nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ip range fix

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-08-26 23:24:45 +02:00
parent befa7fe91e
commit 52d81b9175
1 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
system-modules/hsmw.nix
View File

@@ -1,5 +1,4 @@
{ pkgs, lib, host, secrets, ... }: { pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE")
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
strongswanNM strongswanNM
@@ -38,19 +37,19 @@ lib.mkIf (host != "NxACE")
}; };
connections = { connections = {
hsmw = { hsmw = {
keyexchange = "ikev2"; keyexchange = "ikev2";
left = "%defaultroute"; left = "%defaultroute";
leftid = "%any"; leftid = "%any";
leftauth = "eap"; leftauth = "eap";
eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de"; eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
leftsourceip = "%config"; leftsourceip = "%config";
leftdns = "%config4"; leftdns = "%config4"; # Ensure that DNS resolution works as expected
leftfirewall = "no"; leftfirewall = "no"; # Keep firewall disabled, but manually check rules
right = "141.55.128.84"; right = "141.55.128.84";
rightid = "@vpn4.hs-mittweida.de"; rightid = "@vpn4.hs-mittweida.de";
rightsubnet = "0.0.0.0/0"; rightsubnet = "141.55.128.0/16"; # Split tunneling: Only route traffic for the VPN subnet
rightauth = "pubkey"; rightauth = "pubkey";
auto = "add"; auto = "add";
}; };
}; };
managePlugins = true; managePlugins = true;