From 26dec78b3169960b2daa8d324ef7af47100337e4 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Mon, 29 Jan 2024 20:27:43 +0530
Subject: kay/network/he: always accept 6in4 tunnels from he remote

---
 hosts/kay/modules/hurricane.nix | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

(limited to 'hosts/kay')

diff --git a/hosts/kay/modules/hurricane.nix b/hosts/kay/modules/hurricane.nix
index b32601c..7988c63 100644
--- a/hosts/kay/modules/hurricane.nix
+++ b/hosts/kay/modules/hurricane.nix
@@ -24,6 +24,9 @@ in
       enable = true;
       rttablesExtraConfig = "200 hurricane";
     };
+
+    firewall.extraCommands =
+      "iptables -A INPUT --proto 41 --source ${remote} --jump ACCEPT";
   };
 
   sops.secrets = {
@@ -84,12 +87,6 @@ in
       done
 
       ip tunnel change ${iface} local "$wan_ip" mode sit
-
-      # for unknown reason gateway don't seems to know where to route
-      # incoming traffic if we do not ping the gateway after ip change
-      while ! ping -c1 ${gateway}; do
-          sleep 1
-      done
     '';
   };
 }
-- 
cgit v1.2.3