29 lines
1.1 KiB
Django/Jinja
29 lines
1.1 KiB
Django/Jinja
[Interface]
|
|
Address = {{ wireguard_address }}
|
|
PrivateKey = {{ wg_server_private_key }}
|
|
ListenPort = {{ wireguard_port }}
|
|
{% if wireguard_mtu is defined %}
|
|
MTU = {{ wireguard_mtu }}
|
|
{% endif %}
|
|
|
|
# Einfache NAT-Regeln für VPN-Traffic
|
|
PostUp = iptables -t nat -I POSTROUTING -o {{ wireguard_exit_interface }} -s {{ wireguard_network }} -j MASQUERADE
|
|
PostUp = iptables -I FORWARD -i {{ wireguard_interface }} -j ACCEPT
|
|
PostUp = iptables -I FORWARD -o {{ wireguard_interface }} -j ACCEPT
|
|
|
|
PostDown = iptables -t nat -D POSTROUTING -o {{ wireguard_exit_interface }} -s {{ wireguard_network }} -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i {{ wireguard_interface }} -j ACCEPT
|
|
PostDown = iptables -D FORWARD -o {{ wireguard_interface }} -j ACCEPT
|
|
|
|
# Client-Peers
|
|
{% for client in wireguard_clients %}
|
|
[Peer]
|
|
# {{ client.name }}
|
|
PublicKey = {{ wg_client_public_keys[client.name] }}
|
|
AllowedIPs = {{ client.address }}/32
|
|
{% if wireguard_pre_shared_key | default(false) and wg_client_psk_keys is defined %}
|
|
PresharedKey = {{ wg_client_psk_keys[client.name] }}
|
|
{% endif %}
|
|
|
|
{% endfor %}
|