jean-cloud-services/services/radiodemo.oma-radio.fr/wg-radiodemo.sh
2023-08-28 20:25:32 +02:00

39 lines
1.1 KiB
Bash
Executable File

#!/bin/bash
set -euo pipefail
. .env
wgif="$1"
echo "
[Interface]
PrivateKey = $(cat $DATA_DIR/privatekey)
Address = 10.29.0.254/32
ListenPort = 55820
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding
PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
# remote settings for the private server
[Peer]
PublicKey = 1YIpMhZGrZRnZPlrTjtCfjvXXGk8j0Ug2AfcHEtN/hE=
AllowedIPs = 10.29.0.1/32,$NET.0/24
# test separation PA
[Peer]
PublicKey = todo
AllowedlIPs = 10.29.0.2
"