Hello: I’m using openvnp using sudo and root pwd. I receive this warning - I’m not sure I understand - is this to suggest that I should have somehow set up a password for access to local TCP ports?
WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
Or is this referring to an openvpn configuration where openvpn needs user/pass to access?
I’m simply invoking openvpn by: > sudo openvpn vpnservconffile.conf
OpenVPN has a management interface that is defined in the .conf file and it’s telling you that having this feature without having a strong password is a bad idea as it allows changing settings in OpenVPN without authentication.
You should open your configuration (.conf) and remove or # a line that says “management localhost xxxx” where xxxx is the port. Simply put # in front of the entire line and that’s that.
Thanks - I can’t seem to find a reference in any *.conf file to the use of “**management ** ****” - is it in some openvpn configuration file somewhere? (I searched /etc/openvpn for a file containing that text. I keep my .conf files in a subdir there…). That’s sort of what’s confusing. I haven’t tried using the YaST / Network Services / VPN Gateway and Clients applet - maybe this is available there? (I just invoke openvpn from the command prompt.) I see there are some security options there in the YaST applet - but not an option to use a *.conf file.
It is in the .conf file you launch with openvpn.
Read more about it here;
https://openvpn.net/community-resources/controlling-a-running-openvpn-process/
Under “Using the management interface” documentation.
Thank you - I’ll check it out. Have you ever used the YaST VPN setup applet? I wonder if it does the same things? Is the applet the Opensuse preferred way to set up a VPN?
I use systemd’s openvpn service with a .conf file in
/etc/openvpn/
because I use a constant OpenVPN connection.
ie. Let’s say I have
meow.conf
in
/etc/openvpn/
→
systemctl enable openvpn@meow ; systemctl start openvpn@meow
would make my meow.conf openvpn start on every system startup and right now.
You might want to look at using Network Manager + OpenVPN which is the suggested default for desktop environments such as GNOME or KDE.
I am using that and like it. Easy to configure and handy that you can have it automatically start the VPN connection once the underlying network interface is up. Also pretty easy to disable and re-enable the VPN connection by pressing on the NetworkManager icon and pressing Disconnect or Connect.