diff --git a/configuration.nix b/configuration.nix
index 03d8f34..7895169 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -125,7 +125,7 @@
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
+  networking.firewall.enable = false;
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
@@ -182,12 +182,22 @@
   # WireGuard VPN
   networking.wg-quick.interfaces.wg0 = {
     address = [ "10.0.1.67/32" ];
-    dns = [ "10.0.1.65" ];
+    dns = [ "1.1.1.1" ];
     privateKeyFile = "/etc/wireguard/private.key";
 
+    # Route endpoint via local gateway to avoid routing loop
+    preUp = ''
+      GW=$(ip route show default | awk '{print $3; exit}')
+      DEV=$(ip route show default | awk '{print $5; exit}')
+      ip route add 69.48.243.22/32 via "$GW" dev "$DEV" || true
+    '';
+    postDown = ''
+      ip route del 69.48.243.22/32 || true
+    '';
+
     peers = [{
       publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
-      endpoint = "vpn.leeworks.dev:51820";
+      endpoint = "69.48.243.22:51820";
       # Route all traffic through VPN EXCEPT the local 10.0.0.0/24 network
       allowedIPs = [
         "0.0.0.0/5"