Ubuntu
openvpn package

  1. Bug #1787208
  2. Comment #35

Comment 35 for bug 1787208

Revision history for this message
Martin Wolf (mwolf-adiumentum) wrote :

"CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE"

This line is sufficient to get me connected to my firewalled server. I dont get any "sudo pam/policy" or "Warning --learn" errors.

my second test was with this line:
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE

I just added CAP_AUDIT_WRITE and I still have no errors and a working connection to my firewalled machine, so we basically need just that, right?