unofficial mirror of 
 help / color / Atom feed
From: david larsson <>
To: Damien Cassou <>
Cc: bug-Guix <>,
Subject: bug#39542: Adding openvpn client configurations to guix system
Date: Sat, 01 Aug 2020 13:44:24 +0000
Message-ID: <> (raw)
In-Reply-To: <>

On 2020-02-10 15:57, Damien Cassou wrote:
> Julien Lepiller <> writes:
>> We already have an openvpn-client-service-type and an
>> openvpn-server-service-type. It's not linked to network manager
>> though, I have no idea what it expects there. What do you need
>> exactly?
> It seems to me that gnu/services/vpn.scm defines
> openvpn-server-service-type that triggers the generation of a shepherd
> service.
> At the office we use 3 different VPNs that we activate on demand (test,
> acceptance and production). If we follow the vpn.scm way, it seems that
> this would require 3 shepherd services but I guess it's not possible to
> instantiate the openvpn-client-service-type more than once. This seems
> to be a dead end to me.

Hi Damien,

I think I have a solution for you, where you can start 3 different vpn's 
with herd start vpn1-client, herd start vpn2-client etc.

Below is an ovpn-service.scm module, modeled after vpn.scm. which you 
can include with (use-modules (ovpn-service)) in your config.scm, by 
saving it in the same dir as config.scm. This is tested and works.

Now, I think you can modify all occurences of the word "ovpn", to, say 
vpn1, vpn2, and vpn3, and save 3 different files, and then use 
(use-modules (vpn1-service) (vpn2-service) (vpn3-service)) etc. in the 
config.scm. An example configuration in the config.scm OS-services 
section would be:

                    (let ([ base-dir 
                       ;; client
                       (dev 'tun)
                       ;; remote-random
                       (proto 'udp)
                       ;; mute-replay-warnings
                       ;; replay-window 256

                       ;; remote-cert-tls server lines is generated 
                       ;; remote-cert-tls server

                       ;; cipher aes-256-cbc
                       ;; ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
                       ;; pull
                       ;; nobind
                       (bind? #f)
                       ;; reneg-sec 432000
                       ;; resolv-retry infinite
                       (resolv-retry? #t)
                       ;; compress lzo
                       (comp-lzo? #t)
                       ;; verb 3
                       (verbosity 3)
                       ;; persist-key
                       (persist-key? #t)
                       ;; persist-tun
                       (persist-tun? #t)
                       ;; auth-user-pass /etc/openvpn/credentials
                       (auth-user-pass (string-append base-dir 
                       ;; ca /etc/openvpn/ovpn-ca.crt
                       (ca (string-append base-dir "ovpn-ca.crt"))
                       ;; tls-auth /etc/openvpn/ovpn-tls.key 1
                       (tls-auth (string-append base-dir "ovpn-tls.key"))

                       ;; log /tmp/openvpn.log
                       ;; script-security 2
                       ;; resolv-conf scripts not needed for guix
                       ;; up /etc/openvpn/update-resolv-conf
                       ;; down /etc/openvpn/update-resolv-conf

                       (fast-io? #t)
                         ;; Resolves to multiple vpn servers in location
                          (name "")
                          (port 1196))
                          (name "")
                          (port 1197))
                          (name "")
                          (port 1196))
                          (name "")
                          (port 1197))

Please let me know if this works for you!

Best regards,
David Larsson

  reply index

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-10  9:33 Damien Cassou
2020-02-10 12:31 ` Julien Lepiller
2020-02-10 15:57   ` Damien Cassou
2020-08-01 13:44     ` david larsson [this message]
2020-08-01 14:58       ` david larsson
2020-08-02 18:33       ` Damien Cassou

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

  List information:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

unofficial mirror of 

Archives are clonable:
	git clone --mirror guix-bugs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-bugs guix-bugs/ \
	public-inbox-index guix-bugs

Example config snippet for mirrors

Newsgroups are available over NNTP:

AGPL code for this site: git clone