Nickiel/nicks-nix-config
1
0
Fork 0
mirror of https://github.com/Nickiel12/nicks-nix-config.git synced 2024-11-22 12:49:32 -08:00
Code Issues Projects Releases Packages Wiki Activity

generalized not masquerade

Browse source
This commit is contained in:
Nickiel12 2024-01-06 21:23:01 -08:00
parent fa2e3f38be
commit deb57d0aaf
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
hosts/Alaska/modules/protonvpn.nix
View file

@ -34,6 +34,10 @@ in
flush chain ip tailscale-wg preraw;
delete chain ip tailscale-wg preraw;
add chain ip tailscale-wg postrouting;
flush chain ip tailscale-wg postrouting;
delete chain ip tailscale-wg postrouting;
table ip tailscale-wg {
chain preraw {
type filter hook prerouting priority raw; policy accept;
@ -44,14 +48,13 @@ in
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
iifname "tailscale0" oifname "protonvpn" ip daddr != 100.64.0.1 masquerade;
iifname "tailscale0" oifname "protonvpn" ip daddr != 100.64.0.0/16 masquerade;
}
}
EOF
${pkgs.wireguard-tools}/bin/wg set protonvpn fwmark off
# ${pkgs.iproute2}/bin/ip route add default via 10.2.0.2 dev tailscale0 table 51820
# table inet tailscale-wg { for ipv4 + ipv6
${pkgs.iproute2}/bin/ip -4 rule del not fwmark 51820 table 51820
# ${pkgs.iproute2}/bin/ip -6 rule del not fwmark 51820 table 51820
@ -70,6 +73,10 @@ in
flush chain ip tailscale-wg preraw;
delete chain ip tailscale-wg preraw;
add chain ip tailscale-wg postrouting;
flush chain ip tailscale-wg postrouting;
delete chain ip tailscale-wg postrouting;
delete table ip tailscale-wg;
EOF