WireGuard: Difference between revisions

@@ Line 20: / Line 20: @@
    ...
-   # Ensure IP forwarding is enabled.
+   # enable NAT
-   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+   networking.nat.enable = true;
+   networking.nat.externalInterface = "eth0";
-  # Add a masquerade rule to iptables so the clients can talk to one another
+  networking.nat.internalInterfaces = [ "wg0" ];
-   networking.firewall.extraCommands = ''
-    iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE
-  '';
    networking.wireguard.interfaces = {
@@ Line 87: / Line 84: @@
            publicKey = "{server public key}";
-           # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
+           # Forward all the traffic via VPN.
-          # For a server peer this should be the whole subnet.
+           allowedIPs = [ "0.0.0.0/0" ];
-           allowedIPs = [ "10.100.0.0/24" ];
            # Set this to the server IP and port.