You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2006-04-07 17:40:18
- alexthelion
- Member
- From: Switzerland
- Registered: 2004-03-06
- Posts: 117
OpenVPN, udev
I'm using OpenVPN to connect to the company LAN. I have a device /dev/net/tun that is used by OpenVPN. For that, you need to load the module "tun", which I do in rc.conf. I wanted udev to set permissions to that device so that I don't need to be root to set up the connection. I changed /etc/udev/permisions.d/udev.permissions:
# VPN tunnels
net/tun:root:storage:0660However, this device still has the group "root" instead of storage. Who knows how to accomplish that?
Offline
#2 2006-04-07 19:16:49
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: OpenVPN, udev
udev.permissions is no longer used. You need to amend the rule, or add a new one, so that the required group is set when the device is created.
The relevant rule in the default set (/etc/udev/rules.d/udev.rules) is:
# Network devices
KERNEL=="tun", NAME="net/%k"You can add GROUP="users" (not storage) to this rule, although that will be overwritten if the default rules are changed in the future. Better to create a local ruleset called 00-udev.rules in /etc/udev/rules.d and put the complete rule in there.
Offline
#3 2006-04-28 16:27:36
- alexthelion
- Member
- From: Switzerland
- Registered: 2004-03-06
- Posts: 117
Re: OpenVPN, udev
Thanks, that works so far, but now the connection precedure fails somewhere else: ifconfig
Fri Apr 28 18:25:52 2006 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
SIOCSIFDSTADDR: Permission denied
SIOCSIFFLAGS: Permission denied
SIOCSIFMTU: Operation not permittedIs there a clean solution to let a user use ifconfig? Or should I just abandon the idea of using openvpn as non-root?
Offline
#4 2006-04-28 20:24:53
- tomk
- Forum Fellow
- From: Ireland
- Registered: 2004-07-21
- Posts: 9,839
Re: OpenVPN, udev
You could use sudo, I suppose. Personally, I don't see anything wrong with configuring your tun interface as root. Network interfaces are always set up as root, but that doesn't stop users using them. For example, I use openswan for my VPN, and the ipsec0 virtual interface is set up by a daemon at boot time, immediately after the network comes up.
Offline
Pages: 1