fix wireguard nat interface
This commit is contained in:
parent
256c31ed28
commit
d97b0f5712
|
|
@ -2,10 +2,8 @@
|
||||||
# This is the virtual IP address, with the subnet mask we will use for the VPN. Note that this must not be on our LAN subnet and should be an uncommon subnet to avoid address conflicts
|
# This is the virtual IP address, with the subnet mask we will use for the VPN. Note that this must not be on our LAN subnet and should be an uncommon subnet to avoid address conflicts
|
||||||
Address = {{ wireguard.address }}
|
Address = {{ wireguard.address }}
|
||||||
ListenPort = {{ wireguard.port }}
|
ListenPort = {{ wireguard.port }}
|
||||||
PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
|
PostUp = iptables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
|
||||||
PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
|
PostDown = iptables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE; ip6tables -w -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -j MASQUERADE
|
||||||
#PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
|
|
||||||
#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ ansible_facts.interfaces[1] }} -j MASQUERADE
|
|
||||||
PrivateKey = {{ private_key.stdout }}
|
PrivateKey = {{ private_key.stdout }}
|
||||||
|
|
||||||
{% for peer in wireguard.peers %}
|
{% for peer in wireguard.peers %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue