|
|
Douglas Renze wrote: > - What files/directories have to be in the chroot jail path in > order for OpenVPN to operate correctly? I.e., the necessary > keys to authorize clients? My client-specific configurations? You only need files which are to be read *after* the OpenVPN daemon has dropped privileges. This includes the CRL, but not the server's private keys (unless you need OpenVPN to be able to restart by re-exec'ing itself, in which case there are a *bunch* of things necessary; if you're taking steps to improve security, though, you're probably dropping privileges as well -- so it's easier just to use a process supervision mechanism for restarts and not worry about whether the re-exec'ing approach works). Trial and error wouldn't necessarily hurt; neither would filtering strace output for open() calls to see which files are accessed when. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |