diff --git a/hosts/defiant/services/wireguard.nix b/hosts/defiant/services/wireguard.nix
index 98448cd..b5fc732 100644
--- a/hosts/defiant/services/wireguard.nix
+++ b/hosts/defiant/services/wireguard.nix
@@ -15,12 +15,20 @@ in {
       listenPort = 51820;
       privateKeyFile = "/etc/wireguard/defiant.private";
 
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
+      '';
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.10.0/24 -o eth0 -j MASQUERADE
+      '';
+
       peers = [
         { # Burnham
           publicKey = "JcfyrMoZmnbibVLaIKuGSARAX2alFv4kwLbJaLBNbzo=";
+          persistentKeepalive = 60;
           allowedIPs = [
             "10.100.0.2/32"
-            # "192.168.11.0/24"
+            "192.168.11.0/24"
           ];
         }
         { # Sulu