OpenVPN: Difference between revisions

← Older edit

VisualWikitext

@@ Line 22: / Line 22: @@
 systemctl start openvpn-officeVPN.service
 </syntaxHighlight>
+Should you have trouble with DNS resolution for services that should be available via the VPN, try adding the following to the config:
+<syntaxHighlight lang="nix">
+{
+  ...
+  services.openvpn.servers = {
+    officeVPN  = {
+      config = '' config /root/nixos/openvpn/officeVPN.conf '';
+      updateResolvConf = true;
+    };
+  };
+  ...
+}
+</syntaxHighlight>
+=== Network-Manager integration (GNOME) ===
+If you want to allow the desktop user to manually set up and activate/deactivate VPN connections (on the GNOME desktop) you should install the OpenVPN plugin for NetworkManager, e.g.
+<syntaxHighlight lang="nix">
+{ pkgs, ... }:
+{
+  networking.networkmanager = {
+    enable = true;
+    plugins = with pkgs; [
+      networkmanager-openvpn
+    ];
+  };
+}
+</syntaxHighlight>
+NOTE: Some VPN providers (e.g. NordVPN) require you to generate and use '''service credentials''' (i.e. ''not'' your usual email+password!) for a manual setup like this. Your provider's user account should have an option to create them.
 === Mounting filesystems via a VPN ===
@@ Line 48: / Line 81: @@
 If you want to run OpenVPN clients in NixOS declarative containers, you will need to set the {{nixos:option|enableTun}} container option.
+=== Supporting legacy cipher providers ===
+If you need to connect to servers with legacy ciphers (e.g. '''BF-CBC'''), one way is to override OpenVPN to use '''openssl_legacy''' package (which is [https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/development/libraries/openssl/3.0/legacy.cnf configured to enable legacy providers]), for example via an overlay:
+<syntaxHighlight lang="nix">
+final: prev: {
+  openvpn = prev.openvpn.override {
+    openssl = prev.openssl_legacy;
+  };
+}
+</syntaxHighlight>
 == VPN Server ==
@@ Line 121: / Line 165: @@
 </syntaxHighlight>
-[[Category:Configuration]]
+[[Category:Networking]]
+[[Category:VPN]]