auto {{ vpn_wireguard_iface }} iface {{ vpn_wireguard_iface }} inet static pre-up /usr/local/sbin/ip-link-add.sh $IFACE type wireguard pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf pre-up ip link set mtu {{ vpn_wireguard_mtu }} dev $IFACE post-up /usr/local/sbin/post-up-$IFACE-inet.nft post-up /usr/local/sbin/post-up-$IFACE-ipv4.nft {% if vpn_wireguard_role == "server" %} {% for client in vpn_wireguard_clients %} {% if 'subnet' in client %} post-up ip route add {{ client.subnet }} dev $IFACE {% endif %} {% endfor %} {% elif vpn_wireguard_role == "client" %} post-up ip route add default dev $IFACE table {{ vpn_wireguard_routing_table }} {% endif %} {% if vpn_wireguard_role == "server" %} {% for client in vpn_wireguard_clients %} {% if 'subnet' in client %} pre-down ip route del {{ client.subnet }} dev $IFACE {% endif %} {% endfor %} {% elif vpn_wireguard_role == "client" %} pre-down ip route del default dev $IFACE table {{ vpn_wireguard_routing_table }} {% endif %} pre-down /usr/local/sbin/pre-down-$IFACE-ipv4.nft pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft address {{ vpn_wireguard_address }} netmask {{ vpn_wireguard_netmask }}