I like the user "nobody" and chroot "dir" option with openvpn. I want to
use this together with the up and down script support. I tried to configure
a packetfilter with the up and down scripts. Since the up scripts runs with
root permission all scripts commands run fine. But the down script is run
within the chroot and with nobody user permissions. This causes the down
script to fail. I thought about runnig openvpn in a sh script that
supervises the openvpn prozess and run the down script from within that sh
script. But I wonder if this is a security issue.
BTW: I think running the openvpn down script after removing the tun
interface is not a good idea. Because this could be a race condition
between a shutdown script and a up script. I can image a situation where
one openvpn just shutdowns the tun device and run the down script while
another openvpn prozess just create the tun device. If both scripts uses
the tunX device name with e.g. iptables this could causes serious problems.
--
Claas Hilbrecht
http://www.jucs-kramkiste.de
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|