LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Configuring Openvpn to run as unpriveleged user (https://www.linuxquestions.org/questions/linux-networking-3/configuring-openvpn-to-run-as-unpriveleged-user-4175539352/)

JosephS 04-10-2015 03:16 PM
Configuring Openvpn to run as unpriveleged user
 
I am trying to set up openvpn as an unprivileged user. I am using this guide:
https://openvpn.net/index.php/open-s...ion/howto.html

When I execute:joe@crunchbang:~$ sudo service openvpn start
Starting virtual private network daemon

daemon is running but no vpn tunnel

I have these files in /etc/openvpn:
*firewall.sh
*openvpn-shutdown.sh
*openvpn-startup.sh
*update-resolv-conf
/vpn_book

Steps I followed:

Write the following script and place it at: /usr/local/sbin/unpriv-ip:
#!/bin/sh
sudo /sbin/ip $*

I added this to /etc/sudoers.d/openvpn-unpriv
joe ALL=(ALL) NOPASSWD: /sbin/ip

To openvpn-startup I added:
openvpn --enable-iproute2
openvpn --rmtun --dev tun0
openvpn --mktun --dev tun0 --type tun --user joe
openvpn --script-security 2 --up /etc/openvpn/update-resolv-conf

Added to the config file: vpnbook-ca1-udp53.ovpn
iproute /usr/local/sbin/unpriv-ip

I can open a vpn tunnel with
sudo openvpn --config vpn_book/vpnbook-ca1-udp53.ovpn if I remove iproute /usr/local/sbin/unpriv-ip from the config file.

I am new to vpns so I probably missed something. Maybe I put a config in the wrong place or forgot something, or iproute isn't working on Debian Wheezy.

Thanks

////// 04-15-2015 03:27 AM
i used to use vpnbook's service too. now using proxy.sh 10e package that i can pay with text message.
to run openvpn as a non priv user i added these to *.ovpn conf file.

Code:
user nobody
group nobody

JosephS 04-16-2015 04:36 PM
Thanks for the reply

I might change vpn providers. Now I am trying to get things configured. I am trying to run OpenVpn as an uprivileged user because I read that it was more secure.

I had to change --dev tun in this line:
openvpn --mktun --dev tun0 --type tun --user joe
to --dev-type tun

When I try to run this command I get an error:
openvpn --config vpnbook-ca1-udp53.ovpn
Options error: Unrecognized option or missing parameter(s) in vpnbook-ca1-udp53.ovpn:19: iproute (2.2.1)

I think that openvpn was not configured with iproute or I'm not using the right syntax. Do you know how to check for this? I'm not finding anything on the NET. I would like to install a package with this feature enabled or to compile if I can find a good tutorial.

Thanks


All times are GMT -5. The time now is 12:53 AM.