AltSubject: For those who care about OpenVPN Dear fellow developers,
This is a cry for help. I've been trying to support systemd in OpenVPN for some time, but the results are not satisfactory. I'd like to keep the current (SysV) behaviour in systemd but it's becoming quite an annoying task. I'd love to hear recommendations, receive patches or any other help with this. Let me explain what the SysV init script did, so you can figure out what I'd like to achieve. If you aren't interested in the task you may skip the rest of this mail. What was working? ----------------- First of all, openvpn in Debian is able to run several VPN daemons. Depending on the value of the configuration variable AUTOSTART (in /etc/default/openvpn): - all -> A daemon for each of the configuration files found in /etc/openvpn - none -> Do not manage any VPN (they can be started manually or through a directive in /etc/network/interfaces - A list of the VPNs you want automatically managed (i.e. AUTOSTART="work home"). The rest can be managed manually. In order to be able to control individual VPNs the init.d script accepts a second argument (after start/stop/...) with the name of the VPN to manage. I know this was a hack, but it worked like a charm. This is no longer possible with systemd. stop, reload, soft-restart and cond-restart will only affect running VPNs. The last one is specially important in upgrades, when the currently running daemons have to restart. That includes those VPNs that are managed automatically (in AUTOSTART) *and* those started manually or through a network/interfaces directive. Whereas restart will only affect those managed automatically unless a VPN name is specified. In addition to the init.d script, there are two script in /etc/network/if-(up|down).d/openvpn that allow for VPNs to be managed when interfaces are brought up or down. So you may have AUTOSTART=none, or AUTOSTART="home office", and then enable "work" tunnel when only when using a specific network interface. Where are we now? ----------------- The latest version of openvpn's package (in experimental) includes two service files for systemd. One instantiated (openvpn@.service) allows the control of single VPNs, piece of cake. The main issue is with the other one, openvpn.service, that tries to replace the old init.d script and all its features. It is, currently, calling a helper script that (tries to) mimic(s) the former behaviour. First of all, the script can only be called with start, stop or reload arguments. So no distinction can be made between a restart and a stop-then-start. So there's no way (i.e. on an upgrade) to restart all VPNs (those in AUTOSTART *and* those manually controlled), since "start" and "stop" should only manage those in AUTOSTART. Another problem is the package upgrade to systemd in a running system, since the VPNs started with the current init.d script are not recognized by openvpn@NAME.service. So when upgrading the package from the non-systemd-enabled package (< 2.3.2-7) to the package with the service files, we end up with two active VPNs (the one that was running, and one started by systemd) for each AUTOSTARTed configuration. If you know systemd and would like to help with this please Cc: me (since I'm not subscribed to -devel) or mail me directly. You may find the current git repo for openvpn in Debian at: git.debian.org/git/collab-maint/openvpn.git Thanks, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140909155120.ga18...@bin.inittab.org
