On 30/12/2018 13:37, Samuli Seppänen wrote: > Il 28/12/18 16:21, tincanteksup ha scritto: >> Hi, >> >> On 27/12/2018 18:11, Samuli Seppänen wrote: >>> Hi, >>> >>> I've produced OpenVPN 2.4.6 packages for Ubuntu 18.04 and they're now >>> available here: >>> >>> https://build.openvpn.net/downloads/temp/ >>> >>> The Debian packaging files are taken from Ubuntu's own 18.04 openvpn >>> package. They already used our openvpn-client@.service and >>> openvpn-server@.service so I only need to make a few enhancements: >>> >>> - Restart active VPN client and server instances on upgrade >>> - Stop activate VPN client and server instances on uninstall >>> >>> I also tested upgrading from Ubuntu's own openvpn package and that >>> worked fine. >>> >>> Let me know if these packages work for you or if they don't. I'd like to >>> get the to our official apt repositories soon. >>> >> >> Successfully installed openvpn_2.4.6-bionic0_amd64.deb in Ubuntu 18.04, >> tested newly installed openvpn-client@.service which worked correctly. > > Excellent! The openvpn-client@ and openvpn-server@ unit file templates > "sneak in" to the Debian package from our upstream tarball. When looking > at the Debian packaging files there's absolutely no sign of them. But > they get installed and seem to work, including the tmpfiles configuration. Those new service files are the ones everyone should use. In our own packaging, we should abandon the b0rken unit files from the old-days Debian packages. This is especially true for OpenVPN 2.4+ when built with --enable-systemd (which should be mandatory on systemd systems!). The reason is that it uses much better systemd integration which allows systemd to understand better what openvpn is doing and when it fails. Plus, the openvpn process is being run with lesser privileges as well and for openvpn-server@ it will even attempt to restart automatically the server instance if it dies unexpectedly.
And IIRC, we managed to get the new unit files into the Debian openvpn 2.4 package. And I just hope that they are updated with whatever we provide in our tarballs; if not - it might be considered broken packaging. The reason you'll find the b0rken unit files in the upstream Debian packages is to not break old existing installs. Which is nice, just that it behaves broken regardless. So if anyone is in doubt ... UPGRADE to the openvpn-{server,client}@.service unit files ASAP. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel