blob: fca9a0b7ba4ee6f7d698dafb1ac975fe5e8e6d5b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
{{ ansible_managed | comment }}
[Interface]
PrivateKey = {{ wg_private_key }}
Address = {{ wg_addr4 }}, {{ wg_addr6 }}
ListenPort = {{ wg_listen_port }}
SaveConfig = false
{% if wg_firewall %}
PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT
PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT
{% endif %}
{% if wg_peers is defined %}
{% for peer in wg_peers %}
[Peer]
PublicKey = {{ peer.public_key }}
{% if peer.preshared_key is defined %}
PresharedKey = {{ peer.preshared_key }}
{% endif %}
AllowedIPs = {{ peer.allowed_ips }}
{% if peer.endpoint is defined %}
Endpoint = {{ peer.endpoint }}
{% endif %}
{% if peer.persistent_keepalive is defined and peer.persistent_keepalive %}
PersistentKeepalive = 25
{% endif %}
{% endfor %}
{% endif %}
|