summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/tunnel/ingress.nix13
1 files changed, 9 insertions, 4 deletions
diff --git a/modules/tunnel/ingress.nix b/modules/tunnel/ingress.nix
index a1260c8..8a6ae3b 100644
--- a/modules/tunnel/ingress.nix
+++ b/modules/tunnel/ingress.nix
@@ -26,9 +26,10 @@ let
   ingressName = index: "tunnel-ingress${toString index}";
   egressName = "tunnel-egress0";
   egressAddress = "10.123.255.1/16"; # /16 encompasses all possible subnet addresses
-  egressMTU = 1400;
 
   egressHost = name: "${name}.rnrd.eu";
+
+  mtu = 1400;
 in
 {
   boot.kernel.sysctl = {
@@ -69,6 +70,10 @@ in
         "10-${ingressName index}" = {
           name = ingressName index;
           address = [ (addressFromTemplate index ownAddress 24) ];
+          linkConfig = {
+            RequiredForOnline = "no";
+            MTUBytes = toString mtu;
+          };
           routingPolicyRules = [
             {
               IncomingInterface = ingressName index;
@@ -91,8 +96,8 @@ in
             };
             linkConfig = {
               ActivationPolicy = "up";
-              RequiredForOnline = "no"; # does not count as online
-              MTUBytes = toString egressMTU;
+              RequiredForOnline = "no";
+              MTUBytes = toString mtu;
             };
             routes = [
               {
@@ -143,11 +148,11 @@ in
       settings = {
         inbounds = [
           {
+            inherit mtu;
             type = "tun";
             tag = inboundName;
             interface_name = egressName;
             address = [ egressAddress ];
-            mtu = egressMTU;
             stack = "gvisor";
             auto_route = false; # we route manually
             strict_route = false;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 13:53:28 +0000