Skip to content

Instantly share code, notes, and snippets.

@alberand

alberand/iptables.rules

Last active November 13, 2023 17:45
Show Gist options
  • Save alberand/46980d573d476636d4b09290dd402b5c to your computer and use it in GitHub Desktop.
Save alberand/46980d573d476636d4b09290dd402b5c to your computer and use it in GitHub Desktop.
Download ZIP
NixOS VPN Split tunnel with Wireguard and OpenVPN
Raw
iptables.rules
${pkgs.iptables}/bin/iptables -A INPUT -s 19.29.79.10 -d 192.168.0.100 \
-m state --state NEW,ESTABLISHED -j ACCEPT
${pkgs.iptables}/bin/iptables -I OUTPUT -s 192.168.0.100 -d 19.29.79.10 \
-m state --state NEW,ESTABLISHED -j ACCEPT
Raw
jellyfin-tunnel.nix
# MANUAL ACTIONS ARE REQUIRED!
# - Copy your VPN configuration to /etc/openvpn/jellyfin-tunnel.ovpn
# - Add following line to /etc/openvpn/jellyfin-tunnel.ovpn
#
# pull-filter ignore redirect-gateway
#
# This means that OpenVPN won't create route which routes all the
# traffic through OpenVPN tunnel.
{ config, pkgs, lib, ...}: {
networking.dhcpcd.runHook = ''
${pkgs.iproute2}/bin/ip route add 19.29.79.10 via 192.168.0.1 dev enp34s0
'';
users.users = {
openvpn = {
name = "openvpn";
group = "openvpn";
isNormalUser = true;
uid = 1100;
};
};
users.groups.openvpn = {
name = "openvpn";
members = ["openvpn"];
gid = 1100;
};
# Configure our OpenVPN client
services.openvpn.servers = {
jellyfin = {
config = ''config /etc/openvpn/jellyfin-tunnel.ovpn'';
autoStart = true;
};
};
}
@alberand
Copy link
Author

alberand commented Nov 13, 2023
edited
Loading

change IPs as follows:

  • 19.29.79.10 is IP of your VPN server
  • 192.168.0.1 is IP of your gateway (WiFi router)
  • 192.168.0.100 is IP your machine in LAN
  • Also change interface enp34s0 to one which is connected to the LAN

See main article on how to configure Wireguard VPN https://alberand.com/nixos-wireguard-vpn.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment