VPN: Difference between revisions
imported>Mic92 No edit summary |
imported>Sjau |
||
| Line 14: | Line 14: | ||
=== OpenVPN === | === OpenVPN === | ||
... | Auto-starting openvpn on Nixos can easily be done by enabling it in the configuration nix. | ||
Just place the configs where you want them to have and set it up like below. | |||
<syntaxHighlight lang="nix"> | |||
services.openvpn.servers = { | |||
officeVPN = { config = '' config /root/nixos/openvpn/officeVPN.conf ''; }; | |||
homeVPN = { config = '' config /root/nixos/openvpn/homeVPN.conf ''; }; | |||
serverVPN = { config = '' config /root/nixos/openvpn/serverVPN.conf ''; }; | |||
}; | |||
</syntaxHighlight> | |||
This will start three vpn instances; more can be added. Also make sure that you use absolute path for certs and keys if you don't have integreated in the config files. | |||
In case you want to mount filesystems through the vpn, then on shutdown there will be a 90 second timeout. However, starting with systemd 223 (?) you can set mount options that will require systemd to first umount the mount before closing the vpn connection. | |||
Just enhance the options with the following option ''"x-systemd.requires=openvpn-officeVPN.service"''. | |||
This would then look like this: | |||
<syntaxHighlight lang="nix"> | |||
fileSystems."/mnt/office" = { | |||
device = "//10.8.0.x/Share"; | |||
fsType = "cifs"; | |||
options = [ "noauto" "user" "uid=1000" "gid=100" "username=xxx" "password=xxx" "iocharset=utf8" "x-systemd.requires=openvpn-officeVPN.service" ]; | |||
}; | |||
fileSystems."/mnt/home" = { | |||
device = "//10.9.0.x/Share"; | |||
fsType = "cifs"; | |||
options = [ "noauto" "user" "uid=1000" "gid=100" "username=xxx" "password=xxx" "iocharset=utf8" "x-systemd.requires=openvpn-homeVPN.service" ]; | |||
}; | |||
</syntaxHighlight> | |||
So basically the value for the ''x-systemd.requires'' option is ''openvpn-{name}.service'' | |||
=== Tinc === | === Tinc === | ||
Revision as of 16:38, 17 September 2017
PPTP
...
L2TP
...
IPSec
...
OpenVPN
Auto-starting openvpn on Nixos can easily be done by enabling it in the configuration nix. Just place the configs where you want them to have and set it up like below.
services.openvpn.servers = {
officeVPN = { config = '' config /root/nixos/openvpn/officeVPN.conf ''; };
homeVPN = { config = '' config /root/nixos/openvpn/homeVPN.conf ''; };
serverVPN = { config = '' config /root/nixos/openvpn/serverVPN.conf ''; };
};
This will start three vpn instances; more can be added. Also make sure that you use absolute path for certs and keys if you don't have integreated in the config files.
In case you want to mount filesystems through the vpn, then on shutdown there will be a 90 second timeout. However, starting with systemd 223 (?) you can set mount options that will require systemd to first umount the mount before closing the vpn connection.
Just enhance the options with the following option "x-systemd.requires=openvpn-officeVPN.service".
This would then look like this:
fileSystems."/mnt/office" = {
device = "//10.8.0.x/Share";
fsType = "cifs";
options = [ "noauto" "user" "uid=1000" "gid=100" "username=xxx" "password=xxx" "iocharset=utf8" "x-systemd.requires=openvpn-officeVPN.service" ];
};
fileSystems."/mnt/home" = {
device = "//10.9.0.x/Share";
fsType = "cifs";
options = [ "noauto" "user" "uid=1000" "gid=100" "username=xxx" "password=xxx" "iocharset=utf8" "x-systemd.requires=openvpn-homeVPN.service" ];
};
So basically the value for the x-systemd.requires option is openvpn-{name}.service
Tinc
...
SoftEther
...
Wireguard
...
ZeroTier
...