|
|
Jussi, If you downgrade privilege with --user/-group then you will not be able to re-read keys or reopen the tun/tap dev. Luckily, openvpn has the --persist-key and --persist-tun options to persist the key state and tun/tap file descriptor across the reset, so that there is no need to reopen resources which are now inaccessible due to the privilege downgrade. James Jussi Jääskeläinen <jussi.jaaskelainen@xxxxxxxxxxxx> said: > More information.. > Then I changed that key "chmod 777 upi.key" > error changes little bit.. Now it cannot open TUN/TAP dev /dev/net/tun: > Permission denied (errno=13) > > Oct 1 10:27:16 ws9 openvpn[27386]: Inactivity timeout (--ping-restart), > restarting > Oct 1 10:27:16 ws9 openvpn[27386]: Closing TCP/UDP socket > Oct 1 10:27:16 ws9 openvpn[27386]: Closing TUN/TAP device > Oct 1 10:27:16 ws9 openvpn[27386]: OpenVPN 1.5-beta7 i686-pc-linux-gnu > [SSL] [LZO] built on Sep 19 2003 > Oct 1 10:27:16 ws9 openvpn[27386]: WARNING: file '/etc/openvpn/upi.key' is > group or others accessible > Oct 1 10:27:16 ws9 openvpn[27386]: Static Encrypt: Cipher 'BF-CBC' > initialized with 128 bit key > Oct 1 10:27:16 ws9 openvpn[27386]: Static Encrypt: Using 160 bit message > digest 'SHA1' for HMAC authentication > Oct 1 10:27:16 ws9 openvpn[27386]: Static Decrypt: Cipher 'BF-CBC' > initialized with 128 bit key > Oct 1 10:27:16 ws9 openvpn[27386]: Static Decrypt: Using 160 bit message > digest 'SHA1' for HMAC authentication > Oct 1 10:27:16 ws9 openvpn[27386]: LZO compression initialized > Oct 1 10:27:16 ws9 openvpn[27386]: Data Channel MTU parms [ link_mtu=1300 > extra_frame=45 extra_buffer=19 extra_tun=0 ] > Oct 1 10:27:16 ws9 openvpn[27386]: Note: Cannot open TUN/TAP dev > /dev/net/tun: Permission denied (errno=13) > Oct 1 10:27:16 ws9 openvpn[27386]: Note: Attempting fallback to kernel 2.2 > TUN/TAP interface > Oct 1 10:27:16 ws9 openvpn[27386]: Cannot allocate TUN/TAP dev dynamically > Oct 1 10:27:16 ws9 openvpn[27386]: Exiting > Oct 1 10:27:16 ws9 kernel: divert: no divert_blk to free, tun2 not ethernet > > > -- > Computers are like airconditioners: They stop working properly if you open > Windows! > > Jussi Jääskeläinen > Tietotili Consulting Oy > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |