From 4bf80d7a2d6f431e66a78177e5edf6bfc8df73d1 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Mon, 28 Feb 2022 13:59:24 +0300
Subject: [PATCH] Added fixes for VPN networking

(cherry picked from commit d1620a9680392e4c5e545cfa878fff5b956d6479)
---
 configuration.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 5062c44..b5cf422 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,7 +6,6 @@ in
 {
   imports = [
     ./hardware-configuration.nix
-
     ./variables-module.nix
     ./variables.nix
     ./files.nix
@@ -34,9 +33,14 @@ in
   boot.cleanTmpDir = true;
   networking = {
     hostName = config.services.userdata.hostname;
+    usePredictableInterfaceNames = false;
     firewall = {
       allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 4443 8443 ];
       allowedUDPPorts = lib.mkForce [ 8443 10000 ];
+      extraCommands = ''
+        iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
+        iptables --append FORWARD --in-interface vpn00 -j ACCEPT
+      '';
     };
     nameservers = [ "1.1.1.1" "1.0.0.1" ];
   };
@@ -84,4 +88,4 @@ in
       enable = true;
     };
   };
-}
+}
\ No newline at end of file