The init script does not handle the script-security parameter correctly when there are multiple configuration files

Bug #814164 reported by Simon Déziel
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)

Bug Description

When there are 2 or more VPN configuration files and one of them does not use the script-security parameter, the subsequent (alphabetic order) openvpn process will be called with "--script-security 2" no matter what is the value of the script-security parameter in the configuration file. This behaviour only occurs when the init script processes many VPN configuration files in one call (on startup/restart).

Example of the problem :

# grep script-security patrick.conf zzz.conf
zzz.conf:script-security 1

# /etc/init.d/openvpn restart

# ps aux| grep openvpn
openvpn 5705 0.4 0.0 37040 2812 ? Ss 12:27 0:00 /usr/sbin/openvpn --writepid /var/run/ --daemon ovpn-patrick --cd /etc/openvpn --config /etc/openvpn/patrick.conf --script-security 2
openvpn 5722 0.1 0.0 30968 2996 ? Ss 12:27 0:00 /usr/sbin/openvpn --writepid /var/run/ --daemon ovpn-zzz --cd /etc/openvpn --config /etc/openvpn/zzz.conf --script-security 2

The process for the "zzz.conf" VPN should have script-security 1 as the configuration file says but it's not the case.

# lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04

# apt-cache policy openvpn
  Installed: 2.1.3-2ubuntu3
  Candidate: 2.1.3-2ubuntu3
  Version table:
 *** 2.1.3-2ubuntu3 0
        500 natty/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: openvpn 2.1.3-2ubuntu3
ProcVersionSignature: Ubuntu 2.6.38-11.47-generic
Uname: Linux 2.6.38-11-generic x86_64
Architecture: amd64
Date: Thu Jul 21 11:31:48 2011
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Simon Déziel (sdeziel) wrote :
Revision history for this message
Simon Déziel (sdeziel) wrote :

Here is a patch that make sure the script-security parameter is handle properly for each VPN configuration files.

Revision history for this message
Simon Déziel (sdeziel) wrote :

I failed to attach the file in my previous comment.

Changed in openvpn:
status: Unknown → New
tags: added: patch
Dave Walker (davewalker)
Changed in openvpn (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Changed in openvpn:
status: New → Unknown
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.