Until recently this was working, then it stopped working - which is odd - but I do have nixos automatic updates setup.
I host a wireguard ‘server’ and this appears to be working. I’m not using nixos for the server side.
My nixos is a wireguard client. Configured basically like: WireGuard - NixOS Wiki
networking.firewall = {
allowedUDPPorts = [ 51820 ]; # wireguard
};
# Enable WireGuard
networking.wg-quick.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
address = [ "10.13.13.4/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = "/etc/nixos/secrets/privatekey.wg";
peers = [
{
# Public key of the server (not a file path).
publicKey = "SECRETKEY=";
# Pre-shared key file
presharedKeyFile = "/etc/nixos/secrets/preshare.wg";
# Forward only particular subnets
allowedIPs = [ "192.168.1.0/24" ];
# Set this to the server IP and port.
endpoint = "mydomain.com:51820";
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
As I said above - this worked great. The remote machine would connect to my server, and could get to things on the network my server was on. Super great.
Even better - from the server machine, with a few ip route
tricks, I could
ssh myuser@10.13.13.4
and get a shell into the remote nixos machine that had initiated the wireguard connection.
Then… it stopped working. I can see from both ends that wg show
that the connection seems to be being made, but I can’t figure out why bits are not flowing.