echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\". ****"
echo "External trigger running off of master branch. To disable this trigger, set a Github secret named \`PAUSE_EXTERNAL_TRIGGER_WIREGUARD_MASTER\`" >> $GITHUB_STEP_SUMMARY
@ -382,6 +382,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions
* **24.05.24:** - Rebase to Alpine 3.20, install wireguard-tools from Alpine repo.
* **10.03.24:** - Use iptables-legacy on Alpine 3.19.
* **05.03.24:** - Rebase master to Alpine 3.19.
* **03.10.23:** - **Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`.
- {vol_path:"/config", vol_host_path:"/path/to/appdata/config", desc:"Contains all relevant configuration files."}
- {vol_path:"/config", vol_host_path:"/path/to/{{ project_name }}/config", desc:"Contains all relevant configuration files."}
opt_param_usage_include_vols:true
opt_param_volumes:
- {vol_path:"/lib/modules", vol_host_path:"/lib/modules", desc:"Host kernel modules for situations where they're not already loaded."}
@ -118,9 +118,9 @@ app_setup_block: |
Site-to-site VPN in server mode requires customizing the `AllowedIPs` statement for a specific peer in `wg0.conf`. Since `wg0.conf` is autogenerated when server vars are changed, it is not recommended to edit it manually.
In order to customize the `AllowedIPs` statement for a specific peer in `wg0.conf`, you can set an env var `SERVER_ALLOWEDIPS_PEER_<peer name or number>` to the additional subnets you'd like to add, comma separated and excluding the peer IP (ie. `"192.168.1.0/24,192.168.2.0/24"`). Replace `<peer name or number>` with either the name or number of a peer (whichever is used in the `PEERS` var).
For instance `SERVER_ALLOWEDIPS_PEER_laptop="192.168.1.0/24,192.168.2.0/24"` will result in the wg0.conf entry `AllowedIPs = 10.13.13.2,192.168.1.0/24,192.168.2.0/24` for the peer named `laptop`.
Keep in mind that this var will only be considered when the confs are regenerated. Adding this var for an existing peer won't force a regeneration. You can delete wg0.conf and restart the container to force regeneration if necessary.
Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's peer conf for lan access.
@ -128,6 +128,7 @@ app_setup_block: |
# changelog
changelogs:
- {date:"24.05.24:", desc:"Rebase to Alpine 3.20, install wireguard-tools from Alpine repo."}
- {date:"10.03.24:", desc:"Use iptables-legacy on Alpine 3.19."}
- {date:"05.03.24:", desc:"Rebase master to Alpine 3.19."}
- {date:"03.10.23:", desc:"**Potentially Breaking Change:** Support for multiple interfaces added. Wireguard confs moved to `/config/wg_confs/`. Any file with a `.conf` extension in that folder will be treated as a live tunnel config and will be attempted to start. If any of the tunnels fail, all tunnels will be stopped. Tunnels are started in alphabetical order. Managed server conf will continue to be hardcoded to `wg0.conf`."}