NixOS Wiki

OpenVPN: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>HLandau
mNo edit summary
imported>Gnidorah
fixes
Line 56: Line 56:
   port = 1194;
   port = 1194;
in {
in {
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   networking.nat = {
   networking.nat = {
     enable = true;
     enable = true;
     externalInterface = <your-server-out-itf>;
     externalInterface = <your-server-out-if>;
     internalInterfaces  = [ vpn-dev ];
     internalInterfaces  = [ vpn-dev ];
   };
   };
Line 71: Line 70:
     secret ${client-key}
     secret ${client-key}
     port ${toString port}
     port ${toString port}
     cipher AES-256-CBC
     cipher AES-256-CBC
    auth-nocache
     comp-lzo
     comp-lzo
     keepalive 10 60
     keepalive 10 60
     ping-timer-rem
     ping-timer-rem
Line 82: Line 83:
   environment.etc."openvpn/smartphone-client.ovpn" = {
   environment.etc."openvpn/smartphone-client.ovpn" = {
     text = ''
     text = ''
      client
       dev tun
       dev tun
       remote "${domain}"
       remote "${domain}"
       ifconfig 10.8.0.1 10.8.0.2
       ifconfig 10.8.0.2 10.8.0.1
       port ${toString port}
       port ${toString port}
      redirect-gateway def1


       cipher AES-256-CBC
       cipher AES-256-CBC
      auth-nocache
       comp-lzo
       comp-lzo
       keepalive 10 60
       keepalive 10 60
Line 98: Line 101:


     '';
     '';
     mode = "700";
     mode = "600";
   };
   };
   system.activationScripts.openvpn-addkey = ''
   system.activationScripts.openvpn-addkey = ''
Retrieved from "https://wiki.nixos.org/wiki/OpenVPN"