Alberto Gonzalez wrote: > Hi,
Hi Alberto. I only just noticed now that you updated this case. > Did you run "systemctl daemon-reload" after changing the .service file? Yes, as per my original bug report I tried the following: <quote> Each time I edited the file, I tried the following commands before starting the service: systemctl reenable openvpn@.service systemctl daemon-reload systemctl daemon-reexec </quote> > I'll upload 2.3.10 soon, can you check if it works with it? I now have the new version of openvpn. If I re-add the following directives to my configuation with this version, openvpn now starts without error: user openvpn group nogroup iproute /usr/local/sbin/openvpn-ip And a ps listing shows the openvpn processes running as the openvpn user. With my phone I am able to connect to openvpn okay, but I was unable to browse anything with my web browser. If I remove the directives and restart openvpn and reconnect my phone again then browsing works. So I am now futher than I was before but something else is wrong. I compared the syslog entries for my connection when running openvpn at the root and openvpn users. I then compared routes. When running with the root user, an extra route is added when my phone connects. When running with the openvpn user, there is no extra route added when my phone connects. I edited the /usr/local/sbin/openvpn-ip script so that it looks like this: #!/bin/sh echo "openvpn-ip script invoked" >> /tmp/openvpn-ip.tmp /usr/bin/sudo /sbin/ip $* Then I connected with the phone while openvpn was running as the openvpn user. The /tmp/openvpn-ip.tmp file was not created. So it looks like the following directive in the configuration file is not having an effect, or for some reason openvpn is unable to run it: iproute /usr/local/sbin/openvpn-ip The permissions on the file are okay and the openvpn user is able to reach it: # sudo -u openvpn ls -l /usr/local/sbin/openvpn-ip -rwxr-xr-x 1 root staff 92 Feb 20 07:32 /usr/local/sbin/openvpn-ip So perhaps another capability is stopping this file from being run? I saw no other log messages relating to failure to access or run the /usr/local/sbin/openvpn-ip script anywhere. Regards, Jim.