Selinux

Setting up OpenVPN on CentOS 7 using DigitalOcean

Introduction

Why Bother?

As should be abundantly clear from my prior writings I am about to leave on a trip for a year. During that time I’ll likely be making use of numerous public Wi-Fi access points, not to mention whatever dodgy cellular providers are available in each location I travel to. As part of my overall stance on privacy, its essential I take steps to secure my communication while traveling, the primary of which is using a VPN for basically everything on both my laptop and my phone. To do this, I’m using a droplet from DigitalOcean that’s just $5/mo and doesn’t have to be shared with anyone else (from an IP/network perspective anyway).

OpenVPN + Google Authenticator + SELinux on CentOS 7

Just a quick post to share this with anyone else that needs it. I spent hours using Google and reading posts from random people on the net, including bug comments from Dan Walsh on a never solved Fedora bug specifically related to this. The conclusion I came to was that hardly anyone uses SELinux and the ones that do just hack around the problem rather than solving it.

In this particular case, the fault is really with the terrible implementation of Google Authenticator, which I found out during the course of this by reading through the source code. Long story short, it creates a new file named $HOME/.google_authenticator~ and renames it to $HOME/.google_authenticator. This of course plays havoc with SELinux.