Update openvpn configuration
This commit is contained in:
parent
1a12ed93c7
commit
7dbbb277df
1 changed files with 10 additions and 4 deletions
|
|
@ -25,9 +25,7 @@
|
|||
-----END CERTIFICATE-----
|
||||
'';
|
||||
};
|
||||
dhcpIps = if config.networking.hostName == "speer" then
|
||||
[ "10.2.1.1" ] # TODO: Extract speer gw ip to meta
|
||||
else [
|
||||
dhcpIps = [
|
||||
"185.88.236.100"
|
||||
"212.103.68.20"
|
||||
];
|
||||
|
|
@ -37,6 +35,8 @@
|
|||
autoStart = false;
|
||||
config = ''
|
||||
remote vpn.threema.ch 38417 tcp-client
|
||||
remote 5.148.189.116 38417 tcp-client
|
||||
remote 178.209.63.8 38417 tcp-client
|
||||
|
||||
nobind
|
||||
dev tun
|
||||
|
|
@ -71,15 +71,21 @@
|
|||
route 212.103.68.41 255.255.255.255 net_gateway default
|
||||
|
||||
${dhcpOptions}
|
||||
#dhcp-option DOMAIN-ROUTE threema.ch
|
||||
|
||||
reneg-bytes 0
|
||||
auth-nocache
|
||||
tls-cipher DEFAULT
|
||||
cipher AES-128-CBC
|
||||
reneg-sec 0
|
||||
cipher AES-128-CBC
|
||||
data-ciphers AES-128-CBC
|
||||
data-ciphers-fallback AES-128-CBC
|
||||
remap-usr1 SIGTERM
|
||||
#script-security 2
|
||||
#up ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
|
||||
#up-restart
|
||||
#down ${pkgs.update-systemd-resolved}/libexec/openvpn/update-systemd-resolved
|
||||
#down-pre
|
||||
'';
|
||||
updateResolvConf = true;
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue