Can openvpn (client) be setup completely sandboxed/no-root? Anyone have links to a guide for doing so?
To clarify: setting up interfaces/routes as root is no problem, but I don't want any of the protocol/transport/etc. code running as root.
-
-
Ok, sure then. It talks out a high port and needs to access a device, so nothing else would require root.
-
Is there a guide anywhere on setting it up this way?
-
not off hand. I did it a long time ago, just need to setup the capabilities right to allow dev access
-
Ideally the invoking process would open /dev/net/tun and pass it in after dropping root.
-
In existing configurations I've seen it wants root to setup if addr/route/etc. after connecting.
-
What I'd really want is to just pick a fake local ip and the networks I want to route, and have the vpn client nat-in-userspace.
-
The threat model is a compromised remote injecting malicious network configuration to client.
End of conversation
New conversation -
-
-
use setcap, seccomp-bpf and AppArmor/MAC. I don't know of any good public how-to for OpenVPN? I should probably post it...
-
I think you missed the point; see the whole thread. Giving non-root openvpn caps to let it change net ifs is not what I want.
-
Rather I want it not to change any network setup at all, just use ifs/ips I provide and nat-in-userspace to remote's ips.
-
OK. I see... I'm not sure it's that "flexible"? It would be nice to have it all pure userland/no calls to route/ip.
-
The --client-nat option seems to almost do it, but it's broken and unable to fill in the remote-provided ip.
-
And various other stuff (like pw auth) is gratuitously broken/disabled without --pull.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.