Script security and logging
One
of the major differences between OpenVPN 2.0 and 2.1 is related to the security when running scripts. With OpenVPN 2.0, all scripts were executed using a 'system' call and the entire set of server environment variables was passed to each script. With OpenVPN 2.1, the script-security
configuration directive is introduced and the default for executing scripts is now the execv
call, which is more secure. Also, it is wise to log output of your scripts for security reasons. With script logging output, including timestamps, it becomes much easier to track down problems and possible security incidents.
In this recipe, we will focus on the different options for the script-security
configuration directive and on the methods to ease the logging of script output.
Getting ready
Install OpenVPN 2.1 or higher on two computers. Make sure the computers are connected over a network. Set up the client and server certificates using the first recipe from Chapter 2. For this recipe...