From bcc31e0abc2f44971420dac39a0274ea9a9df74d Mon Sep 17 00:00:00 2001 From: Dmitry Ilvokhin Date: Sun, 9 Jun 2024 19:37:44 +0100 Subject: Add wgtor role for Tor middlebox --- roles/wgtor/templates/wg2.conf.j2 | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 roles/wgtor/templates/wg2.conf.j2 (limited to 'roles/wgtor/templates') diff --git a/roles/wgtor/templates/wg2.conf.j2 b/roles/wgtor/templates/wg2.conf.j2 new file mode 100644 index 0000000..5d72891 --- /dev/null +++ b/roles/wgtor/templates/wg2.conf.j2 @@ -0,0 +1,22 @@ +[Interface] +PrivateKey = {{ wireguard_private_key }} +Address = 10.0.2.1/24 +ListenPort = 51822 + +# See for source of iptables rules. +# https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy + +PostUp = iptables -t nat -A PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353 +PostUp = iptables -t nat -A PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353 +PostUp = iptables -t nat -A PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040 +PostUp = iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 + +PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353 +PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353 +PostDown = iptables -t nat -D PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040 +PostDown = iptables -t nat -D OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 + +# earth +[Peer] +PublicKey = HhBhDQmGzltIGQOn+clbRIkQt7ocPAuqsUS+ytinIwU= +AllowedIPs = 10.0.2.2/32 -- cgit v1.2.3-70-g09d2