GNU bug report logs - #39542
Adding openvpn client configurations to guix system

Previous Next

Package: guix;

Reported by: Damien Cassou <damien <at> cassou.me>

Date: Mon, 10 Feb 2020 09:34:01 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Damien Cassou <damien <at> cassou.me>
To: Julien Lepiller <julien <at> lepiller.eu>, bug-guix <at> gnu.org,
 39542 <at> debbugs.gnu.org
Subject: Re: bug#39542: Adding openvpn client configurations to guix system
Date: Mon, 10 Feb 2020 16:57:15 +0100

Julien Lepiller <julien <at> lepiller.eu> writes:
> We already have an openvpn-client-service-type and an
> openvpn-server-service-type. It's not linked to network manager
> though, I have no idea what it expects there. What do you need
> exactly?

It seems to me that gnu/services/vpn.scm defines
openvpn-server-service-type that triggers the generation of a shepherd
service.

At the office we use 3 different VPNs that we activate on demand (test,
acceptance and production). If we follow the vpn.scm way, it seems that
this would require 3 shepherd services but I guess it's not possible to
instantiate the openvpn-client-service-type more than once. This seems
to be a dead end to me.

Instead of using an openvpn client daemon, I'm using a network manager
connection for each VPN configuration I need. Then I can ask network
manager to activate the VPN I want, when I want it. Network manager is
responsible for calling the openvpn client binary.

Below is a typical nmconnection file for an openvpn client. Many fields
are similar to openvpn-client-configuration fields.

[connection]
id=some-name
uuid=a401d9bb-ab82-a84f-731a-0ed18ebc48af
type=vpn
autoconnect=false
permissions=

[vpn]
ca=/etc/openvpn/client/some-name-ca.crt
cert=/etc/openvpn/client/some-name.crt
cert-pass-flags=0
cipher=BF-CBC
comp-lzo=adaptive
connection-type=password-tls
dev=tun
key=/etc/openvpn/client/some-name.key
ns-cert-type=server
password-flags=0
remote=some-ip:port
username=some-username
service-type=org.freedesktop.NetworkManager.openvpn

[vpn-secrets]
password=some-password

[ipv4]
dns-search=
method=auto
never-default=true

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=auto
never-default=true

-- 
Damien Cassou

"Success is the ability to go from one failure to another without
losing enthusiasm." --Winston Churchill
This bug report was last modified 3 years and 153 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.