1
0
mirror of https://github.com/Nyr/openvpn-install.git synced 2024-11-24 05:56:08 +03:00

run openvpn unprivileged

This commit is contained in:
jtbr 2016-04-10 18:36:15 +02:00
parent 01003c88f8
commit d844154a45

View File

@ -275,6 +275,8 @@ set_var EASYRSA_DIGEST "sha384"" > vars
./easyrsa gen-crl ./easyrsa gen-crl
# Move the stuff we need # Move the stuff we need
cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn
# Make cert revocation list readable for non-root
chmod 644 /etc/openvpn/crl.pem
# Generate server.conf # Generate server.conf
echo "port $PORT echo "port $PORT
proto udp proto udp
@ -283,6 +285,8 @@ ca ca.crt
cert server.crt cert server.crt
key server.key key server.key
dh dh.pem dh dh.pem
user nobody
group nogroup
topology subnet topology subnet
server 10.8.0.0 255.255.255.0 server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt ifconfig-pool-persist ipp.txt