FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-07-2009, 04:46 AM
"H.S."
 
Default running openvpn client as non-root user?

Hello,

I have just finished installing openvpn server on my router machine
running Debian Testing.

For now I can connect from a client machine using openvpn client but
only as a root user (or by using sudo). The client is an Ubuntu machine.

Since I am new to all this openvpn stuff, I have a few basic questions
regarding the clients:
Do all clients need to run openvpn client command as root or by using sudo?
If not, then what is the right way to do so as a non-root user?
If yes, then what is the best way to go about it? Do I set up sudo for
all users to be able to use openvpn command without having to sudo
explicitly?

Thanks.


--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-07-2009, 08:36 AM
Joe
 
Default running openvpn client as non-root user?

H.S. wrote:

Hello,

I have just finished installing openvpn server on my router machine
running Debian Testing.

For now I can connect from a client machine using openvpn client but
only as a root user (or by using sudo). The client is an Ubuntu machine.

Since I am new to all this openvpn stuff, I have a few basic questions
regarding the clients:
Do all clients need to run openvpn client command as root or by using sudo?
If not, then what is the right way to do so as a non-root user?
If yes, then what is the best way to go about it? Do I set up sudo for
all users to be able to use openvpn command without having to sudo
explicitly?



On Netbook Remix, so I assume also the mainstream version, the Network
Manager can set up connections to OpenVPN (it needs a plug-in), and it
did not ask me for a password on each use. It was certainly willing to
store the client certificate private key passphrase. I don't have the
machine at the moment, and I can't recall if I even needed root
credentials to configure the connection.


--
Joe


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-07-2009, 09:09 AM
Gilles Mocellin
 
Default running openvpn client as non-root user?

On Sat, Nov 07, 2009 at 12:46:01AM -0500, H.S. wrote:
> Hello,
>
> I have just finished installing openvpn server on my router machine
> running Debian Testing.
>
> For now I can connect from a client machine using openvpn client but
> only as a root user (or by using sudo). The client is an Ubuntu machine.
>
> Since I am new to all this openvpn stuff, I have a few basic questions
> regarding the clients:
> Do all clients need to run openvpn client command as root or by using sudo?
> If not, then what is the right way to do so as a non-root user?
> If yes, then what is the best way to go about it? Do I set up sudo for
> all users to be able to use openvpn command without having to sudo
> explicitly?

I think openvpn must have some privileges, as it can modify the route
table.
I use it with sudo at home.

But, I know that NetworkManager can open VPN connections. Here I think
it involves a daemon, running as root, and a desktop applet, running as the user, which talk to the
daemon.
 
Old 11-07-2009, 03:32 PM
"H.S."
 
Default running openvpn client as non-root user?

Gilles Mocellin wrote:
> On Sat, Nov 07, 2009 at 12:46:01AM -0500, H.S. wrote:
>> Hello,
>>
>> I have just finished installing openvpn server on my router machine
>> running Debian Testing.
>>
>> For now I can connect from a client machine using openvpn client but
>> only as a root user (or by using sudo). The client is an Ubuntu machine.
>>
>> Since I am new to all this openvpn stuff, I have a few basic questions
>> regarding the clients:
>> Do all clients need to run openvpn client command as root or by using sudo?
>> If not, then what is the right way to do so as a non-root user?
>> If yes, then what is the best way to go about it? Do I set up sudo for
>> all users to be able to use openvpn command without having to sudo
>> explicitly?
>
> I think openvpn must have some privileges, as it can modify the route
> table.
> I use it with sudo at home.
>
> But, I know that NetworkManager can open VPN connections. Here I think
> it involves a daemon, running as root, and a desktop applet, running as the user, which talk to the
> daemon.

The client in my case is a laptop and it is running wicd, not
network-manager. IIRC, wicd deals better with wpa and wpa2 in wireless
connection (at it least when I installed it to replace networ-manager).

I have since tried to give sudo access to openvpn command to the users.
That has not worked as well, I think it needed sudo access to some
additional commands (e.g. routing, as you mention).



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 11-07-2009, 04:38 PM
"H.S."
 
Default running openvpn client as non-root user?

Gilles Mocellin wrote:
> On Sat, Nov 07, 2009 at 12:46:01AM -0500, H.S. wrote:
>> Hello,
>>
>> I have just finished installing openvpn server on my router machine
>> running Debian Testing.
>>
>> For now I can connect from a client machine using openvpn client but
>> only as a root user (or by using sudo). The client is an Ubuntu machine.
>>
>> Since I am new to all this openvpn stuff, I have a few basic questions
>> regarding the clients:
>> Do all clients need to run openvpn client command as root or by using sudo?
>> If not, then what is the right way to do so as a non-root user?
>> If yes, then what is the best way to go about it? Do I set up sudo for
>> all users to be able to use openvpn command without having to sudo
>> explicitly?
>
> I think openvpn must have some privileges, as it can modify the route
> table.
> I use it with sudo at home.
>
> But, I know that NetworkManager can open VPN connections. Here I think
> it involves a daemon, running as root, and a desktop applet, running as the user, which talk to the
> daemon.

Okay, I removed wicd and installed network-manager. I have configured
the VPN parameters but the manager gives an error something like no
secret key found.

Searching google showed that not entering the password while setting up
the manager's VPN parameters helps. No go that way either.

BTW, in nm, I do not get a choice of setting up X.509 type of
connection. Is that normal?



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 01:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org