From 74a4d31089d4410204a97d87673413ec138de3c9 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Fri, 1 Dec 2023 10:29:44 +0100 Subject: Update openvpn config --- .../desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem | 23 --------------------- host/software/desktop/kit.vpn.nix | 24 ++++++---------------- 2 files changed, 6 insertions(+), 41 deletions(-) delete mode 100644 host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem (limited to 'host/software') diff --git a/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem b/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem deleted file mode 100644 index 374b050..0000000 --- a/host/software/desktop/asset/T-TeleSec_GlobalRoot_Class_2.pem +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx -KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd -BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl -YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 -OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy -aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 -ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd -AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC -FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi -1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq -jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ -wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj -QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ -WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy -NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC -uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw -IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 -g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP -BSeOE6Fuwg== ------END CERTIFICATE----- diff --git a/host/software/desktop/kit.vpn.nix b/host/software/desktop/kit.vpn.nix index 039733e..9f51a42 100644 --- a/host/software/desktop/kit.vpn.nix +++ b/host/software/desktop/kit.vpn.nix @@ -3,25 +3,13 @@ { services.openvpn.servers = { KIT = { - # adapted from https://www.scc.kit.edu/scc/net/openvpn/os/debian/kit.ovpn - config = '' - client - remote 141.52.8.20 - port 1194 - dev tun - proto udp - auth-user-pass - nobind - comp-lzo no - tls-version-min 1.2 - ca ${./asset/T-TeleSec_GlobalRoot_Class_2.pem} - verify-x509-name "C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, CN=ovpn.scc.kit.edu" subject - cipher AES-256-CBC - auth SHA384 - verb 3 - script-security 2 - ''; autoStart = false; + config = let + path = pkgs.fetchurl { + url = "https://www.scc.kit.edu/scc/net/openvpn/conf/kit-split.ovpn"; + hash = "sha256-j4pCKyU7t1ZmwIGm5kuUgZ26Qiqa1jzoDZcP2x+A9pM="; + }; + in "config ${path}"; }; }; } -- cgit v1.2.3