054437d5a4
- Create .env.example with all configurable settings: - Server IPs (RU_VDS_IP, DE_VDS_IP) - WireGuard ports (WG_CLIENT_PORT, WG_TUNNEL_PORT) - VPN networks (USER_VPN_NETWORK, TUNNEL_NETWORK) - DNS settings, SSH port, timeouts - Add .gitignore to exclude .env from version control - Update setup-ru-vds.sh to read from .env - Update setup-de-vds.sh to read from .env - Update add-client.sh to use configuration - Setup scripts save config to /etc/wireguard/vpn.conf for runtime use - Update documentation with .env usage instructions This allows easy deployment to test environments by simply changing values in .env before running setup scripts. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
72 lines
2.2 KiB
Plaintext
72 lines
2.2 KiB
Plaintext
# VPN Configuration
|
|
# Copy this file to .env and adjust values for your environment
|
|
#
|
|
# Usage:
|
|
# cp .env.example .env
|
|
# nano .env # Edit values
|
|
# source .env && ./scripts/setup-ru-vds.sh
|
|
|
|
# =============================================================================
|
|
# Server IPs (External/Public)
|
|
# =============================================================================
|
|
|
|
# RU VDS (Gateway) - public IP address
|
|
RU_VDS_IP="176.124.216.197"
|
|
|
|
# DE VDS (Exit Node) - public IP address
|
|
DE_VDS_IP="194.31.173.178"
|
|
|
|
# =============================================================================
|
|
# WireGuard Ports
|
|
# =============================================================================
|
|
|
|
# Port for client connections (on RU VDS)
|
|
WG_CLIENT_PORT="51820"
|
|
|
|
# Port for server-to-server tunnel (on DE VDS)
|
|
WG_TUNNEL_PORT="51821"
|
|
|
|
# =============================================================================
|
|
# VPN Networks
|
|
# =============================================================================
|
|
|
|
# User VPN network (clients connect to this)
|
|
USER_VPN_NETWORK="10.10.0.0/24"
|
|
USER_VPN_GATEWAY="10.10.0.1"
|
|
|
|
# Server tunnel network (RU <-> DE)
|
|
TUNNEL_NETWORK="10.20.0.0/30"
|
|
TUNNEL_RU_IP="10.20.0.1"
|
|
TUNNEL_DE_IP="10.20.0.2"
|
|
|
|
# =============================================================================
|
|
# DNS Configuration
|
|
# =============================================================================
|
|
|
|
# DNS servers for VPN clients (dnsmasq forwards to these)
|
|
DNS_UPSTREAM_1="8.8.8.8"
|
|
DNS_UPSTREAM_2="8.8.4.4"
|
|
DNS_UPSTREAM_3="1.1.1.1"
|
|
|
|
# =============================================================================
|
|
# SSH Configuration
|
|
# =============================================================================
|
|
|
|
# SSH port (for firewall rules)
|
|
SSH_PORT="22"
|
|
|
|
# =============================================================================
|
|
# Advanced Settings
|
|
# =============================================================================
|
|
|
|
# nftables set timeout for Russian IP ranges (how long before entries expire)
|
|
# Format: 1h, 6h, 24h, etc.
|
|
NFT_SET_TIMEOUT="6h"
|
|
|
|
# WireGuard persistent keepalive interval (seconds)
|
|
# Helps maintain NAT mappings
|
|
WG_KEEPALIVE="25"
|
|
|
|
# DNS cache size for dnsmasq
|
|
DNS_CACHE_SIZE="10000"
|