From 4bb015ee0dac4771841dbe586830a3d95ecfe05b Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 3 Sep 2021 12:40:52 +0000 Subject: [PATCH] swann: use IPv6 endpoint for tuvok over EE EE uses CGNAT on IPv4, which makes this... less than ideal. However, IPv6 is IPv6 and works pretty reasonably. --- ops/nixos/swann/default.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix index fa316c1b27..cb709d5ead 100644 --- a/ops/nixos/swann/default.nix +++ b/ops/nixos/swann/default.nix @@ -110,8 +110,17 @@ in { { priority = 10024; v6 = "to 2a09:a441::1:0/112 table main"; } { priority = 10025; v6 = "to 2a09:a441::2:0/112 table main"; } + # And the Google VIP I'm (ab)using for Stadia (see CoreDNS below). + { priority = 10030; v4 = "to 216.239.38.120/32 table main"; } + + # add-on.ee.co.uk goes via EE. + { priority = 10031; v4 = "to 82.192.97.153/32 table 201"; } + + # Anything originating from 192.168.200.0/24 should go via EE too. + { priority = 10032; v4 = "from 192.168.200.0/24 table 201"; } + # Everything else over WG. - { priority = 10030; both = "table 150"; } + { priority = 10099; both = "table 150"; } ]; clearRules = map (x: '' ip -4 rule del priority ${toString x} >/dev/null 2>&1 || true @@ -159,6 +168,7 @@ in { "net.ipv6.conf.default.forwarding" = "1"; "net.ipv6.conf.all.forwarding" = "1"; "net.ipv6.conf.en-virginmedia.accept_ra" = "2"; + "net.ipv6.conf.en-ee.accept_ra" = "2"; }; networking.nat = { enable = true; @@ -249,7 +259,7 @@ in { listenPort = 51821; privateKey = secrets.wireguard.tuvok-swann.swann.privateKey; peers = [(peerBase // { - endpoint = "92.118.28.252:51821"; + endpoint = "[2a09:a441::f00f]:51821"; publicKey = secrets.wireguard.tuvok-swann.tuvok.publicKey; })]; postSetup = '' @@ -353,6 +363,7 @@ in { block } hosts /dev/null { + 216.239.38.120 stadia.google.com stadia.com fallthrough } loadbalance