da392a9c37
Bugfixes: systemctl explizit aufrufen statt ansible modul verwenden startet das wg0 zuverlässig
14 lines
699 B
Plaintext
14 lines
699 B
Plaintext
[Interface]
|
|
Address = {{ vpn_network }}.1/24
|
|
SaveConfig = false
|
|
ListenPort = {{ vpn_port }}
|
|
PrivateKey = {{ private_key_files.results[0].stdout }}
|
|
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ens5 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens5 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o ens5 -j MASQUERADE
|
|
|
|
{% for i in range(vpn_clients|int) %}
|
|
[Peer]
|
|
PublicKey = {{ public_key_files.results[i + 1].stdout }}
|
|
AllowedIPs = {{ vpn_network }}.{{ i + 2 }}/32
|
|
|
|
{% endfor %} |