WireGuard: Difference between revisions
imported>Symphorien instructions for network manager (and disabling rpfilter) |
imported>Symphorien m indentation |
||
| Line 304: | Line 304: | ||
{ config, pkgs, lib, ... }:{ | { config, pkgs, lib, ... }:{ | ||
networking.firewall = { | networking.firewall = { | ||
# if packets are still dropped, they will show up in dmesg | |||
# wireguard trips rpfilter up | logReversePathDrops = true; | ||
extraCommands = '' | # wireguard trips rpfilter up | ||
extraCommands = '' | |||
ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN | |||
''; | ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN | ||
extraStopCommands = '' | ''; | ||
extraStopCommands = '' | |||
ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true | |||
''; | ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true | ||
}; | ''; | ||
}; | |||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| Line 338: | Line 339: | ||
The new VPN connection should be available, you still have to click on it to activate it. | The new VPN connection should be available, you still have to click on it to activate it. | ||
=See also= | =See also= | ||