[ale] OpenVPN Question

[John Mills]

Jerry -

Thanks for your comments. They raised a question for me.

Further suggestions welcome.

 - Mills

On Fri, 3 Nov 2006, Jerry Yu wrote:

> openVPN runs as a least-privileged user such as 'nobody', so, I'd think you
> need let this 'nobody' read. other than that, as restrictive as you can be.
> The certificate is guarded by a passphrase, so use a long winding one.

Q) Are you referring to the client here, and if so, what should I do to
set openvpn's USER to 'nobody'?

> set up sudo, so you can start/stop openvpn at will as a regular user. Add a
> command line alias "alias off='sudo /etc/init.d/openvpn stop", so you can
> save a few keystrokes.

I made a 'sudo' script. 'openvpn' wanted to be started just above the
directory holding my certificates, and - in my case - that's the directory
with the *.ovpn configuration directory. I unpacked the files from our IT
dept.  into '~/.openvpn' and my script 'cd's there to run. There's
probably a cleaner way to do this. Effectively my startup is:
 # cd $HOME/.openvpn; openvpn --config <configfile>

> If you do want GUI on linux, there's a lot on sourceforge. In particular,
> OpenVPNmanager sounds like what you requested.
> http://sourceforge.net/search/?type_of_search=soft&words=openvpn+gui

Good thought. I used the GUI once to get an idea of the sequence, then 
'winged it' with my sudo script.

> On 11/3/06, John Mills <johnmills at speakeasy.net> wrote:

> > 1. I have file set with certificate, etc., for the connection. Where is it
> > appropriate to save this, and with what permissions?

> > 2. As a client I would like to open and close the tunnel manually (by
> > screen widget for example). How can I achieve this?