Skip to Content [alt-c]

Blog

Comment

In reply to Hardening OpenVPN for DEF CON

Reader Victor Dorneanu on 2015-11-15 at 16:26:

Hi Andrew!

First thanks for this excellent article. I was playing around with your hook script and then I've noticed that nothing really happens. Having a look at your script I've seen this one:

/sbin/ip route show dev $dev table main | while read route

In my client conf I have:

# Add extra client protection script-security 2 setenv OPENVPN_ROUTE_TABLE 94 route-noexec route-up /usr/local/bin/route route 0.0.0.0 0.0.0.0

The connection is being successfully established, however the tun0 device has no ip routes at all, so in that case

/sbin/ip route show dev $dev table main | while read route

will cause nothing to happen.

Any ideas?

Cheers, Victor

Reply

Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.