Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Commit 9f874dd9 authored Dec 03, 2022 by Raphael Robatsch

nixos/tests/initrd-network-openvpn: fix

- The default cipher is BF-CBC, which openvpn refuses to use by default.
  Switched to AES-256-CBC.
- openvpn does not require an external "ip" executable anymore, and does
  not support the "ipconfig" option by default, so remove that option.

parent b72b8b94

nixos/modules/system/boot/initrd-openvpn.nix

+1 −4

Original line number	Diff line number	Diff line
		@@ -68,11 +68,8 @@ in
		$out/bin/openvpn --show-gateway
		'';

		# Add `iproute /bin/ip` to the config, to ensure that openvpn
		# is able to set the routes
		boot.initrd.network.postCommands = ''
		(cat /etc/initrd.ovpn; echo -e '\niproute /bin/ip') \| \
		openvpn /dev/stdin &
		openvpn /etc/initrd.ovpn &
		'';
		};

nixos/tests/initrd-network-openvpn/default.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -91,6 +91,7 @@ import ../make-test-python.nix ({ lib, ...}:
		config = ''
		dev tun0
		ifconfig 10.8.0.1 10.8.0.2
		cipher AES-256-CBC
		${secretblock}
		'';
		};

nixos/tests/initrd-network-openvpn/initrd.ovpn

+2 −1

Original line number	Diff line number	Diff line
		@@ -3,6 +3,7 @@ dev tun
		ifconfig 10.8.0.2 10.8.0.1
		# Only force VLAN 2 through the VPN
		route 192.168.2.0 255.255.255.0 10.8.0.1
		cipher AES-256-CBC
		secret [inline]
		<secret>
		#