Page 1 of 1
Setting up OpenVPN in FatDog
Posted: Thu Sep 15, 2022 8:32 pm
by Neo_78
FatDog has a repository to install OpenVPN, correct?
Which location would you recommend to store the .ovpn files supplied by your VPN provider?
In Debian you would normally run the installation script in the following way to provide your VPN credentials:
sudo apt install openvpn resolvconf
And then to launch the VPN, you would run the following:
Code: Select all
sudo openvpn --config /[path to file]/my_expressvpn_[server location].ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
How does this work in FatDog?
Is it possible to start the VPN in the terminal from a non-root account?
Is there a way to manage VPN connections from the network management tool for easier handling?
Thanks for your feedback!
Re: Setting up OpenVPN in FatDog
Posted: Fri Sep 16, 2022 10:17 am
by JakeSFR
How does this work in FatDog?
Install openvpn and openresolv packages, and download this script:
https://github.com/alfredopalhares/open ... lv-conf.sh
Make it executable and put it in /etc/openvpn
dir.
You may also want to remove the .sh extension, because in all examples I've seen, it's invoked without this extension.
[EDIT] Oh, I forgot that you'll probably need to load the tun kernel module as well:
And then:
Code: Select all
openvpn --config /[path to file]/my_expressvpn_[server location].ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
should just work.
Btw, you can embed the extra options in the .ovpn files themselves:
Code: Select all
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Which location would you recommend to store the .ovpn files supplied by your VPN provider?
I'm not aware of any official/dedicated location for OVPN files.
I keep them in my home dir, in a subfolder.
Is it possible to start the VPN in the terminal from a non-root account?
No idea, but hopefully it is. Please report back if you try.
Is there a way to manage VPN connections from the network management tool for easier handling?
It doesn't seem to have this option.
Greetings!
Re: Setting up OpenVPN in FatDog
Posted: Sat Sep 17, 2022 9:34 pm
by Neo_78
Thanks @JakeSFR. Will try that out and report back.
Re: Setting up OpenVPN in FatDog
Posted: Tue Oct 04, 2022 6:46 pm
by Neo_78
Script setup and vpn work if you run it under the root account @JakeSFR.
However, if I try to start openvpn in the terminal from a non-root user account, I get the following error:
Code: Select all
ERROR: Cannot ioctl TUNSETIF tun: Operation not permitted (errno=1)
I tried to run sudo modprobe tun
but I get the same error.
Is there a way around this to get OpenVPN working on a normal user account?
Thanks for your feedback!
Re: Setting up OpenVPN in FatDog
Posted: Tue Oct 04, 2022 7:07 pm
by JakeSFR
sudo modprobe tun
works for me for a non-root user, but there were some changes to the sudo
script, so maybe that's why.
Anyway, you can always use the /etc/modules file - you'll find instructions inside of it.
Greetings!
Re: Setting up OpenVPN in FatDog
Posted: Wed Oct 05, 2022 2:59 pm
by Neo_78
Testing this further, the only way to get the vpn going under a non-root user account is to start it as sudo openvpn
or start the respective script with tmux as sudo
with a dettached session to leave it running in the background @JakeSFR.
Not sure if that has any critical implications or if there is a solution to run openvpn completely unprivileged.
Most graphical network managers in other distributions would allow vpn sessions for non-root users without having to type the root password.
Re: Setting up OpenVPN in FatDog
Posted: Thu Oct 06, 2022 10:23 am
by JakeSFR
Not sure if that has any critical implications or if there is a solution to run openvpn completely unprivileged.
This might help, although it looks complicated: https://community.openvpn.net/openvpn/w ... ilegedUser
I guess you could also try starting the VPN (as root) in /etc/rc.d/rc.local, but this way the non-root user won't have any control over it, once it's started.
Greetings!
Re: Setting up OpenVPN in FatDog
Posted: Thu Oct 06, 2022 8:52 pm
by Neo_78
Thanks @JakeSFR. The guide looks indeed complicated.
I think the core permissions problem is that a normal user is not allowed to create a new tun device, when openvpn is started, correct? Could those permissions be adjusted?
I remember that with Gnome network manager in Ubuntu it was pretty easy for a normal non-root user to setup and control a vpn via openvpn.
Isn't there a comparable graphical network management tool for Openbox that sets the required permissions for OpenVPN so that normal users can use a VPN without too much tinkering?
Re: Setting up OpenVPN in FatDog
Posted: Sun Oct 09, 2022 3:54 pm
by jamesbond
OpenVPN needs to be started as root.
But in its config file, you have the option to drop privileges and run as another "user" or "group".
https://github.com/OpenVPN/openvpn/blob ... erver.conf
This is the standard way to run system-wide daemons.
Re: Setting up OpenVPN in FatDog
Posted: Sun Oct 09, 2022 6:08 pm
by Neo_78
Thanks @jamesbond.
Where exactly in the server.conf
do you see the options to define a specific openvpn user and / or add a custom group of allowed users?
Re: Setting up OpenVPN in FatDog
Posted: Sun Oct 16, 2022 3:15 pm
by jamesbond
Neo_78 wrote: ↑Sun Oct 09, 2022 6:08 pm
Where exactly in the server.conf
do you see the options to define a specific openvpn user
See screenshot
and / or add a custom group of allowed users?
This is more of an OpenVPN configuration question than a Fatdog question. I refer you to these:
https://openvpn.net/community-resources ... le-clients
and
https://community.openvpn.net/openvpn/w ... nVPN-Howto