30 lines
1.2 KiB
Plaintext
30 lines
1.2 KiB
Plaintext
# This configuration is used on the VPS.
|
|
# The clients (e.g. OPNsense from LAN or iPhone from anywhere) connect to this "server".
|
|
[Interface]
|
|
PrivateKey = [...]
|
|
Address = 10.10.10.1/24
|
|
ListenPort = 51820
|
|
|
|
# FORWARD: We allow all packets from the wg0 interface
|
|
# MASQUERADE: We rewrite packets from the wg0 interface
|
|
# as if they were coming from the ens6 interface:
|
|
# [From: 10.10.10.2, To: google.com] will become
|
|
# [From: 212.227.233.241, To: google.com].
|
|
# This is required since 10.10.10.2 is a local address.
|
|
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o ens6 -j MASQUERADE
|
|
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o ens6 -j MASQUERADE
|
|
|
|
# OPNsense
|
|
[Peer]
|
|
PublicKey = bsvabi6V4XZx7ZS/53Tai0s1n0Tf/6KRvMn+9yNnymY=
|
|
# AllowedIPs lists the IPs that this server routes to the client.
|
|
# The first address is the address the client will have.
|
|
# Since this is our gateway to our home network,
|
|
# we want to route the home network subnet to it.
|
|
AllowedIPs = 10.10.10.2/32,192.168.86.0/24
|
|
|
|
# iPhone 15
|
|
[Peer]
|
|
PublicKey = qcJPgz/N3y+QMac5kfLKDgouIcWnLD+uPpe4JTEB4G0=
|
|
AllowedIPs = 10.10.10.3/32
|