LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-10-2015, 03:16 PM   #1
JosephS
Member
 
Registered: Jun 2007
Distribution: Debian Jessie, Bunsenlabs
Posts: 586

Rep: Reputation: 38
Configuring Openvpn to run as unpriveleged user


I am trying to set up openvpn as an unprivileged user. I am using this guide:
https://openvpn.net/index.php/open-s...ion/howto.html

When I execute:joe@crunchbang:~$ sudo service openvpn start
Starting virtual private network daemon

daemon is running but no vpn tunnel

I have these files in /etc/openvpn:
*firewall.sh
*openvpn-shutdown.sh
*openvpn-startup.sh
*update-resolv-conf
/vpn_book

Steps I followed:

Write the following script and place it at: /usr/local/sbin/unpriv-ip:
#!/bin/sh
sudo /sbin/ip $*

I added this to /etc/sudoers.d/openvpn-unpriv
joe ALL=(ALL) NOPASSWD: /sbin/ip

To openvpn-startup I added:
openvpn --enable-iproute2
openvpn --rmtun --dev tun0
openvpn --mktun --dev tun0 --type tun --user joe
openvpn --script-security 2 --up /etc/openvpn/update-resolv-conf

Added to the config file: vpnbook-ca1-udp53.ovpn
iproute /usr/local/sbin/unpriv-ip

I can open a vpn tunnel with
sudo openvpn --config vpn_book/vpnbook-ca1-udp53.ovpn if I remove iproute /usr/local/sbin/unpriv-ip from the config file.

I am new to vpns so I probably missed something. Maybe I put a config in the wrong place or forgot something, or iproute isn't working on Debian Wheezy.

Thanks
 
Old 04-15-2015, 03:27 AM   #2
//////
Member
 
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824

Rep: Reputation: 350Reputation: 350Reputation: 350Reputation: 350
i used to use vpnbook's service too. now using proxy.sh 10e package that i can pay with text message.
to run openvpn as a non priv user i added these to *.ovpn conf file.

Code:
user nobody
group nobody
 
Old 04-16-2015, 04:36 PM   #3
JosephS
Member
 
Registered: Jun 2007
Distribution: Debian Jessie, Bunsenlabs
Posts: 586

Original Poster
Rep: Reputation: 38
Thanks for the reply

I might change vpn providers. Now I am trying to get things configured. I am trying to run OpenVpn as an uprivileged user because I read that it was more secure.

I had to change --dev tun in this line:
openvpn --mktun --dev tun0 --type tun --user joe
to --dev-type tun

When I try to run this command I get an error:
openvpn --config vpnbook-ca1-udp53.ovpn
Options error: Unrecognized option or missing parameter(s) in vpnbook-ca1-udp53.ovpn:19: iproute (2.2.1)

I think that openvpn was not configured with iproute or I'm not using the right syntax. Do you know how to check for this? I'm not finding anything on the NET. I would like to install a package with this feature enabled or to compile if I can find a good tutorial.

Thanks

Last edited by JosephS; 04-16-2015 at 04:37 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help setting up a unpriveleged FTP only user. mxmaniac Linux - Newbie 1 02-21-2014 08:21 PM
configuring openvpn with an ip failover Anselme Linux - Newbie 4 08-26-2012 05:40 AM
configuring openvpn in same network (i.e client and server both are in same netwrk) eshi14 Linux - Networking 4 10-31-2009 12:46 AM
Configuring OPENVPN 2.1 towhid Linux - Networking 12 07-02-2009 03:46 AM
problems configuring Kvpnc using openvpn nielsl Linux - Networking 0 08-24-2008 08:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration