# wg0-server.conf # # This is the configuration for the server hidden behind the wireguard proxy. # It routes all internet traffic via the proxy, with the exception of traffic # to the proxy itself. It is still accessible on the local network. # # When moving this to a new machine: # * Update the PostUp route so that the proxy address has an explicit route via the local gateway # * Update the PownDown to delete the explicit route and restore the default gw # * Update the Peer PublicKey and Endpoint with the proxy key and address # [Interface] PostUp = wg set %i private-key /etc/wireguard/%i.key Address = 192.168.4.2/24 # Delete the default gateway and add an explicit route for the wireguard tunnel PostUp = route add ${PROXY_IP} gw ${SERVER_GW} || echo "wrong route" PostUp = route del default || echo "no default" PostUp = route add default gw 192.168.4.1 PostDown = route del ${PROXY_IP} PostDown = route add default gw ${SERVER_GW} [Peer] PublicKey = ${PROXY_PUBKEY} Endpoint = ${PROXY_IP}:51820 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25