Add wgvpn role for WireGuard VPN

author: Dmitry Ilvokhin <d@ilvokhin.com> 2024-05-27 10:45:25 +0100
committer: Dmitry Ilvokhin <d@ilvokhin.com> 2024-05-27 10:45:25 +0100
commit: da9620ed0709be25b4ced254ca0f131f637bcfe6 (patch)
tree: b602e022d6df01539828be813907d7b39734c3d7 /roles/wgvpn/templates
parent: da82868f7aee3997994474fd3c5a72e3676070c2 (diff)
download: infra-da9620ed0709be25b4ced254ca0f131f637bcfe6.tar.gz
infra-da9620ed0709be25b4ced254ca0f131f637bcfe6.tar.bz2
infra-da9620ed0709be25b4ced254ca0f131f637bcfe6.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/roles/wgvpn/templates/wg1.conf.j2 b/roles/wgvpn/templates/wg1.conf.j2
new file mode 100644
index 0000000..8a930ac
--- /dev/null
+++ b/roles/wgvpn/templates/wg1.conf.j2
@@ -0,0 +1,17 @@
+[Interface]
+PrivateKey = {{ wireguard_private_key }}
+Address = 10.0.1.1/24
+ListenPort = 51821
+
+PostUp = iptables -A FORWARD -i %i -j ACCEPT
+PostUp = iptables -A FORWARD -o %i -j ACCEPT
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
+PostDown = iptables -D FORWARD -i %i -j ACCEPT;
+PostDown = iptables -D FORWARD -o %i -j ACCEPT;
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+# earth
+[Peer]
+PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU=
+AllowedIPs = 10.0.1.2/32
author	Dmitry Ilvokhin <d@ilvokhin.com>	2024-05-27 10:45:25 +0100
committer	Dmitry Ilvokhin <d@ilvokhin.com>	2024-05-27 10:45:25 +0100
commit	da9620ed0709be25b4ced254ca0f131f637bcfe6 (patch)
tree	b602e022d6df01539828be813907d7b39734c3d7 /roles/wgvpn/templates
parent	da82868f7aee3997994474fd3c5a72e3676070c2 (diff)
download	infra-da9620ed0709be25b4ced254ca0f131f637bcfe6.tar.gz infra-da9620ed0709be25b4ced254ca0f131f637bcfe6.tar.bz2 infra-da9620ed0709be25b4ced254ca0f131f637bcfe6.zip