Make WireGuard route-sink the WG_routes

This commit is contained in:
Manevolent 2021-09-21 22:30:49 -06:00
parent a976ccf6b2
commit 2570763b0d
No known key found for this signature in database
GPG Key ID: 2E9B7592DFA4F344

View File

@ -2,8 +2,13 @@
PrivateKey = ${wg_key}
Address = ${wg_address}/${wg_prefix:-32}
ListenPort = ${wg_port:-51820}
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT;
{{ if len "${wg_routes:-}" }}{{ range "$wg_routes" | split "," }}PostUp = ip -4 route add {{ . }} dev wg0
{{ end }}{{ end }}
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
{{ if len "${wg_routes:-}" }}{{ range "$wg_routes" | split "," }}PostDown = ip -4 route del {{ . }} dev wg0
{{ end }}{{ end }}
Table = off
{{ range files "wireguard/peers" }} {{ if ne . "${tinc_peer_name}" }}
[Peer]