Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
run OpenVPN with a different user then root
« previous
next »
Print
Pages: [
1
]
Author
Topic: run OpenVPN with a different user then root (Read 2039 times)
manzano
Newbie
Posts: 4
Karma: 0
run OpenVPN with a different user then root
«
on:
February 16, 2021, 11:06:29 am »
Hi, I would like to know if its possible to run the OpenVPN service with a user I created and not as root. So far I used the console to stop the OpenVPN service to then try to restart it using a different user, however that didn't work and caused the problem that clients could no longer connect to the VPN server.
If you have any ideas or experience how I can pull that of your help is much appreciated since I'm overall new to OPNsense.
Tanks a lot
Manzano
Logged
Patrick M. Hausen
Hero Member
Posts: 6848
Karma: 575
Re: run OpenVPN with a different user then root
«
Reply #1 on:
February 16, 2021, 11:30:52 am »
OpenVPN needs to create interfaces, assign IP addresses and routes - all of which needs root privileges. What are you hoping to achieve?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
manzano
Newbie
Posts: 4
Karma: 0
Re: run OpenVPN with a different user then root
«
Reply #2 on:
February 21, 2021, 11:20:15 am »
Sorry my question was wrong.
I want to send the OpenVPN logs in OPNsense to a SIEM using a universal forwarder. Unfortunately the access of the OpenVPN log requires root so I have to run the Splunk Forwarder also as root to be able to read the logs. My end goal is to have a user Splunk which runs the Forwarder and has access to the log but is not root. So I need a solution for the Splunk user to read the log without being root while at the same time not changing the access right on the file if possible.
Thanks in advance
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: run OpenVPN with a different user then root
«
Reply #3 on:
February 21, 2021, 04:34:55 pm »
Add these lines to your OpenVPN server config:
--user splunk
--persist-keys
You can do this (for now) from VPN, OpenVPN, Servers, edit, but you'll have to go command line at some point.
(lots of) details are here:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
Bart...
Logged
manzano
Newbie
Posts: 4
Karma: 0
Re: run OpenVPN with a different user then root
«
Reply #4 on:
February 23, 2021, 09:48:37 pm »
Tanks for the Help!
I have no problem with working over the console.
After I added the lines to the server.conf and restarted the service I could no longer connect clients. Only after removing the two lines was I able to connect again. Any tips on that?
Thanks in advance
Manzano
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: run OpenVPN with a different user then root
«
Reply #5 on:
February 24, 2021, 07:26:32 am »
Does the daemon listen on the port you've specified? Check netstat -lun | grep vpn for evidence.
Increase the logging output for the log with verb options to see where the problems are.
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
run OpenVPN with a different user then root