[Unit] Description=wgctl conntrack accept logging daemon After=network.target wg-quick@wg0.service Requires=wg-quick@wg0.service [Service] Type=simple ExecStart=/etc/wireguard/wgctl/daemon/wgctl-conntrack/wgctl-conntrack \ --wg-dir /etc/wireguard Restart=on-failure RestartSec=5s StandardOutput=journal StandardError=journal SyslogIdentifier=wgctl-conntrack # Needs CAP_NET_ADMIN for netlink conntrack AmbientCapabilities=CAP_NET_ADMIN CapabilityBoundingSet=CAP_NET_ADMIN [Install] WantedBy=multi-user.target