systemd - get dropbear to only look at openvpn interface

2

I am trying to configure dropbear to do the following.

1) Only listen on port 22 of the tun0 interface (made by openvpn service). 2) Only use public key authorization.

I see that dropbear.socket is able to look at port 22. But how do I have it only look at an openvpn iface (eg tun0)?

I've tried "BindToDevice" on the dropbear.socket systemd file - but I'm getting a chicken and egg issue where dropbear socket is needed to show the network is up, but openvpn needs the network up to start to create the tun0 device.

Is there a better way to configure dropbear to only look at a particular interface?

mkstrong

Posted 2015-05-29T15:07:01.450

Reputation: 21

Answers

0

After dealing with the same problem myself, I've come up with two solutions. The first is a bit clumsy, but allows the use of BindToDevice. It requires setting DefaultDependencies=no and then replicating the default dependencies, with the exception of the Before=sockets.target dependency. The .socket file might look like the following:

[Unit]
Description=Dropbear Activation Socket
DefaultDependencies=no
After=sysinit.target
Requires=sysinit.target
Before=shutdown.service
Conflicts=shutdown.service
Requires=sys-devices-virtual-net-tun0.device
After=sys-devices-virtual-net-tun0.device

[Socket]
ListenStream=:22
BindToDevice=tun0
Accept=yes

[Install]
WantedBy=multi-user.target

Note also that the for WantedBy= I used multi-user.target and not sockets.target.

However, there is another solution that is simpler if your use case permits specifying the tun0 IP address in the .socket file. To accomplish this, specify the IP address in the ListenStream directive and use FreeBind=yes instead of BindToDevice=tun0. The resulting .socket file might look like this:

[Unit]
Description=Dropbear Activation Socket

[Socket]
ListenStream=<tun0 IP address>:22
FreeBind=yes
Accept=yes

[Install]
WantedBy=sockets.target

Daniel Harding

Posted 2015-05-29T15:07:01.450

Reputation: 101

Asked: 2015-05-29T15:07:01.450

Viewed: 341 times

Active: 2019-02-14T19:04:55.500