Mar 07 12:10:16 nixos kernel: wireguard: wg0: Handshake for peer 1 (192.248.152.91:58338) did not complete after 5 seconds, retrying (try 3)
Mar 07 12:10:16 nixos kernel: wireguard: wg0: Sending handshake initiation to peer 1 (192.248.152.91:58338)
This seems to work correctly if I set allowed IPs to something other than 0.0.0.0 - my understanding is it will only send connections to these ips via the wireguard VPN.
networking.firewall = {
enable = false;
};
# Enable Wireguard
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.66.66.2/32" ];
listenPort = 58338; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKey= "************************";
peers = [
{
publicKey = "***************";
presharedKey = "*****************";
allowedIPs = [ "0.0.0.0/0" ];
#allowedIPs = [ "10.66.66.1" "94.130.178.87" ];
endpoint = "192.248.152.91:58338"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
I've read through https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577/4 however even after adding an ip route with ip route add 192.248.152.91 via 10.66.66.1 dev wg0 it does not seem to have any change in behaviour.
root@nixos> ip route ~
default dev wg0 scope link
default via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.15 metric 202
10.0.2.0/24 dev eth0 proto dhcp scope link src 10.0.2.15 metric 202
192.248.152.91 via 10.66.66.1 dev wg0
