The following is instructions for adding a postup and postdown script to the Wireguard config.
For Windows, this adds Powershell commands for adding and removing a DNS Client Rule when the client connects and disconnects.
- In the Windows Wireguard client, edit the config.
- Add the following commands in the [Interface] section
PostUp = powershell -command "Add-DnsClientNrptRule -Namespace 'domainname.com' -NameServers '10.1.10.2'"
PostDown = powershell -command "Get-DnsClientNrptRule | Where { $_.Namespace -match '.*domainname\.com' } | Remove-DnsClientNrptRule -force"
- Change the following entries to match your setup:
- Namespace - A comma-separated list of domain names to add.
- NameServers - A comma-separated list of name server IP addresses.
For the -match make sure to include a backslash (\) before each period (.)
This may be different based on your distribution of Linux.
- Edit the config file on the Linux client.
- In the [Interface] section, add the following:
PostUp = resolvectl dns %i 10.1.10.2; resolvectl domain %i domainname.com
PreUp = iptables -A INPUT -i wg -m state --state ESTABLISHED,RELATED -j ACCEPT
PreUp = iptables -A INPUT -i wg -j REJECT
PostDown = iptables -D INPUT -i wg -m state --state ESTABLISHED,RELATED -j ACCEPT
PostDown = iptables -D INPUT -i wg -j REJECT
- Replace 10.1.10.2 with the correct IP of your nameserver.
- Replace domainname.com with your domain name.
Need more Help? Email support@verge.io or call us at (855) 855-8300