Discussion:
Run OpenVPN unprivileged as systemd user service
(too old to reply)
Király, István
2018-11-01 17:28:04 UTC
Permalink
Hello Paul, ...

As one option, it is possible to spin up a systemd-nspawn container, run
the openvpn server in there with it's own networking namespace, and map the
port of the openvpn server to the host.
You can make all kind's of scenarios, ...

Greetings, ...
Dear systemd folks,
Our users sometimes need to access the internal network of another
organization, but unfortunately SSH access is blocked, and it’s only
possible
over OpenVPN. With that, they could use their browser and SSH to access the
internal network.
Due to security reasons, we do not want to allow OpenVPN on our systems,
and
wonder, if systemd user service would enable us to run OpenVPN
unprivileged for
a user, so that the user has no chance of disturbing other users.
OpenVPN provides systemd units [1].
Do you think, it’d be easily possible, that the OpenVPN sets up the
connection
in a separate network name space, and the user can enter that name space
and
start SSH and a browser from there?
If yes, do you have any hints before I start to dig into that?
Kind regards,
Paul
[1]: https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/
_______________________________________________
systemd-devel mailing list
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
Király István
+36 209 753 758
***@D250.hu
<http://d250.hu/>
Cristian Rodríguez
2018-11-01 22:44:07 UTC
Permalink
If yes, do you have any hints before I start to dig into that?
opening TUN/TAP interfaces and changing routing is a privileged operation.
Continue reading on narkive:
Loading...