Man page - openvpn3-config-acl(1)
Packages contains this manual
- openvpn3-session-auth(1)
- openvpn3-service-netcfg(8)
- openvpn3-service-client(8)
- openvpn3-log(1)
- openvpn3-session-manage(1)
- openvpn3-admin-init-config(8)
- openvpn3-service-log(8)
- openvpn3-service-backendstart(8)
- openvpn3-session-acl(1)
- openvpn3-admin(8)
- openvpn3-service-configmgr(8)
- openvpn3-systemd(8)
- openvpn3-linux(7)
- openvpn3-session-start(1)
- openvpn2(1)
- openvpn3-admin-netcfg-service(8)
- openvpn3-config-dump(1)
- openvpn3-admin-log-service(8)
- openvpn3-config-manage(1)
- openvpn3-admin-sessionmgr-service(8)
- openvpn3-admin-journal(8)
- openvpn3-service-sessionmgr(8)
- openvpn3-autoload(8)
- openvpn3-config-acl(1)
- openvpn3-as(1)
- openvpn3-config-import(1)
- openvpn3-configs-list(1)
- openvpn3-sessions-list(1)
- openvpn3(1)
- openvpn3-service-devposture(8)
- openvpn3-session-stats(1)
- openvpn3-config-remove(1)
apt-get install openvpn3-client
Manual
OPENVPN3-CONFIG-ACL
NAMESYNOPSIS
DESCRIPTION
OPTIONS
SEE ALSO
NAME
openvpn3-config-acl - OpenVPN 3 Linux Management - Configuration Access Control
SYNOPSIS
openvpn3
config-acl -o DBUS-PATH
|
--path DBUS-PATH
|
--config CONFIG-NAME [OPTIONS]
openvpn3 config-acl -h
|
--help
DESCRIPTION
Each configuration profile has its own Access Control List associated with it. This enables a configuration profile to be shared by more users in a more controlled way, where specific or all users can be granted access to start new VPN sessions of pre-loaded configurations. It can also be used to restrict users from viewing the contents of the configuration profile while still being able to start VPN sessions.
All options below can be used together. If the --show option is used, it will list the current Access Control List after any changes has been performed.
OPTIONS
-h , --help
Print usage and help details to the terminal
-o DBUS-PATH , --path DBUS-PATH
D-Bus configuration path to the configuration to manage the ACL. This can be found in openvpn3 configs-list .
--config-path DBUS-PATH
Alias for --path .
-c CONFIG-NAME , --config CONFIG-NAME
Can be used instead of --path where the configuration profile name is given instead. Available configuration names can be found via openvpn3 configs-list` .
-s , --show
Show the currently active ACL.
-G USER , --grant USER
Grant the given user read-only access to this configuration profile. The USER argument can be either UID or username belonging to the system.
-R USER , --revoke USER
Revoke access on this configuration profile for the given user. The USER argument can be either UID or username belonging to the system.
--public-access BOOL
Grant all users on the system read-only access to this configuration profile. This effectively disables the more fine-grained access control provided via --grant . Valid argument values: true , false
-T BOOL , --transfer-owner-session BOOL
If another user is granted access to the configuration profile, that user will be the owner of the VPN session when started. Setting this flag to true will transfer the ownership back to the profile owner while granting the user starting the session rights to also manage the session. See openvpn3-session-acl (1) for details on the session ACLs.
--lock-down BOOL
Locks down the configuration profile so it can only be used to start new VPN sessions by users granted access. Only the configuration profile owner can now show the profile contents via openvpn3 config-dump . Valid argument values: true , false
-S , --seal
This seals the configuration profile for everyone, making the configuration profile effectively read-only, even for the owner. A configuration profile cannot be unsealed.
SEE ALSO
openvpn3 (1) openvpn3-config-import (1) openvpn3-config-manage (1) openvpn3-config-dump (1) openvpn3-configs-list (1) openvpn3-session-acl (1)