diff options
author | zimbatm <zimbatm@zimbatm.com> | 2018-09-06 15:17:52 +0100 |
---|---|---|
committer | zimbatm <zimbatm@zimbatm.com> | 2018-09-07 12:44:22 +0100 |
commit | 71e6dfdaeac64673ede9f38acd938cf27b1b70cc (patch) | |
tree | 604114ab7529435cd8a37ce01dd0fbb1b6057011 | |
parent | ca2ba44cab47767c8127d1c8633e2b581644eb8f (diff) | |
download | nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.gz nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.bz2 nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.lz nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.xz nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.zst nixlib-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.zip |
strongswan: set the right dir for TLS CA cert
This fixes an issue where the strongswan NM client is not able to connect to a VPN. By default it tries to load the trust CA from /usr/share/ca-certificates which doesn't exist in NixOS and most modern distros. See debian-related issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835095
-rw-r--r-- | pkgs/tools/networking/strongswan/default.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix index 2f19294784ec..d176c08829e5 100644 --- a/pkgs/tools/networking/strongswan/default.nix +++ b/pkgs/tools/networking/strongswan/default.nix @@ -78,7 +78,10 @@ stdenv.mkDerivation rec { "--with-tss=trousers" "--enable-aikgen" "--enable-sqlite" ] - ++ optional enableNetworkManager "--enable-nm"; + ++ optionals enableNetworkManager [ + "--enable-nm" + "--with-nm-ca-dir=/etc/ssl/certs" + ]; postInstall = '' # this is needed for l2tp |