Hardening pfSense 2.1 OpenVPN 2.3.2 security
-
Hey,
I read the OpenVPN documentation and it gives solutions to harden security, such as running OpenVPN completely unpriviledged, Chroot jail, user/group nobody.
Why aren't these features implemented in pfSense OpenVPN 2.3.2?
(see http://openvpn.net/index.php/open-source/documentation/howto.html#security )
-
I believe chroot isn't an option because of the script we need to run for auth to work and other tasks, but I may be wrong on that. Certainly worth testing if someone wants to try it.
The user/group set might be viable, but may also have script issues or route addition issues. Also worth trying, but may or may not work.