Using the down-root plugin
OpenVPN supports a plugin architecture, where external plugins can be used to extend the functionality of OpenVPN. Plugins are special modules or libraries that adhere to the OpenVPN Plugin API. One of these plugins is the down-root
plugin, which is available only on Linux. This allows the user to run specified commands as a user root
plugin when OpenVPN shuts down. Normally, the OpenVPN process drops root privileges (if the --user
directive is used) for security reasons. While this is a good security measure, it makes it difficult to undo some of the actions that an up
script can perform, which is run as a user root
plugin. For this, the down-root
plugin was developed. This recipe will demonstrate how the down-root
plugin can be used to remove a file that was created by an up
script.
Getting ready
Set up the client and server certificates using the Setting up public and private keys recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server...