summary refs log tree commit diff
path: root/pkgs/tools/networking/strongswan
diff options
context:
space:
mode:
authorzimbatm <zimbatm@zimbatm.com>2018-09-06 15:17:52 +0100
committerzimbatm <zimbatm@zimbatm.com>2018-09-07 12:44:22 +0100
commit71e6dfdaeac64673ede9f38acd938cf27b1b70cc (patch)
tree604114ab7529435cd8a37ce01dd0fbb1b6057011 /pkgs/tools/networking/strongswan
parentca2ba44cab47767c8127d1c8633e2b581644eb8f (diff)
downloadnixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar
nixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.gz
nixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.bz2
nixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.lz
nixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.xz
nixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.tar.zst
nixpkgs-71e6dfdaeac64673ede9f38acd938cf27b1b70cc.zip
strongswan: set the right dir for TLS CA cert
This fixes an issue where the strongswan NM client is not able to
connect to a VPN. By default it tries to load the trust CA from
/usr/share/ca-certificates which doesn't exist in NixOS and most modern
distros.

See debian-related issue:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835095
Diffstat (limited to 'pkgs/tools/networking/strongswan')
-rw-r--r--pkgs/tools/networking/strongswan/default.nix5
1 files changed, 4 insertions, 1 deletions
diff --git a/pkgs/tools/networking/strongswan/default.nix b/pkgs/tools/networking/strongswan/default.nix
index 2f19294784e..d176c08829e 100644
--- a/pkgs/tools/networking/strongswan/default.nix
+++ b/pkgs/tools/networking/strongswan/default.nix
@@ -78,7 +78,10 @@ stdenv.mkDerivation rec {
          "--with-tss=trousers"
          "--enable-aikgen"
          "--enable-sqlite" ]
-    ++ optional enableNetworkManager "--enable-nm";
+    ++ optionals enableNetworkManager [
+         "--enable-nm"
+         "--with-nm-ca-dir=/etc/ssl/certs"
+    ];
 
   postInstall = ''
     # this is needed for l2tp
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-24 00:50:12 +0000