[Bug 1124398] Re: openvpn --script-security is not working
Marc Gariépy
gariepy.marc at gmail.com
Wed Feb 13 21:23:19 UTC 2013
** Description changed:
== Rationale ==
- The openvpn init script calculates script_security based on what's set in /etc/default/openvpn, however that variable isn't currently being passed to openvpn itself.
+ The openvpn init script calculates script_security based on what's set in /etc/openvpn/{$NAME}.conf, however that variable isn't currently being passed to openvpn itself.
This was likely caused by a mismerge with Debian.
== Test case ==
- 1) Set script_security in /etc/default/openvpn
- 2) Restart openvpn
- 3) Ensure that --script-security is passed to the daemon
+ 1) Don't set script_security in /etc/openvpn/{$NAME}.conf
+ 2) set a line "up ./server.up "
+ 3) Restart openvpn
+ 4) Ensure that --script-security is passed to the daemon
== Regression potential ==
Can't think of any, unless someone had an invalid script_security value which was currently being ignored and may then break their VPN. However this is technically a bad config and wouldn't really qualify as a bug.
--- original bug report ---
On ubuntu 12.04, the option ""--script-security 2"" is never added to the command line of openvpn daemon
here is the diff that need to be applied to the /etc/init.d/openvpn to start the daemon correctly.
If you need more information, please let me know.
=================================
--- /tmp/openvpn 2013-02-13 13:40:53.885828899 -0500
+++ /etc/init.d/openvpn 2013-02-13 13:13:52.598704452 -0500
@@ -89,7 +89,7 @@
--pidfile /var/run/openvpn.$NAME.pid \
--exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
- --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS=1
+ --config $CONFIG_DIR/$NAME.conf $script_security < /dev/null || STATUS=1
[ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /var/run/openvpn.$NAME.pid
/run/sendsigs.omit.d/openvpn.$NAME.pid
=================================
** Description changed:
== Rationale ==
The openvpn init script calculates script_security based on what's set in /etc/openvpn/{$NAME}.conf, however that variable isn't currently being passed to openvpn itself.
This was likely caused by a mismerge with Debian.
== Test case ==
1) Don't set script_security in /etc/openvpn/{$NAME}.conf
- 2) set a line "up ./server.up "
+ 2) set a line "up ./server.up" in /etc/openvpn/{$NAME}.conf
3) Restart openvpn
4) Ensure that --script-security is passed to the daemon
== Regression potential ==
Can't think of any, unless someone had an invalid script_security value which was currently being ignored and may then break their VPN. However this is technically a bad config and wouldn't really qualify as a bug.
--- original bug report ---
On ubuntu 12.04, the option ""--script-security 2"" is never added to the command line of openvpn daemon
here is the diff that need to be applied to the /etc/init.d/openvpn to start the daemon correctly.
If you need more information, please let me know.
=================================
--- /tmp/openvpn 2013-02-13 13:40:53.885828899 -0500
+++ /etc/init.d/openvpn 2013-02-13 13:13:52.598704452 -0500
@@ -89,7 +89,7 @@
--pidfile /var/run/openvpn.$NAME.pid \
--exec $DAEMON -- $OPTARGS --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
- --config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS=1
+ --config $CONFIG_DIR/$NAME.conf $script_security < /dev/null || STATUS=1
[ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /var/run/openvpn.$NAME.pid
/run/sendsigs.omit.d/openvpn.$NAME.pid
=================================
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openvpn in Ubuntu.
https://bugs.launchpad.net/bugs/1124398
Title:
openvpn --script-security is not working
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1124398/+subscriptions
More information about the Ubuntu-server-bugs
mailing list