From bf074967e5db8fc8a601d1dd3dc4979da1536c3f Mon Sep 17 00:00:00 2001 From: "Lennart J. Kurzweg (Nx2)" Date: Wed, 13 May 2026 16:08:13 +0200 Subject: [PATCH] tuda-vpn (not working?) --- system-modules/tuda.nix | 46 ++++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/system-modules/tuda.nix b/system-modules/tuda.nix index 97a88fc..3dc73fc 100644 --- a/system-modules/tuda.nix +++ b/system-modules/tuda.nix @@ -13,18 +13,40 @@ openconnect networkmanager-openconnect ]; - networking.openconnect = { - package = pkgs.openconnect; - interfaces = { - openconnect0 = { - autoStart = false; - certificate = "/home/nx2/tuda-rootcert.crt"; - # extraOptions = { compression = "stateless"; no-dtls = true; no-http-keepalive = true; }; - gateway = "vpn.hrz.tu-darmstadt.de"; - # passwordFile = "/var/lib/secrets/openconnect-passwd"; - # privateKey = "/var/lib/secrets/openconnect_private_key.pem"; - protocol = "anyconnect"; - user = secrets.email.tuda.tuid; + networking.networkmanager = { + plugins = with pkgs; [ networkmanager-openconnect ]; + ensureProfiles.profiles = { + "tuda-vpn" = { + connection = { + autoconnect = "false"; + id = "tuda-vpn"; + type = "vpn"; + }; + ipv4.method = "auto"; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + vpn = { + authtype = "password"; + autoconnect-flags = "0"; + certsigs-flags = "0"; + cookie-flags = "2"; + disable_udp = "no"; + enable_csd_trojan = "no"; + gateway = "vpn.hrz.tu-darmstadt.de"; + gateway-flags = "2"; + gwcert-flags = "2"; + lasthost-flags = "0"; + pem_passphrase_fsid = "no"; + prevent_invalid_cert = "no"; + protocol = "anyconnect"; + resolve-flags = "2"; + service-type = "org.freedesktop.NetworkManager.openconnect"; + stoken_source = "disabled"; + xmlconfig-flags = "0"; + password-flags = 0; + }; }; }; };