soediro · August 25, 2021 12:54 · Dec 11, 2019 · Dec 11, 2019
diff --git a/client.conf b/client.conf
@@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = ***********************
+Address = 192.168.10.2/32, fc::2/128
+DNS = 1.1.1.1,  2606:4700:4700::1111
+
+[Peer]
+PublicKey = ***********************
+AllowedIPs = 0.0.0.0/0, ::/0
+Endpoint = endpoint.domain.tld:51820
diff --git a/pf.conf b/pf.conf
@@ -0,0 +1,21 @@
+# Interfaces
+ext_if = "eth0"
+wireguard_if = "wg0"
+
+# Wireguard Settings
+wireguard_net_v4 = "192.168.10.0/24"
+wireguard_net_v6 = "fc::0/64"
+
+# Rules must be in order: options, normalization, queueing, translation, filtering
+
+# Options
+set skip on lo
+
+# Translation
+# Nat all wireguard to non-wireguard traffic
+nat on $ext_if inet  from $wireguard_net_v4 to { any, !$wireguard_net_v4 } -> ($ext_if)
+nat on $ext_if inet6 from $wireguard_net_v6 to { any, !$wireguard_net_v6 } -> {$ext_if}
+
+# Filtering
+pass inet all
+pass inet6 all
diff --git a/rc.conf b/rc.conf
@@ -0,0 +1,9 @@
+# Wireguard
+wireguard_enable="YES"
+wireguard_interfaces="wg0"
+
+# Networking
+pf_enable="YES"
+pflog_enable="YES"
+gateway_enable="YES"
+ipv6_gateway_enable="YES"
diff --git a/wg0.conf b/wg0.conf
@@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = ***********************
+Address = 192.168.10.1/24, fc::1/64 
+ListenPort = 51820
+
+[Peer]
+# Name = Client
+PublicKey = ***********************
+AllowedIPs = 192.168.10.2/32, fc::2/128
No results found