From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id oDCcLrW4K2HjAgEAgWs5BA (envelope-from ) for ; Sun, 29 Aug 2021 18:41:25 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id uL0KKrW4K2GyHAAAbx9fmQ (envelope-from ) for ; Sun, 29 Aug 2021 16:41:25 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 27F2414E98 for ; Sun, 29 Aug 2021 18:41:25 +0200 (CEST) Received: from localhost ([::1]:60628 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mKNs3-00009e-27 for larch@yhetil.org; Sun, 29 Aug 2021 12:41:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58648) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mK7F9-0002Xr-Pv for help-guix@gnu.org; Sat, 28 Aug 2021 18:56:08 -0400 Received: from vps-93-95-228-136.1984.is ([93.95.228.136]:38132 helo=csphy.pw) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mK7F5-0005zP-0g for help-guix@gnu.org; Sat, 28 Aug 2021 18:56:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=csphy.pw; s=mail; t=1630191354; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=5qy9DnxxlEwC5AhoavtMJrlkO10/qDAnt71l3lo6RH0=; b=W+MQIjjm5+1PRHzIwgz4FV75qIMqV/bpmW5CgZ4O5DFYsnqRQvVAR3kvL2cbJh0HrdnHUQ Wisi/t8CafG1hybOPvh7RxYltUyYWBUHL4TXFVr9BFIVhxqMuSJ9NXCN+uM85A+2+KOs// adEi3RrrrQb2QfOfg+Pa+jJOewC+XH8= From: crodges To: help-guix@gnu.org Subject: Wireguard configuration - PostUp and PostDown Date: Sat, 28 Aug 2021 15:55:45 -0700 Message-ID: <4144851.J7mxVJ4J92@sceadufaex> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Received-SPF: pass client-ip=93.95.228.136; envelope-from=crodges@csphy.pw; helo=csphy.pw X-Spam_score_int: 0 X-Spam_score: 0.0 X-Spam_bar: / X-Spam_report: (0.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NO_FM_NAME_IP_HOSTN=1.133, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sun, 29 Aug 2021 12:41:10 -0400 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1630255285; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=5qy9DnxxlEwC5AhoavtMJrlkO10/qDAnt71l3lo6RH0=; b=MSxqjbZf27zZIlSwWV6fWJwE5xBUmqcsxRMZwJMGslqbjtqgafkHp45dHGcyJGkVJ3XOXr DsI82e+f0rsMB3pVh58W9GAXBBzoz0JNogM2Bii4/v/LteYz2qdNtnTniaKQ62r9RDTzQM oBrBKnArwbMcUwt3thF8Kh5SNvFVKelqKsZLL6eLzmOG6yooRtw6/5fJ4vaae/Knnsmee8 0o9C/zlympE7/XYNHzgT+bHdt3xMct1qeHJSuwV2wFgEH3IY91zDSzA8vziOpxFU84JU6S HB+HOaeNs/XJwKmvv9Qe0NMxhnwjge28UEYe0v4sC6Tu0teVX6LIO4X6w9FYLg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1630255285; a=rsa-sha256; cv=none; b=KWHd7t7AJ18ejb5swqlG8X17HV3bZy9d/E+zs+47ZhF6NNltJmN4fC5h765kgfM55msgbM ayxGH0qMiPQdiKtX7DsJsplknshrpJQBgWm8J22cjqu/1J+ik97bVbC5A8LhSUZvAlHm1Z ub4ixaMHNgvfzdMy5uLfS/nIZMoTcrp6T2JOku+0VX/W9U6THPfJtDWiAiHYpLuMuG9eZI jm90t3l14gnfmVt7Obo/uZTQL1bEm7S+NaDyDDd4tvhOx5cjOeBa1dmZRjcdaJNFPouOwT AW5vaAns5S3qqahcsAXO8NlHqZcTC1STUxM6ZVbaMSfx0WsNGju9HVGaG5r5ZQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=csphy.pw header.s=mail header.b=W+MQIjjm; dmarc=fail reason="SPF not aligned (relaxed)" header.from=csphy.pw (policy=none); spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: 1.17 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=csphy.pw header.s=mail header.b=W+MQIjjm; dmarc=fail reason="SPF not aligned (relaxed)" header.from=csphy.pw (policy=none); spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 27F2414E98 X-Spam-Score: 1.17 X-Migadu-Scanner: scn0.migadu.com X-TUID: 6gC4b7uJ6WPF Hello everyone, I managed to configure wireguard on a vps running guix and created clients for my desktop and cellphone. What I want to do (and did already in a Debian vps) is to make wireguard's lan accessible to anyone connected and also browse the internet using this vpn. As I remember, I need to allow ip forwarding using sysctl net.ipv4.ip_forward=1 and I also need to put these rules into wireguard (the server) under [interface], PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE Problem is, looking at the latest guix manual, PostUp and PostDown doesn't seem to exist yet. Do they exist but are still undocumented? If they don't exist, where should be a reasonable place to add this configurations? I'm trying to do everything the guix way, when I finish this machine configuration, I'd like it to be fully replicable.