Can openvpn (client) be setup completely sandboxed/no-root? Anyone have links to a guide for doing so?
-
-
Replying to @RichFelker
To clarify: setting up interfaces/routes as root is no problem, but I don't want any of the protocol/transport/etc. code running as root.
2 replies 0 retweets 0 likes -
Replying to @RichFelker
use setcap, seccomp-bpf and AppArmor/MAC. I don't know of any good public how-to for OpenVPN? I should probably post it...
1 reply 0 retweets 0 likes -
Replying to @dyn___
I think you missed the point; see the whole thread. Giving non-root openvpn caps to let it change net ifs is not what I want.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @dyn___
Rather I want it not to change any network setup at all, just use ifs/ips I provide and nat-in-userspace to remote's ips.
1 reply 0 retweets 1 like -
Replying to @RichFelker
OK. I see... I'm not sure it's that "flexible"? It would be nice to have it all pure userland/no calls to route/ip.
1 reply 0 retweets 0 likes -
Replying to @dyn___
The --client-nat option seems to almost do it, but it's broken and unable to fill in the remote-provided ip.
1 reply 0 retweets 1 like
And various other stuff (like pw auth) is gratuitously broken/disabled without --pull.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.