summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2019-09-06 15:12:20 +0200
committerChristian Poessinger <christian@poessinger.com>2019-09-06 15:12:20 +0200
commit2e48db607e3f228cf6f40b53478966e5fbe00dbc (patch)
tree04d3e3e5e38ab98d7273bcfc9f0e56022211efab /src
parentf5066563cb5d13e970dd37dd8be94272c9e13e1a (diff)
downloadvyos-1x-2e48db607e3f228cf6f40b53478966e5fbe00dbc.tar.gz
vyos-1x-2e48db607e3f228cf6f40b53478966e5fbe00dbc.zip
openvpn: T1630: support adding routes as unpriviledged user
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interface-openvpn.py5
-rwxr-xr-xsrc/system/unpriv-ip2
2 files changed, 5 insertions, 2 deletions
diff --git a/src/conf_mode/interface-openvpn.py b/src/conf_mode/interface-openvpn.py
index 91679084e..5f5cbd67d 100755
--- a/src/conf_mode/interface-openvpn.py
+++ b/src/conf_mode/interface-openvpn.py
@@ -34,8 +34,8 @@ from vyos.config import Config
from vyos import ConfigError
from vyos.validate import is_addr_assigned
-user = 'nobody'
-group = 'nogroup'
+user = 'openvpn'
+group = 'openvpn'
# Please be careful if you edit the template.
config_tmpl = """
@@ -58,6 +58,7 @@ dev {{ intf }}
user {{ uid }}
group {{ gid }}
persist-key
+iproute /usr/libexec/vyos/system/unpriv-ip
proto {% if 'tcp-active' in protocol -%}tcp-client{% elif 'tcp-passive' in protocol -%}tcp-server{% else %}udp{% endif %}
diff --git a/src/system/unpriv-ip b/src/system/unpriv-ip
new file mode 100755
index 000000000..1ea0d626a
--- /dev/null
+++ b/src/system/unpriv-ip
@@ -0,0 +1,2 @@
+#!/bin/sh
+sudo /sbin/ip $*