WireGuard: Difference between revisions
imported>Garbas mNo edit summary |
imported>Amscto Fix issue adding wireguard client (separate server in place and tested/working) using these instructions after following bare metal install with: nixos-generate-config --root |
||
| Line 78: | Line 78: | ||
{ | { | ||
... | ... | ||
networking.firewall = { | |||
allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport | |||
}; | |||
# Enable Wireguard | # Enable Wireguard | ||
networking.wireguard.interfaces = { | networking.wireguard.interfaces = { | ||
| Line 84: | Line 87: | ||
# Determines the IP address and subnet of the client's end of the tunnel interface. | # Determines the IP address and subnet of the client's end of the tunnel interface. | ||
ips = [ "10.100.0.2/24" ]; | ips = [ "10.100.0.2/24" ]; | ||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) | |||
# Path to the private key file. | # Path to the private key file. | ||
| Line 94: | Line 98: | ||
peers = [ | peers = [ | ||
# For a client configuration, one peer entry for the server will suffice. | # For a client configuration, one peer entry for the server will suffice. | ||
{ | { | ||
# Public key of the server (not a file path). | # Public key of the server (not a file path). | ||
| Line 104: | Line 109: | ||
# Set this to the server IP and port. | # Set this to the server IP and port. | ||
endpoint = "{server ip}:51820"; | endpoint = "{server ip}:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 | ||
# Send keepalives every 25 seconds. Important to keep NAT tables alive. | # Send keepalives every 25 seconds. Important to keep NAT tables alive. | ||