From 21f2235964d25189d0fc3124fdf694e21a3125b3 Mon Sep 17 00:00:00 2001 From: clerie Date: Wed, 16 Dec 2020 11:15:59 +0100 Subject: [PATCH] Add IPv4 Tunnel Support --- hosts/nonat/configuration.nix | 44 ++++++++++++++++++++++++++++------ hosts/porter/configuration.nix | 44 ++++++++++++++++++++++++++++------ 2 files changed, 74 insertions(+), 14 deletions(-) diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix index 6102fd9..03515cf 100644 --- a/hosts/nonat/configuration.nix +++ b/hosts/nonat/configuration.nix @@ -52,6 +52,7 @@ networking.wireguard.enable = true; networking.wireguard.interfaces = { wg-porter = { + ips = [ "fe80::1337:2/64" "169.254.137.2/24" ]; peers = [ { allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "porter.net.clerie.de:51337"; @@ -60,7 +61,7 @@ listenPort = 51337; allowedIPsAsRoutes = false; privateKeyFile = "/var/src/secrets/wireguard/wg-porter"; - } // (import ../../lib/link-local-wireguard.nix {}).llIPv6 "fe80::1337:2" "fe80::1337:1" "wg-porter"; + }; }; networking.firewall.allowedUDPPorts = [ 51337 ]; @@ -70,15 +71,19 @@ router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; ipv6 table ospf6; + ipv4 table ospf4; protocol direct { - interface "lo"; - ipv6 { - table ospf6; - }; + interface "lo"; + ipv6 { + table ospf6; + }; + ipv4 { + table ospf4; + }; } - protocol kernel { + protocol kernel kernel_6 { ipv6 { table ospf6; export filter { @@ -89,7 +94,18 @@ }; } - protocol ospf v3 { + protocol kernel kernel_4 { + ipv4 { + table ospf4; + export filter { + krt_prefsrc=10.152.103.1; + accept; + }; + import none; + }; + } + + protocol ospf v3 ospf_6 { ipv6 { table ospf6; import all; @@ -103,6 +119,20 @@ }; } + protocol ospf v3 ospf_4 { + ipv4 { + table ospf4; + import all; + export all; + }; + area 0 { + interface "wg-porter" { + cost 80; + type pointopoint; + }; + }; + } + protocol device { scan time 10; } diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix index 4999198..2ea2c21 100644 --- a/hosts/porter/configuration.nix +++ b/hosts/porter/configuration.nix @@ -34,6 +34,7 @@ networking.wireguard.enable = true; networking.wireguard.interfaces = { wg-nonat = { + ips = [ "fe80::1337:1/64" "169.254.137.1/24" ]; peers = [ { allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "nonat.net.clerie.de:51337"; @@ -42,7 +43,7 @@ listenPort = 51337; allowedIPsAsRoutes = false; privateKeyFile = "/var/src/secrets/wireguard/wg-nonat"; - } // (import ../../lib/link-local-wireguard.nix {}).llIPv6 "fe80::1337:1" "fe80::1337:2" "wg-nonat"; + }; }; networking.firewall.allowedUDPPorts = [ 51337 ]; @@ -52,15 +53,19 @@ router id ${ (lib.head config.networking.interfaces.lo.ipv4.addresses).address }; ipv6 table ospf6; + ipv4 table ospf4; protocol direct { - interface "lo"; - ipv6 { - table ospf6; - }; + interface "lo"; + ipv6 { + table ospf6; + }; + ipv4 { + table ospf4; + }; } - protocol kernel { + protocol kernel kernel_6 { ipv6 { table ospf6; export filter { @@ -71,7 +76,18 @@ }; } - protocol ospf v3 { + protocol kernel kernel_4 { + ipv4 { + table ospf4; + export filter { + krt_prefsrc=10.152.102.1; + accept; + }; + import none; + }; + } + + protocol ospf v3 ospf_6 { ipv6 { table ospf6; import all; @@ -85,6 +101,20 @@ }; } + protocol ospf v3 ospf_4 { + ipv4 { + table ospf4; + import all; + export all; + }; + area 0 { + interface "wg-nonat" { + cost 80; + type pointopoint; + }; + }; + } + protocol device { scan time 10; }