Hello, I’m trying to set up openvpn into my workplace. I have:
services = {
openvpn.servers = {
office = {
config = '' config /root/office-untangle.conf '';
autoStart = false;
updateResolvConf = true;
};
};
transmission.enable = true;
};
...
networking.networkmanager = {
enable = true;
packages = [ pkgs.networkmanager_openvpn ];
};
networking.firewall.enable = false;
and /root/office-untangle.conf
looks like:
client
resolv-retry 20
keepalive 10 60
nobind
mute-replay-warnings
ns-cert-type server
# remote-cert-tls server
# comp-lzo
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
data-ciphers-fallback AES-128-CBC
remote officeuntangle.<<mycompany>>.com.au 1194 # public address
remote <<IP address>> 1194 # static WAN 1
ca /root/office-untangle/ca.crt
cert /root/office-untangle/office.crt
key /root/office-untangle/office.key
auth-user-pass /root/office-untangle/office.cred
where items in << >>
are omitted here for security.
When I systemctl enable openvpn-office
, it appears to connect; my manager (a network engineer) says my netstat -rn
and cat /etc/resolv.conf
both look good, but no traffic will go through the VPN; it all just hangs. If for example I ping
the DNS, or try any curl
, ping
etc. commands, they all just hang. Any default traffic (i.e., to addresses outside our office network) continues to work. It seems that the tun0
device won’t actually pass any traffic. Others are using the VPN, albeit from W*&$%#@, not from a NixOS client.
Any ideas?