xeptore/wg-net.conf

## wg-net.conf
[Interface]
Address = 10.66.66.1/24,fd42:42:42::1/64
ListenPort = 55280
PrivateKey = ???
FwMark = 51820
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = iptables -I FORWARD -i %i -o ivpn -j ACCEPT
PostUp = iptables -I FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
PreDown = iptables -D FORWARD -i %i -o ivpn -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o ivpn -j MASQUERADE
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o ivpn -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = ???
PresharedKey = ???
AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128

## wg-vpn.conf
[Interface]
PrivateKey = ???
Address = 10.67.160.42/32,fc00:bbbb:bbbb:bb01::4:a029/128
FwMark = 51820

#######
# SSH #
#######
PostUp = ip route add default via 212.33.203.1 dev eth0 table ssh
PostUp = ip rule add fwmark 0x2 table ssh
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
PreDown = ip rule del fwmark 0x2 table ssh
PreDown = ip route del default via 212.33.203.1 dev eth0 table ssh

#############
# WireGuard #
#############
PostUp = ip route add default via 212.33.203.1 dev eth0 table wg
PostUp = ip rule add fwmark 0x4 table wg
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
PreDown = ip rule del fwmark 0x4 table wg
PreDown = ip route del default via 212.33.203.1 dev eth0 table wg

###############
# Shadowsocks #
###############
PostUp = ip route add default via 212.33.203.1 dev eth0 table ss
PostUp = ip rule add fwmark 0x3 table ss

PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2

PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2

PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2

PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2

PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2

PreDown = ip rule del fwmark 0x3 table ss
PreDown = ip route del default via 212.33.203.1 dev eth0 table ss

[Peer]
PublicKey = ???
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = ???
	[Interface]
	Address = 10.66.66.1/24,fd42:42:42::1/64
	ListenPort = 55280
	PrivateKey = ???
	FwMark = 51820
	PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	PostUp = iptables -I FORWARD -i %i -o ivpn -j ACCEPT
	PostUp = iptables -I FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
	PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
	PreDown = iptables -D FORWARD -i %i -o ivpn -j ACCEPT
	PostUp = iptables -t nat -A POSTROUTING -o ivpn -j MASQUERADE
	PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
	PreDown = iptables -t nat -D POSTROUTING -o ivpn -j MASQUERADE
	PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

	[Peer]
	PublicKey = ???
	PresharedKey = ???
	AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
	[Interface]
	PrivateKey = ???
	Address = 10.67.160.42/32,fc00:bbbb:bbbb:bb01::4:a029/128
	FwMark = 51820

	#######
	# SSH #
	#######
	PostUp = ip route add default via 212.33.203.1 dev eth0 table ssh
	PostUp = ip rule add fwmark 0x2 table ssh
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 22 -j MARK --set-mark 2
	PreDown = ip rule del fwmark 0x2 table ssh
	PreDown = ip route del default via 212.33.203.1 dev eth0 table ssh

	#############
	# WireGuard #
	#############
	PostUp = ip route add default via 212.33.203.1 dev eth0 table wg
	PostUp = ip rule add fwmark 0x4 table wg
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 55280 -j MARK --set-mark 2
	PreDown = ip rule del fwmark 0x4 table wg
	PreDown = ip route del default via 212.33.203.1 dev eth0 table wg

	###############
	# Shadowsocks #
	###############
	PostUp = ip route add default via 212.33.203.1 dev eth0 table ss
	PostUp = ip rule add fwmark 0x3 table ss

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 7675 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 7675 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 6314 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 6314 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 28388 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 28388 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 3519 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 3519 -j MARK --set-mark 2

	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
	PostUp = /sbin/iptables -A OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p tcp --sport 4452 -j MARK --set-mark 2
	PreDown = /sbin/iptables -D OUTPUT -t mangle -o ivpn -p udp --sport 4452 -j MARK --set-mark 2

	PreDown = ip rule del fwmark 0x3 table ss
	PreDown = ip route del default via 212.33.203.1 dev eth0 table ss

	[Peer]
	PublicKey = ???
	AllowedIPs = 0.0.0.0/0,::0/0
	Endpoint = ???