# This configuration is used on the VPS.
# The clients (e.g. OPNsense from LAN or iPhone from anywhere) connect to this "server".
[Interface]
PrivateKey = [...]
Address = 10.10.10.1/24
ListenPort = 51820

# FORWARD:    We allow all packets from the wg0 interface
# MASQUERADE: We rewrite packets from the wg0 interface
#             as if they were coming from the ens6 interface:
#               [From: 10.10.10.2,      To: google.com] will become
#               [From: 212.227.233.241, To: google.com].
#             This is required since 10.10.10.2 is a local address.
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens6 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens6 -j MASQUERADE

# OPNsense
[Peer]
PublicKey = bsvabi6V4XZx7ZS/53Tai0s1n0Tf/6KRvMn+9yNnymY=
# AllowedIPs lists the IPs that this server routes to the client.
# The first address is the address the client will have.
# Since this is our gateway to our home network,
# we want to route the home network subnet to it.
AllowedIPs = 10.10.10.2/32,192.168.86.0/24

# iPhone 15
[Peer]
PublicKey = qcJPgz/N3y+QMac5kfLKDgouIcWnLD+uPpe4JTEB4G0=
AllowedIPs = 10.10.10.3/32