-5/946c48d14874f92cff38afb17ad276af2e05294d/pr-5228

Backported as #5252

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

felixfontein · 2022-09-08T05:45:07Z

@yan12125 thanks for fixing this!

* nmcli: honor IP options for VPNs This can be used for split tunneling - I extended a test as an example. * Add changelog (cherry picked from commit 946c48d)

* nmcli: honor IP options for VPNs This can be used for split tunneling - I extended a test as an example. * Add changelog (cherry picked from commit 946c48d) Co-authored-by: Chih-Hsuan Yen <yan12125@gmail.com>

yan12125 · 2022-09-08T08:14:14Z

Glad to help :)

* nmcli: honor IP options for VPNs This can be used for split tunneling - I extended a test as an example. * Add changelog

nmcli: honor IP options for VPNs

0ca1d07

This can be used for split tunneling - I extended a test as an example.

ansibullbot added feature This issue/PR relates to a feature request module module net_tools plugins plugin (any type) tests tests unit tests/unit labels Sep 4, 2022

Add changelog

45784ee

felixfontein added needs_backport_to_stable_1 check-before-release PR will be looked at again shortly before release and merged if possible. and removed needs_backport_to_stable_1 labels Sep 4, 2022

felixfontein approved these changes Sep 4, 2022

View reviewed changes

felixfontein merged commit 946c48d into ansible-collections:main Sep 8, 2022

felixfontein removed the check-before-release PR will be looked at again shortly before release and merged if possible. label Sep 8, 2022

patchback bot pushed a commit that referenced this pull request Sep 8, 2022

nmcli: honor IP options for VPNs (#5228)

2fb0e5f

* nmcli: honor IP options for VPNs This can be used for split tunneling - I extended a test as an example. * Add changelog (cherry picked from commit 946c48d)

patchback bot mentioned this pull request Sep 8, 2022

[PR #5228/946c48d1 backport][stable-5] nmcli: honor IP options for VPNs #5252

Merged

yan12125 deleted the nmcli-ip-options branch September 8, 2022 08:14

bratwurzt pushed a commit to bratwurzt/community.general that referenced this pull request Nov 7, 2022

nmcli: honor IP options for VPNs (ansible-collections#5228)

0f1d5ae

* nmcli: honor IP options for VPNs This can be used for split tunneling - I extended a test as an example. * Add changelog

bratwurzt pushed a commit to bratwurzt/community.general that referenced this pull request Nov 7, 2022

nmcli: honor IP options for VPNs (ansible-collections#5228)

415b08c

* nmcli: honor IP options for VPNs This can be used for split tunneling - I extended a test as an example. * Add changelog

trux-bot bot mentioned this pull request Nov 7, 2022

⬆️ feat(ansible)!: Update community.general to 6.0.0 truxnell/home-cluster#1879

Merged

1 task

lumiere-bot bot mentioned this pull request Nov 7, 2022

feat(ansible)!: Update community.general to 6.0.0 coolguy1771/home-ops#2067

Merged

1 task

ergho-bot bot mentioned this pull request Nov 7, 2022

feat(ansible)!: Update community.general to 6.0.0 ergho/homelab-ops#263

Merged

1 task

angelnu-bot bot mentioned this pull request Nov 7, 2022

feat(ansible-collection)!: Update community.general to 6.0.0 angelnu/k8s-gitops#2410

Merged

1 task

ghost mentioned this pull request Nov 7, 2022

feat(ansible)!: Update dependency community.general to v6 elraro/home-ops#249

Merged

1 task

This was referenced Dec 1, 2022

chore(deps): update dependency community.general to v6 stephenl03/k3s-cluster#106

Open

chore(deps): update dependency community.general to v6 - autoclosed NilssonCJ/k3s-nsdev-sidious#81

Closed

renovate bot mentioned this pull request Dec 14, 2022

chore(deps): update dependency community.general to v6 - autoclosed sdelrio/homelab-k3s#37

Closed

1 task

renovate bot mentioned this pull request Jan 1, 2023

chore(deps): update dependency community.general to v6 - autoclosed Venoox/k8s-cluster#25

Closed

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nmcli: honor IP options for VPNs #5228

nmcli: honor IP options for VPNs #5228

yan12125 commented Sep 4, 2022

ansibullbot commented Sep 4, 2022

felixfontein left a comment

patchback bot commented Sep 8, 2022 •

edited

Loading

felixfontein commented Sep 8, 2022

yan12125 commented Sep 8, 2022

	- name: >-
	Create a VPN L2TP connection for ansible_user to connect on vpn.example.com
	authenticating with user 'brittany' and pre-shared key as 'Brittany123'
	community.general.nmcli:
	type: vpn
	conn_name: my-vpn-connection
	vpn:
	permissions: "{{ ansible_user }}"
	service-type: org.freedesktop.NetworkManager.l2tp
	gateway: vpn.example.com
	password-flags: 2
	user: brittany
	ipsec-enabled: true
	ipsec-psk: "0s{{ 'Brittany123' \| ansible.builtin.b64encode }}"
	autoconnect: false
	state: present

nmcli: honor IP options for VPNs #5228

nmcli: honor IP options for VPNs #5228

Conversation

yan12125 commented Sep 4, 2022

SUMMARY

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION

ansibullbot commented Sep 4, 2022

felixfontein left a comment

Choose a reason for hiding this comment

patchback bot commented Sep 8, 2022 • edited Loading

Backport to stable-5: 💚 backport PR created

felixfontein commented Sep 8, 2022

yan12125 commented Sep 8, 2022

patchback bot commented Sep 8, 2022 •

edited

Loading