It appears that the SSH VPN startup runs "/bin/sh /etc/netstart tun0"
I suspect that if I could somehow get a "sudo" in front of that things would work. Must go read source code... On Mon, Aug 15, 2011 at 10:09:48PM +1200, Graeme Neilson wrote: > Pretty sure if you change the owner / group of the tap or tun device > you are using to the user you want to bring up the tunnel you can > avoid root. > > G > > On Fri, Aug 12, 2011 at 5:40 AM, Michael W. Lucas > <mwlu...@blackhelicopters.org> wrote: > > Hi, > > > > I'm trying to get a SSH VPN working between a 4.9 i386 and a recent > > 5.0 amd64 snapshot (with the MP#49 kernel). > > > > The tunnel works fine if I SSH in as root. My guts really protest at > > enabling remote root logins, however. Yes, I can limit the access with > > a Match statement. > > > > Surely I can change some device permissions, or use sudo, to permit a > > particular otherwise-unprivileged user to bring up this VPN? Any > > suggestions on where to look for that? I've tried several Internet > > searches, but found nothing. > > > > Thanks, > > ==ml > > > > -- > > Michael W. Lucas > > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > > Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ > > mwlu...@blackhelicopters.org, Twitter @mwlauthor -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
