Last active
May 20, 2025 09:49
-
-
Save xeptore/f288d286d74aaa76d506ab3630ac273c to your computer and use it in GitHub Desktop.
Uncommon WireGuard setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Upstream config, e.g., Cloudflare Warp. | |
[Interface] | |
Address = ADDR | |
PrivateKey = KEY | |
# DNS = DNS # Set DNS on middle clients instead as setting it here might interfere with server config. | |
MTU = 1280 | |
Table = 333 | |
PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE | |
PreDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE | |
[Peer] | |
PublicKey = UPSTREAM_PUBKEY | |
AllowedIPs = 0.0.0.0/0 | |
Endpoint = UPSTREAM_ADDR:UPSTREAM_PORT | |
#PersistentKeepalive = 10 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Device config that communicates with client peers | |
[Interface] | |
PrivateKey = PRVKEY | |
Address = 10.0.0.1/24 | |
ListenPort = 51820 | |
MTU = 1280 | |
PostUp = rules.sh %i up | |
PreDown = rules.sh %i down | |
PostUp = iptables -A FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT | |
PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT | |
# Peers go here |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
declare -A ips | |
ips["10.3.3.0/24"]="334" | |
ips["10.3.3.2/31"]="333" | |
ips["10.3.3.9/32"]="333" | |
ips["10.3.3.10/32"]="332" | |
ips["10.3.3.11/32"]="331" | |
if [ "$#" -ne 2 ]; then | |
echo "Usage: $0 <iface> <up|down>" | |
exit 1 | |
fi | |
iface=$1 | |
action=$2 | |
if [[ "$action" != "up" && "$action" != "down" ]]; then | |
echo "Invalid action. Use 'down' or 'up'." | |
exit 1 | |
fi | |
if [ "$action" == "up" ]; then | |
for k in "${!ips[@]}"; do | |
( | |
set -x | |
ip rule add from "$k" iif "$iface" lookup "${ips[$k]}"; | |
) || true | |
done | |
elif [ "$action" == "down" ]; then | |
for k in "${!ips[@]}"; do | |
( | |
set -x | |
ip rule del from "$k" iif "$iface" lookup "${ips[$k]}"; | |
) || true | |
done | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment