2022-12-09 01:16:00 +01:00
|
|
|
auto wg0
|
|
|
|
iface wg0 inet static
|
|
|
|
pre-up /usr/local/sbin/ip-link-add.sh $IFACE type wireguard
|
|
|
|
pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
|
|
|
|
pre-up ip link set mtu 1420 dev $IFACE
|
|
|
|
|
|
|
|
post-up /usr/local/sbin/post-up-$IFACE-inet.nft
|
|
|
|
post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft
|
2022-12-10 01:03:32 +01:00
|
|
|
{% if vpn_wireguard_role == "server" %}
|
2022-12-09 22:45:58 +01:00
|
|
|
{% for client in vpn_wireguard_clients %}
|
2022-12-10 01:03:32 +01:00
|
|
|
{% if 'subnet' in client %}
|
2022-12-09 01:16:00 +01:00
|
|
|
post-up ip route add {{ client.subnet }} dev $IFACE
|
2022-12-10 01:03:32 +01:00
|
|
|
{% endif %}
|
2022-12-09 01:16:00 +01:00
|
|
|
{% endfor %}
|
2022-12-10 01:03:32 +01:00
|
|
|
{% elif vpn_wireguard_role == "client" %}
|
|
|
|
post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
2022-12-09 01:16:00 +01:00
|
|
|
{% endif %}
|
|
|
|
|
2022-12-09 22:45:58 +01:00
|
|
|
{% if vpn_wireguard_role == "server" %}
|
|
|
|
{% for client in vpn_wireguard_clients %}
|
2022-12-10 01:03:32 +01:00
|
|
|
{% if 'subnet' in client %}
|
2022-12-09 01:16:00 +01:00
|
|
|
pre-down ip route del {{ client.subnet }} dev $IFACE
|
2022-12-10 01:03:32 +01:00
|
|
|
{% endif %}
|
2022-12-09 01:16:00 +01:00
|
|
|
{% endfor %}
|
2022-12-09 22:45:58 +01:00
|
|
|
{% elif vpn_wireguard_role == "client" %}
|
|
|
|
pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }}
|
2022-12-09 01:16:00 +01:00
|
|
|
{% endif %}
|
|
|
|
pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft
|
|
|
|
pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft
|
|
|
|
|
2022-12-09 22:45:58 +01:00
|
|
|
address {{ vpn_wireguard_address }}
|
|
|
|
netmask {{ vpn_wireguard_netmask }}
|