35 lines
No EOL
1.3 KiB
Text
35 lines
No EOL
1.3 KiB
Text
[Interface]
|
|
Address = 10.0.0.2/24 # Private IP for the home server in the VPN network
|
|
PrivateKey = #### PRIVATE KEY OF PRIVATE SERVER #####
|
|
Table = 123
|
|
|
|
# Enable IP forwarding
|
|
PreUp = sysctl -w net.ipv4.ip_forward=1
|
|
|
|
# Return traffic through wireguard
|
|
PreUp = ip rule add from 10.0.0.2 table 123 priority 1
|
|
PostDown = ip rule del from 10.0.0.2 table 123 priority 1
|
|
|
|
# Route traffic to public IP to self to avoid it hitting the network
|
|
PreUp = iptables -t nat -A OUTPUT -d 999.999.999.999 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1
|
|
PostDown = iptables -t nat -D OUTPUT -d 999.999.999.999 -p tcp -m multiport --dports 80,443 -j DNAT --to-destination 127.0.0.1
|
|
|
|
# ==== Firewall ===============================
|
|
|
|
# Allow our expected traffic
|
|
PreUp = iptables -A INPUT -i wg0 -p tcp -m multiport --dports 80,443 -j ACCEPT
|
|
PostDown = iptables -D INPUT -i wg0 -p tcp -m multiport --dports 80,443 -j ACCEPT
|
|
|
|
# And pings
|
|
PreUp = iptables -A INPUT -i wg0 -p icmp --icmp-type echo-request -j ACCEPT
|
|
PostDown = iptables -D INPUT -i wg0 -p icmp --icmp-type echo-request -j ACCEPT
|
|
|
|
# Block the rest
|
|
PreUp = iptables -A INPUT -i wg0 -j DROP
|
|
PostDown = iptables -D INPUT -i wg0 -j DROP
|
|
|
|
[Peer]
|
|
PublicKey = #### PUBLIC KEY OF PUBLIC SERVER #####
|
|
AllowedIPs = 0.0.0.0/0
|
|
Endpoint = 999.999.999.999:51820
|
|
PersistentKeepalive = 25 |