39 lines
1.1 KiB
Bash
Executable File
39 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -euo pipefail
|
|
|
|
. .env
|
|
|
|
wgif="$1"
|
|
|
|
echo "
|
|
[Interface]
|
|
PrivateKey = $(cat $DATA_DIR/privatekey)
|
|
Address = 10.29.0.254/32
|
|
ListenPort = 55820
|
|
|
|
# packet forwarding
|
|
PreUp = sysctl -w net.ipv4.ip_forward=1
|
|
|
|
# port forwarding
|
|
PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
|
PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
|
|
|
PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
|
PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
|
|
|
# packet masquerading
|
|
PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
|
|
PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
|
|
|
|
# remote settings for the private server
|
|
[Peer]
|
|
PublicKey = 1YIpMhZGrZRnZPlrTjtCfjvXXGk8j0Ug2AfcHEtN/hE=
|
|
AllowedIPs = 10.29.0.1/32,$NET.0/24
|
|
|
|
# test separation PA
|
|
[Peer]
|
|
PublicKey = todo
|
|
AllowedlIPs = 10.29.0.2
|
|
"
|