[Interface]
Address = 10.30.250.1/24
PrivateKey = YFgaDQBWzcfCE25q8bUocKRqz5LT1GS6eGrX6SldT3s=
ListenPort = 51820
MTU = 1360
Table = off

# 1. Lokales Routing auf dem VPS, damit er weiß, wo deine Heimnetze liegen
PostUp = ip route add 10.30.1.0/24 dev wg0
PostUp = ip route add 10.30.10.0/24 dev wg0
PostUp = ip route add 10.30.20.0/24 dev wg0
PostUp = ip route add 10.30.30.0/24 dev wg0
PostUp = ip route add 10.30.40.0/24 dev wg0

# 2. Policy Routing: Zwingt den Internet-Traffic der Clients (z.B. Handy) in den Tunnel zur UDM
PostUp = ip rule add iif wg0 lookup 200
PostUp = ip route add default dev wg0 table 200

# 3. Erlaubt Linux, die Pakete innerhalb des Tunnels (Handy -> UDM) weiterzuleiten
PostUp = iptables -I FORWARD -i wg0 -o wg0 -j ACCEPT
PreDown = iptables -D FORWARD -i wg0 -o wg0 -j ACCEPT

# Cleanup beim Beenden des Tunnels
PreDown = ip rule del iif wg0 lookup 200
PreDown = ip route flush table 200
PreDown = ip route del 10.30.40.0/24 dev wg0
PreDown = ip route del 10.30.30.0/24 dev wg0
PreDown = ip route del 10.30.20.0/24 dev wg0
PreDown = ip route del 10.30.10.0/24 dev wg0
PreDown = ip route del 10.30.1.0/24 dev wg0

# Peer 1: UDM Max (Dein neues Gateway ins Heimnetz und ins Internet)
[Peer]
PublicKey = 4XOnKh1ZZs6cNVjyFEjTz3njPUYTta3OSPTY4bsCLCs=
# Die 0.0.0.0/0 ist hier essenziell, damit der VPS Anfragen ins Internet an die UDM abgibt
AllowedIPs = 10.30.1.0/24, 10.30.10.0/24, 10.30.20.0/24, 10.30.30.0/24, 10.30.40.0/24, 0.0.0.0/0

# Peer 2: Handy
[Peer]
PublicKey = Or5f7b6myu8FfYUOGG9aqCxj6L38bKlzinszbT6tHhY=
AllowedIPs = 10.30.250.3/32

# Peer 3: Notebook X250
[Peer]
PublicKey = UkHXpioh9plZpdDGwLa+8CuxZ9mlYR3LftEbnf8cUhU=
AllowedIPs = 10.30.250.4/32

# Peer 4: Firma Linux
[Peer]
PublicKey = zUTHdHlfC99dx0pfr09i5qEVKTRFkoUkg5+JPEr6uCo=
AllowedIPs = 10.30.250.5/32

# Peer 5: Doro
[Peer]
PublicKey = HUTtUWCQ1lfZkXJxzY1iL48ZFVqTQzFagr5rhcMa8VQ=
AllowedIPs = 10.30.250.6/32