> On 30. Nov 2023, at 11:42, Aleksandar Ivanisevic <aleksan...@ivanisevic.de> > wrote: > > >> On 29. Nov 2023, at 16:32, Antonio Quartulli <a...@unstable.cc> wrote: >> >> Rather than the CRL changing, I am trying to imagine if the CRL is being >> "substituted" between startup and runtime. This is why I speculated about >> chroot. >> Mounting the config folder is not far from that, but I presume the mount >> happens before starting the openvpn process, so I can't see how you end up >> with a different file. >> >> Does /home/support/config/vpn/ contain anything before starting the openvpn >> process (and thus mounting the config dir)? >> > > it contains everything, even the main config file is a symlink to the file in > that dir > > $ ls -al /etc/openvpn/server/qbs.conf > lrwxrwxrwx 1 root root 36 Apr 12 2020 /etc/openvpn/server/qbs.conf -> > /home/support/config/vpn/server.conf > > I don’t remember why I didn’t just override the WorkingDirectory, it was a > couple of years ago when I was setting this up, probably wanted not to > confuse other admins seeing the vpn server running but no config in the usual > place. > > But you might be onto something, I just tried on the test server just > overriding the WorkingDirectory and that worked, will try in production this > evening and report back.
Well, what do you know, it worked! No more error with the identical config. I will leave it like this (i.e. systemd unit WorkingDirectory pointing to config dir and nothing in /etc/openvpn/server/) since this is a much cleaner solution, i.e. no symlinks and I don’t have to reference full paths everywhere so the config file look a bit less scary ;) If anyone wants to investigate further why would symlinking the main config file behave differently than pointing to it directly, I can help with testing. Thank you Antonio for useful hints. regards,
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
