> You can break this with something like:
>
> status /etc/openvpn/client/status.log
>
> in your configuration. Writing a status file
> to /run/openvpn-{client,server}/status.log works, though. So the default
> setups should be fine. Do we have any more cases where openvpn wants write
> access for whatever?
>From my configuration:
1) status
2) ifconfig-pool-persist
3) tmp-dir (for storing openvpn_pf_*.tmp files)
4) client-connect script may want to write something
5) a plugin may want to write something
For me even the read-only option will break nearly *everything*. And for user
it will be completely not obvious why his scripts doesn't work, why his status
file is not updated, and what's wrong with ifconfig-pool-persist.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
