Add server/wg0.conf

2025-01-25 17:47:14 +00:00 · 2025-01-25 17:47:14 +00:00 · 7177948303
parent b96e9f5f25
commit 7177948303
1 changed files with 33 additions and 0 deletions
--- a/server/wg0.conf
+++ b/server/wg0.conf
@ -0,0 +1,33 @@
+[Interface]
+# Replace with the server's private key
+PrivateKey = SERVER_PRIVATE_KEY
+# VPN interface IP address
+Address = 10.0.0.1/24
+# Listening port
+ListenPort = 51820
+
+# Enable IP forwarding
+PostUp = sysctl -w net.ipv4.ip_forward=1
+# Masquerade outgoing traffic
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+# Allow forwarding from VPN to eth0
+PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
+# Allow forwarding from eth0 to VPN
+PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# Forward incoming SMTP traffic to the client
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25
+# Forward incoming HTTP traffic to the client (web management portal)
+PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
+
+# Clean up rules on shutdown
+PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
+PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25
+PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80
+
+[Peer]
+# Client's public key
+PublicKey = CLIENT_PUBLIC_KEY
+# Allowed IPs for the client
+AllowedIPs = 10.0.0.2/32