Package: openvpn Version: 2.0.9-5+b1 Severity: normal Tags: patch
The documentation does not show how to use the openvpn option supported by /etc/network/if-up.d/openvpn. I am attaching a patch of /usr/share/doc/openvpn/README.Debian -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.6.th4 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages openvpn depends on: ii debconf [debconf-2.0] 1.5.12 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii liblzo1 1.08-3 data compression library (old vers ii libssl0.9.8 0.9.8e-3 SSL shared libraries openvpn recommends no packages. -- debconf information: openvpn/change_init: false openvpn/change_init2: false * openvpn/create_tun: false * openvpn/stop2upgrade: true openvpn/default_port:
--- /usr/share/doc/openvpn/README.Debian.original 2007-03-02 10:32:39.000000000 +0100 +++ /usr/share/doc/openvpn/README.Debian 2007-03-06 21:36:46.217014976 +0100 @@ -51,6 +51,33 @@ /etc/init.d/openvpn start vpn1 vpn4 vpn5 +/etc/network/interfaces +----------------------- + +It is possible to control vpn interfaces using the standard ifup/ifdown +commands. This is helpful in case you want tunnels to be started right +after physical networks, so any network filesystems listed in fstab can be +mounted during the standard boot sequence. In order to do this several +steps need to be taken: + +- Select a specific tun/tap device name using the 'dev' option in your + config file (e.g. dev tun_work). This will ensure that the name you + use in /etc/network/interfaces will always match the one this vpn + will utilize. + +- Create a 'manual' type interface entry in /etc/network/interfaces. + There should be only one option - openvpn, which takes a config file + name as the argument (without the .conf suffix) For example: + + auto tun_work + iface tun_work inet manual + openvpn work_vpn + +- You should prevent openvpn from trying to start this tunnel when its + own init script runs, since the interface is already up. This is done + in /etc/default/openvpn by changing the AUTOSTART option as described + in the same file + ##################################### # Compatibility notes on 2.x vs 1.x #