diff options
author | Kjetil Orbekk <kj@orbekk.com> | 2023-03-01 14:10:25 -0500 |
---|---|---|
committer | Kjetil Orbekk <kj@orbekk.com> | 2023-03-01 14:10:25 -0500 |
commit | 1ff6fefe39521844872cb7aad165cf8ee9f6a1cc (patch) | |
tree | 180e99dd3810185ec512108adbc3362dd5aa7bdc | |
parent | 0c203461517244b40a576135c76e49f1fa23c2e2 (diff) |
vpn setup
-rw-r--r-- | machines/dragon.nix | 6 | ||||
-rw-r--r-- | modules/router.nix | 11 |
2 files changed, 11 insertions, 6 deletions
diff --git a/machines/dragon.nix b/machines/dragon.nix index 9174c15..16ae1cf 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -50,10 +50,10 @@ in { services.transmission = { enable = true; - openPeerPorts = true; - openRPCPort = true; settings.download-dir = "/storage/upload"; - settings.peer-port = 51413; + settings.peer-port = 55324; + settings.rpc-bind-address = "0.0.0.0"; + settings.rpc-whitelist = "172.20.*.*"; }; systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; # services.tailscale.enable = true; diff --git a/modules/router.nix b/modules/router.nix index 65b8ea7..9251229 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -147,8 +147,9 @@ let dhcp-range=tag:vpnlan-vport,172.20.30.10,172.20.30.254,5m dhcp-option=tag:vpnlan-vport,option:router,172.20.30.1 dhcp-option=tag:vpnlan-vport,option:dns-server,193.138.218.74 - dhcp-range=tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only + dhcp-range=tag:vpnlan-vport,::2,::1000,constructor:vpnlan-vport,ra-only,5m dhcp-host=id:00:04:33:32:31:37:37:31:58:4d:32:35:31:37:30:30:4a:44,tag:vpnlan-vport,[::2] + dhcp-host=id:vpn,tag:vpnlan-vport,172.20.30.2 ''; }; @@ -157,7 +158,6 @@ let extraConfig = '' noipv6rs noipv6 - nohook resolv.conf interface wan-vport dhcp ''; @@ -210,7 +210,7 @@ let oifname wan-vport counter accept oifname mullvad counter accept - ip6 daddr 2001:470:8e2e:30::2 th dport 9091 counter accept; + ip daddr 172.20.30.2 th dport 9091 counter accept; oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_WAN_PORTS counter accept iifname lan-vport oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_LAN_PORTS counter accept iifname servers-vport counter accept @@ -233,6 +233,7 @@ let chain prerouting { type nat hook prerouting priority -100; policy accept meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.20.2 + meta nfproto ipv4 iifname vpn-vport tcp dport 55324 dnat to 172.20.30.2 } chain postrouting { type nat hook postrouting priority 100; policy accept @@ -296,7 +297,11 @@ in { privateNetwork = false; config = { config, lib, pkgs, ... }: { system.stateVersion = "22.11"; + networking.firewall.enable = false; networking.interfaces.vpn-vport.useDHCP = true; + networking.dhcpcd.extraConfig = '' + clientid vpn + ''; }; additionalCapabilities = ["CAP_NET_ADMIN"]; }; |