36 lines
915 B
Nix
36 lines
915 B
Nix
{config, ...}:
|
|
{
|
|
age.secrets.vpn-dac-login.file = ../../secrets/vpn-dac-login.age;
|
|
age.secrets.vpn-dac-client-key.file = ../../secrets/vpn-dac-client-key.age;
|
|
|
|
services.openvpn.servers = {
|
|
# systemctl status openvpn-dac.service
|
|
dac = {
|
|
config = ''
|
|
client
|
|
dev tun
|
|
proto tcp
|
|
remote vpn.ac.upc.edu 1194
|
|
remote vpn.ac.upc.edu 80
|
|
resolv-retry infinite
|
|
nobind
|
|
persist-key
|
|
persist-tun
|
|
ca ${./vpn-dac/ca.crt}
|
|
cert ${./vpn-dac/client.crt}
|
|
# Only key needs to be secret
|
|
key ${config.age.secrets.vpn-dac-client-key.path}
|
|
remote-cert-tls server
|
|
comp-lzo
|
|
verb 3
|
|
auth-user-pass ${config.age.secrets.vpn-dac-login.path}
|
|
reneg-sec 0
|
|
|
|
# Only route fox-ipmi
|
|
pull-filter ignore "route "
|
|
route 147.83.35.27 255.255.255.255
|
|
'';
|
|
};
|
|
};
|
|
}
|