diff --git a/.gitignore b/.gitignore
index 60c9838..2e7cfdb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,5 +4,6 @@ entropy/mail/neomutt/signature.txt
 entropy/mail/neomutt/notmuch-hook.sh
 entropy/mail/neomutt/whoami.muttrc
 entropy/vpn/credentials.txt
+entropy/vpn/openconnect.txt
 
 **/*.swp
diff --git a/entropy/initialize.sh b/entropy/initialize.sh
index f331bdd..195d575 100755
--- a/entropy/initialize.sh
+++ b/entropy/initialize.sh
@@ -76,11 +76,14 @@ ln -s $PWD/mail/.notmuch-config ~/.notmuch-config
 mkdir -p ~/.mail/tu-dresden
 notmuch new
 
-# set up openvpn connection
+# set up vpn connections
 printf "\033[33m[info] Configuring OpenVPN\033[39m"
 cd vpn
 pass mail/tud-user | head -1 >> credentials.txt
 pass mail/tud | head -1 >> credentials.txt
+pass mail/tud | head -1 > openconnect.txt
+chmod 600 credentials.txt
+chmod 600 openconnect.txt
 cd ..
 ln -s $PWD/vpn ~/.config/vpn
 
diff --git a/entropy/nixos/configuration.nix b/entropy/nixos/configuration.nix
index 2036231..84d6710 100644
--- a/entropy/nixos/configuration.nix
+++ b/entropy/nixos/configuration.nix
@@ -18,6 +18,9 @@ in
       # Hardware support for Moonlander & U2F
       ./modules/hardware.nix
 
+      # Network & VPN configuration
+      ./modules/networking.nix
+
       ./modules/audio.nix
       ./modules/video.nix
       #./modules/v4l2loopback.nix
@@ -49,32 +52,6 @@ in
   # ------------ kernel -------------------------------------------------------
   boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_10;
 
-  # ------------ networking ---------------------------------------------------
-  networking.hostName = "entropy"; # Define your hostname.
-  networking.wireless = {
-    enable = true;  # Enables wireless support via wpa_supplicant.
-    interfaces = [ "wlp0s20f3" ];
-  };
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.enp0s31f6.useDHCP = true;
-  # USB-C dock
-  networking.interfaces.enp0s20f0u2u1.useDHCP = true;
-  networking.interfaces.wlp0s20f3.useDHCP = true;
-
-  # enable OpenVPN for connecting to the TUD network
-  services.openvpn.servers.tud = {
-    config = '' config /home/felix/.config/vpn/TUD.ovpn '';
-    autoStart = false; #true;
-    updateResolvConf = true;
-  };
-
-  # for SAMBA file shares
-  services.gvfs.enable = true;
-
-
   # ------------ time, location & input ---------------------------------------
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
diff --git a/entropy/nixos/modules/networking.nix b/entropy/nixos/modules/networking.nix
new file mode 100644
index 0000000..cccfede
--- /dev/null
+++ b/entropy/nixos/modules/networking.nix
@@ -0,0 +1,49 @@
+{ ... }:
+
+{
+  # ------------ networking ---------------------------------------------------
+  networking.hostName = "entropy"; # Define your hostname.
+  networking.wireless = {
+    enable = true;  # Enables wireless support via wpa_supplicant.
+    interfaces = [ "wlp0s20f3" ];
+  };
+
+  # NOTE(feliix42): This option set was the default prior to 22.05 but is now replaced by the `networking.useDHCP` setting in the hardware config.
+  ## The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  ## Per-interface useDHCP will be mandatory in the future, so this generated config
+  ## replicates the default behaviour.
+  #networking.useDHCP = false;
+  #networking.interfaces.enp0s31f6.useDHCP = true;
+  ## USB-C dock
+  #networking.interfaces.enp0s20f0u2u1.useDHCP = true;
+  #networking.interfaces.wlp0s20f3.useDHCP = true;
+
+  # enable OpenVPN for connecting to the TUD network
+  services.openvpn.servers.tud = {
+    config = '' config /home/felix/.config/vpn/TUD.ovpn '';
+    autoStart = false; #true;
+    updateResolvConf = true;
+  };
+
+  networking.openconnect.interfaces = {
+    ccc = {
+      user = "s6525655@vpn-cfaed-cpb-ma";
+      protocol = "anyconnect";
+      gateway = "vpn2.zih.tu-dresden.de";
+      passwordFile = /home/felix/.config/vpn/openconnect.txt;
+      extraOptions = {
+        authgroup = "A-Tunnel-TU-Networks";
+        compression = "stateless";
+        no-dtls = true;
+        no-http-keepalive = true;
+        pfs = true;
+      };
+      autoStart = false;
+    };
+  };
+
+  # for SAMBA file shares
+  services.gvfs.enable = true;
+
+
+}
diff --git a/entropy/nixos/modules/r.nix b/entropy/nixos/modules/r.nix
index b697c09..428b441 100644
--- a/entropy/nixos/modules/r.nix
+++ b/entropy/nixos/modules/r.nix
@@ -22,6 +22,6 @@
       ];
     };
   in
-    #[ R-with-my-packages rstudioEnv ];
-    [ R-with-my-packages ];
+    [ R-with-my-packages rstudioEnv ];
+    #[ R-with-my-packages ];
 }