forked from cohabit/server_config
chore: add wireguard
directory
This commit is contained in:
parent
51e4b272b2
commit
e1baf2a538
8
wireguard/README.md
Normal file
8
wireguard/README.md
Normal file
|
@ -0,0 +1,8 @@
|
|||
# Configuration de `wireguard`
|
||||
|
||||
Serveur VPN.
|
||||
|
||||
## Emplacements
|
||||
|
||||
- `./server/*` -> `/etc/wireguard/*`
|
||||
- `./clients/*` -> N.A.
|
11
wireguard/clients/wifi_fablab.conf
Normal file
11
wireguard/clients/wifi_fablab.conf
Normal file
|
@ -0,0 +1,11 @@
|
|||
[Interface]
|
||||
Address = 10.0.0.2/24
|
||||
PrivateKey = #! TODO use Secrets
|
||||
DNS = 208.67.222.222, 208.67.220.220
|
||||
MTU = 1420
|
||||
|
||||
[Peer]
|
||||
AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
|
||||
Endpoint = cohabit.fr:#! TODO use Secrets
|
||||
PersistentKeepalive = 25
|
||||
PublicKey = #! TODO use Secrets
|
13
wireguard/server/wg0.conf
Normal file
13
wireguard/server/wg0.conf
Normal file
|
@ -0,0 +1,13 @@
|
|||
[Interface]
|
||||
PrivateKey = #! TODO use Secrets
|
||||
Address = 10.0.0.1/24
|
||||
MTU = 1420
|
||||
ListenPort = #! TODO use Secrets
|
||||
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
|
||||
|
||||
### Wifi Fablab ###
|
||||
[Peer]
|
||||
PublicKey = #! TODO use Secrets
|
||||
AllowedIPs = 10.0.0.2/32
|
||||
###################
|
Loading…
Reference in a new issue