0xWheatyz/nixos-configurations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(wireguard): use public DNS to resolve endpoint before tunnel is up

Browse Source 
Query @1.1.1.1 explicitly in postUp/preDown hooks since the VPN DNS
(10.0.1.65) is unreachable before the tunnel establishes.
This commit is contained in:
0xWheatyz
2026-04-15 19:08:13 -04:00
parent b4e4036c41
commit cca5c48725
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configuration.nix
+2 -2
View File
@@ -181,13 +181,13 @@
privateKeyFile = "/etc/wireguard/private.key"; privateKeyFile = "/etc/wireguard/private.key";
postUp = '' postUp = ''
ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev | head -1) ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}') GATEWAY=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $3}')
DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}') DEV=$(${pkgs.iproute2}/bin/ip route show default | ${pkgs.gawk}/bin/awk '{print $5}')
${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV" ${pkgs.iproute2}/bin/ip route add "$ENDPOINT_IP" via "$GATEWAY" dev "$DEV"
''; '';
preDown = '' preDown = ''
ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev | head -1) ENDPOINT_IP=$(${pkgs.dig}/bin/dig +short vpn.leeworks.dev @1.1.1.1 | head -1)
${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true ${pkgs.iproute2}/bin/ip route del "$ENDPOINT_IP" || true
''; '';