On 5/15/25 11:49, David Sommerseth wrote:
Try to change the owner of the key file from root to openvpn.
The openvpn-server@.service and openvpn-client@.service units has been
written to lock down and strip the openvpn process from as many
privileges as possible. Unfortunately, the list of needed privileges is
still fairly long.
chown will make it running.
What I do not understand is: As far as I know, openvpn is started with
root rights to build the context for a running instance. If that is
true, why can't the key been read during that phase and has to be made
available for user openvpn (at least with arch)? Or is my
assumption/understanding wrong?
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
