Add IPv6 support to DNS (#1425)

* Add ipv6 * Add ipv6 * add ipv6 * add ipv6 * Switching out ipv6 address with local_service_ipv6 variable from #1429 * Fixing variable error
2025-06-05 22:54:01 +02:00 · 2019-05-20 07:17:39 -04:00 · 2019-05-20 07:17:39 -04:00 · 72c8e9e244
commit 72c8e9e244
parent a15d9657ce
5 changed files with 7 additions and 4 deletions
--- a/config.cfg
+++ b/config.cfg
@ -110,7 +110,7 @@ congrats:
    "#    Config files and certificates are in the ./configs/ directory.    #"
    "#              Go to https://whoer.net/ after connecting               #"
    "#        and ensure that all your traffic passes through the VPN.      #"
-    "#                     Local DNS resolver {{ local_service_ip }}                    #"
+    "#                     Local DNS resolver {{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}                   #"
  p12_pass: |
    "#        The p12 and SSH keys password for new users is {{ p12_export_password }}       #"
  ca_key_pass: |
--- a/roles/dns_adblocking/templates/dnsmasq.conf.j2
+++ b/roles/dns_adblocking/templates/dnsmasq.conf.j2
@ -90,6 +90,9 @@ no-resolv
 # server=10.1.2.3@eth1
 {% if dns_encryption %}
 server={{ local_service_ip }}#5353
+{% if ipv6_support -%}
+server={{ local_service_ipv6 }}#5353
+{% endif %}
 {% else %}
 {% for host in dns_servers.ipv4 %}
 server={{ host }}
--- a/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
+++ b/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
@ -37,7 +37,7 @@
 ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
 ## Note: When using systemd socket activation, choose an empty set (i.e. [] ).

-listen_addresses  = ['{{ local_service_ip }}:{{ listen_port }}']
+listen_addresses  = ['{{ local_service_ip }}:{{ listen_port }}'{% if ipv6_support %}, '[{{ local_service_ipv6 }}]:{{ listen_port }}'{% endif %}]


 ## Maximum number of simultaneous client connections to accept
--- a/roles/strongswan/templates/ipsec.conf.j2
+++ b/roles/strongswan/templates/ipsec.conf.j2
@ -31,7 +31,7 @@ conn %default
    rightauth=pubkey
    rightsourceip={{ strongswan_network }},{{ strongswan_network_ipv6 }}
 {% if algo_local_dns or dns_encryption %}
-    rightdns={{ local_service_ip }}
+    rightdns={{ local_service_ip }}{{ ',' + local_service_ipv6 if ipv6_support else '' }}
 {% else %}
    rightdns={% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
 {% endif %}
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@ -6,7 +6,7 @@ wireguard_interface: wg0
 keys_clean_all: false
 wireguard_dns_servers: >-
  {% if local_dns|default(false)|bool or dns_encryption|default(false)|bool %}
-  {{ local_service_ip }}
+  {{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}
  {% else %}
  {% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
  {% endif %}