[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)

Subject: [Openvpn-users] Re: Securing the OpenVPN on windows: How to? (repeated)
From: Charles Duffy <cduffy@xxxxxxxxxxx>
Date: Wed, 05 Apr 2006 08:18:32 -0500

Tony wrote:

  I'm trying to secure this installation and so far I see some strange
  things:
  1) "ta.key" file must be accessible for a non-admin user. Why? I
     thought this file is for openvpn.exe's use as the service. It
     should not be user-accessible, should it?

Can you suggest why I must make "ta.key" be user-accessible?
I do not like this.

Well, if you're running the OpenVPN daemon as a user, the key needs to be accessible to the user as well; otherwise, how will the OpenVPN process read it?

Safer is to run OpenVPN as a service and use the management interface to start it up / provide a username and password / etc.

(I'm a *nix admin and don't know the details of how the running-OpenVPN-as-a-user mechanism works on win32, so there might be another solution... but just running it as a service and using the management interface is a sure thing in this context. If 'yall Windows people had an equivalent to sudo available, that would make for an easy resolution to this issue as well).


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00086.html on line 196

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00086.html on line 196