Hi, On Tue, Mar 29, 2022 at 06:21:37PM +0800, Tony He wrote: > 1. Add option "user nobody" to test ovpn-dco. > 2. Start openvpn, below is the log. Then we will see tun0 is still > there after openvpn exit. We must use the command "ip link del tunX" > to delete. This is not friendly to end user.
Yes. This is currently unsolved - if you tell openvpn to give up its
privileges, it will give up its privileges, and then it lacks privileges
to tear down the interface again.
This should be doable with linux net capabilities, but right now, we
have not investigated this option further. So, for now, do not
use "user" together with DCO.
(For completeness: this is not a DCO issue, it just happens that normal
tun interfaces go away if the file descriptor is closed, so "magic
auto cleanup" happens - so if you have other stuff to clean up, like
extra routes to non-tun destinates, cleanup will also fail)
@Antonio: can we make DCO interfaces auto-disappear if the OpenVPN
process closes the last FD?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
