@ -608,17 +608,14 @@ Defines what address range the local node should route traffic for. Depending on
**Examples**
* Node is a client that only routes traffic for itself
`Address = 10.0.0.3/32`
* Node is a public bounce server that can relay traffic to other peers
When the node is acting as the public bounce server, it should set this to be the entire subnet that it can route traffic, not just a single IP for itself.
`Address = 10.0.0.1/24`
* You can also specify multiple subnets or IPv6 subnets like so:
`Address = 10.0.0.1/24,fd42:42:42::1/64`
#### `ListenPort`
@ -632,7 +629,6 @@ When the node is acting as a public bounce server, it should hardcode a port to
* Using custom WireGuard port
`ListenPort = 7000`
#### `PrivateKey`
This is the private key for the local node, never shared with other servers.
@ -644,7 +640,6 @@ This key can be generated with `wg genkey > example.key`
`PrivateKey = somePrivateKeyAbcdAbcdAbcdAbcd=`
#### `DNS`
The DNS server(s) to announce to VPN clients via DHCP, most clients will use this server for DNS requests over the VPN, but clients can also override this value locally on their nodes
@ -657,7 +652,6 @@ The DNS server(s) to announce to VPN clients via DHCP, most clients will use thi
* or multiple DNS servers can be provided
`DNS = 1.1.1.1,8.8.8.8`
#### `Table`
Optionally defines which routing table to use for the WireGuard routes, not necessary to configure for most setups.
Optionally defines the maximum transmission unit (MTU, aka packet/frame size) to use when connecting to the peer, not necessary to configure for most setups.
@ -720,6 +713,9 @@ Optionally run a command after the interface is brought up.
* Add an iptables rule to enable packet forwarding on the WireGuard interface
`PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE`
* Force WireGuard to re-resolve IP address for peer domain
Nick Sweeting
5 years ago
committed by
GitHub