Using the down-root plugin

OpenVPN supports a plugin architecture, where external plugins can be used to extend the functionality of OpenVPN. Plugins are special modules or libraries that adhere to the OpenVPN Plugin API. One of these plugins is the down-root plugin, which is available only on Linux. This allows the user to run specified commands as a user root plugin when OpenVPN shuts down. Normally, the OpenVPN process drops root privileges (if the --user directive is used) for security reasons. While this is a good security measure, it makes it difficult to undo some of the actions that an up script can perform, which is run as a user root plugin. For this, the down-root plugin was developed. This recipe will demonstrate how the down-root ...

Get OpenVPN Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.