[systemd-devel] Run OpenVPN unprivileged as systemd user service

Király, István LaKing at d250.hu
Thu Nov 1 17:28:04 UTC 2018


Hello Paul, ...

As one option, it is possible to spin up a systemd-nspawn container, run
the openvpn server in there with it's own networking namespace, and map the
port of the openvpn server to the host.
You can make all kind's of scenarios, ...

Greetings, ...


Paul Menzel <pmenzel+systemd-devel at molgen.mpg.de> ezt írta (időpont: 2018.
nov. 1., Cs, 13:41):

> Dear systemd folks,
>
>
> Our users sometimes need to access the internal network of another
> organization, but unfortunately SSH access is blocked, and it’s only
> possible
> over OpenVPN. With that, they could use their browser and SSH to access the
> internal network.
>
> Due to security reasons, we do not want to allow OpenVPN on our systems,
> and
> wonder, if systemd user service would enable us to run OpenVPN
> unprivileged for
> a user, so that the user has no chance of disturbing other users.
>
> OpenVPN provides systemd units [1].
>
> Do you think, it’d be easily possible, that the OpenVPN sets up the
> connection
> in a separate network name space, and the user can enter that name space
> and
> start SSH and a browser from there?
>
> If yes, do you have any hints before I start to dig into that?
>
>
> Kind regards,
>
> Paul
>
>
> [1]: https://github.com/OpenVPN/openvpn/blob/master/distro/systemd/
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>


-- 
 Király István
+36 209 753 758
LaKing at D250.hu
<http://d250.hu/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20181101/9a4d339c/attachment.html>


More information about the systemd-devel mailing list