From a2e3d507f94c870959a12b85ce837e9226def539 Mon Sep 17 00:00:00 2001
From: Tigor Hutasuhut <tigor.hutasuhut@gmail.com>
Date: Fri, 21 Jun 2024 22:01:11 +0700
Subject: [PATCH] openvpn: update settings

---
 system/services/openvpn.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/system/services/openvpn.nix b/system/services/openvpn.nix
index 7512e95..981f06c 100644
--- a/system/services/openvpn.nix
+++ b/system/services/openvpn.nix
@@ -81,7 +81,7 @@ in
               secretPlaceholder = config.sops.placeholder."openvpn/clients/phone";
               ifConfig = "10.8.1.1 10.8.1.2";
             };
-            path = "/etc/openvpn/phone.ovpn";
+            path = "/nas/Syncthing/Sync/VPN/phone.ovpn";
             owner = config.profile.user.name;
           };
           "openvpn/key/laptop" = {
@@ -89,7 +89,7 @@ in
               secretPlaceholder = config.sops.placeholder."openvpn/clients/laptop";
               ifConfig = "10.8.2.1 10.8.2.2";
             };
-            path = "/etc/openvpn/laptop.ovpn";
+            path = "/nas/Syncthing/Sync/VPN/laptop.ovpn";
             owner = config.profile.user.name;
           };
         };
@@ -98,6 +98,9 @@ in
       config = ''
         dev ${vpn-dev}
         proto udp
+        status /tmp/openvpn-status.log
+
+        comp-lzo no
 
         tls-server
         cipher AES-256-CBC
@@ -105,7 +108,6 @@ in
 
         server 10.10.10.0 255.255.255.0
 
-        allow-compression no
         ca ${config.sops.secrets."openvpn/server/ca".path}
         cert ${config.sops.secrets."openvpn/server/cert".path}
         key ${config.sops.secrets."openvpn/server/key".path}
@@ -116,6 +118,10 @@ in
         ping-timer-rem
         persist-tun
         persist-key
+
+        push "block-outside-dns"
+        push "dhcp-option 192.168.100.3"
+        push "comp-lzo no"
       '';
       autoStart = true;
     };