You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.5 KiB
39 lines
1.5 KiB
[Interface]
|
|
PrivateKey = {{ wireguard_server_privkey }}
|
|
{#
|
|
We want the Address field here to be an IP address
|
|
with the whole network in CIDR notation, like 10.0.0.1/24.
|
|
|
|
If wireguard_vpn_network is a CIDR network like 10.0.0.0/24,
|
|
and wireguard_server_offset is an integer like 1,
|
|
this will produce an offset of the start of the network + CIDR prefix,
|
|
which in this case will be the desired 10.0.0.1/24.
|
|
#}
|
|
Address = {{ wireguard_vpn_network | ipaddr(wireguard_server_offset) }}
|
|
ListenPort = {{ wireguard_server_listen_port }}
|
|
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
{% for client in wireguard_clients %}
|
|
[Peer]
|
|
# {{ client.name }}
|
|
PublicKey = {{ client.pubkey }}
|
|
{#
|
|
We want the Address field here to be an IP address
|
|
withOUT the whole network in CIDR notation, like 10.0.0.15/32.
|
|
|
|
If wireguard_vpn_network is a CIDR network like 10.0.0.0/24,
|
|
and client.offset is an integer like 15,
|
|
this will produce an offset of the start of the network with a /32 CIDR prefix
|
|
which in this case will be the desired 10.0.0.15/32.
|
|
#}
|
|
{% if client.name == 'larva' %}
|
|
AllowedIPs = {{ wireguard_vpn_network | ipsubnet(32, client.offset) }}, 192.168.0.0/16
|
|
|
|
{% else %}
|
|
AllowedIPs = {{ wireguard_vpn_network | ipsubnet(32, client.offset) }}
|
|
|
|
{% endif %}
|
|
{% endfor %}
|