Index | Thread | Search

From:
Stuart Henderson <stu@spacehopper.org>
Subject:
Re: openvpn: do not force --daemon as first argument
To:
Klemens Nanni <kn@openbsd.org>, ports <ports@openbsd.org>
Cc:
"Jeremie Courreges-Anglas" <jca@wxcvbn.org>
Date:
Sat, 06 Dec 2025 11:37:49 +0000

Download raw body.

Thread 
then if someone doesn't set --daemon themselves (either on the command line 
or in config) the script won't work properly. not sure I see the problem 
with specifying --config?

upstream supports multiple sockets in server mode now, btw.

-- 
  Sent from a phone, apologies for poor formatting.

On 6 December 2025 10:43:34 Klemens Nanni <kn@openbsd.org> wrote:

> Whilst the intention here is to ensure a background daemon,
> this flag may also take an argument [progname] to set its syslog name.
>
> openvpn(8) also lets you omit --config in front of an absoloute path
> if that file is the first argument, but flags in `daemon' break that.
>
> My use case is multiple openvpn servers on different listen sockets
> as OpenVPN on OpenBSD is unable to serve IPv4 and IPv6 in one process:
>
> $ file /etc/rc.d/openvpn?
> /etc/rc.d/openvpn4: symbolic link to '/etc/rc.d/openvpn'
> /etc/rc.d/openvpn6: symbolic link to '/etc/rc.d/openvpn'
>
> $ grep ^openvpn /etc/rc.conf.local
> openvpn4_flags=/etc/openvpn/server4.conf
> openvpn6_flags=/etc/openvpn/server6.conf
>
> $ head -n4 /etc/openvpn/server4.conf
> config /etc/openvpn/server.common
> daemon openvpn4
> local 0.0.0.0
> dev tun4
>
> I could work around this, knowing that --daemon is hardcoded,
> but it looks ugly and is less flexible:
>
> # rcctl set openvpn6 flags openvpn6 --config /...
>
> Feedback?
>
> Existing setups need adjusting, but I'm not sure whether MESSAGE or
> current.html is the best way to signal that.
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/openvpn/Makefile,v
> diff -u -p -r1.138 Makefile
> --- Makefile 29 Nov 2025 15:43:27 -0000 1.138
> +++ Makefile 5 Dec 2025 22:32:37 -0000
> @@ -1,6 +1,7 @@
> COMMENT= easy-to-use, robust, and highly configurable VPN
>
> DISTNAME= openvpn-2.6.17
> +REVISION= 0
>
> CATEGORIES= net security
>
> Index: pkg/openvpn.rc
> ===================================================================
> RCS file: /cvs/ports/net/openvpn/pkg/openvpn.rc,v
> diff -u -p -r1.2 openvpn.rc
> --- pkg/openvpn.rc 10 Mar 2022 00:04:07 -0000 1.2
> +++ pkg/openvpn.rc 5 Dec 2025 22:33:17 -0000
> @@ -1,6 +1,7 @@
> #!/bin/ksh
>
> -daemon="${TRUEPREFIX}/sbin/openvpn --daemon"
> +daemon="${TRUEPREFIX}/sbin/openvpn"
> +daemon_flags="--daemon"
>
> . /etc/rc.d/rc.subr