Results 1 to 7 of 7

Thread: openVpn and --management flag

  1. #1

    Default openVpn and --management flag

    Hello: I'm using openvnp using sudo and root pwd. I receive this warning - I'm not sure I understand - is this to suggest that I should have somehow set up a password for access to local TCP ports?

    Code:
    WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
    Or is this referring to an openvpn configuration where openvpn needs user/pass to access?
    I'm simply invoking openvpn by: > sudo openvpn vpnservconffile.conf

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,169

    Default Re: openVpn and --management flag

    OpenVPN has a management interface that is defined in the .conf file and it's telling you that having this feature without having a strong password is a bad idea as it allows changing settings in OpenVPN without authentication.

    You should open your configuration (.conf) and remove or # a line that says "management localhost xxxx" where xxxx is the port. Simply put # in front of the entire line and that's that.
    .: miuku @ #opensuse @ irc.libera.chat

  3. #3

    Default Re: openVpn and --management flag

    Thanks - I can't seem to find a reference in any *.conf file to the use of "management ** **" - is it in some openvpn configuration file somewhere? (I searched /etc/openvpn for a file containing that text. I keep my .conf files in a subdir there...). That's sort of what's confusing. I haven't tried using the YaST / Network Services / VPN Gateway and Clients applet - maybe this is available there? (I just invoke openvpn from the command prompt.) I see there are some security options there in the YaST applet - but not an option to use a *.conf file.

    Quote Originally Posted by Miuku View Post
    OpenVPN has a management interface that is defined in the .conf file and it's telling you that having this feature without having a strong password is a bad idea as it allows changing settings in OpenVPN without authentication. A *.cert and a userpass.txt file are used in the .conf file.

    You should open your configuration (.conf) and remove or # a line that says "management localhost xxxx" where xxxx is the port. Simply put # in front of the entire line and that's that.

  4. #4
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,169

    Default Re: openVpn and --management flag

    It is in the .conf file you launch with openvpn.

    Read more about it here;
    https://openvpn.net/community-resour...envpn-process/

    Under "Using the management interface" documentation.
    .: miuku @ #opensuse @ irc.libera.chat

  5. #5

    Default Re: openVpn and --management flag

    Thank you - I'll check it out. Have you ever used the YaST VPN setup applet? I wonder if it does the same things? Is the applet the Opensuse preferred way to set up a VPN?

  6. #6
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,169

    Default Re: openVpn and --management flag

    I use systemd's openvpn service with a .conf file in
    Code:
    /etc/openvpn/
    because I use a constant OpenVPN connection.

    ie. Let's say I have
    Code:
    meow.conf
    in
    Code:
    /etc/openvpn/
    ->
    Code:
    systemctl enable openvpn@meow ; systemctl start openvpn@meow
    would make my meow.conf openvpn start on every system startup and right now.

    You might want to look at using Network Manager + OpenVPN which is the suggested default for desktop environments such as GNOME or KDE.
    .: miuku @ #opensuse @ irc.libera.chat

  7. #7
    Join Date
    Oct 2014
    Location
    Rotterdam
    Posts
    654

    Default Re: openVpn and --management flag

    Quote Originally Posted by Miuku View Post
    You might want to look at using Network Manager + OpenVPN which is the suggested default for desktop environments such as GNOME or KDE.
    I am using that and like it. Easy to configure and handy that you can have it automatically start the VPN connection once the underlying network interface is up. Also pretty easy to disable and re-enable the VPN connection by pressing on the NetworkManager icon and pressing Disconnect or Connect.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •