Using l2tp VPN on NixOS

Recently I had set up an l2tp VPN on Nixos, and it was difficult to get working. Eventually, I got it working and this is how I did it.

I am not an expert on NixOS or VPNs. If you know of a better way, please let me know.

Previously I was using Arch Linux, and when I needed to set up the l2tp VPN I used this guide. This guide still works on NixOS, mostly. But there are a few tricks.

This is the code I used to set up the required services and applications. I am already using NetworkManager and have configured that elsewhere in my configuration.

  # vpn
  networking.networkmanager.enableStrongSwan = true;
  services.xl2tpd.enable = true;
  services.strongswan = {
    enable = true;
    secrets = [ "ipsec.d/ipsec.nm-l2tp.secrets" ];
  };

A key line is

secrets = [ "ipsec.d/ipsec.nm-l2tp.secrets" ];

This line ensures that we don’t try writing secrets to somewhere on the read-only filesystem. If you don’t have this line, you’ll see a message in journalctl.

I also needed to install the network manager applet. This applet can be found in nixpkgs, but the name was surprising to me. It’s called networkmanagerapplet, and not called nm-applet like I expected it to be.

Once you have added the above services and applications, rebuild your NixOS system. Then reboot.

After that, you should be able to follow the Arch Linux guide I mentioned above. Good luck!