Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52414 - [openvpn] openvpn-plugin-down-root.so doesn't work
Attached to Project:
Arch Linux
Opened by Bogdan Szczurek (thebodzio) - Saturday, 07 January 2017, 16:23 GMT
Last edited by Eli Schwartz (eschwartz) - Friday, 27 July 2018, 15:38 GMT
Opened by Bogdan Szczurek (thebodzio) - Saturday, 07 January 2017, 16:23 GMT
Last edited by Eli Schwartz (eschwartz) - Friday, 27 July 2018, 15:38 GMT
|
DetailsDescription:
down-root plugin exits with an error whenever it is used by OpenVPN configured to run with dropped privileges. As a result any script that was to be executed by the mentioned plugin with elevated privileges is not executed at all, precluding any final clean-up from happening. For more information look at https://github.com/OpenVPN/openvpn/pull/28. Although referenced pull request is reported as closed the problem still persist in Arch. What appears to solve the problem (I tested it myself) is setting “KillMode” to “process” in client service file. For completeness I have to add that I made sure the script I want to run on connection down is accessible and executable by down-root plugin and it otherwise works as intended. Additional info: * package version(s): 2.4.0-2 * config and/or log files etc. Jan 06 17:57:38 gizmo openvpn[10462]: openvpn: DOWN-ROOT: Error sending script execution signal to background process: Connection refused Jan 06 17:57:38 gizmo openvpn[10462]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so/PLUGIN_DOWN status=1 Jan 06 17:57:38 gizmo openvpn[10462]: PLUGIN_CALL: plugin function PLUGIN_DOWN failed with status 1: /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so Jan 06 17:57:38 gizmo openvpn[10462]: ERROR: up/down plugin call failed Steps to reproduce: 1. Set connection configuration file for client to drop privileges upon connection (“user nobody” and “group nobody”). 2. In the same config use down-root plugin to execute script when connection terminates, e.g. “plugin /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so /etc/openvpn/client.down”. 3. Start client connection. 4. Close client connection. |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Friday, 27 July 2018, 15:38 GMT
Reason for closing: Fixed
Additional comments about closing: was fixed in upstream release 2.4.4, we're now on 2.4.6
Friday, 27 July 2018, 15:38 GMT
Reason for closing: Fixed
Additional comments about closing: was fixed in upstream release 2.4.4, we're now on 2.4.6
Comment by Bogdan Szczurek (thebodzio) -
Wednesday, 27 June 2018, 00:00 GMT
The upstream changed the “KillMode” to “process” almost a year ago. Since this change is also reflected in Arch OpenVPN package I think this bug should be closed as already fixed and no longer relevant.