> On 01/10/2020 17:03, Simon Matter wrote: >> I really can't understand why this small patch was refused for years and >> I >> still feel nobody ever really looked at it. > > Perhaps this also an indication of the corner case this patch is covering? > > This patch started 7 years ago. There has been 2 other users being > supportive > in the Trac ticket, where at least one of them do have another functional > alternative (--management with --management-hold). > > From what I recall from the last review years ago, the behavior was also > not > well defined in restart scenarios (--up-restart) - where the script might > be > run with different privileges, the --chroot might also change things. > Which > makes this patch very fragile for users. > > All of these issues are avoided with the --management and > --management-hold.
How do all these issues affect --up-pre but not the existing --down-pre? Why was --down-pre never removed over all the years if it makes things so fragile for users? > > And if you still require more flexibility when starting client > configurations, > you should rather consider OpenVPN 3 Linux - which can be much more fine > grained controlled via an API. OpenVPN 3 Linux can also be used by > unprivileged users out-of-the-box, resulting in better security for what > is > being executed and when it is being executed. OpenVPN 3 Linux is not an option here as it is limited to Linux. Regards, Simon _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
