From 72c8e9e24474929a4f5a689376820ba4e2e3cff6 Mon Sep 17 00:00:00 2001
From: shapiro125 <shapiro125@yahoo.com>
Date: Mon, 20 May 2019 07:17:39 -0400
Subject: [PATCH] Add IPv6 support to DNS (#1425)

* Add ipv6

* Add ipv6

* add ipv6

* add ipv6

* Switching out ipv6 address with local_service_ipv6 variable from #1429

* Fixing variable error
---
 config.cfg                                            | 2 +-
 roles/dns_adblocking/templates/dnsmasq.conf.j2        | 3 +++
 roles/dns_encryption/templates/dnscrypt-proxy.toml.j2 | 2 +-
 roles/strongswan/templates/ipsec.conf.j2              | 2 +-
 roles/wireguard/defaults/main.yml                     | 2 +-
 5 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/config.cfg b/config.cfg
index 181ae0227..48b83fcdd 100644
--- a/config.cfg
+++ b/config.cfg
@@ -110,7 +110,7 @@ congrats:
     "#    Config files and certificates are in the ./configs/ directory.    #"
     "#              Go to https://whoer.net/ after connecting               #"
     "#        and ensure that all your traffic passes through the VPN.      #"
-    "#                     Local DNS resolver {{ local_service_ip }}                    #"
+    "#                     Local DNS resolver {{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}                   #"
   p12_pass: |
     "#        The p12 and SSH keys password for new users is {{ p12_export_password }}       #"
   ca_key_pass: |
diff --git a/roles/dns_adblocking/templates/dnsmasq.conf.j2 b/roles/dns_adblocking/templates/dnsmasq.conf.j2
index 1857c55b7..7460d993b 100644
--- a/roles/dns_adblocking/templates/dnsmasq.conf.j2
+++ b/roles/dns_adblocking/templates/dnsmasq.conf.j2
@@ -90,6 +90,9 @@ no-resolv
 # server=10.1.2.3@eth1
 {% if dns_encryption %}
 server={{ local_service_ip }}#5353
+{% if ipv6_support -%}
+server={{ local_service_ipv6 }}#5353
+{% endif %}
 {% else %}
 {% for host in dns_servers.ipv4 %}
 server={{ host }}
diff --git a/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2 b/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
index d954ff8b2..a084a9d2f 100644
--- a/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
+++ b/roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
@@ -37,7 +37,7 @@
 ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
 ## Note: When using systemd socket activation, choose an empty set (i.e. [] ).
 
-listen_addresses  = ['{{ local_service_ip }}:{{ listen_port }}']
+listen_addresses  = ['{{ local_service_ip }}:{{ listen_port }}'{% if ipv6_support %}, '[{{ local_service_ipv6 }}]:{{ listen_port }}'{% endif %}]
 
 
 ## Maximum number of simultaneous client connections to accept
diff --git a/roles/strongswan/templates/ipsec.conf.j2 b/roles/strongswan/templates/ipsec.conf.j2
index 7cd27c903..3f0a4020e 100644
--- a/roles/strongswan/templates/ipsec.conf.j2
+++ b/roles/strongswan/templates/ipsec.conf.j2
@@ -31,7 +31,7 @@ conn %default
     rightauth=pubkey
     rightsourceip={{ strongswan_network }},{{ strongswan_network_ipv6 }}
 {% if algo_local_dns or dns_encryption %}
-    rightdns={{ local_service_ip }}
+    rightdns={{ local_service_ip }}{{ ',' + local_service_ipv6 if ipv6_support else '' }}
 {% else %}
     rightdns={% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
 {% endif %}
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
index e0c82f51c..2774d04f1 100644
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@@ -6,7 +6,7 @@ wireguard_interface: wg0
 keys_clean_all: false
 wireguard_dns_servers: >-
   {% if local_dns|default(false)|bool or dns_encryption|default(false)|bool %}
-  {{ local_service_ip }}
+  {{ local_service_ip }}{{ ', ' + local_service_ipv6 if ipv6_support else '' }}
   {% else %}
   {% for host in dns_servers.ipv4 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% if ipv6_support %},{% for host in dns_servers.ipv6 %}{{ host }}{% if not loop.last %},{% endif %}{% endfor %}{% endif %}
   {% endif %}