Routing for mullvad

author: Kjetil Orbekk <kj@orbekk.com> 2021-03-08 21:00:56 -0500
committer: Kjetil Orbekk <kj@orbekk.com> 2021-03-08 21:00:56 -0500
commit: fad1bfd2df306e0a9f734ca3ae7d89b7a5d2ad61 (patch)
tree: eef5138ae22f80ebf3f2bb65210f807ec5e0cce4 /config
parent: 07218c326f8053447b14e658d04f599ff77c8154 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/config/router.nix b/config/router.nix
index ffffeed..a802886 100644
--- a/config/router.nix
+++ b/config/router.nix
@@ -3,6 +3,7 @@ let
   wan-dev = "eno1";
   lan-dev = "eno2";
   mullvadPort = config.orbekk.mullvad.listenPort;
+  mullvadMark = 30;
 in
 {
   orbekk.mullvad.enable = true;
@@ -52,6 +53,8 @@ in
           mod state state INVALID DROP;
           mod state state (ESTABLISHED RELATED) ACCEPT;
 
+          interface mullvad mark 30;
+
           interface lo ACCEPT;
           proto icmp ACCEPT;
 
@@ -190,6 +193,7 @@ in
   networking.iproute2.enable = true;
   networking.iproute2.rttablesExtraConfig = ''
     200 he
+     ${mullvadMark} mullvad
   '';
 
   networking.localCommands = ''
@@ -197,6 +201,9 @@ in
     ip -6 route flush cache
     ip -6 route replace default dev he0 src 2001:470:8e2e:20::d table he
     ip -6 route flush cache
+
+    ip rule add fwmark ${toString mullvadMark} table mullvad
+    ip route add default dev mullvad table mullvad
   '';
 
   # boot.kernel.sysctl."net.ipv6.conf.${wan-dev}.disable_ipv6" = true;
author	Kjetil Orbekk <kj@orbekk.com>	2021-03-08 21:00:56 -0500
committer	Kjetil Orbekk <kj@orbekk.com>	2021-03-08 21:00:56 -0500
commit	fad1bfd2df306e0a9f734ca3ae7d89b7a5d2ad61 (patch)
tree	eef5138ae22f80ebf3f2bb65210f807ec5e0cce4 /config
parent	07218c326f8053447b14e658d04f599ff77c8154 (diff)