|
|
Douglas Renze wrote: > - What files/directories have to be in the chroot jail path in > order for OpenVPN to operate correctly? I.e., the necessary > keys to authorize clients? My client-specific configurations? You only need files which are to be read *after* the OpenVPN daemon has dropped privileges. This includes the CRL, but not the server's private keys (unless you need OpenVPN to be able to restart by re-exec'ing itself, in which case there are a *bunch* of things necessary; if you're taking steps to improve security, though, you're probably dropping privileges as well -- so it's easier just to use a process supervision mechanism for restarts and not worry about whether the re-exec'ing approach works). Trial and error wouldn't necessarily hurt; neither would filtering strace output for open() calls to see which files are accessed when. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00010.html on line 190 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00010.html on line 190 |