diff --git a/readme-vars.yml b/readme-vars.yml index 5d20500..4b40b7a 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -35,8 +35,8 @@ param_env_vars: - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"} cap_add_param: true cap_add_param_vars: - - { cap_add_var: "NET_ADMIN" } - - { cap_add_var: "SYS_MODULE" } + - { cap_add_var: "NET_ADMIN", desc: "Neccessary for Wireguard to create its VPN interface." } + - { cap_add_var: "SYS_MODULE", desc: "Neccessary for loading Wireguard kernel module if it's not already loaded." } custom_params: - { name: "sysctl", name_compose: "sysctls", value: ["net.ipv4.conf.all.src_valid_mark=1"], desc: "Required for client mode.", array: "true" } @@ -118,9 +118,9 @@ app_setup_block: | Site-to-site VPN in server mode requires customizing the `AllowedIPs` statement for a specific peer in `wg0.conf`. Since `wg0.conf` is autogenerated when server vars are changed, it is not recommended to edit it manually. In order to customize the `AllowedIPs` statement for a specific peer in `wg0.conf`, you can set an env var `SERVER_ALLOWEDIPS_PEER_` to the additional subnets you'd like to add, comma separated and excluding the peer IP (ie. `"192.168.1.0/24,192.168.2.0/24"`). Replace `` with either the name or number of a peer (whichever is used in the `PEERS` var). - + For instance `SERVER_ALLOWEDIPS_PEER_laptop="192.168.1.0/24,192.168.2.0/24"` will result in the wg0.conf entry `AllowedIPs = 10.13.13.2,192.168.1.0/24,192.168.2.0/24` for the peer named `laptop`. - + Keep in mind that this var will only be considered when the confs are regenerated. Adding this var for an existing peer won't force a regeneration. You can delete wg0.conf and restart the container to force regeneration if necessary. Don't forget to set the necessary POSTUP and POSTDOWN rules in your client's peer conf for lan access.