On Sun, Nov 29, 2020 at 11:05:36AM +0100, Glennie Vignarajah wrote: Hi,
> Hello, > In order to use openvpn with non root priviliges, iproute is need as > state in openvpn's howto document [1]. By default, iproute is disabled > on compile time and needs to enabled with ``--enable-iproute2``. > > Could you, please, rebuild the openvpn package with this option? > > Many thaks and kind regards > > 1: https://community.openvpn.net/openvpn/wiki/HOWTO#UnprivilegedmodeLinuxonly Upstream actually suggested to drop iproute2 and use the newer netlink based approach. --- Netlink support On Linux, if configured without ``--enable-iproute2``, configuring IP addresses and adding/removing routes is now done via the netlink(3) kernel interface. This is much faster than calling ``ifconfig`` or ``route`` and also enables OpenVPN to run with less privileges. --- However, there is a bug over with ArchLinux that suggests this does not work out-of-the-box when you set User/Group in the configuration as opposed to setting it in the systemd unit https://bugs.archlinux.org/task/68480 (did not load for me at the moment, Google Cache helped) Could you try a fix similar to the one Arch used in https://github.com/archlinux/svntogit-packages/commit/a871e4297bb73be9c9f5eeb33630b24766366ac5#diff-d7067e90cf384bf5e9e8791cc82be773e5bce9152438b1b51ae424b0c111d1fc That is, set the user inside the systemd unit instead of in the openvpn config and add AmbientCapabilities? Bernhard
