WireGuard: Difference between revisions
imported>Shivam543 wg-quick config has IPv6 IP address assigned but IPv6 nat is disabled by default, and needs to be manually enabled. |
imported>Symphorien rpfilter is now in the mangle table |
||
| Line 311: | Line 311: | ||
# wireguard trips rpfilter up | # wireguard trips rpfilter up | ||
extraCommands = '' | extraCommands = '' | ||
ip46tables -t | ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN | ||
ip46tables -t | ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN | ||
''; | ''; | ||
extraStopCommands = '' | extraStopCommands = '' | ||
ip46tables -t | ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true | ||
ip46tables -t | ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true | ||
''; | ''; | ||
}; | }; | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
{{note|On NixOS 22.05 and earlier, the nixos-fw-rpfilter chain was in the raw table, not in the mangle table}} | |||
Adding a wireguard connection to NetworkManager is not straightforward to do fully in gui, it is simpler to reuse a configuration file for wg-guick. For example: | Adding a wireguard connection to NetworkManager is not straightforward to do fully in gui, it is simpler to reuse a configuration file for wg-guick. For example: | ||