Skip to content

Commit 3f3138f

Browse files
davidemyersdavidemyers
authored
Fix IPsec DNS when WireGuard uses port 53 (#1719)
* Fix IPsec DNS when WireGuard uses port 53 * Change ACCEPT to RETURN
1 parent 28d95ea commit 3f3138f

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

roles/common/templates/rules.v4.j2

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ COMMIT
3232
{% if wireguard_enabled and wireguard_port|int == wireguard_port_avoid|int %}
3333
# Handle the special case of allowing access to WireGuard over an already used
3434
# port like 53
35+
-A PREROUTING -s {{ subnets|join(',') }} -p udp --dport {{ wireguard_port_avoid }} -j RETURN
3536
-A PREROUTING --in-interface {{ ansible_default_ipv4['interface'] }} -p udp --dport {{ wireguard_port_avoid }} -j REDIRECT --to-port {{ wireguard_port_actual }}
3637
{% endif %}
3738
# Allow traffic from the VPN network to the outside world, and replies

roles/common/templates/rules.v6.j2

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ COMMIT
3131
{% if wireguard_enabled and wireguard_port|int == wireguard_port_avoid|int %}
3232
# Handle the special case of allowing access to WireGuard over an already used
3333
# port like 53
34+
-A PREROUTING -s {{ subnets|join(',') }} -p udp --dport {{ wireguard_port_avoid }} -j RETURN
3435
-A PREROUTING --in-interface {{ ansible_default_ipv6['interface'] }} -p udp --dport {{ wireguard_port_avoid }} -j REDIRECT --to-port {{ wireguard_port_actual }}
3536
{% endif %}
3637
# Allow traffic from the VPN network to the outside world, and replies

0 commit comments

Comments
 (0)