From: Klemens Nanni Subject: Re: openvpn: do not force --daemon as first argument To: Stuart Henderson , ports Cc: Jeremie Courreges-Anglas Date: Sat, 06 Dec 2025 11:48:26 +0000 06.12.2025 14:37, Stuart Henderson пишет: > then if someone doesn't set --daemon themselves (either on the command line or in config) the script won't work properly. not sure I see the problem with specifying --config? Hence the sentence about MESSAGE or current.html. Altough this is more about --daemon not being usable inside a config file due to our rc.d script's assumption about it not taking arguments. > > upstream supports multiple sockets in server mode now, btw. Oh? I'll take another look, thanks. I don't think it's super critical, but I'd still like to rectify this; we have relatively few scripts forcing flags in `daemon' and for openvpn this is not strictly neccessary. > > --  >   Sent from a phone, apologies for poor formatting. > > > On 6 December 2025 10:43:34 Klemens Nanni wrote: > >> Whilst the intention here is to ensure a background daemon, >> this flag may also take an argument [progname] to set its syslog name. >> >> openvpn(8) also lets you omit --config in front of an absoloute path >> if that file is the first argument, but flags in `daemon' break that. >> >> My use case is multiple openvpn servers on different listen sockets >> as OpenVPN on OpenBSD is unable to serve IPv4 and IPv6 in one process: >>   >>  $ file /etc/rc.d/openvpn? >>  /etc/rc.d/openvpn4: symbolic link to '/etc/rc.d/openvpn' >>  /etc/rc.d/openvpn6: symbolic link to '/etc/rc.d/openvpn' >> >>  $ grep ^openvpn /etc/rc.conf.local >>  openvpn4_flags=/etc/openvpn/server4.conf >>  openvpn6_flags=/etc/openvpn/server6.conf >> >>  $ head -n4 /etc/openvpn/server4.conf >>  config /etc/openvpn/server.common >>  daemon openvpn4 >>  local 0.0.0.0 >>  dev tun4 >> >> I could work around this, knowing that --daemon is hardcoded, >> but it looks ugly and is less flexible: >> >>  # rcctl set openvpn6 flags openvpn6 --config /... >> >> Feedback? >> >> Existing setups need adjusting, but I'm not sure whether MESSAGE or >> current.html is the best way to signal that. >> >> >> Index: Makefile >> =================================================================== >> RCS file: /cvs/ports/net/openvpn/Makefile,v >> diff -u -p -r1.138 Makefile >> --- Makefile 29 Nov 2025 15:43:27 -0000 1.138 >> +++ Makefile 5 Dec 2025 22:32:37 -0000 >> @@ -1,6 +1,7 @@ >>  COMMENT= easy-to-use, robust, and highly configurable VPN >>   >>  DISTNAME= openvpn-2.6.17 >> +REVISION= 0 >>   >>  CATEGORIES= net security >>   >> Index: pkg/openvpn.rc >> =================================================================== >> RCS file: /cvs/ports/net/openvpn/pkg/openvpn.rc,v >> diff -u -p -r1.2 openvpn.rc >> --- pkg/openvpn.rc 10 Mar 2022 00:04:07 -0000 1.2 >> +++ pkg/openvpn.rc 5 Dec 2025 22:33:17 -0000 >> @@ -1,6 +1,7 @@ >>  #!/bin/ksh >>   >> -daemon="${TRUEPREFIX}/sbin/openvpn --daemon" >> +daemon="${TRUEPREFIX}/sbin/openvpn" >> +daemon_flags="--daemon" >>   >>  . /etc/rc.d/rc.subr >