Hi, I would like to know if its possible to run the OpenVPN service with a user I created and not as root. So far I used the console to stop the OpenVPN service to then try to restart it using a different user, however that didn't work and caused the problem that clients could no longer connect to the VPN server.
If you have any ideas or experience how I can pull that of your help is much appreciated since I'm overall new to OPNsense.
Tanks a lot
Manzano
OpenVPN needs to create interfaces, assign IP addresses and routes - all of which needs root privileges. What are you hoping to achieve?
Sorry my question was wrong.
I want to send the OpenVPN logs in OPNsense to a SIEM using a universal forwarder. Unfortunately the access of the OpenVPN log requires root so I have to run the Splunk Forwarder also as root to be able to read the logs. My end goal is to have a user Splunk which runs the Forwarder and has access to the log but is not root. So I need a solution for the Splunk user to read the log without being root while at the same time not changing the access right on the file if possible.
Thanks in advance
Add these lines to your OpenVPN server config:
--user splunk
--persist-keys
You can do this (for now) from VPN, OpenVPN, Servers, edit, but you'll have to go command line at some point.
(lots of) details are here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
Tanks for the Help!
I have no problem with working over the console.
After I added the lines to the server.conf and restarted the service I could no longer connect clients. Only after removing the two lines was I able to connect again. Any tips on that?
Thanks in advance
Manzano
Does the daemon listen on the port you've specified? Check netstat -lun | grep vpn for evidence.
Increase the logging output for the log with verb options to see where the problems are.
Bart...