docker-compose environment for the entire v.st system
https://v.st/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.2 KiB
33 lines
1.2 KiB
[Interface]
|
|
Address = 192.168.4.1/24
|
|
ListenPort = 51820
|
|
|
|
PostUp = wg set %i private-key /etc/wireguard/%i.key
|
|
|
|
# Enable IP masquerading for the remote host
|
|
PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT
|
|
PostUp = iptables -A FORWARD -o %i -j ACCEPT
|
|
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
# accept the wireguard connection
|
|
PostUp = iptables -t nat -A PREROUTING -i eth0 -p udp --dport 51820 -j ACCEPT
|
|
|
|
# redirect ssh to port 23
|
|
PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 23 -j REDIRECT --to-port 22
|
|
|
|
# redirect *all* traffic to the wg tunnel
|
|
PostUp = iptables -t nat -A PREROUTING -i eth0 -p all -j DNAT --to-destination 192.168.4.2
|
|
|
|
# Tear down the proxy
|
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT
|
|
PostDown = iptables -D FORWARD -o %i -j ACCEPT
|
|
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
PostDown = iptables -t nat -D PREROUTING -i eth0 -p udp --dport 51820 -j ACCEPT
|
|
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 23 -j REDIRECT -to-port 22
|
|
PostDown = iptables -t nat -D PREROUTING -i eth0 -p all -j DNAT --to-destination 192.168.4.2
|
|
|
|
[Peer]
|
|
PublicKey = ${SERVER_PUBKEY}
|
|
AllowedIPs = 192.168.4.2/32
|
|
|