This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The idea is to use the internal VPN host IP address of the server once we are connected to VPN. | |
# Domain name stays the same and should also be accessible, even when not connected to the VPN. | |
# | |
# Rewrite DNS of gion.io and every subdomain to the internal VPN host IP for every client with IP 192.168.100.* | |
||gion.io^$dnsrewrite=NOERROR;A;192.168.100.1,client='192.168.100.1/24' | |
# Exception for sub domain somedomain.gion.io - which is on another server | |
@@||somedomain.gion.io^$dnsrewrite |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/sysctl.conf | |
# Against port scanning | |
net.inet.tcp.blackhole=2 | |
net.inet.udp.blackhole=1 | |
net.inet.icmp.icmplim=50 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Misc | |
dumpdev="NO" | |
cloudinit_enable="YES" | |
swapfile="/usr/swap0" | |
dbus_enable="YES" | |
# Network Stuff | |
hostname=HOSTNAME.DOMAIN.TLD | |
defaultrouter=X.X.X.X | |
ifconfig_vtnet0=X.X.X.X |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ext_if = "vtnet0" # Our external interface. | |
vpn_if = "wg0" # Wireguard interface | |
gsd_if = "wg-gsd" # Wireguard GSD interface | |
# TCP ports allowed for external / public interface. | |
TCP_EXT_OK = "{ domain-s, http, https, docsrv }" | |
UDP_EXT_OK = "{ domain-s, wireguard }" | |
# Stateful TCP options. | |
TCP_STATE = "flags S/FSRA keep state" |
NewerOlder