.env.example

# VPN Configuration
# Copy this file to .env and adjust values for your environment
#
# Usage:
#   cp .env.example .env
#   nano .env  # Edit values
#   source .env && ./scripts/setup-ru-vds.sh

# =============================================================================
# Server IPs (External/Public)
# =============================================================================

# RU VDS (Gateway) - public IP address
RU_VDS_IP="176.124.216.197"

# DE VDS (Exit Node) - public IP address
DE_VDS_IP="194.31.173.178"

# =============================================================================
# WireGuard Ports
# =============================================================================

# Port for client connections (on RU VDS)
WG_CLIENT_PORT="51820"

# Port for server-to-server tunnel (on DE VDS)
WG_TUNNEL_PORT="51821"

# =============================================================================
# VPN Networks
# =============================================================================

# User VPN network (clients connect to this)
USER_VPN_NETWORK="10.10.0.0/24"
USER_VPN_GATEWAY="10.10.0.1"

# Server tunnel network (RU <-> DE)
TUNNEL_NETWORK="10.20.0.0/30"
TUNNEL_RU_IP="10.20.0.1"
TUNNEL_DE_IP="10.20.0.2"

# =============================================================================
# DNS Configuration
# =============================================================================

# DNS servers for VPN clients (dnsmasq forwards to these)
DNS_UPSTREAM_1="8.8.8.8"
DNS_UPSTREAM_2="8.8.4.4"
DNS_UPSTREAM_3="1.1.1.1"

# =============================================================================
# SSH Configuration
# =============================================================================

# SSH port (for firewall rules)
SSH_PORT="22"

# =============================================================================
# Advanced Settings
# =============================================================================

# nftables set timeout for Russian IP ranges (how long before entries expire)
# Format: 1h, 6h, 24h, etc.
NFT_SET_TIMEOUT="6h"

# WireGuard persistent keepalive interval (seconds)
# Helps maintain NAT mappings
WG_KEEPALIVE="25"

# DNS cache size for dnsmasq
DNS_CACHE_SIZE="10000"
Add .env configuration for easy environment customization - Create .env.example with all configurable settings: - Server IPs (RU_VDS_IP, DE_VDS_IP) - WireGuard ports (WG_CLIENT_PORT, WG_TUNNEL_PORT) - VPN networks (USER_VPN_NETWORK, TUNNEL_NETWORK) - DNS settings, SSH port, timeouts - Add .gitignore to exclude .env from version control - Update setup-ru-vds.sh to read from .env - Update setup-de-vds.sh to read from .env - Update add-client.sh to use configuration - Setup scripts save config to /etc/wireguard/vpn.conf for runtime use - Update documentation with .env usage instructions This allows easy deployment to test environments by simply changing values in .env before running setup scripts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-19 18:18:06 +03:00			`# VPN Configuration`
			`# Copy this file to .env and adjust values for your environment`
			`#`
			`# Usage:`
			`# cp .env.example .env`
			`# nano .env # Edit values`
			`# source .env && ./scripts/setup-ru-vds.sh`

			`# =============================================================================`
			`# Server IPs (External/Public)`
			`# =============================================================================`

			`# RU VDS (Gateway) - public IP address`
			`RU_VDS_IP="176.124.216.197"`

			`# DE VDS (Exit Node) - public IP address`
			`DE_VDS_IP="194.31.173.178"`

			`# =============================================================================`
			`# WireGuard Ports`
			`# =============================================================================`

			`# Port for client connections (on RU VDS)`
			`WG_CLIENT_PORT="51820"`

			`# Port for server-to-server tunnel (on DE VDS)`
			`WG_TUNNEL_PORT="51821"`

			`# =============================================================================`
			`# VPN Networks`
			`# =============================================================================`

			`# User VPN network (clients connect to this)`
			`USER_VPN_NETWORK="10.10.0.0/24"`
			`USER_VPN_GATEWAY="10.10.0.1"`

			`# Server tunnel network (RU <-> DE)`
			`TUNNEL_NETWORK="10.20.0.0/30"`
			`TUNNEL_RU_IP="10.20.0.1"`
			`TUNNEL_DE_IP="10.20.0.2"`

			`# =============================================================================`
			`# DNS Configuration`
			`# =============================================================================`

			`# DNS servers for VPN clients (dnsmasq forwards to these)`
			`DNS_UPSTREAM_1="8.8.8.8"`
			`DNS_UPSTREAM_2="8.8.4.4"`
			`DNS_UPSTREAM_3="1.1.1.1"`

			`# =============================================================================`
			`# SSH Configuration`
			`# =============================================================================`

			`# SSH port (for firewall rules)`
			`SSH_PORT="22"`

			`# =============================================================================`
			`# Advanced Settings`
			`# =============================================================================`

			`# nftables set timeout for Russian IP ranges (how long before entries expire)`
			`# Format: 1h, 6h, 24h, etc.`
			`NFT_SET_TIMEOUT="6h"`

			`# WireGuard persistent keepalive interval (seconds)`
			`# Helps maintain NAT mappings`
			`WG_KEEPALIVE="25"`

			`# DNS cache size for dnsmasq`
			`DNS_CACHE_SIZE="10000"`