282721 – net-misc/openvpn-2.1_rc15 /etc/init.d script is incompatible with long-standing configurations

Bug 282721 - net-misc/openvpn-2.1_rc15 /etc/init.d script is incompatible with long-standing configurations

Summary: net-misc/openvpn-2.1_rc15 /etc/init.d script is incompatible with long-standi...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Cédric Krier

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-08-25 17:36 UTC by Robert Forsman
Modified:	2009-10-19 21:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Forsman 2009-08-25 17:36:55 UTC

I recently upgraded to openvpn-2.1_rc15 and encountered multiple problems.

1) it refused to start because I have my own up script

2) it incorrectly forced the use of the --nobind flag

Aug 24 10:12:17 chemmis openvpn[6349]: Options error: --lport and --nobind don't make sense when used together


Reproducible: Always

Steps to Reproduce:
 chemmis:506 $ cat /etc/openvpn/bacon.conf 
dev tun
remote server.whereever
lport 5001
rport 5010
ping 45

ifconfig 192.168.99.108 192.168.99.6

fragment 1300
mssfix

secret /etc/openvpn/keys/bacon.key

up /usr/local/bin/openvpn-up.sh

Actual Results:  
Aug 24 10:12:37 chemmis openvpn[6513]: Options error: --lport and --nobind don't make sense when used together



It seems ill-advised for the start script of openvpn to preclude configurations that have worked fine for years.  The necessity of the /etc/openvpn/up.sh script is dubious.  It is entirely undocumented at http://en.gentoo-wiki.com/wiki/OpenVPN .  It appears to address a problem I have never had.

I have altered the /etc/init.d/openvpn script to read:

#               args="${args} --nobind --up-delay --up-restart"
                args="${args} --script-security 2"
#               args="${args} --up /etc/openvpn/up.sh"
#               args="${args} --down-pre --down /etc/openvpn/down.sh"

If the /etc/openvpn/up.sh script is truly useful, then document it on the wiki and teach people how to reference it in their config files, but do not shove it down the throat of people who do not have the problems it is intended to solve.

Comment 1 David Sparks 2009-09-01 18:49:40 UTC

--nobind is also incompatible when you specify "local x.x.x.x" in openvpn.conf.

Comment 2 Cédric Krier gentoo-dev

2009-10-10 22:42:18 UTC

Fix in cvs
You can run your custom up/down script with /etc/openvpn/${SVCNAME}-{up,down}.sh like warn by the init script.

Comment 3 Robert Forsman 2009-10-19 21:23:44 UTC

Comment #2 is incorrect because I have a single up script that works for all my services.  It seems inappropriate and wasteful to duplicate it for each service.

Comment 4 Cédric Krier gentoo-dev

2009-10-19 21:41:51 UTC

(In reply to comment #3)
> Comment #2 is incorrect because I have a single up script that works for all my
> services.  It seems inappropriate and wasteful to duplicate it for each
> service.
> 

Write one and make links for each services.