181000 2007-06-05 20:20 0000 net-misc/openvpn-2.1 initscript breaks non client-server setups 2007-06-29 09:19:30 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All Linux RESOLVED FIXED P2 normal --- 1 gentoo.daniels@chacal.com.ar uberlord@gentoo.org gentoo.daniels@chacal.com.ar 2007-06-05 20:20:20 0000 Initscript for openvpn 2.1 assumes a client/server setup. It relies on finding a "remote" setting in the config file to decide this is the client side of the connection. In such case it starts openvpn with special "client" arguments like "--no-bind" and up/down scripts to handle DNS configuration. However, openvpn is also used in true "peer" mode with a static key, like when connecting two routers to route traffic between different networks. Although "remote" options are usually present on both sides, none of them is a "client" in the way initscript considers it. They should be started in the way initscript now starts a "server". In this scenario DNS configuration is usually static or managed outside of openvpn configuration, but I will not reopen the discussion in bug#132932. The biggest problem lies in the argument "nobind" that intiscript uses to start what it considers a "client", it makes both enpoints to talk on random ports, not listening on the right port for the other side (it gets more funny if you consider firewall rules). I don't see an easy way to decide between "I am a client in a client/server configuration" or "I am a peer in a peer configuration", since "mode p2p" just means "I am NOT a server". Reproducible: Always Steps to Reproduce: jakub@gentoo.org 2007-06-05 23:48:45 0000 *** Bug 181031 has been marked as a duplicate of this bug. *** uberlord@gentoo.org 2007-06-29 09:19:30 0000 Good points. I've added DETECT_CLIENT variable to /etc/conf.d/openvpn which toggles this behaviour which should fix this.