Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
vg
networking.nat.enable = true;
networking.nat.externalInterface = "venet0";
networking.nat.internalInterfaces = [ "wg0" ];
networking.firewall.allowedUDPPorts = [ 45666 ];
networking.firewall.extraCommands = ''
iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -j MASQUERADE
'';
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = [ "10.100.0.1/24" ];
allowedIPsAsRoutes = false;
# The port that Wireguard listens to. Must be accessible by the client.
listenPort = 45666;
privateKeyFile = ...;
peers = [...];
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.