Ubuntu
openvpn package

routes are not restored if "user" and "group" configuration options are used

Bug #45389 reported by Someone
8
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

When "user" and "group" options are used in foobar.conf file placed in /etc/openvpn/ the daemon drops its root prvileges upon establishing a vpn connection.
When tearing down it with "/etc/init.d/openvpn stop foobar" the route table which existed before establishing "foobar" vpn connection is not restored or restored only partially, because the "route" command called by openvpn daemon requires root privileges and thus fails.

Revision history for this message
Someone (s4910321931-deactivatedaccount) wrote :

There is a related plugin openvpn-down-root.so which seems to be the answer to a similar problem but it requires the explicit script to specified to be run upon disconnection. Openvpn seems to call "route" command internally, not from a script (judging by the "dpkg -L openvpn" output).

Revision history for this message
TomasHnyk (sup) wrote :

I can confirm this for Feisty.

TomasHnyk (sup)
Changed in openvpn:
status: Unconfirmed → Confirmed
Revision history for this message
Thierry Carrez (ttx) wrote :

This seems to work with 2.1~rc7 in hardy :

Using on the client side conf:
user nobody
group nogroup

And on the server side conf:
push "route x.x.x.x 255.255.255.0"

The routes get added and removed correctly.
Could you please confirm if you can still see this bug in hardy ?

Changed in openvpn:
importance: High → Undecided
status: Confirmed → Incomplete
Revision history for this message
TomasHnyk (sup) wrote :

Yep, it works now, closingas fixed since it seems to be fixed. Feel free to reopen if it does not work for anybody.

Changed in openvpn:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.