Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   running openvpn client as non-root user? (http://www.linux-archive.org/debian-user/276394-running-openvpn-client-non-root-user.html)

"H.S." 11-07-2009 04:46 AM

running openvpn client as non-root user?
 
Hello,

I have just finished installing openvpn server on my router machine
running Debian Testing.

For now I can connect from a client machine using openvpn client but
only as a root user (or by using sudo). The client is an Ubuntu machine.

Since I am new to all this openvpn stuff, I have a few basic questions
regarding the clients:
Do all clients need to run openvpn client command as root or by using sudo?
If not, then what is the right way to do so as a non-root user?
If yes, then what is the best way to go about it? Do I set up sudo for
all users to be able to use openvpn command without having to sudo
explicitly?

Thanks.


--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Joe 11-07-2009 08:36 AM

running openvpn client as non-root user?
 
H.S. wrote:

Hello,

I have just finished installing openvpn server on my router machine
running Debian Testing.

For now I can connect from a client machine using openvpn client but
only as a root user (or by using sudo). The client is an Ubuntu machine.

Since I am new to all this openvpn stuff, I have a few basic questions
regarding the clients:
Do all clients need to run openvpn client command as root or by using sudo?
If not, then what is the right way to do so as a non-root user?
If yes, then what is the best way to go about it? Do I set up sudo for
all users to be able to use openvpn command without having to sudo
explicitly?



On Netbook Remix, so I assume also the mainstream version, the Network
Manager can set up connections to OpenVPN (it needs a plug-in), and it
did not ask me for a password on each use. It was certainly willing to
store the client certificate private key passphrase. I don't have the
machine at the moment, and I can't recall if I even needed root
credentials to configure the connection.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Gilles Mocellin 11-07-2009 09:09 AM

running openvpn client as non-root user?
 
On Sat, Nov 07, 2009 at 12:46:01AM -0500, H.S. wrote:
> Hello,
>
> I have just finished installing openvpn server on my router machine
> running Debian Testing.
>
> For now I can connect from a client machine using openvpn client but
> only as a root user (or by using sudo). The client is an Ubuntu machine.
>
> Since I am new to all this openvpn stuff, I have a few basic questions
> regarding the clients:
> Do all clients need to run openvpn client command as root or by using sudo?
> If not, then what is the right way to do so as a non-root user?
> If yes, then what is the best way to go about it? Do I set up sudo for
> all users to be able to use openvpn command without having to sudo
> explicitly?

I think openvpn must have some privileges, as it can modify the route
table.
I use it with sudo at home.

But, I know that NetworkManager can open VPN connections. Here I think
it involves a daemon, running as root, and a desktop applet, running as the user, which talk to the
daemon.

"H.S." 11-07-2009 03:32 PM

running openvpn client as non-root user?
 
Gilles Mocellin wrote:
> On Sat, Nov 07, 2009 at 12:46:01AM -0500, H.S. wrote:
>> Hello,
>>
>> I have just finished installing openvpn server on my router machine
>> running Debian Testing.
>>
>> For now I can connect from a client machine using openvpn client but
>> only as a root user (or by using sudo). The client is an Ubuntu machine.
>>
>> Since I am new to all this openvpn stuff, I have a few basic questions
>> regarding the clients:
>> Do all clients need to run openvpn client command as root or by using sudo?
>> If not, then what is the right way to do so as a non-root user?
>> If yes, then what is the best way to go about it? Do I set up sudo for
>> all users to be able to use openvpn command without having to sudo
>> explicitly?
>
> I think openvpn must have some privileges, as it can modify the route
> table.
> I use it with sudo at home.
>
> But, I know that NetworkManager can open VPN connections. Here I think
> it involves a daemon, running as root, and a desktop applet, running as the user, which talk to the
> daemon.

The client in my case is a laptop and it is running wicd, not
network-manager. IIRC, wicd deals better with wpa and wpa2 in wireless
connection (at it least when I installed it to replace networ-manager).

I have since tried to give sudo access to openvpn command to the users.
That has not worked as well, I think it needed sudo access to some
additional commands (e.g. routing, as you mention).



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"H.S." 11-07-2009 04:38 PM

running openvpn client as non-root user?
 
Gilles Mocellin wrote:
> On Sat, Nov 07, 2009 at 12:46:01AM -0500, H.S. wrote:
>> Hello,
>>
>> I have just finished installing openvpn server on my router machine
>> running Debian Testing.
>>
>> For now I can connect from a client machine using openvpn client but
>> only as a root user (or by using sudo). The client is an Ubuntu machine.
>>
>> Since I am new to all this openvpn stuff, I have a few basic questions
>> regarding the clients:
>> Do all clients need to run openvpn client command as root or by using sudo?
>> If not, then what is the right way to do so as a non-root user?
>> If yes, then what is the best way to go about it? Do I set up sudo for
>> all users to be able to use openvpn command without having to sudo
>> explicitly?
>
> I think openvpn must have some privileges, as it can modify the route
> table.
> I use it with sudo at home.
>
> But, I know that NetworkManager can open VPN connections. Here I think
> it involves a daemon, running as root, and a desktop applet, running as the user, which talk to the
> daemon.

Okay, I removed wicd and installed network-manager. I have configured
the VPN parameters but the manager gives an error something like no
secret key found.

Searching google showed that not entering the password while setting up
the manager's VPN parameters helps. No go that way either.

BTW, in nm, I do not get a choice of setting up X.509 type of
connection. Is that normal?



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 03:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.