From 1470f622d7ae5a068e01d31eee83f71e103fb0ee Mon Sep 17 00:00:00 2001 From: Ralph Bolton Date: Wed, 3 Nov 2021 16:40:48 +0000 Subject: [PATCH 1/3] Added ability to optionally configure NAT source address --- tasks/ufw.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/ufw.yml b/tasks/ufw.yml index a2e3cfd9..b7eb1f71 100644 --- a/tasks/ufw.yml +++ b/tasks/ufw.yml @@ -39,7 +39,7 @@ # OpenVPN config *nat :POSTROUTING ACCEPT [0:0] - -A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{ ansible_default_ipv4.address }} + -A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{openvpn_lan_source_ip|default(ansible_default_ipv4.address)}} COMMIT when: not openvpn_masquerade_not_snat notify: From fce82001bff3243060689f38c1ee5803298f6919 Mon Sep 17 00:00:00 2001 From: Ralph Bolton Date: Fri, 7 Jan 2022 12:30:11 +0000 Subject: [PATCH 2/3] Set the default and use it rather than coding the default in the task --- defaults/main/openvpn.yml | 1 + tasks/ufw.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/defaults/main/openvpn.yml b/defaults/main/openvpn.yml index 6cdf0e49..aeb02b2f 100644 --- a/defaults/main/openvpn.yml +++ b/defaults/main/openvpn.yml @@ -17,6 +17,7 @@ openvpn_server_netmask: 255.255.255.0 openvpn_server_network: 10.9.0.0 openvpn_set_dns: true openvpn_tun_mtu: +openvpn_lan_source_ip: "{{ ansible_default_ipv4_address }}" # Security openvpn_auth_alg: SHA256 diff --git a/tasks/ufw.yml b/tasks/ufw.yml index b7eb1f71..7d640ea8 100644 --- a/tasks/ufw.yml +++ b/tasks/ufw.yml @@ -39,7 +39,7 @@ # OpenVPN config *nat :POSTROUTING ACCEPT [0:0] - -A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{openvpn_lan_source_ip|default(ansible_default_ipv4.address)}} + -A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{ openvpn_lan_source_ip }} COMMIT when: not openvpn_masquerade_not_snat notify: From 273ed45de5689cabf61587c96a9df2c0653f2249 Mon Sep 17 00:00:00 2001 From: Ralph Bolton Date: Fri, 7 Jan 2022 12:30:52 +0000 Subject: [PATCH 3/3] Fixed typo in ipv4 address --- defaults/main/openvpn.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main/openvpn.yml b/defaults/main/openvpn.yml index aeb02b2f..1b58e62f 100644 --- a/defaults/main/openvpn.yml +++ b/defaults/main/openvpn.yml @@ -17,7 +17,7 @@ openvpn_server_netmask: 255.255.255.0 openvpn_server_network: 10.9.0.0 openvpn_set_dns: true openvpn_tun_mtu: -openvpn_lan_source_ip: "{{ ansible_default_ipv4_address }}" +openvpn_lan_source_ip: "{{ ansible_default_ipv4.address }}" # Security openvpn_auth_alg: SHA256