diff --git a/modules/nixos/services/vpn/wireguard/client.nix b/modules/nixos/services/vpn/wireguard/client.nix
index 7274212..9be3134 100644
--- a/modules/nixos/services/vpn/wireguard/client.nix
+++ b/modules/nixos/services/vpn/wireguard/client.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 
 let
   cfg = config.local.services.vpn.wireguard;
@@ -43,6 +43,13 @@ in
         # Path to the private key file.
         privateKeyFile = cfg.privateKeyFile;
 
+        postUp = ''
+          addr=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $3; exit}'`
+          interface=`${pkgs.iproute}/bin/ip route | ${pkgs.gawk}/bin/awk '/default/ {print $5; exit}'`
+          # don't use wg with cache.nixos.org
+          ${pkgs.iproute}/bin/ip route add 151.101.86.217/32 via $addr dev $interface
+        '';
+
         peers = [
           # For a client configuration, one peer entry for the server will suffice.