I found it far more easy to test the three test cases first. I. (first I test them seperately)
1. CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE this one already breaks it: Failed running command (--learn-address): external program exited with error status: 1 2. ProtectSystem=true this line seems to work fine. I get no visible errors and the routing works. 3. ProtectHome=true this line seems to work fine as well II. (now I test the two working lines together) ProtectSystem=true ProtectHome=true these two lines seem to work fine together, I still can reach my firewalled server III. (all three together - since the error message on I.1. is only a fraction of bionic / cosmic repo build.) CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE ProtectSystem=true ProtectHome=true again I get "WARNING: Failed running command (--learn-address): external program exited with error status: 1" and therefore I cant reach my firewalled server. I just want to mention, that this errormessage is just a fraction of the original error message I got in #4 (the sudo part is missing here) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1787208 Title: Openvpn routing issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1787208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
