nixos/tests/initrd-network-openvpn: fix

- The default cipher is BF-CBC, which openvpn refuses to use by default. Switched to AES-256-CBC. - openvpn does not require an external "ip" executable anymore, and does not support the "ipconfig" option by default, so remove that option.
2024-11-10 08:39:08 +03:00 · 2022-12-03 09:31:53 +00:00 · 2022-12-03 09:31:53 +00:00 · 9f874dd95e
commit 9f874dd95e
parent b72b8b94cf
3 changed files with 4 additions and 5 deletions
--- a/nixos/modules/system/boot/initrd-openvpn.nix
+++ b/nixos/modules/system/boot/initrd-openvpn.nix
@ -68,11 +68,8 @@ in
      $out/bin/openvpn --show-gateway
    '';

-    # Add `iproute /bin/ip` to the config, to ensure that openvpn
-    # is able to set the routes
    boot.initrd.network.postCommands = ''
-      (cat /etc/initrd.ovpn; echo -e '\niproute /bin/ip') | \
-        openvpn /dev/stdin &
+      openvpn /etc/initrd.ovpn &
    '';
  };

--- a/nixos/tests/initrd-network-openvpn/default.nix
+++ b/nixos/tests/initrd-network-openvpn/default.nix
@ -91,6 +91,7 @@ import ../make-test-python.nix ({ lib, ...}:
            config = ''
              dev tun0
              ifconfig 10.8.0.1 10.8.0.2
+              cipher AES-256-CBC
              ${secretblock}
            '';
          };
--- a/nixos/tests/initrd-network-openvpn/initrd.ovpn
+++ b/nixos/tests/initrd-network-openvpn/initrd.ovpn
@ -3,6 +3,7 @@ dev tun
 ifconfig 10.8.0.2 10.8.0.1
 # Only force VLAN 2 through the VPN
 route 192.168.2.0 255.255.255.0 10.8.0.1
+cipher AES-256-CBC
 secret [inline]
 <secret>
 #
@ -26,4 +27,4 @@ be5a69522a8e60ccb217f8521681b45d
 e7811584363597599cce2040a68ac00e
 f2125540e0f7f4adc37cb3f0d922eeb7
 -----END OpenVPN Static key V1-----
-</secret>
+</secret>