Unverified Commit 7cf9d044 authored by micah's avatar micah 💬
Browse files

Add additional listening ports (#16).

This will listen on port 1194 and port 53 and redirect traffic to
openvpn (running now on port 80). It will also advertise those ports in the
`eip-service.json`.

In order to accomplish this, we need to have the knot-resolver listen explicitly
on the openvpn ip, instead of being greedy with its ports.
parent 5ce36e60
Pipeline #62041 passed with stage
in 21 minutes and 48 seconds
net.listen('::', 53, { kind = 'dns' })
net.listen('0.0.0.0', 53, { kind = 'dns' })
net.listen('10.41.0.1', 53, { kind = 'dns' })
net.listen('::', 8453, { kind = 'webmgmt' })
-- Load Useful modules
......
add_rule4 -A POSTROUTING -s {{ openvpn_network | ipaddr('network/prefix') }} -o {{ ansible_default_ipv4.interface }} -j SNAT --to-source {{ egress_ip }}
add_rule4 -A PREROUTING -p tcp -d {{ ip }} --dport 1194 -j DNAT --to-destination {{ ip }}:80
add_rule4 -A PREROUTING -p udp -d {{ ip }} --dport 1194 -j DNAT --to-destination {{ ip }}:80
add_rule4 -A PREROUTING -p tcp -d {{ ip }} --dport 53 -j DNAT --to-destination {{ ip }}:80
add_rule4 -A PREROUTING -p udp -d {{ ip }} --dport 53 -j DNAT --to-destination {{ ip }}:80
......@@ -31,7 +31,7 @@ openvpn:
containers:
- name: openvpn
image: registry.0xacab.org/leap/container-platform/openvpn:latest
ports: [1194, 23042, 53]
ports: [80, 443, 53]
drop_capabilities: false
docker_options: '--cap-add=NET_ADMIN --cap-add=CAP_NET_BIND_SERVICE'
volumes:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment