working wireguard including forwarding
parent
64c5d577e8
commit
14b49443f8
|
@ -13,7 +13,6 @@
|
|||
|
||||
backup.dirs = [ "/var/lib/home-assistant" ];
|
||||
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8123 ];
|
||||
networking.firewall.allowedUDPPorts = [ 8123 ];
|
||||
|
||||
|
|
|
@ -13,12 +13,14 @@
|
|||
address = [ "10.100.0.2/32" ];
|
||||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||
privateKeyFile = config.sops.secrets.wireguard_private.path;
|
||||
mtu = 1280;
|
||||
|
||||
# server
|
||||
peers = [
|
||||
{
|
||||
# robi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
allowedIPs = [ "10.100.0.1/32" ];
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
endpoint = "ingolf-wagner.de:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
|
|
|
@ -13,15 +13,14 @@
|
|||
address = [ "10.100.0.1/32" ];
|
||||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||
privateKeyFile = config.sops.secrets.wireguard_private.path;
|
||||
mtu = 1280;
|
||||
|
||||
#postUp = ''
|
||||
# ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
# ${pkgs.iptables}/bin/iptables -A INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#'';
|
||||
#postDown = ''
|
||||
# ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
|
||||
# ${pkgs.iptables}/bin/iptables -D INPUT -i wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
#'';
|
||||
postUp = ''
|
||||
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
'';
|
||||
postDown = ''
|
||||
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
|
||||
'';
|
||||
|
||||
# clients
|
||||
peers = [
|
||||
|
|
|
@ -11,11 +11,13 @@
|
|||
address = [ "10.100.0.3/32" ];
|
||||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||
privateKeyFile = config.sops.secrets.wireguard_private.path;
|
||||
mtu = 1280;
|
||||
|
||||
peers = [
|
||||
{
|
||||
# robi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
allowedIPs = [ "10.100.0.1/32" ];
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
endpoint = "ingolf-wagner.de:51820";
|
||||
}
|
||||
];
|
||||
|
|
Loading…
Reference in New Issue