Config/Wireguard: Add vps wireguard configuration for reference

2025-07-11 15:49:20 +02:00
parent e2e15976de
commit d0875af106
1 changed files with 29 additions and 0 deletions
--- a/config/wireguard/vps.conf
+++ b/config/wireguard/vps.conf
@ -0,0 +1,29 @@
+# This configuration is used on the VPS.
+# The clients (e.g. OPNsense from LAN or iPhone from anywhere) connect to this "server".
+[Interface]
+PrivateKey = [...]
+Address = 10.10.10.1/24
+ListenPort = 51820
+
+# FORWARD:    We allow all packets from the wg0 interface
+# MASQUERADE: We rewrite packets from the wg0 interface
+#             as if they were coming from the ens6 interface:
+#               [From: 10.10.10.2,      To: google.com] will become
+#               [From: 212.227.233.241, To: google.com].
+#             This is required since 10.10.10.2 is a local address.
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens6 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens6 -j MASQUERADE
+
+# OPNsense
+[Peer]
+PublicKey = bsvabi6V4XZx7ZS/53Tai0s1n0Tf/6KRvMn+9yNnymY=
+# AllowedIPs lists the IPs that this server routes to the client.
+# The first address is the address the client will have.
+# Since this is our gateway to our home network,
+# we want to route the home network subnet to it.
+AllowedIPs = 10.10.10.2/32,192.168.86.0/24
+
+# iPhone 15
+[Peer]
+PublicKey = qcJPgz/N3y+QMac5kfLKDgouIcWnLD+uPpe4JTEB4G0=
+AllowedIPs = 10.10.10.3/32