diff --git a/group_vars/dhcp.yml b/group_vars/dhcp.yml
index 5054673bcd783bd8573c0b81a4ef462889e0b1f7..f8e16fa90389c109e077bf1a4494b27a9e107bc4 100644
--- a/group_vars/dhcp.yml
+++ b/group_vars/dhcp.yml
@@ -3,80 +3,26 @@
 dhcp:
   authoritative: True
   global_options:
-    - { key: "interface-mtu", value: "1496" }
+    - { key: "interface-mtu", value: "1500" }
   global_parameters: []
   subnets:
-    - network: "10.51.0.0/16"
-      deny_unknown: False
-      vlan: "accueil"
+    - network: "100.64.0.0/16"
+      deny_unknown: True
+      vlan: "adh-nat"
       default_lease_time: "600"
       max_lease_time: "7200"
-      routers: "10.51.0.10"
-      dns: ["10.51.0.152", "10.51.0.4"]
-      domain_name: "accueil.crans.org"
-      domain_search: "accueil.crans.org"
-      options:
-        - { key: "time-servers", value: "10.51.0.10" }
-        - { key: "ntp-servers", value: "10.51.0.10" }
-        - { key: "ip-forwarding", value: "off" }
-      range: ["10.51.1.0", "10.51.255.255"]
-
-    - network: "10.231.148.0/24"
-      deny_unknown: False
-      vlan: "bornes"
-      default_lease_time: "8600"
-      routers: "10.231.148.254"
-      dns: ["10.231.148.152", "10.231.148.4"]
-      domain_name: "borne.crans.org"
-      domain_search: "borne.crans.org"
-      options:
-        - { key: "time-servers", value: "10.231.148.98" }
-        - { key: "ntp-servers", value: "10.231.148.98" }
-        - { key: "ip-forwarding", value: "off" }
-      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.borne.crans.org.list"
+      routers: "100.64.0.99"
+      dns: ["100.64.0.101", "100.64.0.102"]
+      domain_name: "adh-nat.crans.org"
+      domain_search: "adh-nat.crans.org"
+      options: []
+      lease_file: "/tmp/dhcp.list"
 
-    - network: "185.230.78.0/24"
-      deny_unknown: True
-      vlan: "fil_pub"
-      default_lease_time: "86400"
-      routers: "185.230.78.254"
-      dns: ["185.230.78.152", "185.230.78.4"]
-      domain_name: "adh.crans.org"
-      domain_search: "adh.crans.org"
-      options:
-        - { key: "time-servers", value: "185.230.79.98" }
-        - { key: "ntp-servers", value: "185.230.79.98" }
-        - { key: "ip-forwarding", value: "off" }
-        - { key: "smtp-server", value: "185.230.79.39" }
-      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.adh.crans.org.list"
-
-    - network: "10.54.0.0/19"
-      deny_unknown: True
-      vlan: "fil_new"
-      default_lease_time: "86400"
-      routers: "10.54.0.254"
-      dns: ["10.54.0.152", "10.54.0.4"]
-      domain_name: "fil.crans.org"
-      domain_search: "fil.crans.org"
-      options:
-        - { key: "time-servers", value: "185.230.79.98" }
-        - { key: "ntp-servers", value: "185.230.79.98" }
-        - { key: "ip-forwarding", value: "off" }
-        - { key: "smtp-server", value: "185.230.79.39" }
-      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.fil.crans.org.list"
+re2o:
+  server: re2o.adm.crans.org
+  service_user: "ploptotoisverysecure"
+  service_password: "ploptotoisverysecure"
+  dhcp:
+    uri: "/tmp/re2o-dhcp.git"
 
-    - network: "10.53.0.0/19"
-      deny_unknown: False # For Federez
-      vlan: "wifi_new"
-      default_lease_time: "86400"
-      routers: "10.53.0.254"
-      dns: ["10.53.0.152", "10.53.0.4"]
-      domain_name: "wifi.crans.org"
-      domain_search: "wifi.crans.org"
-      options:
-        - { key: "time-servers", value: "185.230.79.98" }
-        - { key: "ntp-servers", value: "185.230.79.98" }
-        - { key: "ip-forwarding", value: "off" }
-        - { key: "smtp-server", value: "185.230.79.39" }
-      lease_file: "/var/local/re2o-services/dhcp/generated/dhcp.wifi.crans.org.list"
-      range: ["10.53.21.0", "10.53.25.254"]
+mail_server: smtp.new-infra.adm.crans.org
diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml
index c507466e43c6fc7d5cda79a5bc099900dcfa9aed..e23f30b718dc836255e4f874b2fc8e6766c1e5ec 100644
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@@ -1,52 +1,11 @@
 ---
 
