Hi all, I had a brief email discussion about the OpenVPN privilege separation thing with James Yonan and realized that even after having read all relevant emails a couple of times, I still had a fairly vague idea of various approaches suggested here. So, to clarify my own thoughts (and to hopefully help others) I wrote this Wiki page:
<https://community.openvpn.net/openvpn/wiki/PrivilegeSeparation> James proposed yet another alternative to handle the privilege separation. It should not require OpenVPN code changes: <https://community.openvpn.net/openvpn/wiki/PrivilegeSeparation#GUIservice> Also, he shared some thoughts about implementing the interactive service: <https://community.openvpn.net/openvpn/wiki/PrivilegeSeparation#Interactiveservice> NOTE: the wiki page is incomplete and I may have omitted many important things. Please fix them instead of complaining here :). -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock