shinobu/router: Fix IPv6 networking

Previously, I did not have IPv6 upstream, so even a wrong configuration worked. Now it uses a different routing table for IPv4 and IPv6, so it also works on dual-stack upstreams. However, how it worked without IPv6 forwarding enabled, is still a mystery to me.
2023-09-11 08:15:33 +02:00 · 2023-09-11 08:15:33 +02:00 · aa85febe12
parent 09a9037f1c
commit aa85febe12
1 changed files with 13 additions and 0 deletions
--- a/machines/shinobu/services/router.nix
+++ b/machines/shinobu/services/router.nix
@ -46,6 +46,7 @@ in

  boot.kernel.sysctl = {
    "net.ipv4.conf.all.forwarding" = true;
+    "net.ipv6.conf.all.forwarding" = true;
  };

  networking = {
@ -215,6 +216,7 @@ in
        routingPolicyRules = [
          {
            routingPolicyRuleConfig = {
+              Family = "both"; # default is only ipv4
              FirewallMark = 51820;
              InvertRule = "yes";
              Table = 51820;
@ -224,18 +226,28 @@ in
          }
          # FIXME: those two shouldn’t be necessary
          # It should automatically detect those routes existing and prioritise them
+          # LAN (v4)
          {
            routingPolicyRuleConfig = {
              To = "10.80.0.0/24";
              Priority = 9;
            };
          }
+          # LAN (v6)
+          {
+            routingPolicyRuleConfig = {
+              To = "fd00:80:1::/64";
+              Priority = 9;
+            };
+          }
+          # wg-home
          {
            routingPolicyRuleConfig = {
              To = "10.80.1.0/24";
              Priority = 9;
            };
          }
+          # vueko (v4) for wg-home
          {
            routingPolicyRuleConfig = {
              To = "168.119.176.53";
@ -262,6 +274,7 @@ in
          {
            routeConfig = {
              Gateway = "::";
+              Table = 51820;
            };
          }
        ];