make local ip changeable #67

2025-06-05 22:54:01 +02:00 · 2016-08-21 13:29:53 +03:00 · 2016-08-21 13:29:53 +03:00 · ba50abce8a
commit ba50abce8a
parent c2fee34062
9 changed files with 17 additions and 20 deletions
--- a/config.cfg
+++ b/config.cfg
@ -22,6 +22,9 @@ dns_servers:
  - 8.8.4.4
  - 2001:4860:4860::8888
  - 2001:4860:4860::8844
+  
+# IP address for proxy and local dns resolver
+local_service_ip: 172.16.0.1 

 users:
  - mr.smith
--- a/roles/common/templates/10-loopback-services.cfg.j2
+++ b/roles/common/templates/10-loopback-services.cfg.j2
@ -1,6 +1,6 @@
 auto lo:100
 iface lo:100 inet static
-	address 172.16.0.1
+	address {{ local_service_ip }}
 	netmask 255.255.255.255

 iface lo:100 inet6 static
--- a/roles/dns_adblocking/templates/dnsmasq.conf.j2
+++ b/roles/dns_adblocking/templates/dnsmasq.conf.j2
@ -110,7 +110,7 @@ group=nogroup
 #except-interface=
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
-listen-address=172.16.0.1,127.0.0.1,FCAA::1
+listen-address=127.0.0.1,FCAA::1,{{ local_service_ip }}
 # If you want dnsmasq to provide only DNS service on an interface,
 # configure it as shown above, and then use the following line to
 # disable DHCP and TFTP on it.
--- a/roles/proxy/templates/ports.conf.j2
+++ b/roles/proxy/templates/ports.conf.j2
@ -2,12 +2,12 @@
 # have to change the VirtualHost statement in
 # /etc/apache2/sites-enabled/000-default.conf

-Listen 172.16.0.1:8080
+Listen {{ local_service_ip }}:8080

 <IfModule ssl_module>
-	Listen 172.16.0.1:443
+	Listen {{ local_service_ip }}:443
 </IfModule>

 <IfModule mod_gnutls.c>
-	Listen 172.16.0.1:443
+	Listen {{ local_service_ip }}:443
 </IfModule>
--- a/roles/proxy/templates/privoxy_config.j2
+++ b/roles/proxy/templates/privoxy_config.j2
@ -781,7 +781,7 @@ logfile logfile
 #        listen-address [::1]:8118
 #
 #
-listen-address  172.16.0.1:8118
+listen-address  {{ local_service_ip }}:8118
 #
 #  4.2. toggle
 #  ============
@ -1256,7 +1256,7 @@ enable-proxy-authentication-forwarding 0
 #        forward  /                        parent-proxy.example.org:8000
 #        forward  ipv6-server.example.org  .
 #        forward  <[2-3][0-9a-f][0-9a-f][0-9a-f]:*>   .
-forward   /      172.16.0.1:8080
+forward   /      {{ local_service_ip }}:8080
 forward   :443   .
 #
 #
--- a/roles/security/templates/rules.v4.j2
+++ b/roles/security/templates/rules.v4.j2
@ -1,9 +1,6 @@
 *nat
 :PREROUTING ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
-{% if dns_enabled is defined and dns_enabled == "Y" %}
-A PREROUTING -s {{ vpn_network }} -p udp -m udp --dport 53 -j DNAT --to-destination 172.16.0.1:53
-{% endif %}
 -A POSTROUTING -s {{ vpn_network }} -m policy --pol none --dir out -j MASQUERADE
 COMMIT
 *filter
@ -22,8 +19,8 @@ COMMIT
 # The IP of the resolver should be bound to a DUMMY interface.
 # DUMMY interfaces are the proper way to install IPs without assigning them any
 # particular virtual (tun,tap,...) or physical (ethernet) interface.
-A INPUT -d 172.16.0.1 -p udp --dport 53 -j ACCEPT
-A INPUT -d 172.16.0.1 -p tcp -m multiport --dport 8080,8118 -j ACCEPT
+-A INPUT -d {{ local_service_ip }} -p udp --dport 53 -j ACCEPT
+-A INPUT -d {{ local_service_ip }} -p tcp -m multiport --dport 8080,8118 -j ACCEPT
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -p tcp --dport 445 -j DROP
 -A FORWARD -p udp -m multiport --ports 137,138 -j DROP
--- a/roles/security/templates/rules.v6.j2
+++ b/roles/security/templates/rules.v6.j2
@ -1,9 +1,6 @@
 *nat
 :PREROUTING ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
-{% if dns_enabled is defined and dns_enabled == "Y" %}
-A PREROUTING -s {{ vpn_network_ipv6 }} -p udp -m udp --dport 53 -j DNAT --to-destination fcaa::1:53
-{% endif %}
 -A POSTROUTING -s {{ vpn_network_ipv6 }} -m policy --pol none --dir out -j MASQUERADE
 COMMIT
 *filter
--- a/roles/vpn/handlers/main.yml
+++ b/roles/vpn/handlers/main.yml
@ -13,5 +13,5 @@
      - "#    Config files and certificates are in the ./configs/ directory.    #"
      - "#          Go to https://www.dnsleaktest.com/ after connecting         #"
      - "#        and ensure that all your traffic passes through the VPN.      #"
-      - "#          Local DNS resolver and Proxy IP address: 172.16.0.1         #"
+      - "#          Local DNS resolver and Proxy IP address: {{ local_service_ip }}"
      - "#----------------------------------------------------------------------#"
--- a/roles/vpn/templates/ipsec.conf.j2
+++ b/roles/vpn/templates/ipsec.conf.j2
@ -23,10 +23,10 @@ conn %default
    right=%any
    rightauth=pubkey
    rightsourceip={{ vpn_network }},{{ vpn_network_ipv6 }}
-{% if service_dns is defined and service_dns == "N" %}
-    rightdns={% for host in dns_servers %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}
-{% else %}    
-    rightdns=172.16.0.1
+{% if service_dns is defined and service_dns == "Y" %}
+    rightdns={{ local_service_ip }}
+{% else %}
+    rightdns={% for host in dns_servers %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}    
 {% endif %}