Openvpn and system users

Support
,
#1

Good morning!

I’m trying to implement a openvpn service, which would require 100+ clients to have credentials to the openvpn roadwarrior.

I would like that the clients wouldn’t have access to the nethserver GUI, and only be able to use those credentials when running the ovpn file. Which is the default operation when creating system users, right?

For this I believe that I should:

  • Create system User
  • Create ovpn with system user
    Finally they would be able to connect.
    My ovpn is working with users using a certificate.

My problem is that when connecting via terminal the connection fails with this message:

Thu Jul 14 12:01:16 2022 SENT CONTROL [NethServer]: 'PUSH_REQUEST' (status=1)
Thu Jul 14 12:03:53 2022 SENT CONTROL [NethServer]: 'PUSH_REQUEST' (status=1)
Thu Jul 14 12:03:59 2022 SENT CONTROL [NethServer]: 'PUSH_REQUEST' (status=1)
Thu Jul 14 12:04:04 2022 SENT CONTROL [NethServer]: 'PUSH_REQUEST' (status=1)
...

After this, nethserver stops responding on 9090, but the vm is responsive, which is wierd and I don’t know if it is related.

Thanks,
Joel

#2

Hi

Just a simple logical interjection:

When would a “system user” ever need to use a VPN? After all, system user implies it’s running on and for the system…

:slight_smile:

NethServer is not built / planned to use system users. You can, if you feel you must, but then you might as well use a vanilla centos and you’re more or less “on your own”…
Certain links, paths etc. may be missing, certificates not created correctly, wrong UID numbers, there could be much more behind the scenes issues going wrong…

There are easier ways to stop VPN users from accessing the GUI…

My 2 cents
Andy

1 Like
#3

Thanks for such a quick answer!

Then what should I do to create vpn users that require username and password?
I want them to only have access to the vpn and the way to add a user with password was to create a system user. I saw that enabling user-settings allows system users to have access to the gui, being able to change password etc, which is good, but disabling it would remove the access to the web interface.

I just want them to have access to a certain subnet via vpn and for them to need to put a password.

Regarding my problem, I was able to create a system user that connects to the vpn with password, my problem was probably the firewall blocking something.

Thanks,
Joel