Monday, November 24, 2008

OpenVPN chroot and crl.pem

At my job, we've been debugging a really annoying/frustrating issue where OpenVPN refused to read the crl.pem in the chroot directory:

openvpn[32275]: 192.168.1.24:2420 CRL: cannot read: crl.pem: Permission denied (errno=13)

OpenVPN would drop permissions after the chroot to nobody, but even with full read access permissions on the file and SELinux turned off, this error still occurred. Turns out, the chroot directory had 700 permissions:

drwx------ 4 root root 4096 Aug 29 19:49 /etc/openvpn/chroot

Changing these permissions to 755 (or ownership to nobody) fixed the issue.

Hope this helps.

Labels: , ,

0 Comments:

Post a Comment

<< Home