diff --git a/defaults/main.yml b/defaults/main.yml
index 6eed5d8..29590b8 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,21 +1,14 @@
 ---
 vault_listener_address: 0.0.0.0
+vault_iface: "{{ lookup('env', 'VAULT_IFACE') | default(ansible_default_ipv4.interface, true) }}"
 vault_port: 8200
 vault_protocol: "http"
-vault_api_addr: "{{ vault_protocol }}://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
+vault_address: "{{ hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address'] }}"
+vault_cluster_address: "{{ hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address'] }}:{{ (vault_port | int) + 1 }}"
+vault_cluster_addr: "{{ vault_protocol }}://{{ vault_cluster_address }}"
+vault_api_addr: "{{ vault_protocol }}://{{ vault_redirect_address | default(hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address']) }}:{{ vault_port }}"
 vault_tls_disable: true
 
-vault_raft_group_name: "vault_raft_servers"
-vault_raft_cluster_members: |
-  [
-  {% for server in groups[vault_raft_group_name] %}
-    {
-      "peer": "{{ server }}",
-      "api_addr": "{{ hostvars[server]['vault_api_addr'] |
-      default(vault_protocol + '://' + hostvars[server]['ansible_' + hostvars[server]['ansible_default_ipv4']['interface']]['ipv4']['address'] + ':' + (vault_port|string)) }}"
-    },
-  {% endfor %}
-  ]
 # vault backup variable
 vault_snapshot: false
 vault_backup_location: /tmp
@@ -26,3 +19,15 @@ vault_secretid: ''
 
 vault_unseal_keys_dir_output: "~/vaultUnseal"
 vault_unseal_token: ""
+
+vault_raft_group_name: "vault_raft_servers"
+vault_raft_cluster_members: |
+  [
+  {% for server in groups[vault_raft_group_name] %}
+    {
+      "peer": "{{ server }}",
+      "api_addr": "{{ hostvars[server]['vault_api_addr'] |
+  default( vault_protocol + '://' + hostvars[server]['ansible_' + hostvars[server][vault_iface]]['ipv4']['address'] ) }}"
+    },
+  {% endfor %}
+  ]
diff --git a/tasks/unseal.yml b/tasks/unseal.yml
index f415df3..673edd7 100644
--- a/tasks/unseal.yml
+++ b/tasks/unseal.yml
@@ -37,6 +37,6 @@
   ansible.builtin.shell: |
     vault operator unseal {{ item }}
   environment:
-    VAULT_ADDR: "http://127.0.0.1:8200"
+    VAULT_ADDR: "{{ vault_api_addr }}"
   with_items: "{{vault_unseal_token}}"
   when: check_result1.status == 503
diff --git a/templates/config.hcl.j2 b/templates/config.hcl.j2
index 57cdce7..b85642b 100644
--- a/templates/config.hcl.j2
+++ b/templates/config.hcl.j2
@@ -2,6 +2,7 @@
 storage "raft" {
   path = "/opt/vault/raft/"
   node_id = "{{ inventory_hostname }}"
+
 {% for raft_peer in vault_raft_cluster_members | rejectattr('peer', 'equalto', inventory_hostname) %}
   retry_join {
         leader_api_addr =  "{{ raft_peer.api_addr }}"
@@ -10,17 +11,16 @@ storage "raft" {
 }
 
 listener "tcp" {
-  address     = "{{ vault_listener_address}}:{{vault_port}}"
-  cluster_address = "{{ vault_listener_address}}:8201"
+  address     = "{{ vault_address }}:{{vault_port}}"
+  cluster_address = "{{ vault_cluster_address }}"
   tls_disable = 1
 }
-api_addr =  "http://{{ vault_listener_address}}:{{vault_port}}"
-cluster_addr =  "http://{{ ansible_default_ipv4.address }}:8201"
+api_addr =  "{{ vault_api_addr }}"
+cluster_addr =  "{{vault_cluster_addr}}"
 ui= true
 disable_mlock = true
 
 service_registration "consul" {
   address      = "127.0.0.1:8500"
-  service_address = "{{ ansible_default_ipv4.address }}"
 }