From 71779483034d34d62131acbcb8ae1819d07076ce Mon Sep 17 00:00:00 2001 From: first Date: Sat, 25 Jan 2025 17:47:14 +0000 Subject: [PATCH] Add server/wg0.conf --- server/wg0.conf | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 server/wg0.conf diff --git a/server/wg0.conf b/server/wg0.conf new file mode 100644 index 0000000..f854f74 --- /dev/null +++ b/server/wg0.conf @@ -0,0 +1,33 @@ +[Interface] +# Replace with the server's private key +PrivateKey = SERVER_PRIVATE_KEY +# VPN interface IP address +Address = 10.0.0.1/24 +# Listening port +ListenPort = 51820 + +# Enable IP forwarding +PostUp = sysctl -w net.ipv4.ip_forward=1 +# Masquerade outgoing traffic +PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +# Allow forwarding from VPN to eth0 +PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT +# Allow forwarding from eth0 to VPN +PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT +# Forward incoming SMTP traffic to the client +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25 +# Forward incoming HTTP traffic to the client (web management portal) +PostUp = iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80 + +# Clean up rules on shutdown +PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT +PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT +PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination 10.0.0.2:25 +PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.2:80 + +[Peer] +# Client's public key +PublicKey = CLIENT_PUBLIC_KEY +# Allowed IPs for the client +AllowedIPs = 10.0.0.2/32 \ No newline at end of file