Does not work on Linux Mint 18

[rtizzy]

Performing a dry run seems to work

openvpn-unroot -apv linux_laptop.conf
INFO: Adding group openvpn
INFO: Adding user openvpn
INFO: Generating sudoers file /etc/sudoers.d/linux_laptop-unrooted
INFO: Generating iproute file /etc/openvpn/ip-unrooted.sh
INFO: Generating up file /etc/openvpn/update-resolv-conf-unrooted
INFO: Generating down file /etc//openvpn/update-resolv-conf-unrooted
INFO: Adding device tun0-unrooted
INFO: Generating netdev file /etc/systemd/network/tun0-unrooted.netdev
INFO: Generating config file /etc/openvpn/linux_laptop-unrooted.conf
INFO: Generating unit file /etc/systemd/system/openvpn@linux_laptop-unrooted.service

Actually running the code results in this message.

thirdtry openvpn # openvpn-unroot -av linux_laptop.conf
INFO: Adding group openvpn
INFO: Adding user openvpn
INFO: Generating sudoers file /etc/sudoers.d/linux_laptop-unrooted
INFO: Generating iproute file /etc/openvpn/ip-unrooted.sh
INFO: Generating up file /etc/openvpn/update-resolv-conf-unrooted
INFO: Generating down file /etc//openvpn/update-resolv-conf-unrooted
INFO: Adding device tun0-unrooted
INFO: Generating netdev file /etc/systemd/network/tun0-unrooted.netdev
INFO: Generating config file /etc/openvpn/linux_laptop-unrooted.conf
INFO: Generating unit file /etc/systemd/system/openvpn@linux_laptop-unrooted.service
sed: can't read /usr/lib/systemd/system/[email protected]: No such file or directory
/home/rtisdale/bin/openvpn-unroot: line 387: `}' returned 2
ERROR: Reverting all changes
/home/rtisdale/bin/openvpn-unroot: line 132: 1: parameter null or not set
/home/rtisdale/bin/openvpn-unroot: line 499: `local ret; ret=("$("$@")"); readonly ret' returned 1
ERROR: Reverting all changes
thirdtry openvpn # echo $SHELL
/bin/bash
thirdtry openvpn # bash --version
GNU bash, version 4.4.0(1)-release (x86_64-unknown-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
thirdtry openvpn # 

This file does appear to exist below

/lib/systemd/system/[email protected]

[rtizzy]

Might be multiple way to handles this. Potentially checking the release file and checking the other location if it matches mint for example

[rtizzy]

Beyond this

Also need to install unbound and nscd

Additionally an option regarding no DNS leaks must be removed as it complains it does not exist.

[rtizzy]

One will also need to chown the /run/openvpn directory to the openvpn user.

This portion could definitely be automated and most likely applies to other systems.

[wknapik]

Hi @elricsfate,

Thanks a lot for the report and sorry for the late reply.

openvpn-unroot requires a rewrite. It's outgrown the single bash script concept. I do intend to do it, but only after I'm done with a new major feature for vpnfailsafe. And after I'm done procrastinating.

I gather from your posts, that you managed to sort things out on your system...
I will keep this issue open, as a reminder to make sure everything works on Mint after the rewrite.

Thanks!

[rtizzy]

@wknapik

No problem! Thanks for the existing work. I got some, but not everything, sorted out.

I noticed that after reboots, the unrooted tun interface did not seem to maintain the permissions required. Destroyed everything and re-run the scripts? Everything works again.

Will require a deeper dive.

How do you plan to rearchitect? CM (Ansible, Chef, Puppet), Ruby, Python? Something else?

[wknapik]

The tun device should be created on boot, with correct permissions - that's what the .netdev file is for. You might have to enable a service to make it work - systemd-networkd, or somesuch.

As for the rewrite - I'm currently using ansible for another project and it seems like a great fit here, so that's the current plan.