From 86ed4185e13a4b1f95321e431b8e4fe27f34174e Mon Sep 17 00:00:00 2001 From: SqrtMinusOne Date: Wed, 31 Aug 2022 21:04:13 +0300 Subject: [PATCH] fix(guix): docs --- Guix.org | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Guix.org b/Guix.org index 4f53a4d..46b59a5 100644 --- a/Guix.org +++ b/Guix.org @@ -516,7 +516,7 @@ Don't forget to install =JetBrainsMono Nerd Font=. I'm not sure how to properly spin up VPN on Guix, so here is what ended I'm doing after some trial and error. -I'm using CyberGhost VPN. =~/.vpn= folder stores its OpenVPN config (=openvpn.ovpn=), modified as follows: +I'm using Mullvad VPN. The =~/.vpn= folder stores its OpenVPN config (=openvpn.ovpn=), modified as follows: - paths to =ca=, =cert= and =key= are made absolute #+begin_src conf-space :tangle no ca /home/pavel/.vpn/ca.crt @@ -532,7 +532,7 @@ I'm using CyberGhost VPN. =~/.vpn= folder stores its OpenVPN config (=openvpn.ov login password #+end_src -- Run [[https://github.com/alfredopalhares/openvpn-update-resolv-conf][openvpn-update-resolv-conf]] script to fix DNS. =openvpn-update-resolve-conf= originates in my [[https://github.com/SqrtMinusOne/channel-q][channel-q]]. +- Run [[https://github.com/alfredopalhares/openvpn-update-resolv-conf][openvpn-update-resolv-conf]] script to prevent DNS leaks. =openvpn-update-resolve-conf= originates in my [[https://github.com/SqrtMinusOne/channel-q][channel-q]]. Edit <2022-04-07 Thu>: Looks like this doesn't work on some connections. See the next option in that case @@ -544,7 +544,7 @@ I'm using CyberGhost VPN. =~/.vpn= folder stores its OpenVPN config (=openvpn.ov #+end_src =setenv PATH= is necessary because both =resolvconf= (openresolve) and =update-resolv-conf.sh= are shell scripts which need GNU coreutils and stuff, and OpenVPN clears PATH by default. -- Fix =etc/resolv.conf= +- Manually fix =etc/resolv.conf= to prevent DNS leaks #+begin_src sh :tangle ~/bin/scripts/fix-resolve-conf cp /etc/resolv.conf /etc/resolv.conf-bak echo "nameserver 8.8.8.8" > /etc/resolv.conf @@ -584,7 +584,9 @@ I'm using CyberGhost VPN. =~/.vpn= folder stores its OpenVPN config (=openvpn.ov #+RESULTS: *** vpn-start -As of now, CyberGhost doesn't provide ipv6, so we have to disable it. ++As of now, CyberGhost doesn't provide ipv6, so we have to disable it.+ + +Mullvad seems to provide it, so the script just launches =openvpn= with =pkexec=. #+begin_src bash :tangle ~/bin/scripts/vpn-start export DISPLAY=:0 @@ -606,8 +608,9 @@ fi pkexec openvpn --config ~/.vpn/mullvad_openvpn_linux_lv_rix/mullvad_lv_rix.conf #+end_src -*** vpn-stop -Also a script to reverse the changes. +*** +vpn-stop+ ++Also a script to reverse the changes+ +Also not necessary now. Just =herd stop vpn= and =sudo pkill vpn=. #+begin_src bash :tangle ~/bin/scripts/vpn-stop CONN=$(nmcli -f NAME con show --active | grep -Ev "(.*docker.*|NAME|br-.*|veth.*|tun.*)" | sed 's/ *$//g')