fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Update openvpn configuration

Browse source
This commit is contained in:
Fabian Hauser 2021-12-23 14:57:41 +01:00
parent 1a12ed93c7
commit 7dbbb277df
1 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
defaults/user-configuration/fhauser/work/openvpn.nix
View file

@ -25,9 +25,7 @@
-----END CERTIFICATE----- -----END CERTIFICATE-----
''; '';
}; };
dhcpIps = if config.networking.hostName == "speer" then dhcpIps = [
[ "10.2.1.1" ] # TODO: Extract speer gw ip to meta
else [
"185.88.236.100" "185.88.236.100"
"212.103.68.20" "212.103.68.20"
]; ];
@ -37,6 +35,8 @@
autoStart = false; autoStart = false;
config = '' config = ''
remote vpn.threema.ch 38417 tcp-client remote vpn.threema.ch 38417 tcp-client
remote 5.148.189.116 38417 tcp-client
remote 178.209.63.8 38417 tcp-client
nobind nobind
dev tun dev tun
@ -71,15 +71,21 @@
route 212.103.68.41 255.255.255.255 net_gateway default route 212.103.68.41 255.255.255.255 net_gateway default
${dhcpOptions} ${dhcpOptions}
#dhcp-option DOMAIN-ROUTE threema.ch
reneg-bytes 0 reneg-bytes 0
auth-nocache auth-nocache
tls-cipher DEFAULT tls-cipher DEFAULT
cipher AES-128-CBC
reneg-sec 0 reneg-sec 0
cipher AES-128-CBC
data-ciphers AES-128-CBC data-ciphers AES-128-CBC
data-ciphers-fallback AES-128-CBC data-ciphers-fallback AES-128-CBC
remap-usr1 SIGTERM remap-usr1 SIGTERM
#script-security 2
#up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
#up-restart
#down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
#down-pre
''; '';
updateResolvConf = true; updateResolvConf = true;
}; };