| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
James Yonan wrote: |
| 5 |
| Marko, |
| 6 |
| |
| 7 |
| It's an interesting approach, though it requires that you gentooize the |
| 8 |
| openvpn config files, therefore breaking the ability to move the |
| 9 |
config files |
| 10 |
| across platforms. |
| 11 |
| |
| 12 |
| I'm not sure if the init script you provided is just something you |
| 13 |
wrote for |
| 14 |
| personal use, or if you are making an argument that it (or the style it |
| 15 |
| embodies) should be officially incorporated as the Gentoo Init Script for |
| 16 |
| OpenVPN. If it is the latter, then I must take this opportunity to |
| 17 |
argue :) |
| 18 |
|
| 19 |
Yes, the script was for personal use. I was not so happy with it to |
| 20 |
propose it as standard. |
| 21 |
However there is a little reasion for that design choice: |
| 22 |
routing must be implemented in a separate script pointed by the "up" keyword |
| 23 |
in the config file. This script must contain a full route command and |
| 24 |
must have an execute bit |
| 25 |
set and I personally don't like redundant information. Also I didn't |
| 26 |
find a way to use only one |
| 27 |
routing script for all tunnels because netmask information is not passed |
| 28 |
by openvpn to the script. |
| 29 |
~ So the real reasion was: the openvpn config file is not so good as it |
| 30 |
seems, or better said, |
| 31 |
is not even a config file, is simply a text-file cmdline wrapper. |
| 32 |
~ That said, and agreeing on your argumentations, I think it would be |
| 33 |
better, from a practical point of view, |
| 34 |
~ to put one file for each tunnel in /etc/openvpn as you say, and |
| 35 |
a) put optianally a second file, say /etc/openvpn/tunnelname.route, |
| 36 |
which will be parsed |
| 37 |
from the /etc/init.d/openvpn and it will apply routing. |
| 38 |
or |
| 39 |
b) put a specially formatted comment ("#@route blabla") in the .conf |
| 40 |
file and do the same as above |
| 41 |
|
| 42 |
| # Location of openvpn binary |
| 43 |
| openvpn=/usr/local/sbin/openvpn |
| 44 |
| |
| 45 |
| # PID directory |
| 46 |
| piddir=/var/run/openvpn |
| 47 |
| |
| 48 |
| # Our working directory (.conf files should be here) |
| 49 |
| work=/etc/openvpn |
| 50 |
this things should go in conf.d/xyz or |
| 51 |
it maybe something like |
| 52 |
$work = ${work:-/etc/openvpn} |
| 53 |
? |
| 54 |
in other words: if the conf.d/xyz file gets lost should the script |
| 55 |
use it's builtin default, while allowing the user to override them in |
| 56 |
conf.d, |
| 57 |
or should the script strictly depend on the existence of the conf.d/xyz |
| 58 |
file ? |
| 59 |
|
| 60 |
| for c in `/bin/ls *.conf 2>/dev/null`; do |
| 61 |
is there a reason for not using "for c in *.conf; do" ? |
| 62 |
|
| 63 |
yours, |
| 64 |
Marko |
| 65 |
-----BEGIN PGP SIGNATURE----- |
| 66 |
Version: GnuPG v1.2.2 (GNU/Linux) |
| 67 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
| 68 |
|
| 69 |
iD8DBQE+/h1+j0pLiOk7oZoRAi4wAJ0YTZZYZXdvqWlKdbLNHCaq9EDixQCgiTQU |
| 70 |
fdBaun+yOFup2iMWAWdh1sE= |
| 71 |
=Fbx1 |
| 72 |
-----END PGP SIGNATURE----- |
| 73 |
|
| 74 |
|
| 75 |
-- |
| 76 |
gentoo-dev@g.o mailing list |
Archives