Skip to content

Openvpn

services.openvpn.restartAfterSleep

Whether OpenVPN client should be restarted after sleep. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers

Each attribute of this option defines a systemd service that runs an OpenVPN instance. These can be OpenVPN servers or clients. The name of each systemd service is openvpn-«name».service, where «name» is the corresponding attribute name.

Type: attribute set of (submodule)

Default

{ }

Example

`#!nix { server = { config = '' # Simplest server configuration: https://community.openvpn.net/openvpn/wiki/StaticKeyMiniHowto # server : dev tun ifconfig 10.8.0.1 10.8.0.2 secret /root/static.key ''; up = "ip route add ..."; down = "ip route del ..."; };

client = { config = '' client remote vpn.example.org dev tun proto tcp-client port 8080 ca /root/.vpn/ca.crt cert /root/.vpn/alice.crt key /root/.vpn/alice.key ''; up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev"; down = "${pkgs.openresolv}/sbin/resolvconf -d $dev"; }; } `

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.authUserPass

This option can be used to store the username / password credentials with the "auth-user-pass" authentication method.

WARNING: Using this option will put the credentials WORLD-READABLE in the Nix store!

Type: null or (submodule)

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.authUserPass.password

The password to store inside the credentials file. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.authUserPass.username

The username to store inside the credentials file. Type: string

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.autoStart

Whether this OpenVPN instance should be started automatically. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.config

Configuration of this OpenVPN instance. See {manpage}openvpn(8) for details.

To import an external config file, use the following definition: config = "config /path/to/config.ovpn"

Type: strings concatenated with "\n"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.down

Shell commands executed when the instance is shutting down.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.up

Shell commands executed when the instance is starting.

Type: strings concatenated with "\n"

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix

services.openvpn.servers.<name>.updateResolvConf

Use the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn. The script will be run after the "up" commands and before the "down" commands.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/openvpn.nix