Hello, Adam Massmann <[email protected]> writes:
> Hi Ben, > > Benjamin Slade <[email protected]> writes: > >> >> What is a recommended/working way of using OpenVPN on GuixSD? > > I do not know what the recommended way of working with > openvpn is, but I do have a working way. Attached is a bash > script that takes a wireless interface as an argument and > starts up a vpn, adjusting dns to avoid dns leaks (you will > need to modify to add the dns for your setup). So if I have > a wifi connection called "interface" I just run > ```vpn-launcher-example.sh interface``` to start my vpn > session, and then ```vpn-killer-example.sh interface``` > to cleanup the connection after I have finished > openvpn. Also depending on your setup you might need to > either run as root, or sprinkle sudos before the nmcli > calls. > > This works well for me, but I strongly doubt it is the > recommended way using openvpn. If anyone has a better way > I'd also love to hear it. > > Best, > Adam Thanks Adam, it seems a good workaround that I hadn't thought about. Avenues I have explored so far are: 1. Purely config based. Example: --8<---------------cut here---------------start------------->8--- client proto udp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/client.crt key /etc/openvpn/client.key comp-lzo #t persist-key #t persist-tun #t verb 3 remote-cert-tls server nobind resolv-retry infinite remote someserver.net 9999 auth-user-pass script-security 2 # calling of built-in executables and user-defined scripts. # Accept DNS changes from the server # TODO: Need to package "resolvconf" # The following script comes from # https://github.com/masterkorp/openvpn-update-resolv-conf/blob/master/update-resolv-conf.sh #up /etc/openvpn/update-resolv-conf.sh #down /etc/openvpn/update-resolv-conf.sh --8<---------------cut here---------------end--------------->8--- As one can see, the solution here would be to have some external script called which task would be to update /etc/resolv.conf so that DNS work. Another problem is that the /etc/resolv.conf file is managed by NetworkManager, so any changes could be lost or reset by it at times. 2. Define a openvpn service as part of your GuixSD config, such as: --8<---------------cut here---------------end--------------->8--- (openvpn-client-service #:config (openvpn-client-configuration (remote (list (openvpn-remote-configuration (name "someserver.net") (port 9999)))))) --8<---------------cut here---------------end--------------->8--- Some problems with this second option: a. It's on by default (I'd prefer it off -- must be easy but I'm not very knowledgeable about services yet) b. It doesn't address the DNS question. 3. I've tried using the tools provided by network-manager, and apparently only 'nmcli' proposes creating a VPN connection. It seems the parameters it accepts are insufficient to define completely the setup (I didn't see a parameter to store the remote server for example), so I'm not sure how it's supposed to work. Anyway, after creating the connection, I tried activating it, only to get the error: Error: Failed to activate 'vpn-wlp0s20f0u1' (718af83f-9553-4805-9140-4dfd28e46a07) connection: The VPN service 'org.freedesktop.NetworkManager.openvpn' was not installed. I'll try your solution next. Thank you! Maxim
