openvpn-2.1.0-r1 fails to restart the connection if it goes down at a temporary loss of network connectivity if the down-root plugin is being used. Reproducible: Always Steps to Reproduce: Actual Results: Thu Aug 12 05:33:11 2010 Preserving previous TUN/TAP instance: vpn0 Thu Aug 12 05:33:11 2010 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-down-root.so/PLUGIN_UP status=1 Thu Aug 12 05:33:11 2010 PLUGIN_CALL: plugin function PLUGIN_UP failed with status 1: /usr/lib/openvpn/openvpn-down-root.so Thu Aug 12 05:33:11 2010 ERROR: up/down plugin call failed Thu Aug 12 05:33:11 2010 Exiting This seems to be due to a case not being handled in the code of the plugin as it has already been pointed out long ago by Valentin Lab (see the link below): http://openvpn.net/archive/openvpn-devel/2007-04/msg00003.html It seems that upstream didn't react to his patch at all for some reason but I don't care, I must get this fixed because I have recently upgraded my production setup from 2.0 (which is not affected by this bug) to 2.1 and now I'm running into this annoying problem all the time. I have cleaned up Valentin Lab's patch to apply to openvpn-2.1.0-r1 we have in portage. The patched version is currently being tested by me, I'll report back on the results soon. Patches will follow as attachments to the bug.
Created attachment 243209 [details, diff] patch for plugin down-root.so
Created attachment 243211 [details] ebuild applying the patch
Please try to communicate with upstream more, this should really go there.
It would be great if you could post your patch to openvpn-devel@lists.sourceforge.net (you need to subscribe to that ML). Then this patch can get a proper review by community developers and might be accepted upstream. For more information about the OpenVPN development process, please have a look here: https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation
I would like to underline that this patch is not my patch. It was created by Valentin Lab and I just modified it to apply cleanly to the Gentoo patched OpenVPN sources. As such, this particular version of the patch is Gentoo specific. The upstream patch has been submitted to the openvpn-devel list back in 2007 as I pointed out in the original bug report. I think maybe Valentin Lab should be urged instead to resubmit his original patch as it may have been overlooked back then. Anyway, why is stuff like this handled as RESOLVED UPSTREAM? It is apparent that upstream has problems integrating basic fixes within reasonable time. In such a case why don't we consider applying available fixes on the ebuild level as a temporary measure until upstream catches up?
By all means, upstream has had a bad reputation with implementing community patches. It's a long and sad story in my eyes. But things *have* changed. Late 2009/beginning of 2010 the OpenVPN company have taken steps to improve this, a community manager has been hired. And I have taken the responsibility for maintaining an own source code tree for OpenVPN (openvpn-testing.git) as a volunteer from the community side. This new git tree builds the basics for the 2.2 beta which are in the works nowadays. In fact the 2.2 beta contains close to 50 patches submitted from the community. The 'allmerged' branch (which is used for "bleeding edge testing") contains even more, with fixes and and feature enhancement - like a complete IPv6 support stack (both payload and transport). So please give the benefit of doubt to the new community involvement, and please join the openvpn-devel mailing list, it really do happen things there now - and a more and more people to respond back there now than earlier.