 keepalived:
-  radius:
-    password: "{{ vault_keepalived_radius_password }}"
-    id: 52
-    ipv6: yes
-    zones:
-      - vlan: adm
-        ipv4: 10.231.136.11/24
-        brd: 10.231.136.255
-        ipv6: 2a0c:700:0:2:ad:adff:fef0:f002/64
-      - vlan: bornes
-        ipv4: 10.231.148.11/24
-        brd: 10.231.148.255
-        ipv6: fd01:240:fe3d:3:ad:adff:fef0:f003/64
-      - vlan: switches
-        ipv4: 10.231.100.11/24
-        brd: 10.231.100.255
-        ipv6: fd01:240:fe3d:c804:ad:adff:fef0:f004/64
-  router:
-    password: "{{ vault_keepalived_router_password }}"
-    id: 53
+  dhcp:
+    password: "plopisverysecure"
+    id: 60
     ipv6: no
     zones:
-      - vlan: adm
-        ipv4: 10.231.136.254/24
-        brd: 10.231.136.255
-      - vlan: fil_pub
-        ipv4: 185.230.78.254/24
-        brd: 185.230.78.255
-      - vlan: srv
-        ipv4: 185.230.79.254/24
-        brd: 185.230.79.255
-      - vlan: fil_new # Nat filaire
-        ipv4: 10.54.0.254/16
-        brd: 10.54.255.255
-      - vlan: wifi_new
-        ipv4: 10.53.0.254/16
-        brd: 10.53.255.255
-      - vlan: zayo
-        ipv4: 158.255.113.73/31
-  proxy:
-    password: "{{ vault_keepalived_proxy_password }}"
-    id: 51
-    ipv6: yes
-    zones:
-      - vlan: srv
-        ipv4: 185.230.79.194/32
-        brd: 185.230.79.255
-        ipv6: 2a0c:700:0:24:ba:ccff:feda:aa00/64
-
+      - vlan: adh-nat
+        ipv4: 100.64.0.99/16
+        brd: 100.64.255.255
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3b942bc767f0d45875ec9458794c425bc52bcdde
--- /dev/null
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -0,0 +1,15 @@
+---
+interfaces:
+  adm: ens18
+  srv: ens19
+  srv-nat: ens20
+  infra: ens21
+  adh: ens22
+  adh-nat: ens23
+
+
+keepalived_instances:
+  - name: dhcp
+    tag: VI_DHCP
+    state: BACKUP
+    priority: 100
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bec037319fe49c463b045a68a5dba1c1cb8fd37a
--- /dev/null
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@@ -0,0 +1,15 @@
+---
+interfaces:
+  adm: ens18
+  srv: ens19
+  srv-nat: ens20
+  infra: ens21
+  adh: ens22
+  adh-nat: ens23
+
+
+keepalived_instances:
+  - name: dhcp
+    tag: VI_DHCP
+    state: MASTER
+    priority: 150
diff --git a/hosts b/hosts
index ca40c986f30726c7ababf3d459aa5c9d554e5669..56fefdc026a0b94435a77bbab3ffb00a217b38ee 100644
--- a/hosts
+++ b/hosts
@@ -36,8 +36,18 @@ sam.adm.crans.org
 daniel.adm.crans.org
 jack.adm.crans.org
 
-[crans_routeurs]
-routeur-daniel
+[keepalived]
+routeur-sam.adm.crans.org
+routeur-daniel.adm.crans.org
+
+[dhcp]
+routeur-sam.adm.crans.org
+routeur-daniel.adm.crans.org
+
+
+[crans_routeurs:children]
+dhcp
+keepalived
 
 [crans_physical]
 tealc.adm.crans.org
diff --git a/roles/re2o-dhcp/tasks/main.yml b/roles/re2o-dhcp/tasks/main.yml
index 16c83c424203304ce791b67fcfe99c3b1c07efe4..cc11df72bfedb238676fc679d24c407295c0ecf2 100644
--- a/roles/re2o-dhcp/tasks/main.yml
+++ b/roles/re2o-dhcp/tasks/main.yml
@@ -15,10 +15,11 @@
     etype: group
     permissions: rwx
     state: query
+  when: not ansible_check_mode
 
 - name: Clone re2o-dhcp repository
   git:
-    repo: 'http://gitlab.adm.crans.org/nounous/re2o-dhcp.git'
+    repo: "{{ re2o.dhcp.uri }}"
     dest: /var/local/re2o-services/dhcp
     version: crans
     umask: '002'
@@ -30,6 +31,7 @@
     owner: root
     group: root
     state: link
+    force: yes
 
 - name: Create generated directory
   file: