Closed GoogleCodeExporter closed 9 years ago
I forgot to mention that the "Details" dialog stays in status "Exiting". I
guess it
should switch to something else.
Original comment by kuy...@gmx.de
on 26 Jul 2008 at 6:54
Can you post your openvpn client config file please? My suspicion is that you
might be using the user or group
option which causes openvpn to drop privileges. In that case, openvpn is unable
to reset its routes because it
needs root privileges to do that.
Thanks,
Angelo
Original comment by angelol...@gmail.com
on 27 Jul 2008 at 5:23
Your perfectly right, the configuration drops root privileges. Sorry for filing
a bug
when it's just a configuration error... :-) I'll try to change and test the new
configuration as soon as possible.
Thanks!
Original comment by kuy...@gmx.de
on 27 Jul 2008 at 7:59
I'll mention this in the FAQ and maybe even warn the user about this in the
GUI. The ticket will stay open until
then.
Original comment by angelol...@gmail.com
on 27 Jul 2008 at 8:06
also, even when not dropping privileges (which makes restoring DNS work
instantly),
the tab in the detail window is still stuck at "EXITING". Additionally, I do
not see
anything added to the log when disconnecting.
Should I open a new bug for this, cosmetic, issue? It's kind of related to this
one
though.
Original comment by phofstet...@gmail.com
on 28 Jul 2008 at 11:29
> Can you post your openvpn client config file please? My suspicion is that you
might
> be using the user or group option which causes openvpn to drop privileges.
I experience exactly the same issue. My configuration does not now drop
privileges
and I *still* experience exactly the issue above. Please advise.
> In that case, openvpn is unable to reset its routes because it
> needs root privileges to do that.
Can we not package in fake-root? I run this successfully on Fedora without 100%
success. I don't like running my VPN as root, and I am slightly concerned
people are
advised to not downgrade their privs.
Original comment by chris.bu...@gmail.com
on 12 Aug 2008 at 10:12
I'm also experiencing this issue, I have commented out the downgrade privileges
settings.
I'm running Mac OS 10.5.7 and Tunnelblick 3.0b10
Thanks
Original comment by carlitos...@gmail.com
on 13 Jul 2009 at 11:58
> Can we not package in fake-root?
As I understand it, fake-root won't help because it doesn't actually elevate
privileges. You could probably get this to work by downgrading to an openvpn
user
and then giving that user privileges to change DNS, routes, and interfaces
using sudo
with no password. It theory you could give those privileges to nobody, but
anonymous
users shouldn't be able to mess with interfaces, routes, and DNS since they
still
make man-in-the-middle attack possible.
Original comment by kc7...@gmail.com
on 6 Oct 2009 at 10:02
openvpn-down-root.so has been available since r225, in Tunnelblick version
3.0b22.
Original comment by jkbull...@gmail.com
on 24 Feb 2010 at 6:00
Original issue reported on code.google.com by
kuy...@gmx.de
on 26 Jul 2008 at 6:53