diff --git a/README.md b/README.md index a116813..3962040 100644 --- a/README.md +++ b/README.md @@ -88,8 +88,10 @@ These options can be configured by setting environment variables using `-e KEY=" | `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. | | `WG_DEFAULT_DNS` | `1.1.1.1` | `8.8.8.8, 8.8.4.4` | DNS server clients will use. | | `WG_ALLOWED_IPS` | `0.0.0.0/0, ::/0` | `192.168.15.0/24, 10.0.1.0/24` | Allowed IPs clients will use. | -| `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L19) for the default value. | -| `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L26) for the default value. | +| `WG_PRE_UP` | `...` | - | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L19) for the default value. | +| `WG_POST_UP` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L20) for the default value. | +| `WG_PRE_DOWN` | `...` | - | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L27) for the default value. | +| `WG_POST_DOWN` | `...` | `iptables ...` | See [config.js](https://github.com/WeeJeWel/wg-easy/blob/master/src/config.js#L28) for the default value. | > If you change `WG_PORT`, make sure to also change the exposed port. diff --git a/docker-compose.yml b/docker-compose.yml index 0a13acc..9842b26 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,10 @@ services: # - WG_DEFAULT_DNS=1.1.1.1 # - WG_MTU=1420 # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24 + # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt + # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt + # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt + # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt image: weejewel/wg-easy container_name: wg-easy diff --git a/src/config.js b/src/config.js index a08aab3..28c9fc5 100644 --- a/src/config.js +++ b/src/config.js @@ -16,6 +16,7 @@ module.exports.WG_DEFAULT_DNS = typeof process.env.WG_DEFAULT_DNS === 'string' : '1.1.1.1'; module.exports.WG_ALLOWED_IPS = process.env.WG_ALLOWED_IPS || '0.0.0.0/0, ::/0'; +module.exports.WG_PRE_UP = process.env.WG_PRE_UP || ''; module.exports.WG_POST_UP = process.env.WG_POST_UP || ` iptables -t nat -A POSTROUTING -s ${module.exports.WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; @@ -23,4 +24,5 @@ iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; `.split('\n').join(' '); +module.exports.WG_PRE_DOWN = process.env.WG_PRE_DOWN || ''; module.exports.WG_POST_DOWN = process.env.WG_POST_DOWN || ''; diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js index 032854f..441d71c 100644 --- a/src/lib/WireGuard.js +++ b/src/lib/WireGuard.js @@ -19,7 +19,9 @@ const { WG_DEFAULT_ADDRESS, WG_PERSISTENT_KEEPALIVE, WG_ALLOWED_IPS, + WG_PRE_UP, WG_POST_UP, + WG_PRE_DOWN, WG_POST_DOWN, } = require('../config'); @@ -94,7 +96,9 @@ module.exports = class WireGuard { PrivateKey = ${config.server.privateKey} Address = ${config.server.address}/24 ListenPort = 51820 +PreUp = ${WG_PRE_UP} PostUp = ${WG_POST_UP} +PreDown = ${WG_PRE_DOWN} PostDown = ${WG_POST_DOWN} `;