It is not recommended to use --management on a TCP port without also adding a password authentication, as this can easily be abused by other users or processes being able to connect to the managmement interface.
Thus issue a warning that this configuration is strongly discouraged. Signed-off-by: David Sommerseth <dav...@openvpn.net> --- src/openvpn/options.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 41a42cf2..e0c0894b 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2170,6 +2170,14 @@ options_postprocess_verify_ce(const struct options *options, const struct connec { msg(M_USAGE, "--management-client-(user|group) can only be used on unix domain sockets"); } + + if (!(options->management_flags & MF_UNIX_SOCK) + && (!options->management_user_pass)) + { + msg(M_WARN, "WARNING: Using --management on a TCP port WITHOUT " + "passwords is STRONGLY discouraged and considered insecure"); + } + #endif /* -- 2.13.5 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel