From 52d81b91758023c671b8caf13fd773cbecb845a3 Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Mon, 26 Aug 2024 23:24:45 +0200
Subject: [PATCH] ip range fix

---
 system-modules/hsmw.nix | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/system-modules/hsmw.nix b/system-modules/hsmw.nix
index 629a1f3..e0255dd 100755
--- a/system-modules/hsmw.nix
+++ b/system-modules/hsmw.nix
@@ -1,5 +1,4 @@
 { pkgs, lib, host, secrets, ... }: 
-lib.mkIf (host != "NxACE") 
 {
   environment.systemPackages = with pkgs; [
     strongswanNM
@@ -38,19 +37,19 @@ lib.mkIf (host != "NxACE")
     };
     connections = {
       hsmw = {
-          keyexchange = "ikev2";
-          left = "%defaultroute";
-          leftid = "%any";
-          leftauth = "eap";
-          eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
-          leftsourceip = "%config";
-          leftdns = "%config4";
-          leftfirewall = "no";
-          right = "141.55.128.84";
-          rightid = "@vpn4.hs-mittweida.de";
-          rightsubnet = "0.0.0.0/0";
-          rightauth = "pubkey";
-          auto = "add";
+        keyexchange = "ikev2";
+        left = "%defaultroute";
+        leftid = "%any";
+        leftauth = "eap";
+        eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
+        leftsourceip = "%config";
+        leftdns = "%config4";  # Ensure that DNS resolution works as expected
+        leftfirewall = "no";  # Keep firewall disabled, but manually check rules
+        right = "141.55.128.84";
+        rightid = "@vpn4.hs-mittweida.de";
+        rightsubnet = "141.55.128.0/16";  # Split tunneling: Only route traffic for the VPN subnet
+        rightauth = "pubkey";
+        auto = "add";
       };
     };
     managePlugins = true;