OPNsense Forum
English Forums => Virtual private networks => Topic started by: manzano on February 16, 2021, 11:06:29 am
-
Hi, I would like to know if its possible to run the OpenVPN service with a user I created and not as root. So far I used the console to stop the OpenVPN service to then try to restart it using a different user, however that didn't work and caused the problem that clients could no longer connect to the VPN server.
If you have any ideas or experience how I can pull that of your help is much appreciated since I'm overall new to OPNsense.
Tanks a lot
Manzano
-
OpenVPN needs to create interfaces, assign IP addresses and routes - all of which needs root privileges. What are you hoping to achieve?
-
Sorry my question was wrong.
I want to send the OpenVPN logs in OPNsense to a SIEM using a universal forwarder. Unfortunately the access of the OpenVPN log requires root so I have to run the Splunk Forwarder also as root to be able to read the logs. My end goal is to have a user Splunk which runs the Forwarder and has access to the log but is not root. So I need a solution for the Splunk user to read the log without being root while at the same time not changing the access right on the file if possible.
Thanks in advance
-
Add these lines to your OpenVPN server config:
--user splunk
--persist-keys
You can do this (for now) from VPN, OpenVPN, Servers, edit, but you'll have to go command line at some point.
(lots of) details are here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
-
Tanks for the Help!
I have no problem with working over the console.
After I added the lines to the server.conf and restarted the service I could no longer connect clients. Only after removing the two lines was I able to connect again. Any tips on that?
Thanks in advance
Manzano
-
Does the daemon listen on the port you've specified? Check netstat -lun | grep vpn for evidence.
Increase the logging output for the log with verb options to see where the problems are.
Bart...