diff --git a/roles/wireguard_server/templates/wg0-client.conf b/roles/wireguard_server/templates/wg0-client.conf
index 86a59cc..19f1e3d 100644
--- a/roles/wireguard_server/templates/wg0-client.conf
+++ b/roles/wireguard_server/templates/wg0-client.conf
@@ -1,10 +1,10 @@
 [Interface]
 Address = {{ vpn_network }}.{{item|int + 1}}/32
-DNS = {{ vpn_network }}.1
+DNS = 9.9.9.9
 PrivateKey = {{ private_key_files.results[item|int].stdout }}
 
 [Peer]
 PublicKey = {{ public_key_files.results[0].stdout }}
 AllowedIPs = 0.0.0.0/0
-Endpoint = {{ ansible_default_ipv4.address }}:{{ vpn_port }}
-PersistentKeepalive = 1
+Endpoint = {{ ansible_ssh_host }}:{{ vpn_port }}
+PersistentKeepalive = 0
diff --git a/roles/wireguard_server/templates/wg0.conf b/roles/wireguard_server/templates/wg0.conf
index a011f78..fb0bffc 100644
--- a/roles/wireguard_server/templates/wg0.conf
+++ b/roles/wireguard_server/templates/wg0.conf
@@ -1,8 +1,10 @@
 [Interface]
 Address = {{ vpn_network }}.1/24
-SaveConfig = true
+SaveConfig = false
 ListenPort = {{ vpn_port }}
 PrivateKey = {{ private_key_files.results[0].stdout }}
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
 
 {% for i in range(vpn_clients) %}
 [Peer]