Configuring Openvpn to run as unpriveleged user
I am trying to set up openvpn as an unprivileged user. I am using this guide:
https://openvpn.net/index.php/open-s...ion/howto.html When I execute:joe@crunchbang:~$ sudo service openvpn start Starting virtual private network daemon daemon is running but no vpn tunnel I have these files in /etc/openvpn: *firewall.sh *openvpn-shutdown.sh *openvpn-startup.sh *update-resolv-conf /vpn_book Steps I followed: Write the following script and place it at: /usr/local/sbin/unpriv-ip: #!/bin/sh sudo /sbin/ip $* I added this to /etc/sudoers.d/openvpn-unpriv joe ALL=(ALL) NOPASSWD: /sbin/ip To openvpn-startup I added: openvpn --enable-iproute2 openvpn --rmtun --dev tun0 openvpn --mktun --dev tun0 --type tun --user joe openvpn --script-security 2 --up /etc/openvpn/update-resolv-conf Added to the config file: vpnbook-ca1-udp53.ovpn iproute /usr/local/sbin/unpriv-ip I can open a vpn tunnel with sudo openvpn --config vpn_book/vpnbook-ca1-udp53.ovpn if I remove iproute /usr/local/sbin/unpriv-ip from the config file. I am new to vpns so I probably missed something. Maybe I put a config in the wrong place or forgot something, or iproute isn't working on Debian Wheezy. Thanks |
i used to use vpnbook's service too. now using proxy.sh 10e package that i can pay with text message.
to run openvpn as a non priv user i added these to *.ovpn conf file. Code:
user nobody |
Thanks for the reply
I might change vpn providers. Now I am trying to get things configured. I am trying to run OpenVpn as an uprivileged user because I read that it was more secure. I had to change --dev tun in this line: openvpn --mktun --dev tun0 --type tun --user joe to --dev-type tun When I try to run this command I get an error: openvpn --config vpnbook-ca1-udp53.ovpn Options error: Unrecognized option or missing parameter(s) in vpnbook-ca1-udp53.ovpn:19: iproute (2.2.1) I think that openvpn was not configured with iproute or I'm not using the right syntax. Do you know how to check for this? I'm not finding anything on the NET. I would like to install a package with this feature enabled or to compile if I can find a good tutorial. Thanks |
All times are GMT -5. The time now is 12:53 AM. |