From: Damien Cassou <damien@cassou.me>
To: julien@lepiller.eu, 39542@debbugs.gnu.org
Subject: bug#39542: Adding openvpn client configurations to guix system
Date: Mon, 10 Feb 2020 16:57:15 +0100 [thread overview]
Message-ID: <877e0u306c.fsf@cassou.me> (raw)
In-Reply-To: <1BD29F0F-1268-4526-828D-C2AC25CFE2E5@lepiller.eu>
Julien Lepiller <julien@lepiller.eu> writes:
> We already have an openvpn-client-service-type and an
> openvpn-server-service-type. It's not linked to network manager
> though, I have no idea what it expects there. What do you need
> exactly?
It seems to me that gnu/services/vpn.scm defines
openvpn-server-service-type that triggers the generation of a shepherd
service.
At the office we use 3 different VPNs that we activate on demand (test,
acceptance and production). If we follow the vpn.scm way, it seems that
this would require 3 shepherd services but I guess it's not possible to
instantiate the openvpn-client-service-type more than once. This seems
to be a dead end to me.
Instead of using an openvpn client daemon, I'm using a network manager
connection for each VPN configuration I need. Then I can ask network
manager to activate the VPN I want, when I want it. Network manager is
responsible for calling the openvpn client binary.
Below is a typical nmconnection file for an openvpn client. Many fields
are similar to openvpn-client-configuration fields.
[connection]
id=some-name
uuid=a401d9bb-ab82-a84f-731a-0ed18ebc48af
type=vpn
autoconnect=false
permissions=
[vpn]
ca=/etc/openvpn/client/some-name-ca.crt
cert=/etc/openvpn/client/some-name.crt
cert-pass-flags=0
cipher=BF-CBC
comp-lzo=adaptive
connection-type=password-tls
dev=tun
key=/etc/openvpn/client/some-name.key
ns-cert-type=server
password-flags=0
remote=some-ip:port
username=some-username
service-type=org.freedesktop.NetworkManager.openvpn
[vpn-secrets]
password=some-password
[ipv4]
dns-search=
method=auto
never-default=true
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto
never-default=true
--
Damien Cassou
"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill
next prev parent reply other threads:[~2020-02-10 15:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-10 9:33 bug#39542: Adding openvpn client configurations to guix system Damien Cassou
2020-02-10 12:31 ` Julien Lepiller
2020-02-10 15:57 ` Damien Cassou [this message]
2020-08-01 13:44 ` david larsson
2020-08-01 14:58 ` david larsson
2020-08-02 18:33 ` Damien Cassou
2022-03-15 15:10 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877e0u306c.fsf@cassou.me \
--to=damien@cassou.me \
--cc=39542@debbugs.gnu.org \
--cc=julien@lepiller.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).