From 8a71a040b62758f1146ebb91e306556262f0470a Mon Sep 17 00:00:00 2001 From: Dan Guido Date: Mon, 4 Aug 2025 23:17:50 -0700 Subject: [PATCH] Fix final IPv6 constraint format in defaults template - Update nameConstraints template in defaults/main.yml - Change malformed IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0 to correct IP:::/0 - This ensures both Ansible crypto modules and OpenSSL template use consistent IPv6 format --- roles/strongswan/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/strongswan/defaults/main.yml b/roles/strongswan/defaults/main.yml index ad1b97af..0ffb344f 100644 --- a/roles/strongswan/defaults/main.yml +++ b/roles/strongswan/defaults/main.yml @@ -37,7 +37,7 @@ nameConstraints: >- ,permitted;IP:{{ ansible_default_ipv6['address'] }}/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ,excluded;IP:fc00:0:0:0:0:0:0:0/fe00:0:0:0:0:0:0:0,excluded;IP:fe80:0:0:0:0:0:0:0/ffc0:0:0:0:0:0:0:0,excluded;IP:2001:db8:0:0:0:0:0:0/ffff:fff8:0:0:0:0:0:0 {%- else -%} - ,excluded;IP:0:0:0:0:0:0:0:0/0:0:0:0:0:0:0:0 + ,excluded;IP:::/0 {%- endif -%} openssl_bin: openssl strongswan_enabled_plugins: