WireGuard: Difference between revisions
add solutions for secure dns |
mNo edit summary |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 18: | Line 18: | ||
systemd.network is recommended due to its powerful configuration interface. | systemd.network is recommended due to its powerful configuration interface. | ||
wg-quick is suitable for common usage patterns. networking.wireguard seems to | wg-quick is suitable for common usage patterns. networking.wireguard seems to | ||
have issues with routing. NetworkManager does not | have issues with routing. NetworkManager does not support Proxy server setup, and | ||
is cubersome to use. | is cubersome to use. | ||
| Line 167: | Line 167: | ||
ListenPort = 51820; | ListenPort = 51820; | ||
# ensure file is readable by `systemd-network` user | |||
PrivateKeyFile = config.age.secrets.wg-key-vps.path; | PrivateKeyFile = config.age.secrets.wg-key-vps.path; | ||
| Line 294: | Line 295: | ||
FirewallMark = 42; | FirewallMark = 42; | ||
# we specify that the routing table 1000 must be used | # (... continued) we specify that the routing table 1000 must be used | ||
# (which is the wireguard routing table). This rule routes all traffic through wireguard. | # (which is the wireguard routing table). This rule routes all traffic through wireguard. | ||
# inside routingPolicyRules section is called Table, not RouteTable | # inside routingPolicyRules section is called Table, not RouteTable | ||
| Line 387: | Line 388: | ||
Family = "both"; | Family = "both"; | ||
} | } | ||
] | ]; | ||
# Configure port forwarding for Transmission under NAT | |||
networking.nat.forwardPorts = | |||
[ | |||
{ | |||
destination = "10.0.0.1:80"; | |||
proto = "tcp"; | |||
sourcePort = 8080; | |||
} | |||
{ | |||
destination = "[fc00::2]:80"; | |||
proto = "tcp"; | |||
sourcePort = 8080; | |||
} | |||
]; | |||
</syntaxhighlight> | </syntaxhighlight> | ||