openvpn does not work with ecryptfs setup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I have an ecryptfs in which my decrypted mount point is /home/$user/Private . Additionally my openvpn setup is such that under /etc/openvpn I have symlinks to the actual files which are located in /home/$
fisk-mobile ovpn-CONF-
Needless to say that manually running openvpn --config /etc/openvpn/
After a bit of headbanging it turned out the issue is caused by the ProtectHome directive of the openvpn service file under: /lib/systemd/
In my opinion having the config files on an encrypted partition under /home/$USER is not that uncommon and so the unit file should be changed to at least allow RO permissions. Additionally, this setup worked on ubuntu 16.04 and I just performed an upgrade which broke the existing setup so I consider this a regression as well.
no longer affects: | ubuntu-release-notes |
Since upstream uses ProtectHome=true, I'd tend to think that having the config files in home directories is not that common even if it's certainly a valid use case. IMHO, this is a perfect case for using drop-in snippets:
$ sudo systemctl edit openvpn@
Then enter the following:
[Service] read-only
ProtectHome=
This will override just the ProtectHome directive to account for your local needs and it will also survive any package upgrade. Directly editing /lib/systemd/ system/ $unit@. service doesn't survive package upgrades which is why drop-ins are nice.