OpenVPN running under selinux?

General support questions
CollyZ
Posts: 14
Joined: 2018/05/21 11:16:34

Re: OpenVPN running under selinux?

Post by CollyZ » 2018/05/23 11:25:58

mghe wrote:For make ta.key use command: openvpn --genkey --secret ta.key
tried, not working, would it be root permission? I have 0700 for permission settings

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: OpenVPN running under selinux?

Post by mghe » 2018/05/23 11:37:03

CollyZ wrote:
mghe wrote:For make ta.key use command: openvpn --genkey --secret ta.key
tried, not working, would it be root permission? I have 0700 for permission settings
If You want save file under where user can not access will be fail :)

Do not touch any permissions, it will be work in default.

CollyZ
Posts: 14
Joined: 2018/05/21 11:16:34

Re: OpenVPN running under selinux?

Post by CollyZ » 2018/05/23 11:41:07

mghe wrote:
CollyZ wrote:
mghe wrote:For make ta.key use command: openvpn --genkey --secret ta.key
tried, not working, would it be root permission? I have 0700 for permission settings
If You want save file under where user can not access will be fail :)

Do not touch any permissions, it will be work in default.
what if I already did...
anyway i can return it to default?
or i have to reinstall openvpn and easy rsa, and regenerate all cerificates?

mghe
Posts: 766
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: OpenVPN running under selinux?

Post by mghe » 2018/05/23 12:16:27

There is not problem if You changed it,

For back, You can use:

rpm --setperms PACKAGE_NAME - sets permissions of files in the given package.

rpm --setugids PACKAGE_NAME - sets user/group ownership of files in the given package.


ps. Your created cert You can keep and import it to easy-rsa.
ps2. Remove, delete, install also are resolve permissions issue.

Any way, just back to create ta.key file and check openvpn service.

CollyZ
Posts: 14
Joined: 2018/05/21 11:16:34

Re: OpenVPN running under selinux?

Post by CollyZ » 2018/05/23 14:43:42

mghe wrote:There is not problem if You changed it,

For back, You can use:

rpm --setperms PACKAGE_NAME - sets permissions of files in the given package.

rpm --setugids PACKAGE_NAME - sets user/group ownership of files in the given package.


ps. Your created cert You can keep and import it to easy-rsa.
ps2. Remove, delete, install also are resolve permissions issue.

Any way, just back to create ta.key file and check openvpn service.
Succeed after I removed comment mark before udp, tho i still want it run in tcp

Code: Select all

[root@localhost 3.0]# systemctl status openvpn@server 
● openvpn@server.service - OpenVPN Robust And Highly Flexible Tunneling Application On server
   Loaded: loaded (/usr/lib/systemd/system/openvpn@.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2018-05-23 22:34:17 CST; 41s ago
 Main PID: 3323 (openvpn)
   Status: "Pre-connection initialization successful"
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           ├─3323 /usr/sbin/openvpn --cd /etc/openvpn/ --config server.conf
           └─3324 /usr/bin/systemd-ask-password --icon network-vpn Enter Private Key Password:
Since I removed two comment marks from both TCP and UDP, should I open UDP port 1194 on firewalld aswell?
and also, i want it to run under TCP, i will be editing the server.conf according to this, right?

Code: Select all

Options error: --explicit-exit-notify can only be used with --proto udp
Use --help for more information.
Plus, I expect it will let me input the password straight away, but it's no, what command should i put in?
systemd-tty-ask-password-agent tool

CollyZ
Posts: 14
Joined: 2018/05/21 11:16:34

Re: OpenVPN running under selinux?

Post by CollyZ » 2018/05/23 14:49:30

Code: Select all

systemd-tty-ask-password-agent --query
?

Post Reply