Skip to content

Commit

Permalink
Added ability to optionally configure NAT source address (#168)
Browse files Browse the repository at this point in the history 
* Added ability to optionally configure NAT source address

* Set the default and use it rather than coding the default in the task

* Fixed typo in ipv4 address

---------

Co-authored-by: Kyle Lexmond <[email protected]>
  • Loading branch information
@coofercat @kyl191
coofercat and kyl191 authored Dec 22, 2024
1 parent 27c6046 commit 10bf046
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions defaults/main/openvpn.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ openvpn_server_netmask: 255.255.255.0
openvpn_server_network: 10.9.0.0
openvpn_set_dns: true
openvpn_tun_mtu:
openvpn_lan_source_ip: "{{ ansible_default_ipv4.address }}"

# Security
openvpn_auth_alg: SHA256
openvpn_cipher: AES-256-CBC
Expand Down
2 changes: 1 addition & 1 deletion tasks/ufw.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
# OpenVPN config
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{ ansible_default_ipv4.address }}
-A POSTROUTING -s {{ openvpn_server_network }}/24 -j SNAT --to-source {{ openvpn_lan_source_ip }}
COMMIT
when: not openvpn_masquerade_not_snat
notify:
Expand Down

0 comments on commit 10bf046

Please sign in to comment.