Commit Graph

2 Commits

Author SHA1 Message Date
Raphael Robatsch
9f874dd95e nixos/tests/initrd-network-openvpn: fix
- The default cipher is BF-CBC, which openvpn refuses to use by default.
  Switched to AES-256-CBC.
- openvpn does not require an external "ip" executable anymore, and does
  not support the "ipconfig" option by default, so remove that option.
2022-12-03 10:32:38 +01:00
CRTified
c684398c6a nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs

The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.

This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.

The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:

  - The client that uses boot.initrd.network.openvpn
  - An OpenVPN server that acts as gateway and forwards a port
    to the client
  - A node that is external to the OpenVPN network

The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00