feat(vpn): improve compatibility with other wireguard networks
This commit is contained in:
parent
ae62bb5cb9
commit
9b9e8d5ee6
2 changed files with 28 additions and 2 deletions
system
|
@ -50,7 +50,6 @@ in
|
||||||
|
|
||||||
systemd.network = {
|
systemd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wait-online.ignoredInterfaces = [ "tailscale0" ];
|
|
||||||
networks = {
|
networks = {
|
||||||
"10-lan" = {
|
"10-lan" = {
|
||||||
matchConfig.Name = interfaces.lan;
|
matchConfig.Name = interfaces.lan;
|
||||||
|
|
|
@ -15,6 +15,27 @@ in
|
||||||
networking.wireguard.enable = true;
|
networking.wireguard.enable = true;
|
||||||
networking.firewall.trustedInterfaces = [ tailscaleInterface ];
|
networking.firewall.trustedInterfaces = [ tailscaleInterface ];
|
||||||
|
|
||||||
|
systemd.network = {
|
||||||
|
# Fixes issues with other systemd networks when tailscale exist nodes are used
|
||||||
|
config.networkConfig = {
|
||||||
|
ManageForeignRoutes = false;
|
||||||
|
ManageForeignRoutingPolicyRules = false;
|
||||||
|
};
|
||||||
|
wait-online.ignoredInterfaces = [ "tailscale0" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.networkd-dispatcher = {
|
||||||
|
enable = true;
|
||||||
|
rules."50-tailscale" = {
|
||||||
|
onState = [ "routable" ];
|
||||||
|
script = ''
|
||||||
|
for dev in $(${pkgs.iproute2}/bin/ip route show 0/0 | cut -f5 -d' '); do
|
||||||
|
${lib.getExe pkgs.ethtool} -K "$dev" rx-udp-gro-forwarding on rx-gro-list off
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.unstable.tailscale;
|
package = pkgs.unstable.tailscale;
|
||||||
|
@ -27,7 +48,13 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.tailscaled.serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=auto" ];
|
systemd.services.tailscaled = {
|
||||||
|
serviceConfig.Environment = [ "TS_DEBUG_FIREWALL_MODE=auto" ];
|
||||||
|
after = [
|
||||||
|
"network-online.target"
|
||||||
|
"systemd-resolved.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
# call taiscale up without --auth-key
|
# call taiscale up without --auth-key
|
||||||
systemd.services.tailscaled-autoconnect = lib.mkIf (cfg.authKeyFile == null) {
|
systemd.services.tailscaled-autoconnect = lib.mkIf (cfg.authKeyFile == null) {
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue