Re: [Openvpn-devel] [PATCH 0/2] Improve usability of non-privileged operation
On 02/08/17 20:14, Conrad Hoffmann wrote: > Ohai! > > I recently undertook the project of not having my VPN client run as root > anymore. I noticed there are a lot of questions about this on the internet, > and > I think one reason that this is more difficult then necessary is that the > "official" client.down script doesn't work when used in the conjunction with > the down-root plugin. > > I noticed that both the up and the down script get a lot of information > through > environment variables, and the up script relies on that already anyways. So I > figured doing the same in the down script would be a reasonable thing to do > (it's also what the most commonly referred to external up/down scripts do). > > With this change, the down script can actually be used with the down-root > plugin just like this: > > plugin openvpn-plugin-down-root.so "/etc/openvpn/client.down" > > Hope this makes sense, > Conrad Hi Conrad, Nice catch! And thanks for your patches! As you're a new contributor, I just wanted to let you know your patch is in the pipe now and will be reviewed and tested as soon as some of us are ready to process it. And based on a 10 seconds look, this does look correct - we just need to need to do a little test run first. -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example
On 03/08/17 19:07, debbie10t wrote: > > > On 03/08/17 17:46, David Sommerseth wrote: >> On 03/08/17 18:03, debbie...@gmail.com wrote: >>> From: Richard Bonhomme>>> >>> Signed-off-by: Richard Bonhomme >>> --- >>> doc/openvpn.8 | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/doc/openvpn.8 b/doc/openvpn.8 >>> index 20bdd91..fdd5dde 100644 >>> --- a/doc/openvpn.8 >>> +++ b/doc/openvpn.8 >>> @@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, >>> CN=Server-1" would be matched by: >>> and >>> .B \-\-verify\-x509\-name Server\-1 name >>> or you could use >>> -.B \-\-verify\-x509\-name Server -name-prefix >>> +.B \-\-verify\-x509\-name Server\- name\-prefix >>> if you want a client to only accept connections to "Server-1", >>> "Server-2", etc. >> >> Just wondering ... Shouldn't the "Server-1" and "Server-2" be escaped >> too? >> >> > > Yes of course but I only wanted to correct the example at this time > and, as this is my first submission, I just wanted to get that right. > I will start a project to format the man page more thoroughly in time. Ahh, right. Well, I think we can fix at least the surrounding escape issues at the same time too. I do like small commits, but we can afford a bit bigger change sets on the man page on the surrounding issues. We seldom need to bisect man page issues ;-) -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example
On 03/08/17 17:46, David Sommerseth wrote: On 03/08/17 18:03, debbie...@gmail.com wrote: From: Richard BonhommeSigned-off-by: Richard Bonhomme --- doc/openvpn.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 20bdd91..fdd5dde 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, CN=Server-1" would be matched by: and .B \-\-verify\-x509\-name Server\-1 name or you could use -.B \-\-verify\-x509\-name Server -name-prefix +.B \-\-verify\-x509\-name Server\- name\-prefix if you want a client to only accept connections to "Server-1", "Server-2", etc. Just wondering ... Shouldn't the "Server-1" and "Server-2" be escaped too? Yes of course but I only wanted to correct the example at this time and, as this is my first submission, I just wanted to get that right. I will start a project to format the man page more thoroughly in time. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example
On 03/08/17 18:03, debbie...@gmail.com wrote: > From: Richard Bonhomme> > Signed-off-by: Richard Bonhomme > --- > doc/openvpn.8 | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/doc/openvpn.8 b/doc/openvpn.8 > index 20bdd91..fdd5dde 100644 > --- a/doc/openvpn.8 > +++ b/doc/openvpn.8 > @@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, CN=Server-1" would > be matched by: > and > .B \-\-verify\-x509\-name Server\-1 name > or you could use > -.B \-\-verify\-x509\-name Server -name-prefix > +.B \-\-verify\-x509\-name Server\- name\-prefix > if you want a client to only accept connections to "Server-1", "Server-2", > etc. Just wondering ... Shouldn't the "Server-1" and "Server-2" be escaped too? -- kind regards, David Sommerseth OpenVPN Technologies, Inc signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] doc/openvpn.8: Correct --verify-x509-name *type* example
From: Richard BonhommeSigned-off-by: Richard Bonhomme --- doc/openvpn.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 20bdd91..fdd5dde 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5340,7 +5340,7 @@ subject DN "C=KG, ST=NA, L=Bishkek, CN=Server-1" would be matched by: and .B \-\-verify\-x509\-name Server\-1 name or you could use -.B \-\-verify\-x509\-name Server -name-prefix +.B \-\-verify\-x509\-name Server\- name\-prefix if you want a client to only accept connections to "Server-1", "Server-2", etc. .B \-\-verify\-x509\-name -- 2.10.2 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel