This looks sane and can be backed out. +1 On 21 October 2015 at 12:30, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi all, > > Can I please get +1's for the below configuration patch? > Reasoning is in the commit message. > > This should solve the issues we have where RHEL7 machines don't come > back onto the VPN automatically in some specific non-rare cases. > > > > commit b1db3bafd8bfde6fac9cc8c7fc3a5bedd39a1483 > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > Date: Wed Oct 21 18:26:32 2015 +0000 > > Disable persist-tun for openvpn > > This should solve the issue where RHEL7 machines that get a network > hiccup need an OpenVPN restart to restore their routes. > > The code is broken in the current upstream OpenVPN release, such that > it does tear down some of the routes during a ping-restart (when the > connection is dropped due to network hiccups), but the reconnection > code does not restore the routes. > I am working on an upstream patch to fix this, but in the meantime > disabling persist-tun will make sure that OpenVPN does the entire > initialization upon reconnection, which makes sure that all routes > are created. > > Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > diff --git a/files/openvpn/client.conf b/files/openvpn/client.conf > index d274e72..abb5d03 100644 > - --- a/files/openvpn/client.conf > +++ b/files/openvpn/client.conf > @@ -13,7 +13,6 @@ resolv-retry infinite > nobind > > persist-key > - -persist-tun > > ca ca.crt > cert client.crt > diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf > index d274e72..abb5d03 100644 > - --- a/roles/openvpn/client/files/client.conf > +++ b/roles/openvpn/client/files/client.conf > @@ -13,7 +13,6 @@ resolv-retry infinite > nobind > > persist-key > - -persist-tun > > ca ca.crt > cert client.crt > diff --git a/roles/openvpn/server/files/server.conf b/roles/openvpn/server/files/server.conf > index c824b12..3ba8fab 100644 > - --- a/roles/openvpn/server/files/server.conf > +++ b/roles/openvpn/server/files/server.conf > @@ -6,7 +6,6 @@ comp-lzo > > ping-timer-rem > > - -persist-tun > persist-key > > ca ca.crt > > > > - -- > With kind regards, > Patrick Uiterwijk > Fedora Infra > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJWJ9nbAAoJEIZXmA2atR5QMR0QAJ4JcXqY7sifgIpgiqwjJljJ > W8weXDdPU8BMS3xBKXYNn20VjcDM1Rwb515Xrjn4nxvHOjKbOoMLW7ccSwYLRcJ5 > momInfqviHZLYKAyz8qsXGAY2Zve56BpGCgVNBdNWs05qVq8JTkLeTrymWaAhDdy > ju+KrkVZ/6TvrI8+IDJOzccTLmGU8MjtFFWlEYiz5AEScPN2CAJG8gGUOrHHoNcN > QMGpckixo3Vupo3kp/OGB4fnbvDtHi6NvHK7QfcySlK9CXcVIdVm8VoGVV4E0dP9 > hAqndD7wzVbMSWBu5wmVUICzXSXlvM9SzAMXiHC8G6BEbYdAcAYZWBsJeyJzedh+ > 1x+PUFaLuxrFC7YvxEsHZiQdwP4xXRb8L2FBeO96i2k2dYnrfJk3pTgppRHriCZY > vKnGf1dSovV0phV3KOrsGsyPA+R5eK2WKQ0EIQE2h0iEfk/uLM4j5Npt4OHZlnlX > mcCqNg32KCS+tTzGnJt4LoPzc/pcH5DpStYEkc/iCHL+6Wzx9Ce73m+7tVjVf0Uh > R2vaXPcubdvZDOJ5QMwpCZvHJAp5DI011wC/D+dZ62sblt5oeP6BeMnUUMuWdWx5 > ITjllgObDm7NVxhzR2rKWzfX7ZvJYffQkSbMgYjyFJ0b3b/+uFWNwPWUYsk7Gpf6 > sAFRW2+ANdPoCB31ofd+ > =e7Ij > -----END PGP SIGNATURE----- > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx -- Stephen J Smoogen. _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
