Package: openvpn Version: 2.3.4-3 Severity: important Justification: Lose user settings / don't autostart
Dear maintainer
Using jessie, after upgrading to openvpn 2.3.4-3 from 2.3.2-9, openvpn
does not start anymore.
This is the relevant part of the log file from
/var/log/unattended-upgrades/unattended-upgrades.log
2014-11-05 07:49:18,942 INFO Initial blacklisted packages:
2014-11-05 07:49:18,950 INFO Initial whitelisted packages:
2014-11-05 07:49:18,950 INFO Starting unattended upgrades script
2014-11-05 07:49:18,951 INFO Allowed origins are: ['origin=Debian']
2014-11-05 07:51:49,194 WARNING Package 'openvpn' has conffile prompt
and needs to be upgraded manually
2014-11-05 07:52:29,050 INFO package 'openvpn' not upgraded
2014-11-05 07:52:48,335 INFO Packages that will be upgraded: cron
extlinux geoclue-2.0 gir1.2-gst-plugins-base-1.0 gir1.2-gstreamer-1.0
gnome-orca gstreamer1.0-plugins-base gstreamer1.0-plugins-base:i386
gstreamer1.0-x iceweasel kbd libbrlapi0.6 libfribidi0
libgstreamer-plugins-base1.0-0 libgstreamer-plugins-base1.0-0:i386
libgstreamer1.0-0 libgstreamer1.0-0:i386 libharfbuzz-dev
libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz0b libhttpcore-java
libpipeline1 libsvn1 libvlc5 libvlccore8 lintian python-simplejson
python-sqlparse python3-brlapi python3-sqlparse subversion syslinux
syslinux-common vlc vlc-data vlc-nox vlc-plugin-notify vlc-plugin-pulse
xbrlapi
2014-11-05 07:52:48,336 INFO Writing dpkg log to
'/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
2014-11-05 07:55:33,936 INFO All upgrades installed
After upgrading manually openvpn with aptitude, and rebooting, openvpn
did not start.
# service openvpn status
● openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; disabled)
Active: inactive (dead)
Starting openvpn manually does work, though I can't specify which
tunnel I want to start anymore, like the arguments of init script are
being ignored. Default "AUTOSTART" tunnels can be started that way. I
can start non default tunnels using the command line with --daemon --cd
--config options, and stop them using kill, but this is quite anoying.
I can see from that bug report that it says I modified
/etc/init.d/openvpn, but I don't think so.
I also tried "aptitude reinstall openvpn", but reportbug still says I
have a non-default init script, and I can't see any ".dpkg-dist" nor
".dpkg-new" I could fix it from.
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openvpn depends on:
ii debconf [debconf-2.0] 1.5.53
ii initscripts 2.88dsf-57
ii iproute2 3.16.0-2
ii libc6 2.19-12
ii liblzo2-2 2.08-1
ii libpam0g 1.1.8-3.1
ii libpkcs11-helper1 1.11-2
ii libssl1.0.0 1.0.1j-1
Versions of packages openvpn recommends:
ii easy-rsa 2.2.2-1
Versions of packages openvpn suggests:
ii openssl 1.0.1j-1
ii resolvconf 1.76
-- Configuration Files:
/etc/default/openvpn changed:
AUTOSTART="IPredator-CLI-Password"
OPTARGS=""
OMIT_SENDSIGS=0
/etc/init.d/openvpn changed:
. /lib/lsb/init-functions
test $DEBIAN_SCRIPT_DEBUG && set -v -x
DAEMON=/usr/sbin/openvpn
DESC="virtual private network daemon"
CONFIG_DIR=/etc/openvpn
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0
AUTOSTART="all"
STATUSREFRESH=10
OMIT_SENDSIGS=0
if test -e /etc/default/openvpn ; then
. /etc/default/openvpn
fi
start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
DAEMONARG=
else
# need to daemonize
DAEMONARG="--daemon ovpn-$NAME"
fi
if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
# status file already given in config file
STATUSARG=""
elif test $STATUSREFRESH -eq 0 ; then
# default status file disabled in /etc/default/openvpn
STATUSARG=""
else
# prepare default status file
STATUSARG="--status /run/openvpn/$NAME.status $STATUSREFRESH"
fi
# tun using the "subnet" topology confuses the routing code that wrongly
# emits ICMP redirects for client to client communications
SAVED_DEFAULT_SEND_REDIRECTS=0
if grep -q '^[[:space:]]*dev[[:space:]]*tun' $CONFIG_DIR/$NAME.conf && \
grep -q '^[[:space:]]*topology[[:space:]]*subnet'
$CONFIG_DIR/$NAME.conf ; then
# When using "client-to-client", OpenVPN routes the traffic
itself without
# involving the TUN/TAP interface so no ICMP redirects are sent
if ! grep -q '^[[:space:]]*client-to-client'
$CONFIG_DIR/$NAME.conf ; then
sysctl -w net.ipv4.conf.all.send_redirects=0 > /dev/null
# Save the default value for send_redirects before disabling it
# to make sure the tun device is created with send_redirects
disabled
SAVED_DEFAULT_SEND_REDIRECTS=$(sysctl -n
net.ipv4.conf.default.send_redirects)
if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then
sysctl -w net.ipv4.conf.default.send_redirects=0 > /dev/null
fi
fi
fi
log_progress_msg "$NAME"
STATUS=0
start-stop-daemon --start --quiet --oknodo \
--pidfile /run/openvpn/$NAME.pid \
--exec $DAEMON -- $OPTARGS --writepid /run/openvpn/$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf || STATUS=1
[ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /run/openvpn/$NAME.pid
/run/sendsigs.omit.d/openvpn.$NAME.pid
# Set the back the original default value of send_redirects if it
was changed
if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then
sysctl -w
net.ipv4.conf.default.send_redirects=$SAVED_DEFAULT_SEND_REDIRECTS >
/dev/null
fi
}
stop_vpn () {
start-stop-daemon --stop --quiet --oknodo \
--pidfile $PIDFILE --exec $DAEMON --retry 5
if [ "$?" -eq 0 ]; then
rm -f $PIDFILE
[ "$OMIT_SENDSIGS" -ne 1 ] || rm -f
/run/sendsigs.omit.d/openvpn.$NAME.pid
rm -f /run/openvpn/$NAME.status 2> /dev/null
fi
}
case "$1" in
start)
log_daemon_msg "Starting $DESC"
# first create /run directory so it's present even
# when no VPN are autostarted by this script, but later
# by systemd [email protected]
mkdir -p /run/openvpn
# autostart VPNs
if test -z "$2" ; then
# check if automatic startup is disabled by AUTOSTART=none
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
log_warning_msg " Autostart disabled."
