On Thu, Oct 22, 2015 at 11:14:03PM -0400, Patrick Uiterwijk wrote: > There is still some annoying thing in OpenVPN that's refusing to run the script. > I have reverted the change that makes openvpn run the script automatically and will look > that up further in the morning, I have left the script itself in place as it's useful. > > retrospective +1s requested. +1 for me > The change: > > commit b2b07e8bcda3f2ff3352ad5c1dd8bc5fcb895e32 > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > Date: Fri Oct 23 03:11:02 2015 +0000 > > Running the script doesnt work yet. But we still want the script. > > Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf > index 704becb..307a357 100644 > --- a/roles/openvpn/client/files/client.conf > +++ b/roles/openvpn/client/files/client.conf > @@ -14,8 +14,8 @@ nobind > > persist-key > > -up /etc/openvpn/fix-routes.sh > -up-restart > +#up /etc/openvpn/fix-routes.sh > +#up-restart > > ca ca.crt > cert client.crt > > > > > Count this as a +2 and get a retroactive 1 later. Dropping vpn because > > of this would be worse than waiting for it. > > > > On 22 October 2015 at 20:45, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote: > > > And I just realized I need to remove the exit 2, because this will make > > > openvpn exit. > > > > > > Can I get +1s to this change to the script? > > > > > > > > > > > > commit 50511a65e7dbdf0a60ad1cc43a6fa2fddec66ed3 > > > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > > Date: Fri Oct 23 02:41:01 2015 +0000 > > > > > > Make fix-routes not terminate with status 2 if it fixed it > > > > > > This will make openvpn think something went wrong and terminate the > > > connection. > > > I did this to make it easily visible when running with ansible, but in > > > this case > > > it messes things up. > > > > > > Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> > > > > > > diff --git a/roles/openvpn/client/files/fix-routes.sh > > > b/roles/openvpn/client/files/fix-routes.sh > > > index a08e519..44a9450 100644 > > > --- a/roles/openvpn/client/files/fix-routes.sh > > > +++ b/roles/openvpn/client/files/fix-routes.sh > > > @@ -8,5 +8,5 @@ then > > > # 2. Add a new route to 192.168.0.0/16 via that IP addres (from > > > xargs on) > > > # 3. Print "Fixed VPN" and exit with code 2 to indicate that it > > > changed > > > # Note: I've been told that the grep and awk can be in one command, > > > and I believe that, but I find this clearer. > > > - (ip route show | grep '192.168.0.0/16') || ((ip route show | grep > > > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) > > > && echo "Fixed VPN" && exit 2); > > > + (ip route show | grep '192.168.0.0/16') || ((ip route show | grep > > > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via) > > > && echo "Fixed VPN"); > > > fi > > > _______________________________________________ > > > infrastructure mailing list > > > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > > > > > > > -- > > Stephen J Smoogen. > > _______________________________________________ > > infrastructure mailing list > > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx >
Attachment:
pgpdavivn5Wye.pgp
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx