OpenVPN: Difference between revisions
m Category:VPN added |
Format using nixfmt |
||
| (One intermediate revision by one other user not shown) | |||
| Line 6: | Line 6: | ||
... | ... | ||
services.openvpn.servers = { | services.openvpn.servers = { | ||
officeVPN = { config = | officeVPN = { config = "config /root/nixos/openvpn/officeVPN.conf"; }; | ||
homeVPN = { config = | homeVPN = { config = "config /root/nixos/openvpn/homeVPN.conf"; }; | ||
serverVPN = { config = | serverVPN = { config = "config /root/nixos/openvpn/serverVPN.conf"; }; | ||
}; | }; | ||
... | ... | ||
| Line 30: | Line 30: | ||
services.openvpn.servers = { | services.openvpn.servers = { | ||
officeVPN = { | officeVPN = { | ||
config = | config = "config /root/nixos/openvpn/officeVPN.conf"; | ||
updateResolvConf = true; | updateResolvConf = true; | ||
}; | }; | ||
| Line 37: | Line 37: | ||
} | } | ||
</syntaxHighlight> | </syntaxHighlight> | ||
=== Network-Manager integration (GNOME) === | |||
If you want to allow the desktop user to manually set up and activate/deactivate VPN connections (on the GNOME desktop) you should install the OpenVPN plugin for NetworkManager, e.g. | |||
<syntaxHighlight lang="nix"> | |||
{ pkgs, ... }: | |||
{ | |||
networking.networkmanager = { | |||
enable = true; | |||
plugins = with pkgs; [ | |||
networkmanager-openvpn | |||
]; | |||
}; | |||
} | |||
</syntaxHighlight> | |||
NOTE: Some VPN providers (e.g. NordVPN) require you to generate and use '''service credentials''' (i.e. ''not'' your usual email+password!) for a manual setup like this. Your provider's user account should have an option to create them. | |||
=== Mounting filesystems via a VPN === | === Mounting filesystems via a VPN === | ||
| Line 49: | Line 67: | ||
device = "//10.8.0.x/Share"; | device = "//10.8.0.x/Share"; | ||
fsType = "cifs"; | fsType = "cifs"; | ||
options = [ "noauto" "user" "uid=1000" "gid=100" "username=xxx" "password=xxx" "iocharset=utf8" | options = [ | ||
"x-systemd.requires=openvpn-officeVPN.service" ]; | "noauto" | ||
"user" | |||
"uid=1000" | |||
"gid=100" | |||
"username=xxx" | |||
"password=xxx" | |||
"iocharset=utf8" | |||
"x-systemd.requires=openvpn-officeVPN.service" | |||
]; | |||
}; | }; | ||
fileSystems."/mnt/home" = { | fileSystems."/mnt/home" = { | ||
device = "//10.9.0.x/Share"; | device = "//10.9.0.x/Share"; | ||
fsType = "cifs"; | fsType = "cifs"; | ||
options = [ "noauto" "user" "uid=1000" "gid=100" "username=xxx" "password=xxx" "iocharset=utf8" | options = [ | ||
"x-systemd.requires=openvpn-homeVPN.service" ]; | "noauto" | ||
"user" | |||
"uid=1000" | |||
"gid=100" | |||
"username=xxx" | |||
"password=xxx" | |||
"iocharset=utf8" | |||
"x-systemd.requires=openvpn-homeVPN.service" | |||
]; | |||
}; | }; | ||
... | ... | ||
| Line 86: | Line 120: | ||
vpn-dev = "tun0"; | vpn-dev = "tun0"; | ||
port = 1194; | port = 1194; | ||
in { | in | ||
{ | |||
# sudo systemctl start nat | # sudo systemctl start nat | ||
networking.nat = { | networking.nat = { | ||
enable = true; | enable = true; | ||
externalInterface = <your-server-out-if>; | externalInterface = <your-server-out-if>; | ||
internalInterfaces | internalInterfaces = [ vpn-dev ]; | ||
}; | }; | ||
networking.firewall.trustedInterfaces = [ vpn-dev ]; | networking.firewall.trustedInterfaces = [ vpn-dev ]; | ||