Lets see an example : With this config :
management /run/openvpn/openvpn.sock unix management-client-group users Test with user:users : nc -U /run/OpenVPN/OpenVPN.sock As a user with primary group users it works. Test with other:other (among others groups such as users) : Does not work. And on log : 2023-02-28 16:59:02 MANAGEMENT: unix domain socket client connection rejected -- GID of socket peer (1001) doesn't match required value (1000) as given by --management-client-group However it should work as this user is a member of users group. Using root : 2023-02-28 16:58:50 MANAGEMENT: unix domain socket client connection rejected -- GID of socket peer (0) doesn't match required value (1000) as given by --management-client-group However root should be allowed to access the socket whatsover the actual configuration.
