56 lines
1.2 KiB
Nix
56 lines
1.2 KiB
Nix
{ pkgs, ... }:
|
|
|
|
{
|
|
# VSTech VPN (with DNS for bgs.local domain)
|
|
services.openvpn.servers.vstech = {
|
|
config = ''
|
|
client
|
|
remote 51.83.143.81
|
|
proto udp
|
|
port 649
|
|
dev tun
|
|
topology subnet
|
|
ca /home/lusia/VSTech-vpn/ca.crt
|
|
cert /home/lusia/VSTech-vpn/Klient251.crt
|
|
key /home/lusia/VSTech-vpn/Klient251.inline
|
|
tls-crypt /home/lusia/VSTech-vpn/ta.key
|
|
|
|
auth sha512
|
|
data-ciphers aes-256-cbc
|
|
data-ciphers-fallback aes-256-cbc
|
|
key-direction 1
|
|
keepalive 10 120
|
|
'';
|
|
updateResolvConf = false;
|
|
|
|
up = ''
|
|
${pkgs.systemd}/bin/resolvectl dns $dev 10.10.10.1
|
|
${pkgs.systemd}/bin/resolvectl domain $dev bgs.local
|
|
'';
|
|
|
|
down = ''
|
|
${pkgs.systemd}/bin/resolvectl revert $dev
|
|
'';
|
|
};
|
|
|
|
# CAT VPN
|
|
services.openvpn.servers.cat = {
|
|
config = ''
|
|
client
|
|
remote 79.133.193.211
|
|
proto tcp
|
|
port 1194
|
|
dev tun
|
|
topology subnet
|
|
ca /home/lusia/vpn/ca.crt
|
|
cert /home/lusia/vpn/client18.crt
|
|
key /home/lusia/vpn/client18.key
|
|
|
|
auth sha256
|
|
data-ciphers AES-256-CBC
|
|
key-direction 1
|
|
'';
|
|
updateResolvConf = true;
|
|
};
|
|
}
|