-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi all,
Can I please get +1's for the below configuration patch?
Reasoning is in the commit message.
This should solve the issues we have where RHEL7 machines don't come
back onto the VPN automatically in some specific non-rare cases.
commit b1db3bafd8bfde6fac9cc8c7fc3a5bedd39a1483
Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
Date: Wed Oct 21 18:26:32 2015 +0000
Disable persist-tun for openvpn
This should solve the issue where RHEL7 machines that get a network
hiccup need an OpenVPN restart to restore their routes.
The code is broken in the current upstream OpenVPN release, such that
it does tear down some of the routes during a ping-restart (when the
connection is dropped due to network hiccups), but the reconnection
code does not restore the routes.
I am working on an upstream patch to fix this, but in the meantime
disabling persist-tun will make sure that OpenVPN does the entire
initialization upon reconnection, which makes sure that all routes
are created.
Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
diff --git a/files/openvpn/client.conf b/files/openvpn/client.conf
index d274e72..abb5d03 100644
- --- a/files/openvpn/client.conf
+++ b/files/openvpn/client.conf
@@ -13,7 +13,6 @@ resolv-retry infinite
nobind
persist-key
- -persist-tun
ca ca.crt
cert client.crt
diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
index d274e72..abb5d03 100644
- --- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/files/client.conf
@@ -13,7 +13,6 @@ resolv-retry infinite
nobind
persist-key
- -persist-tun
ca ca.crt
cert client.crt
diff --git a/roles/openvpn/server/files/server.conf b/roles/openvpn/server/files/server.conf
index c824b12..3ba8fab 100644
- --- a/roles/openvpn/server/files/server.conf
+++ b/roles/openvpn/server/files/server.conf
@@ -6,7 +6,6 @@ comp-lzo
ping-timer-rem
- -persist-tun
persist-key
ca ca.crt
- --
With kind regards,
Patrick Uiterwijk
Fedora Infra
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWJ9nbAAoJEIZXmA2atR5QMR0QAJ4JcXqY7sifgIpgiqwjJljJ
W8weXDdPU8BMS3xBKXYNn20VjcDM1Rwb515Xrjn4nxvHOjKbOoMLW7ccSwYLRcJ5
momInfqviHZLYKAyz8qsXGAY2Zve56BpGCgVNBdNWs05qVq8JTkLeTrymWaAhDdy
ju+KrkVZ/6TvrI8+IDJOzccTLmGU8MjtFFWlEYiz5AEScPN2CAJG8gGUOrHHoNcN
QMGpckixo3Vupo3kp/OGB4fnbvDtHi6NvHK7QfcySlK9CXcVIdVm8VoGVV4E0dP9
hAqndD7wzVbMSWBu5wmVUICzXSXlvM9SzAMXiHC8G6BEbYdAcAYZWBsJeyJzedh+
1x+PUFaLuxrFC7YvxEsHZiQdwP4xXRb8L2FBeO96i2k2dYnrfJk3pTgppRHriCZY
vKnGf1dSovV0phV3KOrsGsyPA+R5eK2WKQ0EIQE2h0iEfk/uLM4j5Npt4OHZlnlX
mcCqNg32KCS+tTzGnJt4LoPzc/pcH5DpStYEkc/iCHL+6Wzx9Ce73m+7tVjVf0Uh
R2vaXPcubdvZDOJ5QMwpCZvHJAp5DI011wC/D+dZ62sblt5oeP6BeMnUUMuWdWx5
ITjllgObDm7NVxhzR2rKWzfX7ZvJYffQkSbMgYjyFJ0b3b/+uFWNwPWUYsk7Gpf6
sAFRW2+ANdPoCB31ofd+
=e7Ij
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
