-
Notifications
You must be signed in to change notification settings - Fork 2
/
external.conf
20 lines (18 loc) · 1.19 KB
/
external.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[Interface]
Address = <EXTERNAL_VPN_ADDRESS>
PrivateKey = <EXTERNAL_VPN_PRIVATE_KEY>
DNS = <EXTERNAL_VPN_DNS>
PostUp = iptables -t mangle -A OUTPUT -d <INTERNAL_VPN_SUBNET> -j MARK --set-mark 51820
PreDown = iptables -t mangle -D OUTPUT -d <INTERNAL_VPN_SUBNET> -j MARK --set-mark 51820
PostUp = iptables -t mangle -A OUTPUT -d <ROUTER_SUBNET> -j MARK --set-mark 51820
PreDown = iptables -t mangle -D OUTPUT -d <ROUTER_SUBNET> -j MARK --set-mark 51820
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark 51820 -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark 51820 -m addrtype ! --dst-type LOCAL -j REJECT
PostUp = ip route add <INTERNAL_VPN_SUBNET> via <GATEWAY_IP>; iptables -I OUTPUT -d <INTERNAL_VPN_SUBNET> -j ACCEPT
PreDown = ip route del <INTERNAL_VPN_SUBNET> via <GATEWAY_IP>; iptables -D OUTPUT -d <INTERNAL_VPN_SUBNET> -j ACCEPT
PostUp = ip route add <ROUTER_SUBNET>/24 via <GATEWAY_IP>; iptables -I OUTPUT -d <ROUTER_SUBNET>/24 -j ACCEPT
PreDown = ip route del <ROUTER_SUBNET>/24 via <GATEWAY_IP>; iptables -D OUTPUT -d <ROUTER_SUBNET>/24 -j ACCEPT
[Peer]
PublicKey = <EXTERNAL_VPN_PUBLIC_KEY>
AllowedIPs = 0.0.0.0/0
Endpoint = <EXTERNAL_VPN_ENDPOINT>:51820