[oi-dev] OpenVPN in a local zone

Alexander Pyhalov alp at sfedu.ru
Mon Jan 21 07:46:12 UTC 2019 

Hi.
I suppose some of the privileges mentioned in /lib/svc/manifest/network/openvpn.xml are not available in zone (look at method_credential section).

С уважением,
Александр Пыхалов,
программист отдела телекоммуникационной инфраструктуры
управления информационно-коммуникационной инфраструктуры ЮФУ


________________________________________
От: Sven Schmeling <sven.schmeling at schmeling-ol.de>
Отправлено: 18 января 2019 г. 23:36:17
Кому: OpenIndiana Developer mailing
Тема: [oi-dev] OpenVPN in a local zone

Hello,

i have installed OpenVPN in a local zone.

Starting the service with "svcadm enable svc:/network/openvpn:default"
(or rebooting the zone) ends in the maintenance mode:

# svcs openvpn
STATE          STIME    FMRI
maintenance    19:46:37 svc:/network/openvpn:default

cat /var/svc/log/network-openvpn:default.log

[ Jan 18 19:46:37 Enabled. ]
[ Jan 18 19:46:37 Executing start method ("/usr/sbin/openvpn --daemon
openvpn --config '/etc/openvpn/openvpn.conf'"). ]
[ Jan 18 19:46:37 svc.startd could not set context for method:  ]
setppriv: Not owner
[ Jan 18 19:46:37 Method "start" exited with status 96. ]

Hints to add "limitpriv="default,priv_net_rawaccess" to the zone config
are maded but doesn't change the behavior.

Starting openvpn with "/usr/sbin/openvpn --verb 9 --config
'/etc/openvpn/openvpn.conf'" on the command line works fine and
connections are possible.


Any hints about the "setppriv" error?

--------------

pkg info openvpn
Name: network/openvpn
Summary: OpenVPN is a full-featured open source SSL VPN solution
Category: Applications/Internet
State: Installed
Publisher: openindiana.org
Version: 2.4.3
Branch: 2018.0.0.1
Packaging Date: Sun Feb 11 13:19:38 2018
Size: 1.19 MB
FMRI:
pkg://openindiana.org/network/openvpn@2.4.3-2018.0.0.1:20180211T131938Z
Project URL: http://openvpn.net
Source URL:
http://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.xz

--------------

Thanks

Sven Schmeling


- --
Sven Schmeling, Oldenburg, Germany
mailto:sven.schmeling at schmeling-ol.de

More information about the oi-dev mailing list