The VPN DomU is located at savannahvpn.gnu.org. (also vpn.savannah.gnu.org)
Authentication to connect to the vpn is controlled via certificates and username/password authentication. The vpn domU uses /etc/openvpn/savannah/auth.pl for processing of authentication. auth.pl checks the contents of /etc/openvpn/savannah/passwd for username/password validation. The 'passwd' file is generated from "/etc/openvpn/savannah/user-list", which contains a list of users permitted to login. The '/home/svsync/sync-passwords' script runs as user "svsyns" and gets the "password file" from colonialone (Savannah) as user "vpn" on colonialone, which is only permitted to run /home/vpn/savannah_admin_pw_file.pl. (It's worth noting the strong focus not to use the "root" user here.) -- forwarded from http://savannah.gnu.org/maintenance/VPNConfiguration#[email protected]/maintenance
