fix(wireguard): exclude local 10.0.0.0/24 from tunnel to preserve LAN access
Replace 0.0.0.0/0 allowedIPs with CIDR blocks covering everything except 10.0.0.0/24, which conflicts with the building's local network. Also switch endpoint back to hostname and remove unused tailscale service block.
This commit is contained in:
+28
-6
@@ -182,16 +182,38 @@
|
|||||||
|
|
||||||
peers = [{
|
peers = [{
|
||||||
publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
|
publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
|
||||||
endpoint = "69.48.243.22:51820";
|
endpoint = "vpn.leeworks.dev:51820";
|
||||||
allowedIPs = [ "0.0.0.0/0" ];
|
# Route all traffic through VPN EXCEPT the local 10.0.0.0/24 network
|
||||||
|
allowedIPs = [
|
||||||
|
"0.0.0.0/5"
|
||||||
|
"8.0.0.0/7"
|
||||||
|
"10.0.1.0/24"
|
||||||
|
"10.0.2.0/23"
|
||||||
|
"10.0.4.0/22"
|
||||||
|
"10.0.8.0/21"
|
||||||
|
"10.0.16.0/20"
|
||||||
|
"10.0.32.0/19"
|
||||||
|
"10.0.64.0/18"
|
||||||
|
"10.0.128.0/17"
|
||||||
|
"10.1.0.0/16"
|
||||||
|
"10.2.0.0/15"
|
||||||
|
"10.4.0.0/14"
|
||||||
|
"10.8.0.0/13"
|
||||||
|
"10.16.0.0/12"
|
||||||
|
"10.32.0.0/11"
|
||||||
|
"10.64.0.0/10"
|
||||||
|
"10.128.0.0/9"
|
||||||
|
"11.0.0.0/8"
|
||||||
|
"12.0.0.0/6"
|
||||||
|
"16.0.0.0/4"
|
||||||
|
"32.0.0.0/3"
|
||||||
|
"64.0.0.0/2"
|
||||||
|
"128.0.0.0/1"
|
||||||
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.tailscale = {
|
|
||||||
enable = true;
|
|
||||||
useRoutingFeatures = "client"; # or "both" for subnet routing
|
|
||||||
};
|
|
||||||
|
|
||||||
# Open firewall for Tailscale
|
# Open firewall for Tailscale
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
|
|||||||
Reference in New Issue
Block a user