diff -Nur --no-dereference smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface
--- smeserver-wireguard-1.0.old/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface	2022-12-26 22:00:45.538000000 -0500
+++ smeserver-wireguard-1.0/root/etc/e-smith/templates/etc/wireguard/wg0.conf/10interface	2022-12-26 22:04:27.773000000 -0500
@@ -3,7 +3,8 @@
 ListenPort = {${'wg-quick@wg0'}{UDPPort} || '51820' }
 PrivateKey = {${'wg-quick@wg0'}{private}}
 
-# this should be added to masq with correct interfaces
-PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
-PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
+# this is not needed as we define vpn network as lan in network db 
+# furthermore masquerading postrouting will also mess up with any openvpn-s2s vpn
+#PostUp = iptables -I FORWARD -i %i -j ACCEPT; iptables -I FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE
+#PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {$outernet = ($SystemMode eq "serveronly") ? $InternalInterface{Name} : $ExternalInterface{Name}; return $InternalInterface{Name} } -j MASQUERADE