You are not logged in.
- Topics: Active | Unanswered
#1 2016-01-03 16:57:19
- ScienceGuy3
- Member
- Registered: 2015-06-12
- Posts: 11
[Solved] Possible to start OpenVPN client WITHOUT Root?
Hi, I have openvpn configured correctly with a PIA vpn, and running:
sudo openvpn /etc/openvpn/US_Florida.confand
sudo systemctl start openvpn@US_Floridaboth work fine (obviously, because they have root access). But this causes a big problem when it comes to connecting to the VPN on startup. Enabling the systemctl service only gives a failure on boot, as once again it is performing the operation with no root access. Even running the service after I've logged in to my user account doesn't work, unless of course I use sudo.
I just do not understand how we are supposed to run an openvpn client on startup, if it doesn't have the permissions to do so in the first place.
Also, I know that a lot of people like to use networkmanager with the nm-applet to connect to their vpns, but I really want to avoid doing that right now because every time I tried there is a nasty bug where even though nm-applet shows that you are "connected" to the vpn, your real ip address is still revealed to websites. Running OpenVpn directly does not seem to cause this issue, so I would like to continue to just use openvpn for now.
Last edited by ScienceGuy3 (2016-01-03 18:49:11)
Offline
#2 2016-01-03 17:01:39
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
Enabling the systemctl service only gives a failure on boot, as once again it is performing the operation with no root access.
This is wrong, it is being run as root. Look for another reason for the failure.
Offline
#3 2016-01-03 17:05:54
- ayekat
- Member
- Registered: 2011-01-17
- Posts: 1,632
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
I just do not understand how we are supposed to run an openvpn client on startup, if it doesn't have the permissions to do so in the first place.
Is it a user service? Then yes, it likely won't have the permissions to create a VPN connection.
Otherwise, no, it should be run as root. What does the journal say?
As for why one cannot simply create a VPN connection without root permissions: it's because it involves creating network interfaces (a tun device, if I'm not mistaken), and setting up network routes, which both cannot be done as regular users.
EDIT
every time I tried there is a nasty bug where even though nm-applet shows that you are "connected" to the vpn, your real ip address is still revealed to websites.
I think this is not a bug, but rather just NetworkManager not changing the default route to the VPN, because you usually don't want to have all your connections passing through a VPN.
Have you checked whether NetworkManager still allows you to (un)set this option?
Last edited by ayekat (2016-01-03 17:18:16)
Offline
#4 2016-01-03 17:06:14
- ScienceGuy3
- Member
- Registered: 2015-06-12
- Posts: 11
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
Wow, that's really weird then. Here is my /etc/openvpn/US_Florida.conf if it helps:
client
dev tun
proto udp
remote us-florida.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
tls-client
remote-cert-tls server
auth-user-pass /etc/private-internet-access/login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.pem
auth-nocache
script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.shPerhaps it is a permissions error of some kind? I just don't understand how I can run it fine by sudo but not on startup.
Offline
#5 2016-01-03 17:13:51
- ScienceGuy3
- Member
- Registered: 2015-06-12
- Posts: 11
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
I don't believe it is a user service, as it is located in /usr/lib/systemd/system/openvpn@.service
Offline
#6 2016-01-03 17:16:14
- tom.ty89
- Member
- Registered: 2012-11-15
- Posts: 897
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
User units are in /usr/lib/systemd/user
Offline
#7 2016-01-03 17:22:50
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
So what does the journal (or systemctl status) tell you about the failure?
Offline
#8 2016-01-03 18:48:55
- ScienceGuy3
- Member
- Registered: 2015-06-12
- Posts: 11
Re: [Solved] Possible to start OpenVPN client WITHOUT Root?
Ok, I solved the problem, but I'm not 100% sure why. Just for kicks, I decided to reinstall openvpn just for kicks. Then, I deleted all my openvpn config files, and recreated only the one that I will actually use (usa-fl). That way, there is only one .conf file in the /etc/openvpn directory. When I enabled the openvpn service, now everything works great! I'm not sure which of my actions solved the problem, but I think maybe deleting those extra config files might have helped, I'm not sure.
Offline