home-stack-ansible/roles/wireguard/templates/wg0.conf

[Interface]
# This is the virtual IP address, with the subnet mask we will use for the VPN. Note that this must not be on our LAN subnet and should be an uncommon subnet to avoid address conflicts
Address = {{ wireguard.address }}
ListenPort = {{ wireguard.port }}
PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
PrivateKey = {{ private_key.stdout }}

{% for peer in wireguard.peers %}
[Peer]
PublicKey = {{ peer.public_key }}
AllowedIps = {{ peer.allowed_ips }}
{% endfor %}
add wireguard 2023-12-23 21:36:22 +00:00			`[Interface]`
			`# This is the virtual IP address, with the subnet mask we will use for the VPN. Note that this must not be on our LAN subnet and should be an uncommon subnet to avoid address conflicts`
			`Address = {{ wireguard.address }}`
			`ListenPort = {{ wireguard.port }}`
fix wireguard nat interface 2024-07-11 23:46:02 +00:00			`PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE`
			`PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE`
add wireguard 2023-12-23 21:36:22 +00:00			`PrivateKey = {{ private_key.stdout }}`

			`{% for peer in wireguard.peers %}`
			`[Peer]`
			`PublicKey = {{ peer.public_key }}`
			`AllowedIps = {{ peer.allowed_ips }}`
			`{% endfor %}`