Unprivileged openvpn user

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
zog22
OpenVpn Newbie
Posts: 2
Joined: Tue Aug 17, 2021 10:05 am

Unprivileged openvpn user

Post by zog22 » Tue Aug 17, 2021 10:22 am

I'm trying hard to deploy docker container following this wiki page https://community.openvpn.net/openvpn/w ... ilegedUser but it seems like to be deprecated.

Can't find the next code at /etc/rc.d/init.d/openvpn

Code: Select all

$openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security
Can someone update the tutorial or help me with running docker ovpn client without root?
I can't really find any useful articles about my problem, but at the same time I have found a lot of articles about the danger of running root images.
All suggestions are welcome.
Top
zog22
OpenVpn Newbie
Posts: 2
Joined: Tue Aug 17, 2021 10:05 am

Unprivileged openvpn user

Post by zog22 » Thu Aug 19, 2021 8:53 am

Hi everybody
I'm trying to run ovpn by an unprivileged user in docker container following this tutorial: https://community.openvpn.net/openvpn/w ... ilegedUser
Here is my dockerfile:

Code: Select all

FROM debian

RUN apt -y update && apt-get -y install sudo iproute2 build-essential libssl-dev liblzo2-dev libpam0g-dev curl \
    && adduser -q --disabled-password openvpn && usermod -aG openvpn openvpn  \
    && echo "openvpn ALL=(ALL) NOPASSWD: /sbin/ip" >> /etc/sudoers && echo "Defaults:openvpn !requiretty" >> /etc/sudoers \
    && mkdir /usr/local/lib/gssntlmssp && mkdir -p /usr/etc/gss/mech.d
COPY unpriv-ip /usr/local/sbin/unpriv-ip
RUN chmod 755 /usr/local/sbin/unpriv-ip
COPY entrypoint.sh /

COPY openvpn-2.5.3.tar.gz /opt
WORKDIR /opt
RUN tar xfz openvpn-2.5.3.tar.gz
WORKDIR /opt/openvpn-2.5.3
RUN ./configure --enable-iproute2 && make && make install
COPY client.ovpn /etc/openvpn/client.ovpn

COPY openvpn.sh /etc/init.d/openvpn
RUN chmod 755 /etc/init.d/openvpn

COPY openvpn-startup /etc/openvpn/openvpn-startup.conf
COPY service /etc/init.d/openvpn-su
RUN  ls -la /etc/init.d/ &&   service openvpn condrestart  && update-rc.d openvpn-su start 3 && service --status-all 
RUN touch /etc/rc.local && chmod +x /etc/rc.local && echo "#!/bin/sh" >> /etc/rc.local \
    && echo "openvpn --rmtun --dev tun0" >> /etc/rc.local \
    && echo "openvpn --mktun --dev tun0 --dev-type tun --user openvpn --group openvpn" >> /etc/rc.local \
    && echo "pizdec;`date`" >> /home/openvpn/text
USER openvpn
ENTRYPOINT /entrypoint.sh
I still have the next error:

Code: Select all

2021-08-19 08:52:48 ERROR: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1)

2021-08-19 08:52:48 Exiting due to fatal error
How can I fix this in my situation?
Top
Post Reply

Return to “Server Administration”