xeptore · October 7, 2022 05:30
diff --git a/wg-net.conf b/wg-net.conf
 [Interface]
 Address = 10.66.66.1/24,fd42:42:42::1/64
 ListenPort = 55280
 PrivateKey = ???
 FwMark = 51820
 PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 PostUp = iptables -I FORWARD -i %i -o ivpn -j ACCEPT
 PostUp = iptables -I FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
 PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
 PreDown = iptables -D FORWARD -i %i -o ivpn -j ACCEPT
 PostUp = iptables -t nat -A POSTROUTING -o ivpn -j MASQUERADE
 PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 PreDown = iptables -t nat -D POSTROUTING -o ivpn -j MASQUERADE
 PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

 [Peer]
 PublicKey = ???
 PresharedKey = ???
 AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
diff --git a/wg-vpn.conf b/wg-vpn.conf
 [Interface]
 PrivateKey = ???
 Address = 10.67.160.42/32,fc00:bbbb:bbbb:bb01::4:a029/128
 FwMark = 51820

 #######
 # SSH #
 #######
 PostUp = ip route add default via 212.33.203.1 dev eth0 table ssh
 PostUp = ip rule add fwmark 0x2 table ssh
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
 PreDown = ip rule del fwmark 0x2 table ssh
 PreDown = ip route del default via 212.33.203.1 dev eth0 table ssh

 #############
 # WireGuard #
 #############
 PostUp = ip route add default via 212.33.203.1 dev eth0 table wg
 PostUp = ip rule add fwmark 0x4 table wg
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
 PreDown = ip rule del fwmark 0x4 table wg
 PreDown = ip route del default via 212.33.203.1 dev eth0 table wg

 ###############
 # Shadowsocks #
 ###############
 PostUp = ip route add default via 212.33.203.1 dev eth0 table ss
 PostUp = ip rule add fwmark 0x3 table ss

 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2

 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2

 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2

 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2

 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
 PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
 PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2

 PreDown = ip rule del fwmark 0x3 table ss
 PreDown = ip route del default via 212.33.203.1 dev eth0 table ss

 [Peer]
 PublicKey = ???
 AllowedIPs = 0.0.0.0/0,::0/0
 Endpoint = ???
	[Interface]
	Address = 10.66.66.1/24,fd42:42:42::1/64
	ListenPort = 55280
	PrivateKey = ???
	FwMark = 51820
	PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	PostUp = iptables -I FORWARD -i %i -o ivpn -j ACCEPT
	PostUp = iptables -I FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
	PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
	PreDown = iptables -D FORWARD -i %i -o ivpn -j ACCEPT
	PostUp = iptables -t nat -A POSTROUTING -o ivpn -j MASQUERADE
	PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
	PreDown = iptables -t nat -D POSTROUTING -o ivpn -j MASQUERADE
	PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

	[Peer]
	PublicKey = ???
	PresharedKey = ???
	AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
	[Interface]
	PrivateKey = ???
	Address = 10.67.160.42/32,fc00:bbbb:bbbb:bb01::4:a029/128
	FwMark = 51820

	#######
	# SSH #
	#######
	PostUp = ip route add default via 212.33.203.1 dev eth0 table ssh
	PostUp = ip rule add fwmark 0x2 table ssh
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
	PreDown = ip rule del fwmark 0x2 table ssh
	PreDown = ip route del default via 212.33.203.1 dev eth0 table ssh

	#############
	# WireGuard #
	#############
	PostUp = ip route add default via 212.33.203.1 dev eth0 table wg
	PostUp = ip rule add fwmark 0x4 table wg
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
	PreDown = ip rule del fwmark 0x4 table wg
	PreDown = ip route del default via 212.33.203.1 dev eth0 table wg

	###############
	# Shadowsocks #
	###############
	PostUp = ip route add default via 212.33.203.1 dev eth0 table ss
	PostUp = ip rule add fwmark 0x3 table ss

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2

	PreDown = ip rule del fwmark 0x3 table ss
	PreDown = ip route del default via 212.33.203.1 dev eth0 table ss

	[Peer]
	PublicKey = ???
	AllowedIPs = 0.0.0.0/0,::0/0
	Endpoint = ???