enable forwarding on vpn

2022-04-27 19:30:58 +02:00 · 2022-04-27 19:30:58 +02:00 · b8f2c5c531
commit b8f2c5c531
parent d415aa10be
2 changed files with 27 additions and 14 deletions
--- a/nixos/modules/vpnServer.nix
+++ b/nixos/modules/vpnServer.nix
@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, pkgs, lib, ... }:

 with lib;
 let
@ -32,19 +32,27 @@ in
    };
  };
  config = mkIf cfg.enable {
-    networking.wireguard.enable = true;
-    networking.wireguard.interfaces."wg0" = {
-      allowedIPsAsRoutes = true;
-      privateKeyFile = "/var/lib/wireguard/wg0-key";
-      ips = [ "fd42:9c3b:f96d:0200::0/64" ];
-      listenPort = 51234;
-      peers = map
-        (peer: (
-          {
-            allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
-            publicKey = peer.key;
-          }))
-        (attrValues cfg.peers);
+    networking.wireguard = {
+      enable = true;
+      interfaces."wg0" = {
+        allowedIPsAsRoutes = true;
+        privateKeyFile = "/var/lib/wireguard/wg0-key";
+        ips = [ "fd42:9c3b:f96d:0200::0/64" ];
+        listenPort = 51234;
+        peers = map
+          (peer: (
+            {
+              allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
+              publicKey = peer.key;
+            }))
+          (attrValues cfg.peers);
+        postSetup = ''
+          wg set wg0 fwmark 51234
+          ip rule add table 2468
+          ip route add default dev ens3 table 2468
+          ip route add fwmark 51234 table 2468
+        '';
+      };
    };
  };
 }