| 13 Jun 2021 |
 Mic92 (Old) | Everything should be there | 16:28:33 |
| 14 Jun 2021 |
 hpfr | I followed the wireguard page on the wiki to connect a nixos client to my LAN (point-to-site), but I had to go to the arch wiki to find ip route add 192.168.35.0/24 dev wg0 (where the CIDR is the LAN subnet) to get it to work. is there a nixos configuration value for this? | 07:54:25 |
 n0emis | In reply to @hpfr:matrix.org
I followed the wireguard page on the wiki to connect a nixos client to my LAN (point-to-site), but I had to go to the arch wiki to find ip route add 192.168.35.0/24 dev wg0 (where the CIDR is the LAN subnet) to get it to work. is there a nixos configuration value for this? if you have networking.wireguard.interfaces.<name>.allowedIPsAsRoutes set to true, you can just add the subnet to networking.wireguard.interfaces.<name>.peers.*.allowedIPs | 08:09:55 |
| hpfr | weird, that should have worked then because that option is true for me | 08:11:27 |
| n0emis | otherwise you could add the command to networking.wireguard.interfaces.<name>.postSetup | 08:12:33 |
| hpfr | might've just been a one time issue | 08:13:50 |
| hpfr | I'm trying to set up a wg network where I have road clients that connect to my home network (which is behind CGNAT) via a VPS with a public IP. I just got the VPS able to talk to hosts inside my home network, but my laptop which connects to the VPS over wireguard can't see hosts inside my home network | 08:14:05 |
| n0emis | well, you probably wan't to do something like ip route add 192.168.35.0/24 via $ROUTER, since the lan-subnet is not directly on the wg-link. then also allowedIPs is not the right option | 08:14:16 |
| hpfr | đ¤ all the guides I've seen suggest adding your LAN to allowedIPs is the way to go | 08:16:35 |
| hpfr | also, in the server setup in the wireguard wiki it enables NAT from the external interface to the wg interface, why is this done? | 08:21:35 |
|  Dandellion changed their profile picture. | 14:48:16 |
| 15 Jun 2021 |
|  jdyg joined the room. | 19:12:00 |
| 16 Jun 2021 |
|  Leon joined the room. | 13:22:56 |
| 18 Jun 2021 |
 Church | Hmm anyone had issue with postUp and postShutdown commands in wireguard not running correctly and setting up and tearing down your rules? | 07:34:44 |
| 19 Jun 2021 |
| hpfr | uh, is the wireguard module missing a dns option? | 18:17:35 |
| hpfr | I guess I'm supposed to use the wg-quick module instead | 18:25:43 |
| hpfr | seems weird that they overlap a lot and that the wireguard module is apparently missing options? | 18:26:21 |
| 20 Jun 2021 |
| Mic92 (Old) | the wireguard module was introduced before wg-quick existed | 06:55:54 |
| Mic92 (Old) | Otherwise there would be no wireguard module | 06:56:20 |
| Church | So what's preferred? Wireguard or wg-quick? | 22:47:22 |
| 21 Jun 2021 |
 eyJhb | ^ would like to know that as well, since I am currently using wireguard, and not wg-quick | 08:32:30 |
 Andreas Schrägle | I just generate systemd-networkd files for my wireguard interfaces đ¤ˇââď¸ | 11:28:52 |
| Leon | Yup, the networkd module works pretty flawlessly | 11:31:07 |
| Leon | Also, it doesnât do as much magic as do the wireguard or wg-quick modules, for instance derive routes from the Allowed-IPs | 11:32:07 |
| Leon | (At least by default) | 11:32:33 |
 hexa | which is favorable when you want to do dynamic routing on top of them đ | 11:35:15 |
| Leon | Exactly. I run OSPF+BGP on top so unconditionally routing ::/0 doesnât do any good :D | 11:38:01 |
| hexa | Babel https://datatracker.ietf.org/doc/html/rfc8966 :) | 11:49:48 |
|  anodae joined the room. | 20:52:21 |
| 22 Jun 2021 |
| Mic92 (Old) | Also I added wireguard support to networkd, I never really used it much afterwards. | 08:53:47 |
