After playing with Wireguard and getting aggravated I realized OpenVPN has a kernel module that at least seamlessly worked on the server side with their Access Server. But I could not get to it to work on the client using NetworkManger. I think I finally figured it out and would like to share. I'm still new to Linux so I'd love some feedback, particularly if i did anything terrible security-wise to my system.
The trick was giving the cap_setpcap capability to the NetworkManger service by adding the file /etc/systemd/system/NetworkManager.service.d/override.conf with:
Code: Select all
[Service]
CapabilityBoundingSet=cap_setpcap
I sorta get what this does, but not really, but I do know it's not any worse then just running NetworkManger as root. I suppose, there could be a malicious profile, so... you know... don't import one of those.
I wrote, well tried write a script automating this for any Ubuntu/Debian but I've only tried with my Mint system
I'm still new to Linux so I'd love some feedback, particularly if i did anything terrible security-wise to my system.
https://gist.github.com/queler/0d1a5c41 ... 523b3a00f5