Re: Ideas for securing OpenVPN on an OpenWrt router

To: Andrej Kacian <andrej+debian@kacian.sk>
Cc: debian-user@lists.debian.org
Subject: Re: Ideas for securing OpenVPN on an OpenWrt router
From: Eero Volotinen <eero.volotinen@iki.fi>
Date: Tue, 8 Mar 2011 18:47:15 +0200
Message-id: <[🔎] AANLkTikfQX1gZSiuRMEVyTDFPu69N_CcGUsGcdUxCRcD@mail.gmail.com>
In-reply-to: <[🔎] 20110308174017.01698b21@penny>
References: <[🔎] 12e961ad812.1858043358806244837.-6321858723867134890@zoho.com> <[🔎] 20110308174017.01698b21@penny>

2011/3/8 Andrej Kacian <andrej+debian@kacian.sk>:
> On Tue, 08 Mar 2011 07:34:24 -0800
> erikmccaskey64 <erikmccaskey64@zoho.com> wrote:
>
>> OpenWrt isn't OpenBSD, so from the "ps" command i can see that the OpenVPN
>> is runned by root. it's not so secure. How can i make it more secure?
>
> In the openvpn configuration file:
>
> user nobody
> group nogroup
>
> (or whatever equivalents OpenWrt has for these)
>
> openvpn will run as root, do necessary stuff and drop privileges.

and chroot directive also?

--
Eero

Reply to:

References:
- Ideas for securing OpenVPN on an OpenWrt router
  - From: erikmccaskey64 <erikmccaskey64@zoho.com>
- Re: Ideas for securing OpenVPN on an OpenWrt router
  - From: Andrej Kacian <andrej+debian@kacian.sk>

Prev by Date: Re: Ideas for securing OpenVPN on an OpenWrt router
Next by Date: Re: Internet connection sharing?
Previous by thread: Re: Ideas for securing OpenVPN on an OpenWrt router
Next by thread: xen hypervisor on sid, no xen kernel
Index(es):
- Date
- Thread