Last active
November 13, 2023 17:45
-
-
Save alberand/46980d573d476636d4b09290dd402b5c to your computer and use it in GitHub Desktop.
NixOS VPN Split tunnel with Wireguard and OpenVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
${pkgs.iptables}/bin/iptables -A INPUT -s 19.29.79.10 -d 192.168.0.100 \ | |
-m state --state NEW,ESTABLISHED -j ACCEPT | |
${pkgs.iptables}/bin/iptables -I OUTPUT -s 192.168.0.100 -d 19.29.79.10 \ | |
-m state --state NEW,ESTABLISHED -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# MANUAL ACTIONS ARE REQUIRED! | |
# - Copy your VPN configuration to /etc/openvpn/jellyfin-tunnel.ovpn | |
# - Add following line to /etc/openvpn/jellyfin-tunnel.ovpn | |
# | |
# pull-filter ignore redirect-gateway | |
# | |
# This means that OpenVPN won't create route which routes all the | |
# traffic through OpenVPN tunnel. | |
{ config, pkgs, lib, ...}: { | |
networking.dhcpcd.runHook = '' | |
${pkgs.iproute2}/bin/ip route add 19.29.79.10 via 192.168.0.1 dev enp34s0 | |
''; | |
users.users = { | |
openvpn = { | |
name = "openvpn"; | |
group = "openvpn"; | |
isNormalUser = true; | |
uid = 1100; | |
}; | |
}; | |
users.groups.openvpn = { | |
name = "openvpn"; | |
members = ["openvpn"]; | |
gid = 1100; | |
}; | |
# Configure our OpenVPN client | |
services.openvpn.servers = { | |
jellyfin = { | |
config = ''config /etc/openvpn/jellyfin-tunnel.ovpn''; | |
autoStart = true; | |
}; | |
}; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
change IPs as follows:
See main article on how to configure Wireguard VPN https://alberand.com/nixos-wireguard-vpn.html