Correct permission setting in /etc/openVPN/

A question about openVPN.
I am running the networkmanager with openVPN
Within the /etc/openVPN directory:
what should be the correct settings of permissions to the files and what sub-directory structure should I set up within the directory.
I have following components for every server:

  • cacrt
  • clientcrt
  • clientkey
  • takey

and a config file that is also there.
“Scritp security” is set to 2.

Currently I did copy all together (cacrt, clientcrt, clientkey and ta-key) into the /etc/openVPN and then told the networkmanager to import the config file.
Is this a correct practice? To gather the different configs I am using one subdirectory for each openVPN provider (with the same permissions as the /etc/openVPN directory.

Permission up to now for directories where:

  • owner / group root, for owner: read, write, execute, group and
  • other: read/execute.

Files and config had the permission:

  • owner / group (root,root): read/write
  • others: read

Should/could be these settings be improved or are they all right? Could I restrict it to a group e.g. openvpn that I create and that only two users would pertain?

What read/write permissions should have /etc/openVPN and which permissions for the named files (or if applicable sub-directories).

Third question:
Is there a bug in the network manager, because in details about the openvpn connections all value stay empty?
Everything is counted on eth. But the ip does change correctly and when you do an ifconfig it shows the roughly same amount of data for eth and tun. So networkmanager info page on the connect should report/sense this or not? Apparently the connect fails from time to time and resumes (the config is tun=persist so the vpn stands) and network manager then shows in connections more or less 2 min connection time or whatever. Maybe the reason for the lack of statistics?

forth and last question:
I tried to setup the openVPN together with proxychains. The proxychain config works well with TOR and will chain all traffic through tor if I launch proxychains.
But if I try to set up password protected squid or socks5 proxies with it, it times out. Interestingly if I take e.g. one of these proxies and create a profile for Firefox with exactly these settings, the connection works perfectly. These proxies are on payment thus they work only once the VPN is launched, fair enough, but what could impede proxychains to work (while the browser works)?