There is still some annoying thing in OpenVPN that's refusing to run the script. I have reverted the change that makes openvpn run the script automatically and will look that up further in the morning, I have left the script itself in place as it's useful. retrospective +1s requested. The change: commit b2b07e8bcda3f2ff3352ad5c1dd8bc5fcb895e32 Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> Date: Fri Oct 23 03:11:02 2015 +0000 Running the script doesnt work yet. But we still want the script. Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf index 704becb..307a357 100644 --- a/roles/openvpn/client/files/client.conf +++ b/roles/openvpn/client/files/client.conf @@ -14,8 +14,8 @@ nobind persist-key -up /etc/openvpn/fix-routes.sh -up-restart +#up /etc/openvpn/fix-routes.sh +#up-restart ca ca.crt cert client.crt > Count this as a +2 and get a retroactive 1 later. Dropping vpn because > of this would be worse than waiting for it. > > On 22 October 2015 at 20:45, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote: > > And I just realized I need to remove the exit 2, because this will make > > openvpn exit. > > > > Can I get +1s to this change to the script? > > > > > > > > commit 50511a65e7dbdf0a60ad1cc43a6fa2fddec66ed3 > > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > Date: Fri Oct 23 02:41:01 2015 +0000 > > > > Make fix-routes not terminate with status 2 if it fixed it > > > > This will make openvpn think something went wrong and terminate the > > connection. > > I did this to make it easily visible when running with ansible, but in > > this case > > it messes things up. > > > > Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > > > diff --git a/roles/openvpn/client/files/fix-routes.sh > > b/roles/openvpn/client/files/fix-routes.sh > > index a08e519..44a9450 100644 > > --- a/roles/openvpn/client/files/fix-routes.sh > > +++ b/roles/openvpn/client/files/fix-routes.sh > > @@ -8,5 +8,5 @@ then > > # 2. Add a new route to 192.168.0.0/16 via that IP addres (from > > xargs on) > > # 3. Print "Fixed VPN" and exit with code 2 to indicate that it > > changed > > # Note: I've been told that the grep and awk can be in one command, > > and I believe that, but I find this clearer. > > - (ip route show | grep '192.168.0.0/16') || ((ip route show | grep > > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) > > && echo "Fixed VPN" && exit 2); > > + (ip route show | grep '192.168.0.0/16') || ((ip route show | grep > > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) > > && echo "Fixed VPN"); > > fi > > _______________________________________________ > > infrastructure mailing list > > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > > > -- > Stephen J Smoogen. > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx