233657 2008-08-01 23:47 0000 net-misc/openvpn-2.1_rc9 broken 2008-08-09 13:35:52 0000 1 1 1 Unclassified Gentoo Linux Unspecified unspecified x86 Linux RESOLVED FIXED InCVS P2 normal --- 1 Patrick.Fourniols@wanadoo.fr cedk@gentoo.org clerke@eim.ae felix@crowfix.com graham@gmurray.org.uk Patrick.Fourniols@wanadoo.fr 2008-08-01 23:47:00 0000 when i start my vpn : Aug 2 01:31:38 mai openvpn[25261]: UDPv4 link remote: 1.2.3.4:5000 Aug 2 01:31:38 mai openvpn[25261]: Peer Connection Initiated with 1.2.3.4:5000 Aug 2 01:31:38 mai /etc/init.d/fournidist[25243]: WARNING: fournidist has started, but is inactive Aug 2 01:31:39 mai openvpn[25261]: TUN/TAP device tun0 opened Aug 2 01:31:39 mai openvpn[25261]: TUN/TAP TX queue length set to 100 Aug 2 01:31:39 mai openvpn[25261]: /sbin/ifconfig tun0 192.168.52.2 pointopoint 192.168.52.1 mtu 1500 Aug 2 01:31:39 mai openvpn[25261]: /etc/openvpn/up.sh tun0 1500 1544 192.168.52.2 192.168.52.1 init Aug 2 01:31:39 mai openvpn[25261]: openvpn_execve: external program may not be called due to setting of --script-security level Aug 2 01:31:39 mai openvpn[25261]: script failed: external program fork failed Aug 2 01:31:39 mai openvpn[25261]: Exiting rc7 worked fine but is gone... removed all personnal config scripts and backed to sample configs files in openvpn sample config for static key: allways same answer... Reproducible: Always Steps to Reproduce: 1. ;) 2. 3. Actual Results: openvpn_execve: external program may not be called due to setting of --script-security level ???? Expected Results: working ;) same on 3 computer... go to bed for now, see tomorow ;) jer@gentoo.org 2008-08-02 04:58:44 0000 Please post your `emerge --info' too. Patrick.Fourniols@wanadoo.fr 2008-08-02 05:19:55 0000 Created an attachment (id=161954) emerge --info ( 1 of 3 ) Patrick.Fourniols@wanadoo.fr 2008-08-02 07:31:40 0000 same result trying to start openvpn by hand, seems that openvpn don't permit calling external script ( here $(SVCNAME)-up.sh... result: server tunx up but no route, client tunx down ... have downgraded to 2.0.9 for now, will look further later cedk@gentoo.org 2008-08-02 18:17:20 0000 I put "--script-security 2" in init script when it uses --up and --down option. david+gentoo.org@blue-labs.org 2008-08-06 22:36:01 0000 default breakage is not very apparent for startup error messages. --script-security <n> was added to the openvpn package, see the openvpn man page for specific details. add script-security <n> to your /etc/openvpn/openvpn.conf file as appropriate. :) awaria@chopin.edu.pl 2008-08-07 09:14:07 0000 Can we have some information on what that means and how to deal with that. The ebuild just silently breaks a user's OpenVPN setup without hinting a word. cedk@gentoo.org 2008-08-09 13:35:52 0000 *** Bug 234254 has been marked as a duplicate of this bug. *** 161954 2008-08-02 05:19 0000 emerge --info ( 1 of 3 ) mai.info text/plain UG9ydGFnZSAyLjJfcmM2IChkZWZhdWx0L2xpbnV4L3g4Ni8yMDA4LjAsIGdjYy00LjMuMSwgZ2xp YmMtMi44X3AyMDA4MDYwMi1yMCwgMi42LjI2LWdlbnRvbyBpNjg2KQo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpTeXN0ZW0g dW5hbWU6IExpbnV4LTIuNi4yNi1nZW50b28taTY4Ni1JbnRlbC1SLV9QZW50aXVtLVItX0R1YWxf Q1BVX0UyMTYwX0BfMS44MEdIei13aXRoLWdsaWJjMi4wClRpbWVzdGFtcCBvZiB0cmVlOiBTYXQs IDAyIEF1ZyAyMDA4IDA1OjAwOjAxICswMDAwCmFwcC1zaGVsbHMvYmFzaDogICAgIDMuMl9wMzkK ZGV2LWphdmEvamF2YS1jb25maWc6IDEuMy43LCAyLjEuNi1yMQpkZXYtbGFuZy9weXRob246ICAg ICAyLjUuMi1yNwpzeXMtYXBwcy9iYXNlbGF5b3V0OiAyLjAuMApzeXMtYXBwcy9vcGVucmM6ICAg ICAwLjIuNQpzeXMtYXBwcy9zYW5kYm94OiAgICAxLjIuMTguMS1yMwpzeXMtZGV2ZWwvYXV0b2Nv bmY6ICAyLjEzLCAyLjYyLXIxCnN5cy1kZXZlbC9hdXRvbWFrZTogIDEuNSwgMS45LjYtcjIsIDEu MTAuMS1yMQpzeXMtZGV2ZWwvYmludXRpbHM6ICAyLjE4LXIzCnN5cy1kZXZlbC9nY2MtY29uZmln OiAxLjQuMC1yNApzeXMtZGV2ZWwvbGlidG9vbDogICAyLjIuNAp2aXJ0dWFsL29zLWhlYWRlcnM6 ICAyLjYuMjUtcjQKQUNDRVBUX0tFWVdPUkRTPSJ4ODYgfng4NiIKQ0JVSUxEPSJpNjg2LXBjLWxp bnV4LWdudSIKQ0ZMQUdTPSItTzIgLW1hcmNoPWk2ODYgLXBpcGUiCkNIT1NUPSJpNjg2LXBjLWxp bnV4LWdudSIKQ09ORklHX1BST1RFQ1Q9Ii9ldGMgL3Zhci9iaW5kIgpDT05GSUdfUFJPVEVDVF9N QVNLPSIvZXRjL2NhLWNlcnRpZmljYXRlcy5jb25mIC9ldGMvZW52LmQgL2V0Yy9lbnYuZC9qYXZh LyAvZXRjL2ZvbnRzL2ZvbnRzLmNvbmYgL2V0Yy9nY29uZiAvZXRjL2dlbnRvby1yZWxlYXNlIC9l dGMvcmV2ZGVwLXJlYnVpbGQgL2V0Yy9zcGxhc2ggL2V0Yy90ZXJtaW5mbyAvZXRjL3VkZXYvcnVs ZXMuZCIKQ1hYRkxBR1M9Ii1PMiAtbWFyY2g9aTY4NiAtcGlwZSIKRElTVERJUj0iL3Vzci9wb3J0 YWdlL2Rpc3RmaWxlcyIKRkVBVFVSRVM9ImRpc3Rsb2NrcyBmaXhwYWNrYWdlcyBwYXJhbGxlbC1m ZXRjaCBwcmVzZXJ2ZS1saWJzIHNhbmRib3ggc2ZwZXJtcyBzdHJpY3QgdW5tZXJnZS1vcnBoYW5z IHVzZXJmZXRjaCIKR0VOVE9PX01JUlJPUlM9Imh0dHA6Ly9kaXN0ZmlsZXMuZ2VudG9vLm9yZyBo dHRwOi8vZGlzdHJvLmliaWJsaW8ub3JnL3B1Yi9saW51eC9kaXN0cmlidXRpb25zL2dlbnRvbyIK TENfQUxMPSJmcl9GUi5VVEYtOCIKTERGTEFHUz0iLVdsLC1PMSIKTElOR1VBUz0iZnIiCk1BS0VP UFRTPSItajMiClBLR0RJUj0iL3Vzci9wb3J0YWdlL3BhY2thZ2VzIgpQT1JUQUdFX1JTWU5DX09Q VFM9Ii0tcmVjdXJzaXZlIC0tbGlua3MgLS1zYWZlLWxpbmtzIC0tcGVybXMgLS10aW1lcyAtLWNv