[kwlug-disc] wireguard quesion....

Jason Eckert jason.eckert at gmail.com
Tue Mar 2 18:53:58 EST 2021


Ah - those directives on the last page were something I added last minute
when I was trying to think of other stuff that I probably should talk about.

After reading your question, I realized that I copied-and-pasted them from
my docker-scripts "settings.sh" file (I use containers for
nearly everything, including the WireGuard servers I use for remote access
to networks). In retrospect, that was probably the day I accidentally made
decaf by mistake too ;-)

So, let me fix that here:

To make WireGuard more chatty, you just have to add the following in your
[Interface] section in wg0.conf:
PersistentKeepalive = 25

The masquerading is the same, but to enable client isolation, you can add
the following to your PostUp= line in your [Interface] section:
; iptables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with
icmp-adm-prohibited

Everything else is good.
Sorry about that!
Cheers,
Jason.

On Tue, Mar 2, 2021 at 5:42 PM bob+kwlug at softscape.ca <
bob+kwlug at softscape.ca> wrote:

> Jason (or anybody),
>
> I probably zoned out for a bit during your talk, but did you explain how
> the assignments on the "One more thing..." page worked and where they went
> in the conf file?
>
> I can't seem to find any documentation for that syntax.
>
> Thanks,
> (the other)Bob.
>
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20210302/ea249a75/attachment.htm>


More information about the kwlug-disc mailing list