Comment 3 for bug 230208

Could you please attach your configuration file? I tried this with PSKs, and it works for me as well:

  -rw------- 1 martin martin 636 2008-05-14 12:00 key

(not accessible to nobody/nogroup)

----- vpn-tick-psk.conf -----
remote tick.local
dev tun
ifconfig 10.99.0.1 10.99.0.2

user nobody
group nogroup

secret /home/martin/key
--------------------------------------

$ sudo openvpn --config vpn-tick-psk.conf
[...]
Wed May 14 12:02:21 2008 /usr/sbin/openvpn-vulnkey -q /home/martin/key
Wed May 14 12:02:21 2008 TUN/TAP device tun0 opened
Wed May 14 12:02:21 2008 ifconfig tun0 10.99.0.1 pointopoint 10.99.0.2 mtu 1500
Wed May 14 12:02:21 2008 GID set to nogroup
Wed May 14 12:02:21 2008 UID set to nobody
[...]

So for this configuration, the key is checked before dropping privileges.