Plugins

Due to the ease of scripting, the OpenVPN plugin interface is a relatively underutilized tool available to OpenVPN server administrators. OpenVPN, by default, ships with a pair of plugins, one for PAM authentication and another for executing --down scripts with root privileges, regardless of whether the administrator de-escalates privileges.

Down-root

It's a good idea to drop privileges within OpenVPN, and the down-root plugin allows you to do that. Applications like firewalls require escalated privileges to add and remove firewall rules. By utilizing the down-root plugin, an administrator can provide new firewall rules upon a client connection as well as the ability for the removal of those rules once the client disconnects.

A usage scenario ...

Get Mastering OpenVPN now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering OpenVPN by Eric F Crist, Jan Just Keijser

Plugins

Down-root

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly