I configured strongswan using the following inside configuration.nix
services.strongswan.connections.mainconn.auto = “add”;
services.strongswan.connections.mainconn.eap_identity = “michael.calimlim”;
services.strongswan.connections.mainconn.esp = “aes256-sha1,3des-sha1!”;
services.strongswan.connections.mainconn.forceencaps = “yes”;
services.strongswan.connections.mainconn.ike = “aes256-sha1-modp1024,3des-sha1-modp1024!”;
services.strongswan.connections.mainconn.keyexchange = “ikev2”;
services.strongswan.connections.mainconn.left = “%defaultroute”;
services.strongswan.connections.mainconn.leftauth = “eap-mschapv2”;
services.strongswan.connections.mainconn.leftid = “any”;
services.strongswan.connections.mainconn.leftsourceip = “%config4”;
services.strongswan.connections.mainconn.lifetime = “1800”;
services.strongswan.connections.mainconn.rightauth = “pubkey”;
services.strongswan.connections.mainconn.rightsendcert = “always”;
services.strongswan.connections.mainconn.rightsubnet = “0.0.0.0/0”;
services.strongswan.connections.mainconn.type = “tunnel”;
services.strongswan.connections.subconn.also = “mainconn”;
services.strongswan.connections.subconn.right = “my.vpn.io”;
services.strongswan.connections.subconn.rightid = “my.vpn.io”;
services.strongswan.enable = true;
then nixos-rebuild switch
but it doesn’t generate the /etc/ipsec.conf file
or is it being generated somewhere else than the /etc directory?
You can run
systemctl cat strongswan and look where the Environment variable
STRONGSWAN_CONF points to.
Strange… I don’t have strongswan running as a service. I can’t even enable/start it…
that is certainly strange. I just tested it locally and it worked as expected. Can you paste the output of
system: “x86_64-linux”, multi-user?: yes, version: nix-env (Nix) 2.2, nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos
If you edit other things in your configuraton.nix do they apply after
For example adding
services.nginx.enable = true; inside your config and then checking if
systemctl status nginx returns the service as running.
You don’t need to do
systemctl enable ... on NixOS, since the system itself will take care of that.
Could you also paste the output of
I tried changing something in my configuration.nix file then executed
nixos-rebuild switch. It applied the changes but not for strongswan. I still dont have strongswan running…
nix-channel --list does not return me anything…
anyone? need some help on strongswan…
hmm, I really don’t have any idea… did you run
nix-channel --list as root?
could you paste the output of
nixos-rebuild switch somewhere?
bumping this again, anyone?
I’m no expert by any means, but running nix-channel --list should return the channels you are subscribed to. If you don’t have any channels nothing will probably work.
Try subscribing to a channel that feels relevant for you, please see this page for info.
strange, it works without any channel…
Since you don’t have any channels to fetch packages or updates I hardly think that your strongswan changes will ever take effect, as that package definition normally lives in a nixos channel.
am I missing something here?