| 13 Jun 2021 |
 Andreas Schrägle | antifuchs: define fairly complex. we use systemd networkd on nixos for a router, with pppoe, a bunch of vlans and all that kind of stuff. | 15:20:21 |
 antifuchs | It’s not a router, but has a bunch of vlans and several systemd containers with network interfaces on those vlans | 15:21:10 |
| antifuchs | (Each with its very own special networking config to avoid having to use host networking, heh) | 15:21:37 |
| antifuchs | It’s precisely those systemd Container child interfaces that have problems too: when you restart the container, there’s a 50:50 chance the interface will never again be configurable | 15:25:23 |
 Mic92 (Old) | antifuchs: let me put it this way you can do basically configure anything with networkd that can be configured via netlink. I thing the only thing that is not supported is openvswitch. | 16:11:10 |
| Mic92 (Old) | It's not the best solution if you need dynamic configuration i.e. if you have a laptop for servers its fine. | 16:12:15 |
| antifuchs | then that sounds great - this is kinda a server. I remember there were some limitations back when I last looked, but maybe it's worth another go | 16:13:07 |
| Mic92 (Old) | check man systemd.network | 16:28:16 |
| Mic92 (Old) | and man systemd.link | 16:28:29 |
| Mic92 (Old) | Everything should be there | 16:28:33 |
| 14 Jun 2021 |
 hpfr | I followed the wireguard page on the wiki to connect a nixos client to my LAN (point-to-site), but I had to go to the arch wiki to find ip route add 192.168.35.0/24 dev wg0 (where the CIDR is the LAN subnet) to get it to work. is there a nixos configuration value for this? | 07:54:25 |
 n0emis | In reply to @hpfr:matrix.org
I followed the wireguard page on the wiki to connect a nixos client to my LAN (point-to-site), but I had to go to the arch wiki to find ip route add 192.168.35.0/24 dev wg0 (where the CIDR is the LAN subnet) to get it to work. is there a nixos configuration value for this? if you have networking.wireguard.interfaces.<name>.allowedIPsAsRoutes set to true, you can just add the subnet to networking.wireguard.interfaces.<name>.peers.*.allowedIPs | 08:09:55 |
| hpfr | weird, that should have worked then because that option is true for me | 08:11:27 |
| n0emis | otherwise you could add the command to networking.wireguard.interfaces.<name>.postSetup | 08:12:33 |
| hpfr | might've just been a one time issue | 08:13:50 |
| hpfr | I'm trying to set up a wg network where I have road clients that connect to my home network (which is behind CGNAT) via a VPS with a public IP. I just got the VPS able to talk to hosts inside my home network, but my laptop which connects to the VPS over wireguard can't see hosts inside my home network | 08:14:05 |
| n0emis | well, you probably wan't to do something like ip route add 192.168.35.0/24 via $ROUTER, since the lan-subnet is not directly on the wg-link. then also allowedIPs is not the right option | 08:14:16 |
| hpfr | 🤔 all the guides I've seen suggest adding your LAN to allowedIPs is the way to go | 08:16:35 |
| hpfr | also, in the server setup in the wireguard wiki it enables NAT from the external interface to the wg interface, why is this done? | 08:21:35 |
|  Dandellion changed their profile picture. | 14:48:16 |
| 15 Jun 2021 |
|  jdyg joined the room. | 19:12:00 |
| 16 Jun 2021 |
|  Leon joined the room. | 13:22:56 |
| 18 Jun 2021 |
 Church | Hmm anyone had issue with postUp and postShutdown commands in wireguard not running correctly and setting up and tearing down your rules? | 07:34:44 |
| 19 Jun 2021 |
| hpfr | uh, is the wireguard module missing a dns option? | 18:17:35 |
| hpfr | I guess I'm supposed to use the wg-quick module instead | 18:25:43 |
| hpfr | seems weird that they overlap a lot and that the wireguard module is apparently missing options? | 18:26:21 |
| 20 Jun 2021 |
| Mic92 (Old) | the wireguard module was introduced before wg-quick existed | 06:55:54 |
| Mic92 (Old) | Otherwise there would be no wireguard module | 06:56:20 |
| Church | So what's preferred? Wireguard or wg-quick? | 22:47:22 |
| 21 Jun 2021 |
 eyJhb | ^ would like to know that as well, since I am currently using wireguard, and not wg-quick | 08:32:30 |
