From 7dbbb277df8d94beafc859f563a07997f1ac2ddf Mon Sep 17 00:00:00 2001
From: Fabian Hauser <fabian@fh2.ch>
Date: Thu, 23 Dec 2021 14:57:41 +0100
Subject: [PATCH] Update openvpn configuration

---
 .../user-configuration/fhauser/work/openvpn.nix    | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/defaults/user-configuration/fhauser/work/openvpn.nix b/defaults/user-configuration/fhauser/work/openvpn.nix
index 8bead71..333b361 100644
--- a/defaults/user-configuration/fhauser/work/openvpn.nix
+++ b/defaults/user-configuration/fhauser/work/openvpn.nix
@@ -25,9 +25,7 @@
         -----END CERTIFICATE-----
       '';
     };
-    dhcpIps = if config.networking.hostName == "speer" then
-      [ "10.2.1.1" ] # TODO: Extract speer gw ip to meta
-    else [
+    dhcpIps = [
       "185.88.236.100"
       "212.103.68.20"
     ];
@@ -37,6 +35,8 @@
     autoStart = false;
     config = ''
       remote vpn.threema.ch 38417 tcp-client
+      remote 5.148.189.116 38417 tcp-client
+      remote 178.209.63.8 38417 tcp-client
 
       nobind 
       dev tun
@@ -71,15 +71,21 @@
       route 212.103.68.41 255.255.255.255 net_gateway default
 
       ${dhcpOptions}
+      #dhcp-option DOMAIN-ROUTE threema.ch
 
       reneg-bytes 0
       auth-nocache
       tls-cipher DEFAULT
-      cipher AES-128-CBC
       reneg-sec 0
+      cipher AES-128-CBC
       data-ciphers AES-128-CBC
       data-ciphers-fallback AES-128-CBC
       remap-usr1 SIGTERM
+      #script-security 2
+      #up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
+      #up-restart
+      #down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
+      #down-pre
     '';
     updateResolvConf = true;
   };