vst
/
env
2
1
Fork 0
Code Issues 19 Pull Requests Packages Projects Releases Wiki Activity
docker-compose environment for the entire v.st system https://v.st/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
107 Commits
1 Branch
0 Tags
928 KiB
 
 
 
 
 
Tag: Branch: Tree: ffc1e86c86
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ffc1e86c86'
${ noResults }
env/wireguard/wg0-proxy.conf

33 lines
1.2 KiB
Raw Blame History

[Interface]
Address = 192.168.4.1/24
ListenPort = 51820
PostUp = wg set %i private-key /etc/wireguard/%i.key
# Enable IP masquerading for the remote host
PostUp = echo 1 > /proc/sys/net/ipv4/ip_forward
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = iptables -A FORWARD -o %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# accept the wireguard connection
PostUp = iptables -t nat -A PREROUTING -i eth0 -p udp --dport 51820 -j ACCEPT
# redirect ssh to port 23
PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 23 -j REDIRECT --to-port 22
# redirect *all* traffic to the wg tunnel
PostUp = iptables -t nat -A PREROUTING -i eth0 -p all -j DNAT --to-destination 192.168.4.2
# Tear down the proxy
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D PREROUTING -i eth0 -p udp --dport 51820 -j ACCEPT
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 23 -j REDIRECT -to-port 22
PostDown = iptables -t nat -D PREROUTING -i eth0 -p all -j DNAT --to-destination 192.168.4.2
[Peer]
PublicKey = ${SERVER_PUBKEY}
AllowedIPs = 192.168.4.2/32