Changes between Version 20 and Version 21 of UnprivilegedUser
- Timestamp:
- 12/05/23 18:11:23 (5 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
UnprivilegedUser
v20 v21 300 300 301 301 [Link] 302 MTUBytes=1 500302 MTUBytes=1389 303 303 EOF 304 304 … … 319 319 tls-auth /server/ssl/ta.key 0 320 320 server 10.254.254.0 255.255.255.0 321 client-config-dir /server/ccd 322 status /server/status/openvpn-status.log 323 log-append /server/status/openvpn.log 324 explicit-exit-notify 1 325 ccd-exclusive 326 # Below was manually calculated, since openvpn is not allowed to update tun device 327 link-mtu 1442 328 ifconfig-noexec 321 329 }}} 322 330 … … 335 343 User=openvpn 336 344 Group=openvpn 345 337 346 DeviceAllow=/dev/null rw 338 347 DeviceAllow=/dev/net/tun rw 339 348 DeviceAllow=/dev/fuse rw 349 340 350 WorkingDirectory=/opt/openvpn 341 ExecStart=/usr/bin/podman run --rm --name openvpn -v /opt/openvpn/server:/server --network="host" -p 37898:37898 --device /dev/net/tun --device /dev/null archlinux:latest /usr/bin/bash /server/entrypoint.sh 351 352 ExecStartPre=/usr/bin/bash -c 'if [ -n "$(podman ps | grep openvpn | head -n 1)" ]; then podman stop -t 0 -i openvpn; fi' 353 ExecStartPre=/usr/bin/bash -c 'if [ -n "$(podman ps -a | grep openvpn | head -n 1)" ]; then podman rm -i openvpn; fi' 354 ExecStart=/usr/bin/podman run --rm --name openvpn -v /opt/openvpn/server:/server -v /run/systemd/resolve/resolv.conf:/etc/resolv.conf --network="host" -p 37898:37898 --device /dev/net/tun --device /dev/null archlinux:latest /usr/bin/bash /server/entrypoint.sh 355 342 356 ExecStop=/usr/bin/podman stop -t 0 openvpn 343 357 ProtectSystem=true … … 358 372 359 373 pacman -Sy --noconfirm openvpn net-tools nano 360 361 # we have done all required network configuration so openvpn does not have to 362 cp -p /usr/bin/ip /usr/bin/ip.bak 363 echo "#!/bin/bash" > /usr/bin/ip 364 echo 'echo "$@" >> /tmp/ip_res' >> /usr/bin/ip 365 echo "exit 0" >> /usr/bin/ip 366 chmod ugo+x /usr/bin/ip 367 368 openvpn --cd /server --config /server/server.conf 374 openvpn --cd /server --config /server/openvpn.conf 369 375 370 376 EOF