bXByZXNzIC0tZm9yY2UgLS13aG9sZS1maWxlIC0tZGVsZXRlIC0tc3RhdHMgLS10aW1lb3V0PTE4 MCAtLWV4Y2x1ZGU9L2Rpc3RmaWxlcyAtLWV4Y2x1ZGU9L2xvY2FsIC0tZXhjbHVkZT0vcGFja2Fn ZXMiClBPUlRBR0VfVE1QRElSPSIvdmFyL3RtcCIKUE9SVERJUj0iL3Vzci9wb3J0YWdlIgpQT1JU RElSX09WRVJMQVk9Ii91c3IvbG9jYWwvcG9ydGFnZSIKU1lOQz0icnN5bmM6Ly9yc3luYy5nZW50 b28ub3JnL2dlbnRvby1wb3J0YWdlIgpVU0U9IjNkbm93IFggYWNsIGFzeW5jIGF1dG9tb3VudCBi YXNoLWNvbXBsZXRpb24gYmVya2RiIGJ6aXAyIGNkciBjbGFtYXYgY2xpIGNyYWNrbGliIGNyeXB0 IGN1cHMgZHJpIGR2ZCBkdmRyIGZhbSBmYmNvbiBmYmNvbmRlY29yIGZic3BsYXNoIGZvcnRyYW4g Z2RibSBncG0gZ3ppcCBpY29udiBpY3EgaWRuIGlwdjYgaXNkbmxvZyBqYXZhIGpwZWcgbWFpbGRp ciBtaWRpIG1uZyBtc24gbXVkZmxhcCBuY3Vyc2VzIG5scyBucHRsIG5wdGxvbmx5IG9wZW5tcCBv c2NhciBwYW0gcGNyZSBwZXJsIHBuZyBwcHBkIHB5dGhvbiByZWFkbGluZSByZWZsZWN0aW9uIHNh bWJhIHNlc3Npb24gc2xhbmcgc3BlbGwgc3BsIHNzbCBzdmdhIHN5c2ZzIHN5c2xvZyB0Y3BkIHRp ZmYgdHJ1ZXR5cGUgdW5pY29kZSB1c2IgdXNlcmxvY2FsZXMgeDg2IHhtbCB4bWwyIHhvcmcgeWFo b28gemxpYiIgQUxTQV9DQVJEUz0iYWxpNTQ1MSBhbHM0MDAwIGF0aWl4cCBhdGlpeHAtbW9kZW0g YnQ4N3ggY2EwMTA2IGNtaXBjaSBlbXUxMGsxIGVtdTEwazF4IGVuczEzNzAgZW5zMTM3MSBlczE5 MzggZXMxOTY4IGZtODAxIGhkYS1pbnRlbCBpbnRlbDh4MCBpbnRlbDh4MG0gbWFlc3RybzMgdHJp ZGVudCB1c2ItYXVkaW8gdmlhODJ4eCB2aWE4Mnh4LW1vZGVtIHltZnBjaSIgQUxTQV9QQ01fUExV R0lOUz0iYWRwY20gYWxhdyBhc3ltIGNvcHkgZG1peCBkc2hhcmUgZHNub29wIGVtcHR5IGV4dHBs dWcgZmlsZSBob29rcyBpZWM5NTggaW9wbHVnIGxhZHNwYSBsZmxvYXQgbGluZWFyIG1ldGVyIG11 bGF3IG11bHRpIG51bGwgcGx1ZyByYXRlIHJvdXRlIHNoYXJlIHNobSBzb2Z0dm9sIiBBUEFDSEUy X01PRFVMRVM9ImFjdGlvbnMgYWxpYXMgYXV0aF9iYXNpYyBhdXRobl9hbGlhcyBhdXRobl9hbm9u IGF1dGhuX2RibSBhdXRobl9kZWZhdWx0IGF1dGhuX2ZpbGUgYXV0aHpfZGJtIGF1dGh6X2RlZmF1 bHQgYXV0aHpfZ3JvdXBmaWxlIGF1dGh6X2hvc3QgYXV0aHpfb3duZXIgYXV0aHpfdXNlciBhdXRv aW5kZXggY2FjaGUgZGF2IGRhdl9mcyBkYXZfbG9jayBkZWZsYXRlIGRpciBkaXNrX2NhY2hlIGVu diBleHBpcmVzIGV4dF9maWx0ZXIgZmlsZV9jYWNoZSBmaWx0ZXIgaGVhZGVycyBpbmNsdWRlIGlu Zm8gbG9nX2NvbmZpZyBsb2dpbyBtZW1fY2FjaGUgbWltZSBtaW1lX21hZ2ljIG5lZ290aWF0aW9u IHJld3JpdGUgc2V0ZW52aWYgc3BlbGluZyBzdGF0dXMgdW5pcXVlX2lkIHVzZXJkaXIgdXNlcnRy YWNrIHZob3N0X2FsaWFzIiBFTElCQz0iZ2xpYmMiIElOUFVUX0RFVklDRVM9ImtleWJvYXJkIG1v dXNlIiBLRVJORUw9ImxpbnV4IiBMQ0RfREVWSUNFUz0iYmF5cmFkIGNmb250eiBjZm9udHo2MzMg Z2xrIGhkNDQ3ODAgbGIyMTYgbGNkbTAwMSBtdHhvcmIgbmN1cnNlcyB0ZXh0IiBMSU5HVUFTPSJm ciIgVVNFUkxBTkQ9IkdOVSIgVklERU9fQ0FSRFM9ImZiZGV2IHZlc2EgdmdhIGludGVsIgpVbnNl dDogIENQUEZMQUdTLCBDVEFSR0VULCBFTUVSR0VfREVGQVVMVF9PUFRTLCBJTlNUQUxMX01BU0ss IExBTkcsIFBPUlRBR0VfQ09NUFJFU1MsIFBPUlRBR0VfQ09NUFJFU1NfRkxBR1MsIFBPUlRBR0Vf UlNZTkNfRVhUUkFfT1BUUwoK