Bug 233657 - net-misc/openvpn-2.1_rc9 broken
Bug#: 233657 Product:  Gentoo Linux Version: unspecified Platform: x86
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: cedk@gentoo.org Reported By: Patrick.Fourniols@wanadoo.fr
Component: Unspecified
URL: 
Summary: net-misc/openvpn-2.1_rc9 broken
Keywords:  InCVS
Status Whiteboard: 
Opened: 2008-08-01 23:47 0000
Description:   Opened: 2008-08-01 23:47 0000 
when i start my vpn :

Aug  2 01:31:38 mai openvpn[25261]: UDPv4 link remote: 1.2.3.4:5000
Aug  2 01:31:38 mai openvpn[25261]: Peer Connection Initiated with 1.2.3.4:5000
Aug  2 01:31:38 mai /etc/init.d/fournidist[25243]: WARNING: fournidist has
started, but is inactive
Aug  2 01:31:39 mai openvpn[25261]: TUN/TAP device tun0 opened
Aug  2 01:31:39 mai openvpn[25261]: TUN/TAP TX queue length set to 100
Aug  2 01:31:39 mai openvpn[25261]: /sbin/ifconfig tun0 192.168.52.2
pointopoint 192.168.52.1 mtu 1500
Aug  2 01:31:39 mai openvpn[25261]: /etc/openvpn/up.sh tun0 1500 1544
192.168.52.2 192.168.52.1 init
Aug  2 01:31:39 mai openvpn[25261]: openvpn_execve: external program may not be
called due to setting of --script-security level
Aug  2 01:31:39 mai openvpn[25261]: script failed: external program fork failed
Aug  2 01:31:39 mai openvpn[25261]: Exiting

rc7 worked fine but is gone...
removed all personnal config scripts and backed to sample configs files in
openvpn sample config for static key: allways same answer...


Reproducible: Always

Steps to Reproduce:
1. ;)
2.
3.

Actual Results:  
openvpn_execve: external program may not be called due to setting of
--script-security level

????

Expected Results:  
working ;)

same on 3 computer... go to bed for now, see tomorow ;)

------- Comment #1 From Jeroen Roovers 2008-08-02 04:58:44 0000 ------- 
Please post your `emerge --info' too.

------- Comment #2 From Patrick Fourniols 2008-08-02 05:19:55 0000 ------- 
Created an attachment (id=161954) [details]
emerge --info ( 1 of 3 )

------- Comment #3 From Patrick Fourniols 2008-08-02 07:31:40 0000 ------- 
same result trying to start openvpn by hand, seems that openvpn don't permit
calling external script ( here $(SVCNAME)-up.sh...

result: server tunx up but no route, client tunx down ...

have downgraded to 2.0.9 for now, will look further later

------- Comment #4 From Cédric Krier 2008-08-02 18:17:20 0000 ------- 
I put "--script-security 2" in init script when it uses --up and --down option.

------- Comment #5 From Blu3 2008-08-06 22:36:01 0000 ------- 
default breakage is not very apparent for startup error messages.

--script-security <n> was added to the openvpn package, see the openvpn man
page for specific details.  add script-security <n> to your
/etc/openvpn/openvpn.conf file as appropriate. :)

------- Comment #6 From Antek Grzymała 2008-08-07 09:14:07 0000 ------- 
Can we have some information on what that means and how to deal with that. The
ebuild just silently breaks a user's OpenVPN setup without hinting a word.

------- Comment #7 From Cédric Krier 2008-08-09 13:35:52 0000 ------- 
*** Bug 234254 has been marked as a duplicate of this bug. ***