From 6bea1dd6b2612c6186a36f15c83c805ae3cc1ae8 Mon Sep 17 00:00:00 2001
From: randomshell <43271778+randomshell@users.noreply.github.com>
Date: Fri, 14 Sep 2018 22:28:16 +0200
Subject: [PATCH] Change Unbound configuration for openvpn integration

---
 openvpn-install.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 950eb96..825cc20 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -795,7 +795,9 @@ function installLocalDNS () {
 			apt-get install -y unbound
 
 			# Configuration
-			echo 'hide-identity: yes
+			echo 'interface: 10.8.0.1
+access-control: 10.8.0.1/24 allow
+hide-identity: yes
 hide-version: yes
 use-caps-for-id: yes
 prefetch: yes' >> /etc/unbound/unbound.conf
@@ -811,6 +813,8 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 			yum install -y unbound
 
 			# Configuration
+			sed -i 's|# interface: 0.0.0.0|interface: 10.8.0.1' /etc/unbound/unbound.conf
+			sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow' /etc/unbound/unbound.conf
 			sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@@ -826,6 +830,8 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 			dnf install -y unbound
 
 			# Configuration
+			sed -i 's|# interface: 0.0.0.0|interface: 10.8.0.1' /etc/unbound/unbound.conf
+			sed -i 's|# access-control: 127.0.0.0/8 allow|access-control: 10.8.0.1/24 allow' /etc/unbound/unbound.conf
 			sed -i 's|# hide-identity: no|hide-identity: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# hide-version: no|hide-version: yes|' /etc/unbound/unbound.conf
 			sed -i 's|# use-caps-for-id: no|use-caps-for-id: yes|' /etc/unbound/unbound.conf
@@ -852,8 +858,8 @@ prefetch: yes' >> /etc/unbound/unbound.conf
 			echo 'server:
 root-hints: root.hints
 auto-trust-anchor-file: trusted-key.key
-interface: 127.0.0.1
-access-control: 127.0.0.1 allow
+interface: 10.8.0.1
+access-control: 10.8.0.1/24 allow
 port: 53
 do-daemonize: yes
 num-threads: 2