OpenVPN: Difference between revisions
Add network-manager integration |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 37: | Line 37: | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
=== Network-Manager integration (GNOME) === | |||
If you want to allow the desktop user to manually set up and activate/deactivate VPN connections (on the GNOME desktop) you should install the OpenVPN plugin for NetworkManager, e.g. | |||
<syntaxHighlight lang="nix"> | |||
{ pkgs, ... }: | |||
{ | |||
networking.networkmanager = { | |||
enable = true; | |||
plugins = with pkgs; [ | |||
networkmanager-openvpn | |||
]; | |||
}; | |||
} | |||
</syntaxHighlight> | |||
NOTE: Some VPN providers (e.g. NordVPN) require you to generate and use '''service credentials''' (i.e. ''not'' your usual email+password!) for a manual setup like this. Your provider's user account should have an option to create them. | |||
=== Mounting filesystems via a VPN === | === Mounting filesystems via a VPN === | ||
| Line 63: | Line 81: | ||
If you want to run OpenVPN clients in NixOS declarative containers, you will need to set the {{nixos:option|enableTun}} container option. | If you want to run OpenVPN clients in NixOS declarative containers, you will need to set the {{nixos:option|enableTun}} container option. | ||
=== Supporting legacy cipher providers === | |||
If you need to connect to servers with legacy ciphers (e.g. '''BF-CBC'''), one way is to override OpenVPN to use '''openssl_legacy''' package (which is [https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/libraries/openssl/3.0/legacy.cnf configured to enable legacy providers]), for example via an overlay: | |||
<syntaxHighlight lang="nix"> | |||
final: prev: { | |||
openvpn = prev.openvpn.override { | |||
openssl = prev.openssl_legacy; | |||
}; | |||
} | |||
</syntaxHighlight> | |||
== VPN Server == | == VPN Server == | ||
| Line 137: | Line 166: | ||
[[Category:Networking]] | [[Category:Networking]] | ||
[[Category: | [[Category:VPN]] | ||