xeptore · May 20, 2025 09:49
diff --git a/gate0.conf b/gate0.conf
 # Upstream config, e.g., Cloudflare Warp.
 [Interface]
 Address = ADDR
 PrivateKey = KEY
 # DNS = DNS # Set DNS on middle clients instead as setting it here might interfere with server config.
 MTU = 1280
 Table = 333

 PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
 PreDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE

 [Peer]
 PublicKey = UPSTREAM_PUBKEY
 AllowedIPs = 0.0.0.0/0
 Endpoint = UPSTREAM_ADDR:UPSTREAM_PORT
 #PersistentKeepalive = 10
diff --git a/middle.conf b/middle.conf
 # Device config that communicates with client peers
 [Interface]
 PrivateKey = PRVKEY
 Address = 10.0.0.1/24
 ListenPort = 51820
 MTU = 1280

 PostUp = rules.sh %i up
 PreDown = rules.sh %i down

 PostUp = iptables -A FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
 PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT

 # Peers go here
diff --git a/rules.sh b/rules.sh
 #!/bin/bash

 declare -A ips

 ips["10.3.3.0/24"]="334"
 ips["10.3.3.2/31"]="333"
 ips["10.3.3.9/32"]="333"
 ips["10.3.3.10/32"]="332"
 ips["10.3.3.11/32"]="331"

 if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <iface> <up|down>"
  exit 1
 fi

 iface=$1
 action=$2

 if [[ "$action" != "up" && "$action" != "down" ]]; then
  echo "Invalid action. Use 'down' or 'up'."
  exit 1
 fi

 if [ "$action" == "up" ]; then
  for k in "${!ips[@]}"; do
    (
      set -x
      ip rule add from "$k" iif "$iface" lookup "${ips[$k]}";
    ) || true
  done
 elif [ "$action" == "down" ]; then
  for k in "${!ips[@]}"; do
    (
      set -x
      ip rule del from "$k" iif "$iface" lookup "${ips[$k]}";
    ) || true
  done
 fi
	# Upstream config, e.g., Cloudflare Warp.
	[Interface]
	Address = ADDR
	PrivateKey = KEY
	# DNS = DNS # Set DNS on middle clients instead as setting it here might interfere with server config.
	MTU = 1280
	Table = 333

	PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
	PreDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE

	[Peer]
	PublicKey = UPSTREAM_PUBKEY
	AllowedIPs = 0.0.0.0/0
	Endpoint = UPSTREAM_ADDR:UPSTREAM_PORT
	#PersistentKeepalive = 10
	# Device config that communicates with client peers
	[Interface]
	PrivateKey = PRVKEY
	Address = 10.0.0.1/24
	ListenPort = 51820
	MTU = 1280

	PostUp = rules.sh %i up
	PreDown = rules.sh %i down

	PostUp = iptables -A FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
	PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT

	# Peers go here
	#!/bin/bash

	declare -A ips

	ips["10.3.3.0/24"]="334"
	ips["10.3.3.2/31"]="333"
	ips["10.3.3.9/32"]="333"
	ips["10.3.3.10/32"]="332"
	ips["10.3.3.11/32"]="331"

	if [ "$#" -ne 2 ]; then
	echo "Usage: $0 <iface> <up\|down>"
	exit 1
	fi

	iface=$1
	action=$2

	if [[ "$action" != "up" && "$action" != "down" ]]; then
	echo "Invalid action. Use 'down' or 'up'."
	exit 1
	fi

	if [ "$action" == "up" ]; then
	for k in "${!ips[@]}"; do
	(
	set -x
	ip rule add from "$k" iif "$iface" lookup "${ips[$k]}";
	) \|\| true
	done
	elif [ "$action" == "down" ]; then
	for k in "${!ips[@]}"; do
	(
	set -x
	ip rule del from "$k" iif "$iface" lookup "${ips[$k]}";
	) \|\| true
	done
	fi