exit 0
fi
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# all VPNs shall be started automatically
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
start_vpn
done
else
# start only specified VPNs
for NAME in $AUTOSTART ; do
if test -e $CONFIG_DIR/$NAME.conf ; then
start_vpn
else
log_failure_msg "No such VPN: $NAME"
STATUS=1
fi
done
fi
#start VPNs from command line
else
while shift ; do
[ -z "$1" ] && break
if test -e $CONFIG_DIR/$1.conf ; then
NAME=$1
start_vpn
else
log_failure_msg " No such VPN: $1"
STATUS=1
fi
done
fi
log_end_msg ${STATUS:-0}
;;
stop)
log_daemon_msg "Stopping $DESC"
if test -z "$2" ; then
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
stop_vpn
log_progress_msg "$NAME"
done
else
while shift ; do
[ -z "$1" ] && break
if test -e /run/openvpn/$1.pid ; then
PIDFILE=`ls /run/openvpn/$1.pid 2> /dev/null`
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
stop_vpn
log_progress_msg "$NAME"
else
log_failure_msg " (failure: No such VPN is running: $1)"
fi
done
fi
log_end_msg 0
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC"
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf >
/dev/null 2>&1 ; then
stop_vpn
start_vpn
log_progress_msg "(restarted)"
else
kill -HUP `cat $PIDFILE` || true
log_progress_msg "$NAME"
fi
done
log_end_msg 0
;;
soft-restart)
log_daemon_msg "$DESC sending SIGUSR1"
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
kill -USR1 `cat $PIDFILE` || true
log_progress_msg "$NAME"
done
log_end_msg 0
;;
restart)
shift
$0 stop ${@}
$0 start ${@}
;;
cond-restart)
log_daemon_msg "Restarting $DESC."
for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c14-`
NAME=${NAME%%.pid}
stop_vpn
start_vpn
done
log_end_msg 0
;;
status)
GLOBAL_STATUS=0
if test -z "$2" ; then
# We want status for all defined VPNs.
# Returns success if all autostarted VPNs are defined and running
if test "x$AUTOSTART" = "xnone" ; then
# Consider it a failure if AUTOSTART=none
log_warning_msg "No VPN autostarted"
GLOBAL_STATUS=1
else
if ! test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# Consider it a failure if one of the autostarted VPN is not defined
for VPN in $AUTOSTART ; do
if ! test -f $CONFIG_DIR/$VPN.conf ; then
log_warning_msg "VPN '$VPN' is in AUTOSTART but is not defined"
GLOBAL_STATUS=1
fi
done
fi
fi
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
# Is it an autostarted VPN ?
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
AUTOVPN=1
else
if test "x$AUTOSTART" = "xnone" ; then
AUTOVPN=0
else
AUTOVPN=0
for VPN in $AUTOSTART; do
if test "x$VPN" = "x$NAME" ; then
AUTOVPN=1
fi
done
fi
fi
if test "x$AUTOVPN" = "x1" ; then
# If it is autostarted, then it contributes to global status
status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN
'${NAME}'" || GLOBAL_STATUS=1
else
status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN
'${NAME}' (non autostarted)" || true
fi
done
else
# We just want status for specified VPNs.
# Returns success if all specified VPNs are defined and running
while shift ; do
[ -z "$1" ] && break
NAME=$1
if test -e $CONFIG_DIR/$NAME.conf ; then
# Config exists
status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN
'${NAME}'" || GLOBAL_STATUS=1
else
# Config does not exist
log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !"
GLOBAL_STATUS=1
fi
done
fi
exit $GLOBAL_STATUS
;;
*)
echo "Usage: $0
{start|stop|reload|restart|force-reload|cond-restart|soft-restart|status}"
>&2
exit 1
;;
esac
exit 0
-- debconf information:
openvpn/create_tun: false
signature.asc
Description: OpenPGP digital signature
