OpenVPN itself works. After connecting a new nameserver is written to /etc/resolv.conf: # Generated by openvpn for interface tun0 nameserver XXX.XXX.XXX.XXX The original file is moved to /etc/resolv.conf-tun0.sv After stopping openvpn, it's not moved back, though. It seems that /etc/openvpn/down.sh is never called. Here is my config: ## openvpn.conf script-security 2 client dev tun proto udp remote XXX.XXX.XXX 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/XXXXX.crt key /etc/openvpn/keys/XXXXX.key ns-cert-type server tls-auth /etc/openvpn/keys/ta.key 1 comp-lzo verb 3 cipher DES-EDE3-CBC
Do you have an idea of how to fix this? It seems to me that, in the init script, we pass --down-pre --down /etc/openvpn/down.sh to openvpn when starting. Isn't that enough?
I just committed openvpn-2.3.0 which comes with a down-root plugin that probably solves your problem; I'm closing this bug for now, feel free to reopen if it still fails.
You have to add this line: plugin /usr/lib64/openvpn/openvpn-plugin-down-root.so "/etc/openvpn/down.sh" /etc/openvpn/down.sh is already provided by gentoo. :) Thank you! :)
In the ebuild, or in the config file?