adding wireguard setup for pve vm access

author: heqnx <root@heqnx.com> 2025-06-24 00:28:18 +0300
committer: heqnx <root@heqnx.com> 2025-06-24 00:28:18 +0300
commit: 4d996aff99c9c31ed66f82afb11c74569ccc6763 (patch)
tree: a4dd5b17132fb2a9543fcb2f8eecf440b5b76577 /templates/wg0.conf.j2
parent: 5832dc592761147a607a3ba35af8715c9adb0527 (diff)
download: ansible-pve-host-4d996aff99c9c31ed66f82afb11c74569ccc6763.tar.gz
ansible-pve-host-4d996aff99c9c31ed66f82afb11c74569ccc6763.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/templates/wg0.conf.j2 b/templates/wg0.conf.j2
new file mode 100644
index 0000000..6b0aa34
--- /dev/null
+++ b/templates/wg0.conf.j2
@@ -0,0 +1,12 @@
+[Interface]
+PrivateKey = {{ private_key }}
+Address    = {{ wireguard_subnet_prefix}}.1/24
+ListenPort = {{ wireguard_port }}
+PostUp     = sysctl -w net.ipv4.ip_forward=1
+PostUp     = iptables -A FORWARD -i {{ wireguard_interface }} -o %i -j ACCEPT
+PostUp     = iptables -A FORWARD -i %i -j ACCEPT
+PostUp     = iptables -t nat -A POSTROUTING -o {{ wireguard_interface }} -j MASQUERADE
+PostDown   = sysctl -w net.ipv4.ip_forward=0
+PostDown   = iptables -D FORWARD -i {{ wireguard_interface }} -o %i -j ACCEPT
+PostDown   = iptables -D FORWARD -i %i -j ACCEPT
+PostDown   = iptables -t nat -D POSTROUTING -o {{ wireguard_interface }} -j MASQUERADE
author	heqnx <root@heqnx.com>	2025-06-24 00:28:18 +0300
committer	heqnx <root@heqnx.com>	2025-06-24 00:28:18 +0300
commit	4d996aff99c9c31ed66f82afb11c74569ccc6763 (patch)
tree	a4dd5b17132fb2a9543fcb2f8eecf440b5b76577 /templates/wg0.conf.j2
parent	5832dc592761147a607a3ba35af8715c9adb0527 (diff)
download	ansible-pve-host-4d996aff99c9c31ed66f82afb11c74569ccc6763.tar.gz ansible-pve-host-4d996aff99c9c31ed66f82afb11c74569ccc6763.zip