Re: Freeze break requeest: add script to make OpenVPN always fix its routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 22, 2015 at 11:14:03PM -0400, Patrick Uiterwijk wrote:
> There is still some annoying thing in OpenVPN that's refusing to run the script.
> I have reverted the change that makes openvpn run the script automatically and will look
> that up further in the morning, I have left the script itself in place as it's useful.
> 
> retrospective +1s requested.

+1 for me

> The change:
> 
> commit b2b07e8bcda3f2ff3352ad5c1dd8bc5fcb895e32
> Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date:   Fri Oct 23 03:11:02 2015 +0000
> 
>     Running the script doesnt work yet. But we still want the script.
>     
>     Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> 
> diff --git a/roles/openvpn/client/files/client.conf b/roles/openvpn/client/files/client.conf
> index 704becb..307a357 100644
> --- a/roles/openvpn/client/files/client.conf
> +++ b/roles/openvpn/client/files/client.conf
> @@ -14,8 +14,8 @@ nobind
>  
>  persist-key
>  
> -up /etc/openvpn/fix-routes.sh
> -up-restart
> +#up /etc/openvpn/fix-routes.sh
> +#up-restart
>  
>  ca ca.crt
>  cert client.crt
> 
> 
> 
> > Count this as a +2 and get a retroactive 1 later. Dropping vpn because
> > of this would be worse than waiting for it.
> > 
> > On 22 October 2015 at 20:45, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
> > > And I just realized I need to remove the exit 2, because this will make
> > > openvpn exit.
> > >
> > > Can I get +1s to this change to the script?
> > >
> > >
> > >
> > > commit 50511a65e7dbdf0a60ad1cc43a6fa2fddec66ed3
> > > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> > > Date:   Fri Oct 23 02:41:01 2015 +0000
> > >
> > >     Make fix-routes not terminate with status 2 if it fixed it
> > >
> > >     This will make openvpn think something went wrong and terminate the
> > >     connection.
> > >     I did this to make it easily visible when running with ansible, but in
> > >     this case
> > >     it messes things up.
> > >
> > >     Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> > >
> > > diff --git a/roles/openvpn/client/files/fix-routes.sh
> > > b/roles/openvpn/client/files/fix-routes.sh
> > > index a08e519..44a9450 100644
> > > --- a/roles/openvpn/client/files/fix-routes.sh
> > > +++ b/roles/openvpn/client/files/fix-routes.sh
> > > @@ -8,5 +8,5 @@ then
> > >         # 2. Add a new route to 192.168.0.0/16 via that IP addres (from
> > >         xargs on)
> > >         # 3. Print "Fixed VPN" and exit with code 2 to indicate that it
> > >         changed
> > >         # Note: I've been told that the grep and awk can be in one command,
> > >         and I believe that, but I find this clearer.
> > > -       (ip route show | grep '192.168.0.0/16') || ((ip route show | grep
> > > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via)
> > > && echo "Fixed VPN" && exit 2);
> > > +       (ip route show | grep '192.168.0.0/16') || ((ip route show | grep
> > > '192.168.0.' | awk '{print $1}' | xargs ip route add 192.168.0.0/16 via)
> > > && echo "Fixed VPN");
> > >  fi
> > > _______________________________________________
> > > infrastructure mailing list
> > > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > 
> > 
> > 
> > --
> > Stephen J Smoogen.
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > 
> _______________________________________________
> infrastructure mailing list
> infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> 

Attachment: pgpdavivn5Wye.pgp
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux