Prefer running openvpn server as non root user

nvdstruis

Hi,

I have openvpn server running and I noticed that it is run as root… With a port facing outward, not a very good idea from a security standpoint.
So I started searching for questions about this issue on this forum, but found nothing. I also tried to find the relevant settings in pfSense, but couldn't find them.

Maybe there are some reasons for running it as root, I don't know.
Can somebody tell me if this is the case and if it needn't be run as root, how to run it as another user?

Thx guys

coffeecup25

1. I don't know what a root server is. From a google search, the context you use is still unclear

2. it makes perfect sense for it to face outward. Otherwise, how would it connect? putting the openvpn server on the firewall keeps the lan safer. your other option is a port forward to another hosting device. to me, that sounds risky.

3. certificates are supposed to protect you. In my case, each device is a user. Each user has a different user id, the user id must be the same as the certificate common name, I hide the user name by renaming the relevant parts of the files in the config directory, for lan access 2 passwords are required (my passthrough vpn has only 1 user id / password). If there's more to add for add'l security, please add to the replies.

nvdstruis

Thx coffeecup25,

Of course I set up openvpn facing outward because that's how it needs to be for me to be able to connect to my router from anywhere I would like to. And of course I did set up good encryption and authentication.
The issue is, that with good encryption the achilles heel will be vulnerabilities(zero day vulnerabilities) in the pfSense openvpn server. If the openvpn server is compromised by a skilled attacker, the attacker might obtain root privilages straight away. This would not be the case when openvpn server would be run by a user with lower privileges.
For example squid proxy is not run as user root for this very reason. It is run with user squid…

Thanks anyway

heper

squid doesn't have to create/delete tun/tap interfaces or add/remove routes….

it appears to be possible to run without root, but then you'd have to give sudo privileges towards the 'openvpn-user' for a dozen of commands ...

n3by

Official pfSense page about Regulatory Requirements:
https://doc.pfsense.org/index.php/Can_pfSense_meet_regulatory_requirements
Official pfSense page about Security Advisories:
https://www.pfsense.org/security/advisories/

As I know until today:

• pfSense it is an open source firewall so any security specialist can audit if required by a customer.
• pfSense it is not common to be used in big corporate enterprises, but it is used more and more in many small business and homes; because it is free & open source.
• pfSense did not pass or fail any public or private security audit, or such reports are not easy available because of NDA and are for specific implementation.

Regarding this I would not be concern about pfSense hacking/vulnerabilities/back doors… only by opening wan ports for OVPN, most of the problems will come from compromised LAN devices & users if they have access to pfSense administration interfaces.

If pfSense it is allowed to be used as it is -as a firewall- in any critical government institution; in any country, will say everything we need to know about how secure it is considered !

coffeecup25

@nvdstruis:

Thx coffeecup25,

Of course I set up openvpn facing outward because that's how it needs to be for me to be able to connect to my router from anywhere I would like to. And of course I did set up good encryption and authentication.
The issue is, that with good encryption the achilles heel will be vulnerabilities(zero day vulnerabilities) in the pfSense openvpn server. If the openvpn server is compromised by a skilled attacker, the attacker might obtain root privilages straight away. This would not be the case when openvpn server would be run by a user with lower privileges.
For example squid proxy is not run as user root for this very reason. It is run with user squid…

Thanks anyway

1. compromising openvpn would require compromising a certificate that's encrypted - unlikely. or, it would require a big problem with openvpn that allows a path in to your lan. Anything is possible but this is low on my list of concerns.

2. squid - what??

3. low privileges - what?? Once someone is in the lan they have lan privileges. All VPNs carry this level of vulnerability.

4. certificates protect you.

best wishes.

jimp

It runs as root because otherwise it can't fully manipulate the routing table or take all of the actions expected by up/down scripts. We do plan on working around this in the future but it is still a way off.

If you are worried about OpenVPN running open to the world, use a TLS key to protect OpenVPN (you might already be doing this).