clerie/nixfiles
1
0
Fork 0
Code Activity

Switch from gre tunnel to wireguard for heimnetz transport

Browse Source
This commit is contained in:
clerie
2021-05-12 10:04:04 +02:00
parent a3002d2455
commit 1caff12782
2 changed files with 26 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
hosts/carbon/configuration.nix
View File

@@ -75,25 +75,21 @@
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-porter4";
};
wg-heimnetz = {
ips = [ "fd00:153:153:201::2/64" ];
peers = [ {
allowedIPs = [ "::/0" ];
endpoint = "[fd00:152:152:101::1]:60001";
publicKey = "j/XAIOJGgLieg0jry4AGSkxQySuDdwhJShqC5SCgsWw=";
} ];
listenPort = 60001;
allowedIPsAsRoutes = false;
privateKeyFile = "/var/src/secrets/wireguard/wg-heimnetz";
postSetup = "ip link set wg-heimnetz mtu 1340";
};
};
clerie.gre-tunnel = {
enable = true;
ipv6= {
gre-gatekeeper6 = {
remote = "fd00:152:152:101::1";
local = (lib.head config.networking.interfaces.lo.ipv6.addresses).address;
address = "fd00:153:153:201::2/64";
};
};
ipv4 = {
gre-gatekeeper4 = {
remote = "10.152.101.1";
local = (lib.head config.networking.interfaces.lo.ipv4.addresses).address;
address = "10.153.201.2/24";
};
};
};
networking.firewall.allowedUDPPorts = [ 60001 ];
# Routing tables
# Table: 10000