Re: Freeze break requeest: add script to make OpenVPN always fix its routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It's 3:00am so it may take a while for others to read, so if it'll speed things up for you I obviously trust Smooge's judgment - a retro +1

[I'm not an official infra member yet so it may not count but it's worth a try]

On Thu, Oct 22, 2015 at 11:14 PM, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
There is still some annoying thing in OpenVPN that's refusing to run the script.
I have reverted the change that makes openvpn run the script automatically and will look
that up further in the morning, I have left the script itself in place as it's useful.

retrospective +1s requested.


The change:

commit b2b07e8bcda3f2ff3352ad5c1dd8bc5fcb895e32
Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
Date:   Fri Oct 23 03:11:02 2015 +0000

    Running the script doesnt work yet. But we still want the script.

    Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>

diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
index 704becb..307a357 100644
--- a/roles/openvpn/client/files/client.conf
+++ b/roles/openvpn/client/files/client.conf
@@ -14,8 +14,8 @@ nobind

 persist-key

-up /etc/openvpn/fix-routes.sh
-up-restart
+#up /etc/openvpn/fix-routes.sh
+#up-restart

 ca ca.crt
 cert client.crt



> Count this as a +2 and get a retroactive 1 later. Dropping vpn because
> of this would be worse than waiting for it.
>
> On 22 October 2015 at 20:45, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
> > And I just realized I need to remove the exit 2, because this will make
> > openvpn exit.
> >
> > Can I get +1s to this change to the script?
> >
> >
> >
> > commit 50511a65e7dbdf0a60ad1cc43a6fa2fddec66ed3
> > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> > Date:   Fri Oct 23 02:41:01 2015 +0000
> >
> >     Make fix-routes not terminate with status 2 if it fixed it
> >
> >     This will make openvpn think something went wrong and terminate the
> >     connection.
> >     I did this to make it easily visible when running with ansible, but in
> >     this case
> >     it messes things up.
> >
> >     Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> >
> > diff --git a/roles/openvpn/client/files/fix-routes.sh
> > b/roles/openvpn/client/files/fix-routes.sh
> > index a08e519..44a9450 100644
> > --- a/roles/openvpn/client/files/fix-routes.sh
> > +++ b/roles/openvpn/client/files/fix-routes.sh
> > @@ -8,5 +8,5 @@ then
> >         # 2. Add a new route to 192.168.0.0/16 via that IP addres (from
> >         xargs on)
> >         # 3. Print "Fixed VPN" and exit with code 2 to indicate that it
> >         changed
> >         # Note: I've been told that the grep and awk can be in one command,
> >         and I believe that, but I find this clearer.
> > -       (ip route show | grep '192.168.0.0/16') || ((ip route show | grep
> > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via)
> > && echo "Fixed VPN" && exit 2);
> > +       (ip route show | grep '192.168.0.0/16') || ((ip route show | grep
> > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via)
> > && echo "Fixed VPN");
> >  fi
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
>
>
>
> --
> Stephen J Smoogen.
> _______________________________________________
> infrastructure mailing list
> infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
>
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux