pyrox.dev / nixpkgs
lol
fork atom

nixos/tests/initrd-network-openvpn: fix

- The default cipher is BF-CBC, which openvpn refuses to use by default.
Switched to AES-256-CBC.
- openvpn does not require an external "ip" executable anymore, and does
not support the "ipconfig" option by default, so remove that option.

Raphael Robatsch 9f874dd9 b72b8b94

options
unified split
Changed files
+4 -5
nixos
modules
system
boot
initrd-openvpn.nix
tests
initrd-network-openvpn
default.nix
initrd.ovpn
+1 -4
nixos/modules/system/boot/initrd-openvpn.nix 
···

       
68

       
 

       
      $out/bin/openvpn --show-gateway


     

       
69

       
 

       
    '';


     

       
70

       
 

       



     

       
71

       
-

       
    # Add `iproute /bin/ip` to the config, to ensure that openvpn


     

       
72

       
-

       
    # is able to set the routes


     

       
73

       
 

       
    boot.initrd.network.postCommands = ''


     

       
74

       
-

       
      (cat /etc/initrd.ovpn; echo -e '\niproute /bin/ip') | \


     

       
75

       
-

       
        openvpn /dev/stdin &


     

       
76

       
 

       
    '';


     

       
77

       
 

       
  };


     

       
78

       
 

       



     
···

       
68

       
 

       
      $out/bin/openvpn --show-gateway


     

       
69

       
 

       
    '';


     

       
70

       
 

       



     

       

       

       
     

       

       

       
     

       
71

       
 

       
    boot.initrd.network.postCommands = ''


     

       
72

       
+

       
      openvpn /etc/initrd.ovpn &


     

       

       

       
     

       
73

       
 

       
    '';


     

       
74

       
 

       
  };


     

       
75
+1
nixos/tests/initrd-network-openvpn/default.nix 
···

       
91

       
 

       
            config = ''


     

       
92

       
 

       
              dev tun0


     

       
93

       
 

       
              ifconfig 10.8.0.1 10.8.0.2


     

       

       

       
     

       
94

       
 

       
              ${secretblock}


     

       
95

       
 

       
            '';


     

       
96

       
 

       
          };


     
···

       
91

       
 

       
            config = ''


     

       
92

       
 

       
              dev tun0


     

       
93

       
 

       
              ifconfig 10.8.0.1 10.8.0.2


     

       
94

       
+

       
              cipher AES-256-CBC


     

       
95

       
 

       
              ${secretblock}


     

       
96

       
 

       
            '';


     

       
97

       
 

       
          };
+2 -1
nixos/tests/initrd-network-openvpn/initrd.ovpn 
···

       
3

       
 

       
ifconfig 10.8.0.2 10.8.0.1


     

       
4

       
 

       
# Only force VLAN 2 through the VPN


     

       
5

       
 

       
route 192.168.2.0 255.255.255.0 10.8.0.1


     

       

       

       
     

       
6

       
 

       
secret [inline]


     

       
7

       
 

       
<secret>


     

       
8

       
 

       
#


     
···

       
26

       
 

       
e7811584363597599cce2040a68ac00e


     

       
27

       
 

       
f2125540e0f7f4adc37cb3f0d922eeb7


     

       
28

       
 

       
-----END OpenVPN Static key V1-----


     

       
29

       
-

       
</secret>

     
···

       
3

       
 

       
ifconfig 10.8.0.2 10.8.0.1


     

       
4

       
 

       
# Only force VLAN 2 through the VPN


     

       
5

       
 

       
route 192.168.2.0 255.255.255.0 10.8.0.1


     

       
6

       
+

       
cipher AES-256-CBC


     

       
7

       
 

       
secret [inline]


     

       
8

       
 

       
<secret>


     

       
9

       
 

       
#


     
···

       
27

       
 

       
e7811584363597599cce2040a68ac00e


     

       
28

       
 

       
f2125540e0f7f4adc37cb3f0d922eeb7


     

       
29

       
 

       
-----END OpenVPN Static key V1-----


     

       
30

       
+

       
</secret>