WireGuard: Difference between revisions
imported>Mweinelt →Setting up WireGuard with systemd-networkd: networkd is not experimental, useNetworkd is. |
imported>BarrettTom |
||
| Line 236: | Line 236: | ||
==Setting up WireGuard with systemd-networkd== | ==Setting up WireGuard with systemd-networkd== | ||
===Server setup=== | |||
<syntaxHighlight lang="nix"> | |||
{ | |||
config, | |||
pkgs, | |||
lib, | |||
... | |||
}: { | |||
networking.firewall.allowedUDPPorts = [51820]; | |||
systemd.network = { | |||
enable = true; | |||
netdevs = { | |||
"50-wg0" = { | |||
netdevConfig = { | |||
Kind = "wireguard"; | |||
Name = "wg0"; | |||
MTUBytes = "1300"; | |||
}; | |||
wireguardConfig = { | |||
PrivateKeyFile = "/run/keys/wireguard-privkey"; | |||
ListenPort = 51820; | |||
}; | |||
wireguardPeers = [ | |||
{ | |||
wireguardPeerConfig = { | |||
PublicKey = "L4msD0mEG2ctKDtaMJW2y3cs1fT2LBRVV7iVlWZ2nZc="; | |||
AllowedIPs = ["10.100.0.2"]; | |||
}; | |||
} | |||
]; | |||
}; | |||
}; | |||
networks.wg0 = { | |||
matchConfig.Name = "wg0"; | |||
address = ["10.100.0.1/24"]; | |||
networkConfig = { | |||
IPMasquerade = "ipv4"; | |||
IPForward = true; | |||
}; | |||
}; | |||
}; | |||
} | |||
</syntaxHighlight> | |||
===Client setup=== | ===Client setup=== | ||