Skip to main content

WireGuard

Using post-up and post-down scripts in a WireGuard configuration

You can use PostUp and PostDown scripts to run PowerShell commands to manage Name Resolution Policy Table (NRPT) rules when a WireGuard tunnel connects and disconnects.

[Interface]
PostUp = powershell.exe -Command "& { Add-DnsClientNrptRule -Comment 'wg-tunnel-xxx' -Namespace '.xxx.net' -NameServers 172.16.16.254 }"
PostDown = powershell.exe -Command "& { Get-DnsClientNrptRule | where Comment -eq 'wg-tunnel-xxx' | foreach { Remove-DnsClientNrptRule -Name $_.Name -Force } }"

You will need to enable the ability to run scripts through the addition of the DangerousScriptExecution key:

# run the following command using PowerShell running as Administrator
reg add HKLM\Software\WireGuard /v DangerousScriptExecution /t REG_DWORD /d 1 /f

Reference: adminregistry.md

Back to top