From aa85febe12e972db64d82a55cd2f4ca2ca339865 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Mon, 11 Sep 2023 08:15:33 +0200 Subject: [PATCH] shinobu/router: Fix IPv6 networking Previously, I did not have IPv6 upstream, so even a wrong configuration worked. Now it uses a different routing table for IPv4 and IPv6, so it also works on dual-stack upstreams. However, how it worked without IPv6 forwarding enabled, is still a mystery to me. --- machines/shinobu/services/router.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/machines/shinobu/services/router.nix b/machines/shinobu/services/router.nix index 181cb8f..8e41fec 100644 --- a/machines/shinobu/services/router.nix +++ b/machines/shinobu/services/router.nix @@ -46,6 +46,7 @@ in boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = true; }; networking = { @@ -215,6 +216,7 @@ in routingPolicyRules = [ { routingPolicyRuleConfig = { + Family = "both"; # default is only ipv4 FirewallMark = 51820; InvertRule = "yes"; Table = 51820; @@ -224,18 +226,28 @@ in } # FIXME: those two shouldn’t be necessary # It should automatically detect those routes existing and prioritise them + # LAN (v4) { routingPolicyRuleConfig = { To = "10.80.0.0/24"; Priority = 9; }; } + # LAN (v6) + { + routingPolicyRuleConfig = { + To = "fd00:80:1::/64"; + Priority = 9; + }; + } + # wg-home { routingPolicyRuleConfig = { To = "10.80.1.0/24"; Priority = 9; }; } + # vueko (v4) for wg-home { routingPolicyRuleConfig = { To = "168.119.176.53"; @@ -262,6 +274,7 @@ in { routeConfig = { Gateway = "::"; + Table = 51820; }; } ];