From 2570763b0d96bbbcde7c1d075d98ab3c5e799f8e Mon Sep 17 00:00:00 2001
From: Manevolent <manevolent@team.lixo>
Date: Tue, 21 Sep 2021 22:30:49 -0600
Subject: [PATCH] Make WireGuard route-sink the WG_routes

---
 wireguard/wg0.conf.tmpl | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/wireguard/wg0.conf.tmpl b/wireguard/wg0.conf.tmpl
index c1614e6..cd818ff 100644
--- a/wireguard/wg0.conf.tmpl
+++ b/wireguard/wg0.conf.tmpl
@@ -2,8 +2,13 @@
 PrivateKey = ${wg_key}
 Address = ${wg_address}/${wg_prefix:-32}
 ListenPort = ${wg_port:-51820}
-PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT;
+{{ if len "${wg_routes:-}" }}{{ range "$wg_routes" | split "," }}PostUp = ip -4 route add {{ . }} dev wg0
+{{ end }}{{ end }}
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT
+{{ if len "${wg_routes:-}" }}{{ range "$wg_routes" | split "," }}PostDown = ip -4 route del {{ . }} dev wg0
+{{ end }}{{ end }}
+Table = off
 
 {{ range files "wireguard/peers" }} {{ if ne . "${tinc_peer_name}" }}
 [Peer]