|
|
Tony wrote:
I'm trying to secure this installation and so far I see some strange
things:
1) "ta.key" file must be accessible for a non-admin user. Why? I
thought this file is for openvpn.exe's use as the service. It
should not be user-accessible, should it?
Can you suggest why I must make "ta.key" be user-accessible?
I do not like this.
Well, if you're running the OpenVPN daemon as a user, the key needs to
be accessible to the user as well; otherwise, how will the OpenVPN
process read it?
Safer is to run OpenVPN as a service and use the management interface to
start it up / provide a username and password / etc.
(I'm a *nix admin and don't know the details of how the
running-OpenVPN-as-a-user mechanism works on win32, so there might be
another solution... but just running it as a service and using the
management interface is a sure thing in this context. If 'yall Windows
people had an equivalent to sudo available, that would make for an easy
resolution to this issue as well).
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|