# WireGuard Configuration Template with MTU Optimization
# This template includes all recommended settings for stable VPN performance

[Interface]
# Server's private key (generated with: wg genkey)
PrivateKey = <YOUR_PRIVATE_KEY>

# VPN tunnel IP address (server side)
Address = 10.0.0.1/24

# UDP listening port (default: 51820)
ListenPort = 51820

# DO NOT save config to this file automatically
SaveConfig = false

# CRITICAL: Set MTU to avoid fragmentation issues
# Recommended: 1300 (balance of performance and compatibility)
# Conservative: 1280 (maximum compatibility, IPv6 minimum)
# Aggressive:  1350 (if network quality is good)
PostUp = ip link set dev %i mtu 1300

# Optional: DNS for clients (pushed via AllowedIPs on client)
# PostUp = echo "nameserver 8.8.8.8" > /etc/resolv.conf.backup && echo "nameserver 8.8.8.8" > /etc/resolv.conf

[Peer]
# Client's public key
PublicKey = <CLIENT_PUBLIC_KEY>

# What IPs this peer is allowed to use
# For a single client: 10.0.0.2/32
# For a subnet: 10.0.0.0/24
AllowedIPs = 10.0.0.2/32

# Client's public IP and port (if known)
# Required for server-initiated connections
Endpoint = <CLIENT_PUBLIC_IP>:<CLIENT_PORT>

# CRITICAL: Keep NAT connections alive
# Send keepalive every 25 seconds
# Essential for clients behind NAT/firewalls
PersistentKeepalive = 25