|
|
Hi, I have a box running in a remote location under no physical control. Basically it is under a desk in an office. I have moved /etc/openvpn to a blowfish encrypted loopback filesystem and created a sym link for /etc/openvpn pointing to the openvpn directory on the encrypted filesystem. As expected OpenVPN has no issues with this config. My question is, would it be OK from OpenVPNs perspective if I unmounted the filesystem once the tunnel was up? Does openvpn read config files from time to time or operate all from mem? I do use: user nobody group nobody persist-key persist-tun Just to preempt the why are you doing this question: I want to make sure someone would have to break this box while running in order to use it to get into my network. That would be a fairly tall order unless some remote exploit for ssh, openssl/openvpn came around. My guess is someone would see this box jabbering away all day on UDP/1194 and realize they could boot it from knoppix and take the keys to my network right off it. I want to make booting it and looking for key files a total waste of time. Many thanks, Dave ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |