|
|
Hi, I have a box running in a remote location under no physical control. Basically it is under a desk in an office. I have moved /etc/openvpn to a blowfish encrypted loopback filesystem and created a sym link for /etc/openvpn pointing to the openvpn directory on the encrypted filesystem. As expected OpenVPN has no issues with this config. My question is, would it be OK from OpenVPNs perspective if I unmounted the filesystem once the tunnel was up? Does openvpn read config files from time to time or operate all from mem? I do use: user nobody group nobody persist-key persist-tun Just to preempt the why are you doing this question: I want to make sure someone would have to break this box while running in order to use it to get into my network. That would be a fairly tall order unless some remote exploit for ssh, openssl/openvpn came around. My guess is someone would see this box jabbering away all day on UDP/1194 and realize they could boot it from knoppix and take the keys to my network right off it. I want to make booting it and looking for key files a total waste of time. Many thanks, Dave ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00048.html on line 202 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-12/msg00048.html on line 202 |