nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ip range fix

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-08-26 23:24:45 +02:00
parent befa7fe91e
commit 52d81b9175
1 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
system-modules/hsmw.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE")
{
environment.systemPackages = with pkgs; [
strongswanNM
@@ -38,19 +37,19 @@ lib.mkIf (host != "NxACE")
};
connections = {
hsmw = {
keyexchange = "ikev2";
left = "%defaultroute";
leftid = "%any";
leftauth = "eap";
eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
leftsourceip = "%config";
leftdns = "%config4";
leftfirewall = "no";
right = "141.55.128.84";
rightid = "@vpn4.hs-mittweida.de";
rightsubnet = "0.0.0.0/0";
rightauth = "pubkey";
auto = "add";
keyexchange = "ikev2";
left = "%defaultroute";
leftid = "%any";
leftauth = "eap";
eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
leftsourceip = "%config";
leftdns = "%config4"; # Ensure that DNS resolution works as expected
leftfirewall = "no"; # Keep firewall disabled, but manually check rules
right = "141.55.128.84";
rightid = "@vpn4.hs-mittweida.de";
rightsubnet = "141.55.128.0/16"; # Split tunneling: Only route traffic for the VPN subnet
rightauth = "pubkey";
auto = "add";
};
};
managePlugins = true;