WireGuard: Difference between revisions
add solutions for secure dns |
→Peer setup: add comment to indicate permissions needed for networkd secret |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 167: | Line 167: | ||
ListenPort = 51820; | ListenPort = 51820; | ||
# ensure file is readable by `systemd-network` user | |||
PrivateKeyFile = config.age.secrets.wg-key-vps.path; | PrivateKeyFile = config.age.secrets.wg-key-vps.path; | ||
| Line 294: | Line 295: | ||
FirewallMark = 42; | FirewallMark = 42; | ||
# we specify that the routing table 1000 must be used | # (... continued) we specify that the routing table 1000 must be used | ||
# (which is the wireguard routing table). This rule routes all traffic through wireguard. | # (which is the wireguard routing table). This rule routes all traffic through wireguard. | ||
# inside routingPolicyRules section is called Table, not RouteTable | # inside routingPolicyRules section is called Table, not RouteTable | ||
| Line 387: | Line 388: | ||
Family = "both"; | Family = "both"; | ||
} | } | ||
] | ]; | ||
# Configure port forwarding for Transmission under NAT | |||
networking.nat.forwardPorts = | |||
[ | |||
{ | |||
destination = "10.0.0.1:80"; | |||
proto = "tcp"; | |||
sourcePort = 8080; | |||
} | |||
{ | |||
destination = "[fc00::2]:80"; | |||
proto = "tcp"; | |||
sourcePort = 8080; | |||
} | |||
]; | |||
</syntaxhighlight> | </syntaxhighlight> | ||