27 lines
887 B
Django/Jinja
27 lines
887 B
Django/Jinja
#!/usr/bin/env bash
|
|
set -x
|
|
|
|
local_gateway=$(ip route | grep default | awk '{print $3}')
|
|
# This used as the gateway address for NAT-PMP to work properly
|
|
wg_gateway="{{ wg_dns }}"
|
|
wg_peer_address=$(echo "{{ wg_peer_endpoint }}" | cut -d: -f1)
|
|
|
|
ip route add "$wg_peer_address" via "$local_gateway"
|
|
ip link add wg0 type wireguard
|
|
wg setconf wg0 /etc/wireguard/wg0.conf
|
|
ip address add dev wg0 "{{ wg_address }}"
|
|
ip link set wg0 up
|
|
ip route add "$wg_gateway" dev wg0
|
|
ip route del default
|
|
ip route add default via "$wg_gateway"
|
|
|
|
# Note that the DNS isn't changed, so there's actually a leak there
|
|
# That's on purpose, just in case I want to access local jackett from qbit
|
|
|
|
# Still need to figure out how to make this work with IPv6
|
|
# Prevent IPv6 leaks
|
|
# ip -6 route del default
|
|
|
|
# Finally, optionally allow access to the home network
|
|
# ip route add "\{\{ home_network }}" via "$local_gateway"
|