beepi/playbooks/wireguard/wg0.conf.j2

[Interface]
PrivateKey = {{ wireguard_private_key }}
Address = 10.10.1.2/24

Table = 123
PreUp = ip rule add fwmark 1 table 123 priority 455
PreUp = ip rule add from 10.10.1.2 table 123 priority 456
PostUp = iptables -t mangle -A PREROUTING -i %i -m conntrack --ctstate NEW -j CONNMARK --set-mark 1
PostUp = iptables -t mangle -A PREROUTING -m conntrack --ctdir REPLY -j CONNMARK --restore-mark

PreDown = iptables -t mangle -D PREROUTING -i %i -m conntrack --ctstate NEW -j CONNMARK --set-mark 1
PreDown = iptables -t mangle -D PREROUTING -m conntrack --ctdir REPLY -j CONNMARK --restore-mark
PostDown = ip rule del fwmark 1 table 123 priority 455
PostDown = ip rule del from 10.10.1.2 table 123 priority 456

[Peer]
PublicKey = r0XaxIE3AVud9Z42UPZF3mwoh2R0B0M1EUDY9cvuyDA=
Endpoint = 192.3.44.243:41194
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25