[Bug 1124398] Re: openvpn --script-security is not working
Stéphane Graber
stgraber at stgraber.org
Wed Feb 13 21:09:36 UTC 2013
** Also affects: openvpn (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: openvpn (Ubuntu Quantal)
Importance: Undecided
Status: New
** Changed in: openvpn (Ubuntu)
Status: New => In Progress
** Changed in: openvpn (Ubuntu)
Status: In Progress => Fix Committed
** Changed in: openvpn (Ubuntu Precise)
Status: New => In Progress
** Description changed:
+ == Rationale ==
+ The openvpn init script calculates script_security based on what's set in /etc/default/openvpn, however that variable isn't currently being passed to openvpn itself.
+ This was likely caused by a mismerge with Debian.
+
+ == Test case ==
+ 1) Set script_security in /etc/default/openvpn
+ 2) Restart openvpn
+ 3) Ensure that --script-security is passed to the daemon
+
+ == Regression potential ==
+ Can't think of any, unless someone had an invalid script_security value which was currently being ignored and may then break their VPN. However this is technically a bad config and wouldn't really qualify as a bug.
+
+ --- original bug report ---
+
On ubuntu 12.04, the option ""--script-security 2"" is never added to the command line of openvpn daemon
here is the diff that need to be applied to the /etc/init.d/openvpn to start the daemon correctly.
If you need more information, please let me know.
=================================
--- /tmp/openvpn 2013-02-13 13:40:53.885828899 -0500
+++ /etc/init.d/openvpn 2013-02-13 13:13:52.598704452 -0500
@@ -89,7 +89,7 @@
- --pidfile /var/run/openvpn.$NAME.pid \
- --exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
- $DAEMONARG $STATUSARG --cd $CONFIG_DIR \
+ --pidfile /var/run/openvpn.$NAME.pid \
+ --exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
+ $DAEMONARG $STATUSARG --cd $CONFIG_DIR \
- --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS=1
+ --config $CONFIG_DIR/$NAME.conf $script_security < /dev/null || STATUS=1
-
- [ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /var/run/openvpn.$NAME.pid /run/sendsigs.omit.d/openvpn.$NAME.pid
-
+
+ [ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /var/run/openvpn.$NAME.pid
+ /run/sendsigs.omit.d/openvpn.$NAME.pid
+
=================================
** Changed in: openvpn (Ubuntu Quantal)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1124398
Title:
openvpn --script-security is not working
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1124398/+subscriptions
More information about the Ubuntu-server-bugs
mailing list