Enhance change-ip clarity

networking/vpn-wg-site-to-vps.txt

@@ -33,33 +33,33 @@ PostUp = iptables -A FORWARD -i wg0 -o ens3 -j ACCEPT
 PostUp = iptables -A FORWARD -i ens3 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 PostUp = iptables -I FORWARD -i wg0 -s 10.66.66.0/24 -d 10.66.66.0/24 -j DROP
 
-# NAT rules for client ip1
-PostUp = iptables -t nat -A POSTROUTING -s 10.66.66.2/32 -o ens3 -j SNAT --to-source change-ip1
-PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip1 -p tcp --dport 80 -j DNAT --to-destination 10.66.66.2:80
-PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip1 -p tcp --dport 443 -j DNAT --to-destination 10.66.66.2:443
+# NAT rules for client ip-1
+PostUp = iptables -t nat -A POSTROUTING -s change-ip-wglocal-1/32 -o ens3 -j SNAT --to-source change-ip-public-1
+PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip-public-1 -p tcp --dport 80 -j DNAT --to-destination change-ip-wglocal-1:80
+PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip-public-1 -p tcp --dport 443 -j DNAT --to-destination change-ip-wglocal-1:443
 
-# NAT rules for client ip2
-PostUp = iptables -t nat -A POSTROUTING -s 10.66.66.4/32 -o ens3 -j SNAT --to-source change-ip2
-PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip2 -p tcp --dport 80 -j DNAT --to-destination 10.66.66.4:80
-PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip2 -p tcp --dport 443 -j DNAT --to-destination 10.66.66.4:443
+# NAT rules for client ip-2
+PostUp = iptables -t nat -A POSTROUTING -s change-ip-wglocal-2/32 -o ens3 -j SNAT --to-source change-ip-public-2
+PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip-public-2 -p tcp --dport 80 -j DNAT --to-destination change-ip-wglocal-2:80
+PostUp = iptables -t nat -A PREROUTING -i ens3 -d change-ip-public-2 -p tcp --dport 443 -j DNAT --to-destination change-ip-wglocal-2:443
 
 # iptables rules to remove when deleting the WireGuard interface
 PostDown = iptables -D INPUT -p udp --dport 51737 -j ACCEPT || true
 PostDown = iptables -D FORWARD -i wg0 -o ens3 -j ACCEPT || true
 PostDown = iptables -D FORWARD -i ens3 -o wg0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT || true
 PostDown = iptables -D FORWARD -i wg0 -s 10.66.66.0/24 -d 10.66.66.0/24 -j DROP || true
-PostDown = iptables -t nat -D POSTROUTING -s 10.66.66.2/32 -o ens3 -j SNAT --to-source change-ip1 || true
-PostDown = iptables -t nat -D POSTROUTING -s 10.66.66.4/32 -o ens3 -j SNAT --to-source change-ip2 || true
-PostDown = iptables -t nat -D PREROUTING -i ens3 -d change-ip1 -p tcp --dport 80 -j DNAT --to-destination 10.66.66.2:80 || true
-PostDown = iptables -t nat -D PREROUTING -i ens3 -d change-ip1 -p tcp --dport 443 -j DNAT --to-destination 10.66.66.2:443 || true
+PostDown = iptables -t nat -D POSTROUTING -s change-ip-wglocal-1/32 -o ens3 -j SNAT --to-source change-ip-public-1 || true
+PostDown = iptables -t nat -D POSTROUTING -s change-ip-wglocal-2/32 -o ens3 -j SNAT --to-source change-ip-public-2 || true
+PostDown = iptables -t nat -D PREROUTING -i ens3 -d change-ip-public-1 -p tcp --dport 80 -j DNAT --to-destination change-ip-wglocal-1:80 || true
+PostDown = iptables -t nat -D PREROUTING -i ens3 -d change-ip-public-1 -p tcp --dport 443 -j DNAT --to-destination change-ip-wglocal-1:443 || true
 
-### Client ip1
+### Client ip-1
 [Peer]
 PublicKey = X
 PresharedKey = X
-AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
+AllowedIPs = change-ip-wglocal-1/32,fd42:42:42::2/128
 
-### Client ip2
+### Client ip-2
 [Peer]
 PublicKey = X
 PresharedKey = X
@@ -73,4 +73,4 @@ AllowedIPs = 10.66.66.3/32,fd42:42:42::3/128
 # Follow the steps described in the OPNsense documentation:
 # https://docs.opnsense.org
 # Configure port forwarding from the OPNsense router to the local IP of the WireGuard client
-# For example, forward the port from 192.168.1.x to 10.66.66.2
+# For example, forward the port from 192.168.1.x to change-ip-wglocal-1