Created
September 13, 2025 21:40
-
-
Save webstrand/880fce5acb1a740780b37ef9ac339da2 to your computer and use it in GitHub Desktop.
IPv4 and IPv6 wireguard configuration for Proton VPN, using systemd-networkd
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [NetDev] | |
| Name=wg0 | |
| Kind=wireguard | |
| [WireGuard] | |
| PrivateKey=[snip] | |
| RouteMetric=1000 | |
| # Table and fwmark are arbitrary | |
| RouteTable=73547 | |
| FirewallMark=0x11f4b | |
| [WireGuardPeer] | |
| PublicKey=[snip] | |
| Endpoint=[snip] | |
| AllowedIPs=0.0.0.0/0, ::/0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Match] | |
| Name=wg0 | |
| Driver=wireguard | |
| [Network] | |
| DNS=10.2.0.1 | |
| DNS=2a07:b944::2:1 | |
| [Address] | |
| Address=10.2.0.2/32 | |
| [Address] | |
| Address=2a07:b944::2:2/128 | |
| # Try routing via main, but suppress default routes | |
| # this allows us to reach local services | |
| [RoutingPolicyRule] | |
| Family=both | |
| SuppressPrefixLength=0 | |
| Table=main | |
| Priority=32000 | |
| # Packets generated by the wireguard driver, fwmarked 0x11f4b, get a second chance | |
| # to route by main, with default routes enabled. | |
| [RoutingPolicyRule] | |
| Family=both | |
| FirewallMark=0x11f4b | |
| Table=main | |
| Priority=32001 | |
| # All other packets not generated by the wireguard driver we attempt | |
| # to route via the wireguard controlled routing table. | |
| [RoutingPolicyRule] | |
| Family=both | |
| FirewallMark=0x11f4b | |
| InvertRule=yes | |
| Table=73547 | |
| Priority=32002 | |
| # We disable any builtin rules trying the main/default table. | |
| [RoutingPolicyRule] | |
| Family=both | |
| Type=unreachable | |
| Priority=32765 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment