From b93a0d2a73f675ab0ec0f2ec32608fe04e04b315 Mon Sep 17 00:00:00 2001 From: leonvita91 Date: Thu, 25 Aug 2022 22:38:52 +0100 Subject: [PATCH 1/3] add new VPN-interface- --- hosts/leon/default.nix | 84 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 77 insertions(+), 7 deletions(-) diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index 8f7b6431..cac85e40 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -1,3 +1,32 @@ +# .--. +# `. \ +# \ \ +# . \ +# : . +# | . +# | : +# | | +# ..._ ___ | | +# `."".`''''""--..___ | | +# ,-\ \ ""-...__ _____________/ | +# / ` " ' `"""""""" . +# \ L +# (> \ +#/ \ +#\_ ___..---. MEOW OS \ +# `--' '. \ +# . \_ +# _/`. `.._ +# .' -. `. +# / __.-Y /''''''-...___,...--------.._ | +# / _." | / ' . \ '---..._ | +# / / / / _,. ' ,/ | | +# \_,' _.' / /'' _,-' _| | +# ' / `-----'' / | +# `...-' `...-' +#-------------------------------------------------------------------------------- + + { zentralwerk, config, pkgs, ... }: let netConfig = zentralwerk.lib.config.site.net.serv; @@ -42,8 +71,8 @@ in }; networking.firewall = { - allowedTCPPorts = [ 5000 22 53 80 8080 8800 ]; - allowedUDPPorts = [ 5000 22 53 80 8080 8800 ]; + allowedTCPPorts = [ 5000 22 53 80 8080 ]; + allowedUDPPorts = [ 5000 22 53 80 8080 8900 8900]; }; @@ -56,10 +85,11 @@ in # networking.firewall = { # allowedUDPPorts = [ 51820 ]; # }; -#_______________________________Begin-VPN-Server_____________________ + +#_______________________________Begin-VPN1-Server____________________________________ networking.wireguard.interfaces = { - #Interface. + #Interface. Trusted VPN vpn1 = { #IP address && Subnet. ips = [ "10.10.11.1/24" ]; @@ -97,8 +127,48 @@ in ]; }; }; - - #-----------------------------END-VPN--------------------------------- - system.stateVersion = "22.05"; + + +#__________________________Begin-VPN2-Server_____________________ + +networking.wireguard.interfaces = { + #Interface. Untrusted VPN + vpn2 = { + #IP address && Subnet. + ips = [ "10.10.100.1/24" ]; + + #VPN Port. + listenPort = 8900; + + # This allows the wireguard server to route your traffic to the internet and hence be like a VPN + # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients + #----------------------Start-Routing---------------------------- + #postSetup = '' + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.100.1/24 -o serv -j MASQUERADE + #''; + + # This undoes the above command + #postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.100.1/24 -o serv -j MASQUERADE + #''; + #----------------------End-Routing---------------------------- + + # Path to the private key file. + # + privateKeyFile = "/etc/wireguard/privatekey"; + + peers = [ + # -----------------leon-Mac-------------------------. + { + publicKey = "6GRIp7SjHyu5sgqudtgZdN9CKbV3GYtMnwgo06F4ylo="; + allowedIPs = [ "10.10.100.0/24" ]; + } + ]; + }; + }; + +#-----------------------------END-VPN--------------------------------- + +system.stateVersion = "22.05"; } From 1dc8bdc3e3c66c31d9e8d723952222dccfb96589 Mon Sep 17 00:00:00 2001 From: leonvita91 Date: Thu, 25 Aug 2022 22:42:33 +0100 Subject: [PATCH 2/3] add new-vpn-interface-without-internet --- hosts/leon/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index cac85e40..ac94dadd 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -141,8 +141,6 @@ networking.wireguard.interfaces = { #VPN Port. listenPort = 8900; - # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients #----------------------Start-Routing---------------------------- #postSetup = '' # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.100.1/24 -o serv -j MASQUERADE From 6c5d103e1284be7fa588d56a9acd62d79f8b7df6 Mon Sep 17 00:00:00 2001 From: leonvita91 Date: Thu, 25 Aug 2022 23:32:04 +0100 Subject: [PATCH 3/3] changing routing from serv to pub --- hosts/leon/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index ac94dadd..f790f21c 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -101,12 +101,12 @@ in # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients #----------------------Start-Routing---------------------------- postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o serv -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.11.1/24 -o pub -j MASQUERADE ''; # This undoes the above command postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o serv -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.11.1/24 -o pub -j MASQUERADE ''; #----------------------End-Routing----------------------------