[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#39542: Adding openvpn client configurations to guix system

From: david larsson
Subject: bug#39542: Adding openvpn client configurations to guix system
Date: Sat, 01 Aug 2020 13:44:24 +0000

On 2020-02-10 15:57, Damien Cassou wrote:
Julien Lepiller <julien@lepiller.eu> writes:
We already have an openvpn-client-service-type and an
openvpn-server-service-type. It's not linked to network manager
though, I have no idea what it expects there. What do you need

It seems to me that gnu/services/vpn.scm defines
openvpn-server-service-type that triggers the generation of a shepherd

At the office we use 3 different VPNs that we activate on demand (test,
acceptance and production). If we follow the vpn.scm way, it seems that
this would require 3 shepherd services but I guess it's not possible to
instantiate the openvpn-client-service-type more than once. This seems
to be a dead end to me.

Hi Damien,

I think I have a solution for you, where you can start 3 different vpn's with herd start vpn1-client, herd start vpn2-client etc.

Below is an ovpn-service.scm module, modeled after vpn.scm. which you can include with (use-modules (ovpn-service)) in your config.scm, by saving it in the same dir as config.scm. This is tested and works.

Now, I think you can modify all occurences of the word "ovpn", to, say vpn1, vpn2, and vpn3, and save 3 different files, and then use (use-modules (vpn1-service) (vpn2-service) (vpn3-service)) etc. in the config.scm. An example configuration in the config.scm OS-services section would be:

(let ([ base-dir "/home/myuser/src/my-guixsd-config/etc_openvpn/"]
                      ;; client
                      (dev 'tun)
                      ;; remote-random
                      (proto 'udp)
                      ;; mute-replay-warnings
                      ;; replay-window 256

;; remote-cert-tls server lines is generated somehow
                      ;; remote-cert-tls server

                      ;; cipher aes-256-cbc
                      ;; ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
                      ;; pull
                      ;; nobind
                      (bind? #f)
                      ;; reneg-sec 432000
                      ;; resolv-retry infinite
                      (resolv-retry? #t)
                      ;; compress lzo
                      (comp-lzo? #t)
                      ;; verb 3
                      (verbosity 3)
                      ;; persist-key
                      (persist-key? #t)
                      ;; persist-tun
                      (persist-tun? #t)
                      ;; auth-user-pass /etc/openvpn/credentials
(auth-user-pass (string-append base-dir "credentials"))
                      ;; ca /etc/openvpn/ovpn-ca.crt
                      (ca (string-append base-dir "ovpn-ca.crt"))
                      ;; tls-auth /etc/openvpn/ovpn-tls.key 1
                      (tls-auth (string-append base-dir "ovpn-tls.key"))

                      ;; log /tmp/openvpn.log
                      ;; script-security 2
                      ;; resolv-conf scripts not needed for guix
                      ;; up /etc/openvpn/update-resolv-conf
                      ;; down /etc/openvpn/update-resolv-conf

                      (fast-io? #t)
                        ;; Resolves to multiple vpn servers in location
                         (name "whatever.ovpn.com")
                         (port 1196))
                         (name "whatever.ovpn.com")
                         (port 1197))
                         (name "whatever.ovpn.com")
                         (port 1196))
                         (name "whatever.ovpn.com")
                         (port 1197))

Please let me know if this works for you!

Best regards,
David Larsson

reply via email to

[Prev in Thread] Current Thread [Next in Thread]