From 4b8be337e027b6bc421fb092219b7e5b25b7ec33 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 6 Jul 2026 02:37:06 +0900 Subject: [PATCH] lupine5/openvpn: additional config, open firewall --- hosts/lupine/services/openvpn.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/hosts/lupine/services/openvpn.nix b/hosts/lupine/services/openvpn.nix index 738b65b..c44c366 100644 --- a/hosts/lupine/services/openvpn.nix +++ b/hosts/lupine/services/openvpn.nix @@ -28,8 +28,10 @@ in services.openvpn.servers."ov-tunnel" = { config = renderConfig { + mode = "server"; + # TODO: use aliases - local = values.services.knutsen-vpn; + local = "0.0.0.0"; port = 1194; proto = "udp"; @@ -63,7 +65,6 @@ in ]; keepalive = "10 120"; - data-ciphers = "none"; user = "nobody"; group = "nobody"; @@ -84,9 +85,17 @@ in persist-key = true; persist-tun = true; + tls-version-min = "1.2"; + tls-version-max = "1.2"; + verb = 5; explicit-exit-notify = 1; }; }; + + networking.firewall = { + allowedTCPPorts = [ 1194 ]; + allowedUDPPorts = [ 1194 ]; + }; }