14 lines
495 B
Nix
14 lines
495 B
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
# protonvpn uses wireguard tunnels, which break strict reverse path filtering
|
|
# because packets arrive on the tunnel interface but may be routed back differently.
|
|
# "loose" checks that the source is routable through *any* interface (not necessarily
|
|
# the same one), which is sufficient for wireguard while still preventing IP spoofing.
|
|
networking.firewall.checkReversePath = "loose";
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
protonvpn-gui
|
|
];
|
|
}
|