1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
James Yonan wrote: |
5 |
| Marko, |
6 |
| |
7 |
| It's an interesting approach, though it requires that you gentooize the |
8 |
| openvpn config files, therefore breaking the ability to move the |
9 |
config files |
10 |
| across platforms. |
11 |
| |
12 |
| I'm not sure if the init script you provided is just something you |
13 |
wrote for |
14 |
| personal use, or if you are making an argument that it (or the style it |
15 |
| embodies) should be officially incorporated as the Gentoo Init Script for |
16 |
| OpenVPN. If it is the latter, then I must take this opportunity to |
17 |
argue :) |
18 |
|
19 |
Yes, the script was for personal use. I was not so happy with it to |
20 |
propose it as standard. |
21 |
However there is a little reasion for that design choice: |
22 |
routing must be implemented in a separate script pointed by the "up" keyword |
23 |
in the config file. This script must contain a full route command and |
24 |
must have an execute bit |
25 |
set and I personally don't like redundant information. Also I didn't |
26 |
find a way to use only one |
27 |
routing script for all tunnels because netmask information is not passed |
28 |
by openvpn to the script. |
29 |
~ So the real reasion was: the openvpn config file is not so good as it |
30 |
seems, or better said, |
31 |
is not even a config file, is simply a text-file cmdline wrapper. |
32 |
~ That said, and agreeing on your argumentations, I think it would be |
33 |
better, from a practical point of view, |
34 |
~ to put one file for each tunnel in /etc/openvpn as you say, and |
35 |
a) put optianally a second file, say /etc/openvpn/tunnelname.route, |
36 |
which will be parsed |
37 |
from the /etc/init.d/openvpn and it will apply routing. |
38 |
or |
39 |
b) put a specially formatted comment ("#@route blabla") in the .conf |
40 |
file and do the same as above |
41 |
|
42 |
| # Location of openvpn binary |
43 |
| openvpn=/usr/local/sbin/openvpn |
44 |
| |
45 |
| # PID directory |
46 |
| piddir=/var/run/openvpn |
47 |
| |
48 |
| # Our working directory (.conf files should be here) |
49 |
| work=/etc/openvpn |
50 |
this things should go in conf.d/xyz or |
51 |
it maybe something like |
52 |
$work = ${work:-/etc/openvpn} |
53 |
? |
54 |
in other words: if the conf.d/xyz file gets lost should the script |
55 |
use it's builtin default, while allowing the user to override them in |
56 |
conf.d, |
57 |
or should the script strictly depend on the existence of the conf.d/xyz |
58 |
file ? |
59 |
|
60 |
| for c in `/bin/ls *.conf 2>/dev/null`; do |
61 |
is there a reason for not using "for c in *.conf; do" ? |
62 |
|
63 |
yours, |
64 |
Marko |
65 |
-----BEGIN PGP SIGNATURE----- |
66 |
Version: GnuPG v1.2.2 (GNU/Linux) |
67 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
68 |
|
69 |
iD8DBQE+/h1+j0pLiOk7oZoRAi4wAJ0YTZZYZXdvqWlKdbLNHCaq9EDixQCgiTQU |
70 |
fdBaun+yOFup2iMWAWdh1sE= |
71 |
=Fbx1 |
72 |
-----END PGP SIGNATURE----- |
73 |
|
74 |
|
75 |
-- |
76 |
gentoo-dev@g.o mailing list |